Ask HN: E2E Encrypted Period Trackers?

24 points by krinn_silver ↗ HN
One sentiment from the recent Roe v Wade decision is that women should be careful about their data as law enforcement could use it to determine if they had an abortion.

Period tracker apps are quite popular, and even a form of contraception [1]. They technically don't need to access the data (although they may wish to for analytics/monetisation), so it seems to me like a perfect candidate for E2E encryption. But I can't find any that advertise they use E2E encryption (just a vague "we encrypt your data" in their privacy statement).

Is anyone working on this?

[1]: https://www.naturalcycles.com

Disclaimer: I'm a man, and I don't live in the US. My wife and I are just concerned onlookers.

22 comments

[ 4.2 ms ] story [ 62.2 ms ] thread
Period tracker apps are already shady, most sell data. Future mothers buy a ton of stuff, and it’s very valuable to know when to time ads for these people.
The Cycle Tracking app built into iOS’s Health app is E2EE.
That's really helpful! I just checked on this and you need to enable 2FA as well:

"Health data can be stored in iCloud. End-to-end encryption for Health data requires iOS 12 or later and two-factor authentication. Otherwise, the user’s data is still encrypted in storage and transmission but isn’t encrypted end-to-end. After the user turns on two-factor authentication and updates to iOS 12 or later, the user’s health data is migrated to end-to-end encryption."

https://support.apple.com/en-gb/guide/security/sec88be9900f/...

Apple makes it really hard to not enable 2fa, things like the Homepod won't work at all without 2fa.
I would only look for E2E encryption in such an app if its data were synchronized across multiple devices. Otherwise, there should be no E2E communication from the app at all, encrypted or not. Cycle tracking should be able to work with local data.
Why add to the noise of apps and add to the possible confusion when a simple paper calendar would work?

  * Handy push notification early reminders
  * paper calendars have no security/privacy
  * app would always be available, not just at home  
  * ability to mark start/stop wherever/whenever and not just when the paper is nearby
  * app can track trends, make suggestions and predictions
  * can make historical data available to medical professionals
need any more?
(comment deleted)
Handy? What if you miss your period notification among dozens of other push notifications?

No security in paper notebook? So why does this topic exist? No privacy? Tell me name of that paper notebook who sells your data?

Avaible not from home only? How many looks at this kind of data is required daily?

Ability to mark whenever? Why if precision of calendar of periods anyway is limited to days?

Track trendns and make predictions? This is an EXACT goal of using tracker, no matter paper or digital.

Can make historical data available? This is a pure lie, you are going to change several devices and versions of OS w/o ability to import that history (for example) from Android 4 to Android 14. Paper can serve you since your the first period ever upto the last one.

Where do you live, might I ask?
(comment deleted)
Thinking the people who support abortion are on your side is the issue. The people supporting abortion are the same people who make period tracker apps and the same people that run the companies that buy that data. Think about it.
Since in many polls, access to abortion is supported by > 50% of Americans, your statement is rather vacuous.
If Apple cared more about privacy, they could address this with a category of enforced local-only apps. A local-only app would not be able to access the network or interact with other apps. It’s data could be backed up and synced via iCloud but not by any other means.

Side channels aside, this would avoid data leaks.

(comment deleted)
Except if Apple receives a warrant for the iCloud data surely?
There’s a choice between:

(a) Company that wants to make as much money as possible from the use of their app. They will use tracker SDKs, sell data directly, sell data through aggregators, etc. And they’ll cooperate with subpoenas (but probably try to charge for it). And they might even cooperate with Texans who want to sue people under their bizarre law.

(b) Apple, which makes money off hardware, iCloud services, and to a limited extent, advertising. They will cooperate with subpoenas, but they also have the legal resources to fight them. And, for something like their customers’ health data, they quite likely will fight.

With choice (a), law enforcement and anyone else who wants to pay gets the data. With choice (b), law enforcement might get the data. I know what I would choose.

Obviously I would prefer (c), the hypothetical version of Apple with stronger iCloud backup encryption.