Show HN: I made a privacy friendly and simple app to track my menstruation (play.google.com)
Hey HN,
after the app I actually used to track my period wanted me to log in and save my data in the cloud, I decided to write my own.
Most apps in this area are based on a subscription model and display far too much information anyway.
For me, a simple calendar is enough where I can add a few notes if necessary.
So that is the result of my work - a simple design and the data is only saved on the smartphone.
230 comments
[ 2.9 ms ] story [ 122 ms ] thread(While many in the HN crowd lack the requisite equipment to make use of your project, we do have girlfriends, wives, sisters, and daughters who might benefit from a privacy-respecting app like this.)
sadly fdroid usage is close to zero. and even there verification requires adb hacks and very expert users, even for basic hash checking.
I think Signal also does this for their Android app. I'm not sure of much else in this space.
If the goal was to be privacy-centric, it already fails at that for this alone.
And if the goal was to profit off of women's need for privacy-centric period tracking, then there is absolutely no reason not to find a proper FOSS alternative that cares about its users more than making passive income for the developer.
It could be an in-app purchase for themes or something like that. It can be a “thanks for supporting the app” cosmetic badge, completely optional, just there to buy a coffee for the author. But you’re dealbreaking it before you even see it?
In-app purchase != data collection
Also, regarding FOSS alternatives, you should know that FOSS does not mean “free from payment.” It technically doesn’t even mean “free from data collection.” It just means that the source code is available under a free and open source license. FOSS isn’t necessarily “free as in beer” and the FSF explicitly defines it that way. It’s more important that you’re offered the freedoms of the open source license and ability to get the source code. Whether or not you pay is a separate issue entirely.
but yeah, you already have:
- system apps for play service which run all the time and can access all apps' storage.
- all apps can ask the OS for a list of other installed/recently open apps. whats app request that list every minute.
- etc. not going to list all the crap you can use to target individuals on apple and android. there's plenty.
my point is, in the end. apps with purchase option are the least worse from the official stores. chill.
If your issue with this app being posted to HN is the mere existence of the app on the Play Store (including all of the store and the OS’ existing flaws), I don’t see how that’s supposed to be a constructive or useful discussion relevant to this app.
> An in-app purchase is an automatic dealbreaker? Doesn’t that depend on what it actually is?
Hardly unrelated
REALLY? That was blocked on iOS like a decade ago.
If the app required payment by giving your name, address, credit card, and more to "Jimmy" (some person you don't know and don't trust) who will be contacting you to collect, and somebody said "I don't know Jimmy and I don't really trust this. I'd prefer to use a trusted method of payment" would you reply, "You just don't want people to make a living!" I would really hope not.
More importantly, if privacy centric apps raise the barrier for entry to include licensing fees, then most people are going to choose the "free" alternatives that get paid for by selling their metadata. If you actually care about protecting users' privacy, you should avoid gatekeeping the technology behind a paywall.
There are plenty of Free (as in beer + as in freedom) period trackers out there that I would be happy to donate time and money to help develop. The closed-source for-profit version that demands that I disclose my identity to Google before I get started is dead-in-the water, having failed to be suitable for any purpose than making the developer a bit of cash while pretending to care about women's privacy in a world that wants to imprison them for a miscarriage.
A few years ago, I wouldn't have been very bothered by the privacy implications of an application like this, but for obvious reasons it's become much more prudent to consider them. Were I a woman I'd be deeply troubled to use an application like this, no matter how good, without some kind of ironclad proof of a privacy respecting codebase. Imagine logging patterns indicative of a pregnancy followed by an abortion, and then imagine selling this data to Texan bounty hunters[0] or any other nefarious actor in your jurisdiction. The stakes have become too unacceptably high to use an application like this without knowing with perfect certainty that it is safe to use.
Which isn't to cast any aspersions on OP for developing it. But the game has suddenly become very dangerous, and despite their reassurances, this is in fact a weapon of potentially lethal consequence.
[0] https://www.villanovalawreview.com/post/2229
(I agree with you but OP probably thinks/feels differently about Google - itself.)
[1] - https://www.siekmoeller.com/ladylog/impressum.html
Unlike Google, which collects extensive data to build detailed user profiles (read the link for details), Fathom uses a variety of techniques such as hashing to anonymize data, ensuring it cannot be traced back to individuals.
Their approach complies with major privacy laws like GDPR and CCPA, removing the need for intrusive cookie consents.
Plus, with Fathom, you get essential analytics in a simple, user-friendly format, making it a smart choice for sole-developer sensitive health-related applications.
https://usefathom.com/why-fathom-analytics/privacy-focused-w...
Plausible
Piwik Pro
Simple Analytics
Wide Angle Analytics
Pirsch
Umami
etc.
https://european-alternatives.eu/category/web-analytics-serv...
If they value transparency in how tools work and possibly require some customization, Plausible’s open-source platform could be more suitable. Both offer strong privacy practices.
Each of the others you list also offer flavor variety: Piwik Pro for comprehensive, regulation-compliant analytics; Simple Analytics and Wide Angle Analytics for straightforward, cookie-free tracking; Pirsch for performance-sensitive server-side implementations; and Umami for developers who prefer open-source solutions with full control over their data.
Rather than going into depth on all that, we've found recommending Fathom is the simplest thing that can possibly work for someone just getting visitor and campaign info off their web home page, very fire and forget, read the weekly emails.
If that's ever not enough, the others do have their places.
Wide Angle is cheaper and grows with your needs.
You can start simple, and then dive deeper. Additionally, we support consent-based tracking and optional Personal Data processing for those who require more in-depth data.
But nothing stops you collecting just clicks/views/sources/campaigns with no set-up beyond dropping in a small script. No cookie banner required by default.
And yes, I am biased. :)
So I created openpanel.dev which is a combo of Plausible and Mixpanel.
Privacy focused as well!
Check it out https://openpanel.dev
I haven't thought about open-sourcing it... Maybe I'll think about it...
If you did add a license, users could submit PRs of bug fixes or new features. If you don't have a lot of users it probably would get very little traffic and so not become burdensome. (And you can always ignore it... Not ideal, but life comes first)
If you care about privacy and want to have some fun with the license idea, you can add an Ethical Source license, so anyone who uses your code has to comply with a code of ethics. (https://ethicalsource.dev/licenses/) Maybe a license that says you cannot use this if you actively work against women's reproductive health/freedoms?
Please just don't hide existing/important features :).
"Free on F-Droid, $3 on the Play Store" is another approach I've seen (e.g., Conversations and DAV5x).
I’m not sure. Maintaining an open source project requires even more time than a closed source project. You can have a community-oriented closed source project, too.
> and doubling down on the privacy / local storage angle
Yeah!
Realistically most open source android apps do not receive many, if any, contributions from outsiders. Being open source does however signal the app isn't likely to become a paid shitfest.
Code doesn't have to be perfect to be open.
frida.re has a ton of useful features and community tooling built around it including scripts that will let you "un-pin" certificates by hooking and rewriting the functions that verify whether cert pinning worked or not.
https://frida.re/
https://codeshare.frida.re/@masbog/frida-android-unpinning-s...
drip. https://dripapp.org/
Bluemoon https://gitlab.com/ngrob/bluemoon-android https://www.nilsgrob.ch/work/bluemoon
Periodical https://arnowelzel.de/en/projects/periodical
Log28 https://github.com/wildeyedskies/log28
The sharing part makes that a little less common.
[0]: https://github.com/babybuddy/babybuddy
https://eukiapp.org/
https://www.plannedparenthooddirect.org/spot-on-period-track...
1. Some insist that the source code be made public.
2. Some insist that there be no in-app purchases.
3. Some insist that there be no analytics whatsoever.
Each of the above has some legitimate reason. However, do privacy-focused apps need to play by different set of rules?
If so, what special monetization models would make sense to folks on here? #AskingForAFriend
Apple tells you nothing about the user. You can choose to give them a UUID that they’ll echo back when you query their API about the subscription/transaction, but that’s up to you.
Apple will not give a name, email, Apple ID, phone number, location, or anything else.
See the data here: https://developer.apple.com/documentation/appstoreserverapi/...
Period tracker app is something a programming student can do. (Maybe with some questionable choices resulting in potential data loss, but this can be fixed.) You don't need a degree to make basic cycle prediction, and you can't reason about anything else without real medical knowledge. So this is something that can be done once in open source, and put onto F-Droid for everyone to use (and, of course, it already has such apps). Something as simple as calculator does not need “cloud account”, nor internet connection at all.
But how are we going to make money on that? How do we grab data that can be sold from users?
So the snake oil festival starts. From cute backgrounds to “AI advice”, lots of nonsense gets invented to grab and hold user attention, and hordes of paid biological word generators pretend that they have never felt “safe” before using “this app”. Many choose to directly ask for sex and pregnancy planning data to be sure they are the first who can sell it. Everything is done to smoke-screen the fact that users are only needed to input as much data into the machine as possible.
“Privacy focused” is just one of such fake labels. It means “we will try hard to protect any data we can sell from other bastards who want to do the same”.
Needless to say, little data brokers just follow the example of platform owners who run the circus, and dream to become data mafia kingpins one day. They benefit from each other, so you won't find simple apps with no strings attached being recommended by the app stores, because they are Bad for Business™.
As for third party “analytic solutions”, in simple terms, you simply let them collect some data on your users to get some charts and generally useless information (useful information costs money — sometimes a lot of money; each time Google or Apple decide whether they should do X or not, it costs Facebook a large sum, and new agreements behind closed doors).
https://support.apple.com/en-us/HT210407
Lots of founders could've been torn down at this early phase by crap like this.
My hypothesis: They need much more sun and water.
There's also many groups that produce privacy-friendly apps, such as SECUSO[0] and Fossify[1]
[0]: https://github.com/SecUSo [1]: https://github.com/FossifyOrg
Are these correct; are there others?
A well developed period tracking system with a long history is the Creighton Method. Briefly, individuals are trained person-to-person to collect consistent, reliable repeatable data. This can be compared between users, and has many uses. However, the data collection is inconvenient or in some cases impossible, and they will only train married women.
Who is 'they'? I'm going to have to dive into google aren't I?
Edit: Ok. Returned from rabbit hole. They = religious types who have thoughts about conception and contraception.