Hacker News new | past | comments | ask | show | jobs | submit login
Menstruation Apps Are Sharing Users' Data (privacyinternational.org)
277 points by 0xmohit 13 days ago | hide | past | web | favorite | 173 comments

For those bringing up HIPAA I hate to let you know that none of these apps are covered by HIPAA, and none of them can be fined under HIPAA.

If your friend tells you they have a disease, and you tell someone else, are you breaking HIPAA? No.

In order to break HIPAA you have to first be a covered entity. An example of a covered entity is a Doctor (or provider).

If you tell Google or Facebook that you have some kind of condition, that information is not covered by HIPAA because they are not a medical provider, and therefore have no legal obligation to keep that information private.

Just to be clear about this an entity doesn't have to be a provider or insurer to be bound by HIPAA or HIPAA-like regulations. Generally companies that contract with or for "covered entities" are going to be required to sign contracts that bind them to the same rules as the covered entity.

I just wanted to provide one example to keep it simple. Nothing about HIPAA is ever simple, other than not being a covered entity ;)

Business associates are required to comply with HIPAA. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance...

If Google or Facebook were being used by your doctor's office or something, then they would need to comply with HIPAA, but it doesn't seem like this is the case here.

That's interesting. When I was in college I worked tech support for the residence halls, and we went through what I remember to be a short HIPAA compliance program in case we encountered any medical information while servicing another student's computer. Perhaps that was just a (reasonable) precautionary policy of the university rather than a strict legal requirement under HIPAA. Or perhaps I'm simply misremembering, and it was some other compliance program other than HIPAA.

Universities are often employers, health insurers (via directly-run student health plans) and health care providers (via university health clinics) to students. As such, they may be HIPAA covered entities, and in any case are subject to FERPA and possibly state privacy laws, education-specific and otherwise.

It gets strange with Schools, they are actually allowed to keep medical records on students that are exempt from HIPAA and instead are covered under FERPA.

Your college might have been providing healthcare to students.

If you're servicing a computer that person isn't exactly sharing that information with you. Well, probably not intentionally.

Doesn't always matter. Some states even impose mandatory reporting requirements on computer technicians (at least as far as victimization of minors is concerned).

Thank you. I have an app idea that I wondered if would be regulated by HIPAA. It's not going to share data, but it's always good to know what regulations apply.

source for what OP is talking about: https://privacyruleandresearch.nih.gov/pr_06.asp

This is a great resource. Especially the key points

> The Privacy Rule applies only to covered entities. Many organizations that use, collect, access, and disclose individually identifiable health information will not be covered entities, and thus, will not have to comply with the Privacy Rule.

Making it abundantly clear why the US needs to pass a GDPR clone into law.

I'm a big fan of the GDPR and it certainly improved things over here across the pond, but "pass a GDPR clone" isn't something that leads to progress. There's a lot of stuff that can be improved about the GDPR, and there are a lot of other options as well -- for example, in this case, the US could choose to extend the coverage of HIPAA regulations (or a subset of them) to commercial entities selling health-related services, not just medical providers. This would also have the advantage of requiring less legal effort and it would avoid introducing an entirely new framework.

The GDPR is a very broad axe, for an organization that isn't a federation and doesn't have a real federal government, the way the US does. The US has legal options and a legal framework that we don't have.

If the US truly has that legal framework (or the options), then it has consistently shown reluctant to enforce those. A big, scary axe is the solution they need (as well as potentially a proper education campaign for it's citizens, so everyone is aware that they have rights and they need to stop thinking companies can take that away if that's convenient for them).

CCPA is already a thing in California and is, nearest I can tell, actually stricter than GDPR. Not a national law -- far from it -- but a first step.

Very recently there was a flurry of articles about Apple copying popular apps, among them woman health apps [1]. Although they were not wrong to voice their concerns about Apple, it's hard to cheer for the app makers when you later find out they don't exactly value your privacy and are not upfront with you, as a user, about that.

[1] washingtonpost.com/technology/2019/09/05/how-apple-uses-its-app-store-copy-best-ideas

EDIT: language

Amazing that the monopoly taking a 30% cut doesn't feel like it has to resort to selling user data. I wonder if app makers on a free and transparent platform would act more ethically?

Well, Google’s Play Store is closer to free and transparent than the App Store but doesn’t seem to encourage any more ethical behavior.

You mean turn down free money be being less evil? Somehow I don't expect this to be the case.

Reminds me of the old "if I wasn't taxed then I could give to charity!"

Rumor has it Apple is actually adding Menstruation tracking to their Health app soon.

It’s in iOS 13 and you can already use it with the beta. You can enter data about your menstrual cycle and it shows a fertile window.

What’s interesting here is: I don’t know much about HIPAA, but I know a bit about the increasing regulation of health apps in the EU. The law is a bit muddy. But you could argue that apps, which gather health data and apply some kind of algorithm to it that helps you understand your body in a better way, fall under the coming Medical Device Regulation. This law will be effective in May 2020.

> The law is a bit muddy. But you could argue that apps, which gather health data and apply some kind of algorithm to it that helps you understand your body in a better way, fall under the coming Medical Device Regulation.

I would certainly hope they do fall under that regulation. Otherwise, I can certainly see a few developers manipulating their algorithms for health apps in a way to change people's behaviors in order to reinforce some belief the app developer may have.

> Otherwise, I can certainly see a few developers manipulating their algorithms for health apps in a way to change people's behaviors in order to reinforce some belief the app developer may have.

Could you clarify here? It sounds like there's a sub-text, but I apparently lack the context to "get it".

A more straightforward way of doing this is not to copy the app and make it more private...

It would be to allow you to see what the apps are doing, and prevent them from doing what you don't approve of. Including apple apps.

It could be as simple as: prevent this app from using the network.

The problem I see with that is that many (most?) users are not going to go deny network access to each app.

Furthermore, what if the app tells me that it needs network access to get calendar info or something along those lines - and then actually uses the network for that -, then subsequently uses the network access to siphon off my personal info? Certainly if you had the ability to "see" what an app is doing, you might be able to catch that, but that's well beyond the grasp of most users. Better to be able to inherently trust the app because it was built by a trusted 3rd party. Certainly I agree that it would be nice to be able to disable network access to any app I felt like though.

Only for 3rd party keyboards, network access is denied by default. First you have to go through settings to enable them instead of a simple dialog box (which I agree with) and then you have to go back in settings to give the keyboard network access and you get a very clear warning.

But, most people on HN don’t seem to understand Apple’s priorities. This is how it should be.

1. Apple

2. Users





3. Developers.

This sounds like a good strategy for me as first and foremost a user.

This is something super important that is missing in android and no one ever mentions. Keyboard apps are all phone home everything we type. Fortunately my phone let's me block individual app access to the network, but as far as I know you can't do that in android.

Also, even when you give the keyboard network access, when you enter a password, iOS switches to the native keyboard. Apps can also force iOS to only use the native keyboard.

iOS really doesn’t trust third party keyboards.

A more straightforward way of doing this is not to copy the app and make it more private...

How do you deny an app network access and allow it to share your data across your own devices? With your partner?

Would you also like to give third party apps access to your biometric data? Your password storage?

> How do you deny an app network access and allow it to share your data across your own devices? With your partner?

commenting only the technical aspect, without suggesting anything is or is not a good idea, apple's operating systems could offer a service whereby apps could hand over data to the OS which it would save to icloud on their behalf, and hand back to only that app or other instances of it (as determined by the user). that, plus normal networking denied to the app would do the job nicely.

Good news: this already exists since iOS 5: https://developer.apple.com/documentation/foundation/nsubiqu...

That’s actually not a bad idea....

People should really just assume every scrap of data they input into their phones is being sent to at least one company who will happily sell it to anyone who asks. Never use your phone for anything you wouldn't be happy with being publicly known and associated with you forever.

That's not what our devices should be, but that's the reality we live in. These devices aren't for us, they are to enable other companies to use us.

Devices made for us are coming, some time early next year.

Purism Librem 5: https://puri.sm/products/librem-5/

Pinephone: https://www.pine64.org/pinephone/

They're coming every year, and yet here we are.

Don't be so bummed out sounding. I'm sure we'll solve it as soon as we get a good year of Linux on the desktop.

Linux on the desktop is pretty good. YoLotD may have already happened, IMO.

Now that Steam, WINE, and Proton are working reasonably well on a couple of major Linux platforms (Fedora, Ubuntu, and the Arch folks), there really isn't anything my Linux desktop can't do; gaming was the only holdout and that's mostly solved.

Graphics drivers, like the open AMD drivers and Nvidia's binary blob, are decent too.

It's been a pretty good year so far, for me anyway. I'm hoping Android soon joins my pile of "never again" software.

> People should really just assume every scrap of data they input into their phones is being sent to at least one company who will happily sell it to anyone who asks.

There are a number of apps that don’t let this information leave your device at all, or end-to-end encrypt it. You just have to find them.

And then hope they don't get new management.

Don't hope. Don't guess. Use apps from F-Droid. There is still a risk at the app level but it is much lower. On iOS, there is no such thing so you can't do that.

At the phone level, there are still opaque binary blobs, so don't trust blindly.

Just wait till someone with very deep pockets buys them.

i.e WhatsApp

Bad example. Facebook purchased WhatsApp in 2014. WhatsApp introduced end-to-end encryption by default in 2016.

WhatsApp isn't compromised though, regardless of its parent entity. They'd rather have the user base not generating data for anyone than an independent WhatsApp.

Facebook has, in fact, used WhatsApp data to improve the Facebook connectivity graph. They haven’t messed with the actual message texts. Yet.

While true, assuming that they could access and sell your data if they wanted to is still a good rule to follow, as it'll make you more cautious.

You could extend this advice to anything with a CPU and a network connection: TVs, tablets, e-readers, smart watches/fitness trackers, cars, printers, smart home devices etc.

I assume that virtually all mobile apps are sharing your data. That's the entire business model of mobile: offer a "free" service as a pretext to get an app onto the phone and then spy on the user as much as possible.

It's part of why I avoid apps whenever possible. I only install an app if it's a service I really need and there is no other way to use it, e.g. via the web. Web sites can still track but they can't suck location data, sensor data, etc.

Back in 1988 I wrote a holiday/sick calendar app with basic reporting. The first thing management in EVERY department did was predict the sick days. I found that out 5 years after I had left.

How did they predict sick days? A statistical model?

What ever happened to the idea of local storage? And yeah, I know, income. This is one reason I hate smartphones and apps.

That’s how Apple Health works, and it will gain this feature in a week or so.

There was an article about how Apple was killing third party menstruation apps with iOS 13 because it is now built into the health app. This is why you want the OS to do it, rather than “start” “up” crapwares that sell data.

I agree. Especially all the menstrual health apps seem to be insane data grabbers. This should be something that belongs to a trusted company.

However, the cycle tracking capabilities of iOS 13 are fine as a replacement for simple menstrual cycle trackers, but it's too simple to replace more sophisticated cycle trackers that also allow to track more body signals such as the temperature.

I may be wrong, but I think that it's completely encrypted and that Apple couldn't even access it without your password.

I can't say I'm a huge fan of being locked into the ecosystem, however I am relieved to hear that my privacy is actually cared for.

iOS 13 will be out in a week or so with this feature built in. Hopefully that will put an end to at least some of this shady market.

I got myself a connected electric toothbrush and body balance.

After I found out that tracking the weight and my tooth brushing habits only works if I share the data with a central server, I now basically have a regular electric toothbrush and body balance.

Not only you have to sync it through their server but you probably also need to go through their specific app or website to read the data back. And sometimes they don't even have a way to download the historical records if you want to archive them or process them yourself.

I find tracking weight still invaluable so I get along with it but was also disappointed to learn I needed to send everything their way.

I wonder if it would possible/legal to intercept the requests from the device and route them to a local server implementing the same API endpoints.

What are the essential features in these applications, are they not working on standardized methods? There's one on F-Droid which probably isn't selling your period, so if they're mostly similar, maybe that's an option.

What are menstruation apps useful for? Is it a part of the "track everything about your health" trend?

There are a lot of reasons, including as an indicator of overall health.

> “Changes to your cycle, or abnormalities—like irregular or heavy bleeding, or severe pain—can all signal issues that benefit from medical evaluation,” says Rashmi Kudesia, MD, reproductive endocrinologist and clinical assistant professor of obstetrics and gynecology at Houston Methodist. “If something suddenly changes with your cycle, or your period is late, you may not realize it right away it if you’re not keeping track.”

> If you do keep track, it will be easier to head to your gynecologist if funky stuff starts happening—and easier for them to find out what's going on. Dr. Kudesia also mentions tracking your cycle can be helpful in pinpointing your fertility window and making small lifestyle changes around the time of your period (scheduling extra downtime to combat your low energy, or being mindful of your eating habits when your cravings are in full swing). [0]

[0] https://www.womenshealthmag.com/health/g26787041/best-period...

Gynecologists ask for your period history including how heavy it is. It’s helpful for them to know when you plan on starting or switch birth control methods. They always ask for the last date/length of your period. I’m lucky if I remembered what I had for lunch much less when I last needed a tampon.

In the old world (tm) women used to have a diary/agenda/calendar and tracked it there. The trend is not "track everything": if you have an idea that makes women carry less stuff with them, I assure you there is a market. their bags.

Data from those apps is really valuable from a marketing perspective.

The case with least value is selling it to P&G or whoever just to track how much market share do they have.

If you put a tracker on it (facebook, for example) you can build a custom audience on top of it and promote/sell whatever you want related to reproductive healt and/or sexuality. Not just women.

You could be a little evil and sell women tampons before they have menstruation.

You could be evil and build a custom Facebook audience with users from your app and make money selling them stuff using a retargeting bid (since they are part of your audience).

Or you could be very evit and target partners of women whe ceased to use your app for more than, say, 3-4 months and show ads for DNA paternity tests (which you don't sell, but someone else does and gives a referral fee for it).

Or you could have very, very evil and build an audience around partners of women who might be pregnant, capture the clicks to build another audience (this time yours) and sell porn, tinder, dating/e-whoring, and divorce advice for a fee. Will work because this is a retargeting list (you already marked them as your customers, so bidding will be low for the ads).

Advertisers can sure be creepy can't they.

Maybe FB audiences should be made public, or you're told if you're in one. It seems a lot more invasive than other Ads software I've looked into (from the perspective of what you could do).

Just do all at the same time. That's the path to maximum shareholder value, assuming you can avoid turning it into a scandal.

I think I'll quote this comment on my "why advertising is a cancer on modern society" list.

Might be missing something here, but why would women who might be pregnant be a particularly valuable audience for porn sites, tinder, etc?

Not the women - their partners.

And to clarify, it's not always because of ill intent of the partner. Depending on preexisting issues and new conditions caused by a pregnancy, it's not uncommon to get an advice from doctor (or even a written advice from the hospital) to refrain from sexual activity. This makes the partner a much more interesting target for aforementioned sites.

And for more clarity, this can swing the other way, too. Sometimes pregnant women want sex more than normal, which can be totally fine/healthy depending on the health of the mother and baby. Hormones are extremely powerful and affect people differently.

Damn, man. My evil plan was just to sell menstruating women chocolate.

It really helps with conception/contraception. It also alerts you to changes in your health. Typically you’re tracking temperature, mucus consistency, cervix properties and menstruation. The way it converges into one stat (fertility window) and also potentially assists with a variety of other health areas is very cool.

Going beyond that, we use Kindara and see a lot of women turning it into a generic key-value habit/mood/reminder tracker with emojis, etc. So it has value beyond just health.

Before the app, there was the red felt-tipped pen kept next to the paper calendar.

One has to know when to carry additional supplies beyond the gifter spare and the emergency personal reserve tampons. And when to wear different underwear. And when not to schedule dates. And when to buy chocolate. And when pregnancy is more likely. And when pregnancy is less likely. And when to eat liver. And when to buy analgesics. And when to make travel plans and hotel reservations, and when to not go anywhere for any reason.

ok the eating liver part caught me... i don't know that part. fill me in?

Protein, iron, and B-complex vitamins.

All extremely useful to replenish lost blood.

You only lose ~80ml of blood. When you donate to the blood bank your giving ~500ml and I've never heard of anyone recommending liver, other than not having an empty stomach there's no special dietary changes necessary.

Am I missing something?

> You only lose ~80ml of blood.

That's an average.

Almost all the women I have known occasionally complain about a "heavy month" every now and then. That can be either excessive bleeding in terms of volume lost over a normal time or an excessive time length of bleeding.

And, a 90lb female losing even 200ml of blood is going to feel effects far more than a 250lb male losing 500ml.

My mother ate liver and onions once a month. It might not have been necessary, but it's still something she did.


Most people using menstrual trackers will be trying to get pregnant, which is potentially pretty valuable info for advertisers.

Also, for people with irregular cycles, knowing when you (probably) ovulated can help you predict when you’ll start bleeding.

Compared to most health tracking, tracking your menstrual cycle gives you clearly actionable info.

>Most people using menstrual trackers will be trying to get pregnant, which is potentially pretty valuable info for advertisers

New and expecting parents might be the most valuable demographic, period.

In America, where childbirth can easily come with a five-figure price tag, and where half of the people don't have 500 dollars to their name?

this is a strange cross roads. isn't it?

my wife gave birth 18 months ago, we have good insurance and a lot of family that gave us a lot of stuff we needed as gifts. without that we would easily be on the very upper end of the 5 figures by now.

Upper end of 5 figures is somewhere more than $50,000. Unless you went to an out of network hospital, and the kid ended up in the NICU, I doubt the total would be that high.

my largely medically uneventful labor, induction, and unplanned c-section birth at a bay area hospital two years ago cost me a $500 copay, but the insurance paid amount was somewhere in the neighborhood of $38k.

i also exclusively pumped for a year, which cost a few thousand dollars. the pumps alone were $1200. then replacement parts, accessories, random necessities.. can't even count the time and the calorie investment involved (i was eating upwards of 1000 extra calories a day to prevent weight loss).

throw in gear and clothing and...going past $50k for the first 18 months doesn't seem so unrealistic?

I wouldn’t count what the insurance pays to have any relevance, especially with the fuzzy nature of costs in healthcare field.

Also, one pump is required to be provided by the health insurance company by law, and as now, a new pump costs a a few hundred dollars. This is the most popular one:


A crib/car seat/rocking chair/stroller can be had for $1k total if you stick to mid level stuff, maybe a few thousand if you go super fancy. Food and clothes might be another few thousand.

I wouldn’t count one’s time cost to be of importance to the conversation either, as it’s universal. If we’re comparing how much money came out of parents’ pockets with a baby versus not having baby, I would say at most $10k for most people, I would budget for $15k though (and lost wages due to time off if you don’t have paid parental leave).

I would include the costs of what insurance pays, because it is in fact part of the cost of bringing a life into this world in the US. You are scratching to prove your point, and keep moving the mark. If you don't want to include what insurance covers, how about including insurance premiums, at least two years worth since you cant just hop on insurance once you get pregnant. Lost wages are another factor, but those can easily cost thousands for many people, i wouldnt minimize those down so low.

based on your math and assumptions i really wonder if you have had a child in the US recently.

I had no idea my daughter costs my entire post tax salary. I wonder how we pay the mortgage?

But look at all these new credit card offers available!

I'd say anywhere where capitalism reigns. Childcare & natal items are all door busters (and expensive) for big retail shops. They know that you are coming to shop, they just need to get you in their space.

If you get a bill but don't actually pay it does it still have a five-figure price tag?

Assuming your insurance company's machine learning algorithm doesn't decide to deny your payout for UNKNOWN_REASON, that is.

I'm talking about with no insurance. You know the debtors prisons were closed a century ago right? It will screw up your credit score for a couple of years and that's about it.

Many uses. Why do people check the weather before deciding whether to pack an umbrella?

Cycles aren't regular, so just adding an event every 27th day in your calendar, won't be of much use to a lot of women.

These apps can get quite good at predicting irregular cycles.

Some apps will give users warnings of the type "PMS starts tomorrow, expect moodswings", or "expect extreme tiredness" and for people who are heavily affected by their period, this can be a big help in controlling their feelings or just understand their well-being.

Because of the monthly hormone cycle, women can have a difficult time getting taken seriously at the doctor. "Your hormone levels are shifting, that's probably why you're experiencing _symptom_".

If you can show it happens throughout the month, and you have specific data relating whatever symptoms you're experiencing with your cycle, you're a lot more likely to actually get treated for the aliment.

Excuse me but what kind of an idiot doctor doesn't know what menstruation is or what it can potentially cause? And you really need to show him an app for that instead of just saying it happens every period? I'd rather change a doctor to someone who didn't sleep through their medical school...

This unfortunately seems to be rather common (at least in the US), John Oliver did an episode on it a short while ago. It has a lot to do with the history of the medical field as opposed to modern Mal-intent. For example a lot of testing was done on men and then that data was taken and also used for women. If you search for "John Oliver medical bias" you'll find the video.

Because lots of weird shit happens to women.

Pregnant or not? Maybe your hormones aren't right - one of the signs is usually change in monthly cycle. Whenever you have to go to the doctor for pap smears and so on, the doctor asks about it. For some folks, their weight determines their cycle length - too much or too little fat can change fertility. Perhaps you get really, really bad PMS (PMDD) and need to take anti-depressants around 2 weeks before the beginning of your cycle.

And more, I'm guessing. I just can't think of another example right now, but in any case, monthly cycles are a big indicator of health issues and can be a great help with life issues as well.

If you have an autoimmune disease, it helps greatly to know when your estrogen and progesterone levels are highest as they both impact the immune system.

A lot of dudes keep track of their girlfriend's periods, because every month there is one "safe" weekend where you can have unprotected sex and get away with it.

This is sometimes called the "Rhythm Method" or "Fertility Awareness" and a lot of men have self-interested reasons for wanting to know this about a woman.

There is a history of apps optimized for this purpose. Some wholesome for married couples to use, and some for skeezy bachelors who want to track multiple women.



> and some for skeezy bachelors who want to track multiple women

Isn't this crazy - the amount of work people would put in just to have occasional unprotected sex. People are animals.

It's not crazy. Sex is one of the most fundamental and powerful desires we have. What's actually crazy, in a mostly positive way, is how much control we've managed to achieve over it at individual and social level.

> People are animals

Well, yes, we're really just pretending otherwise. Also agree with TeMPOralL's sentiment :)

Wowowow, isn't it like 10 days that are safe? I might be in very risky territory here.

Within the span of ten days, you can be sure there is at least one weekend.

If there was EVER any doubt about the demographics of HN... Let this be a lesson to everyone that we work and live in a massive bubble.

Why don't you explain him rather than demonizing him in front of all HN audience. Treat others as you'd like to be treated.

I agree that ignorance of other peoples’ experiences isn’t a blameworthy thing. But it does demonstrate one reason diversity is important. A smart person acting in good faith can miss things that are completely obvious to people with different life experiences. We all only know what it’s like to be us.

It's such a basic question that it would be better to do an internet search or read the wikipedia article on the topic. You might as well ask why heart attacks are a big deal.

I might as well ask what are heart attack apps useful for. I wouldn't know what are heart attacks apps for.

Strange/stretched comparison. Menstruation is all about the cycle. Even as a man one would/should know because the basic methods of avoiding pregnancy when having sex should be of interest to men too. Because of the importance of that cycle its also indicative for a woman's health in general (lots of hormonal changes within the cycle; regular blood loss too).

Heart attacks are just point-events on the other hand, they happen and that's that. So knowing full well what a menstruation app is useful for one would still not understand what a similar app for heart attacks could possibly even mean. Calculate your heart attack window? That would be something new indeed, so you are right not to see the point. Just as there is no point in using heart attacks to understand the menstruation cycle.

Plenty of other people already explained. I decided to leverage this as a teaching moment.

Thank you for the kind lesson. I genuinely didn't know.

Your post is much, much more indicative of the demographics of HN and what sort of a bubble people live in than the grandparent.

I think this thread suggests that is not the case, at least as I’m seeing it now. The ratio of informed to ignorant comments is unremarkable for HN.

Wait until you see posts about unaffordable housing in Silicon Valley and you see HN posters wondering how anyone can live off the $100-$160K salaries developers in most of the metro areas in the US make....

One data point is the demographics of HN?

Among other things, trying to increase/decrease chances of pregnancy.

Prediction. Menstruation apps are useful for prediction. Don't want to bleed all over the office furniture at work? It might be useful to have an idea of when you will start bleeding.

If a woman is trying to conceive it could be helpful to predict her fertility window using menstrual cycle tracking. Same with if she were trying NOT to conceive (so-called "natural family planning")

Doctors ask you if you have a regular cycle, the only way to know that is to track your cycle.

If you're having some sort of issue with your reproductive organs you may track your cycle for a few months to try to better pin down the issue.

They’re often used for predicting your next cycle or for fertility planning. Just to satisfy my curiosity, are you female?

As a dude, I use it to track my mood / fatigue for lifting which worked OK.

Whether you are late?

Do they really need that photo? I find that to be in poor taste.

A melting popsicle?

It's alluding to menstrual bleeding. A delicious food looking like period blood I think can fairly be described as "poor taste".

Can we get over the menstruation stigma already? The article is about menstruation tracking apps. You guys shouldn't be shocked by imagery alluding to menstruation in such a context.

I'm over the stigma. But it's still a private bodily function, and I still think it's in poor taste. It adds nothing to the article--it's just there for shock value/entertainment.

Imagine if this were an article about... I dunno, an app that finds cheap toilet paper near your zip code. Would it be laudable if it included a picture of a smeary piece of melted chocolate?

This isn't an app for locating menstrual supplies. It is an app for predicting when your metaphorical popsicle will melt.


Can we get over the menstruation stigma already?

I don't want to see images alluding to pissing or shitting. Do I have a piss and shit stigma?

I iMessaged the link to the article to my SO. She said the image was in poor taste and deleted the message. So, there's that.

> It's alluding to menstrual bleeding. A delicious food looking like period blood I think can fairly be described as "poor taste".

There's is a difference between highly stylized allusion that relies heavily on contextual priming and “looking like”.

That being said, the picture adds no value.

On the third hand, though, the “large image which makes a highly stylized allusion to some aspect of the subject matter and provides no value” has been a trend in online articles for, what a decade or so now so it is neither surprising nor noteworthy that this one also has one.

I'm guessing they're riffing on a used tampon.

Lead image is in pretty poor taste; so I was just told by a female.

Aside from that, what developer thinks, "Hmmm, I need to add analytics, let me see what FaceBook has to offer?" Seriously?

An aside, but I see this a lot on HN:

> so I was just told by a female.

What does "female" connote (not a native speaker)? To me, and translated into my language, it sounds like you're talking about a pet, a dog or some other animal. "Oh, it's a female". Translating it to eg Swedish or French, it sounds really weird, whereas the respective word for "woman" would sound normal.

Is it different in English, or is this more a quirk of this forum/certain subcultures?

No it sounds just as cringe in English (at least UK English) as you highlight for Swedish/French. You wouldn't say "so I was just told by a female.", you would say "so I was just told by a woman." or an example of when female wouldn't sound (as) cringe "so I was just told by my female colleague".

I don't think it's a HN quirk, you see it on certain subs of reddit as well. So it's probably more of a subculture thing, it could also be that from certain languages translations to "A female" make more sense, but I'm not aware of what that/those languages would be.

No, it sounds weird in UK English too, unless as an adjective applied to a larger ungenered group. Eg "My female colleagues" sounds fine, as does "a woman I work with"

Thanks, that's pretty much how I would express myself in English. In Swedish, the words for "manly" and "womanly" ("manlig"/"kvinnlig") can be used for that ("my manly colleagues" would typically be understood as the men among my colleagues, rather than the most bearded/musky/etc among them).

Now let's hear from a US English native!

U.S. English native.

This ("a female") sounds just fine to me. My friends or I might talk this way amongst ourselves(and no, I'm not talking about an all-male, socially mal-adjusted circle of friends).

It's not what you'd call 100% standard mainstream English, but it's no so far outside the norm that I'd think twice about it either. While it's probably not how I'd teach a non-native to speak, I definitely wouldn't read anything into its use here, either.

Chalk it up to subculture, I suppose, as suggested earlier.

It just means that I'm not. People are reading way more into it than they should.

That's great--it seems to me we both learned something valuable today. Thanks for the learning opportunity!

No one says "a female" in English if they're even mildly socially adjusted.

That's not true. I'm very socially adjusted. But thanks for the attack, anyway.

It's not an attack on you. I just assumed you weren't a native speaker. For English native speakers, it's definitely a weird way to speak.

If you’re doing ads on Facebook you have to use the SDK to optimize for in app actions.

"You are being shown this ad because: - assumptions made probably by men"

Bad news for the soy boys!
OrgNet 13 days ago [flagged]

who's horny

Please don't do this here.

ALL the apps are sharing your data.

If it didn't come from f-droid or you can't compile it yourself you absolutely can't trust it. (even then you still need to be very carefull, just look at what goes on in npm.)

A good number of closed source apps are pathological attacks on both your OS and the public mind, using them is defintitely one of the less responsible things you can do.

What happened to the idea of paper? There are no concerns about privacy, and data are easily exported via photocopy.

Paper gets wet.

Some critters like to eat paper.

Paper burns.

Paper has weight.

Paper has volume.

If you leave your papers at home, you can't easily access them by logging in on someone else's papers.

Photocopying seems analogous to copying files at first, but consider the costs of photocopying something. In addition to the expensive machine, you need paper and toner...

> Paper burns.

It shreds too. This is a feature.

And bits can be zeroed just as much as paper can shred.

Bits are a hell of a lot more fickle. I can't ever know for sure what will happen to my data that thousands of companies have harvested online about me, even if I ask every one of them to delete it all.

I can't have machine learning algorithms run on my paper to target me ads, either.

Paper needs no battery.

Paper needs no network coverage (not Wi-Fi)

Weights compared:

iPhone 6 4.55 ounces

Paper notebook (example) 3 ounces

Summing up the risks of flood+fire+critters you have a fraction of the risk for "falling to ground and break screen"+theft+malfunctioning.

You'll need a pen or pencil, though.

Nobody wants to carry around paper everywhere they go.

It's very laborious to do statistical analysis on paper.

How much text can you fit on 94cm^3 of paper?

From https://compliancy-group.com/hipaa-fines-directory-year/

"The federal fines for noncompliance are based on the level of perceived negligence found within your organization at the time oft he HIPAA violation. These fines can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation. View our HIPAA fines chart below for the full HIPAA fines list."

And on the same page, according to the HIPAA Violation Penalty Tiers, the fourth and worse tier is "The covered entity acted with willful neglect and failed to make a timely correction".

I bet if these companies got sued for $50,000 per person using them who had their data leaked to facebook, it would get everyone's attention really quickly.

Please see the comment I wrote regarding HIPAA and covered entities.

Voluntarily submitting your information to an app that keeps a calendar of your period is not subject to HIPAA jurisdiction

and thats just the cynical response to make fun, so more specifically, it comes down to the company itself that releases these apps, and they are not HIPPA covered entities.

It's unfortunate that now every piece of data about us is being used in some way other than what we would naturally expect. Though we also seem to expect free applications and websites...

When writing medical software, HIPAA was an ever-present monster forcing me to consider all potential ways we'd be under a company-ending event. Once your fine totals exceed $100,000, you're required to issue a press release detailing how bad the damage is, in addition to the fines that stack for each violation (each patient's record would be considered one "violation").

I'm surprised any company keeping health information would be willing to sell that data without extensive legal protection, whether or not that data is protected explicitly under HIPAA. Seems to me like this should be treated like any other PHI breach.

What about those DNA companies that collect even more sensitive medical information - your DNA - and then straight up sell it to companies who'll use it against you (health insurance)? Why are these guys not facing billions in fines and being dissolved for egregious violations?

Edit: It seems that none of these are HIPAA violations because these companies aren't classified as medical organisations.

They wouldn't be subject to HIPAA, but they would be subject to GINA.


It's unfortunate, but as another commenter noted these applications are not subject to HIPAA.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact