Meta used Flo menstruation app data to sell ads, jury finds A jury has unanimously found Meta guilty of violating the California Invasion of Privacy Act by using data from menstruation and fertility app Flo to sell advertising to the social network. "This is a landmark moment in the effort to safeguard digital privacy rights," said Michael Canty, lead trial attorney at Labaton Keller …
An app to track menstruation can be VERY useful to women though. If you're afraid of all the possible abuses you would never use any useful apps that involve sharing sensitive information. Hell you wouldn't carry a phone with you at all - by doing so you're either trusting that Apple or Google won't abuse the ability to track you everywhere you go, or you believe they will and you've resigned yourself to letting them.
And yes I'm aware there are some luddites out there rocking flip phones thinking that keeps them safe. That may keep them safe from Apple and Google (unless that flip phone is running some really cut down Android) but the cell companies can still track them unless they're only putting the battery in when they need to make a call.
My wife uses a calendar. Like an actual paper one. One tiny little "p" on a particular day. The calendar is also used to track appointments and other events. As it's in the kitchen, it's usable by the whole family, but not accessible by anyone else.
A shared calendar with proper security.
Website glitches scattered my comments this morning...
The short story is that a well made tracking app will also be able to track patterns, pattern changes, and warn about potential health issues such changes might be an early indication of. It goes well beyond a calendar, and snarky advice on what the users of these apps should do only derails the subject.
don't feed the beast
If the user does due diligence and the company says explicitly that they don't do something but then do, I'm not sure what else you expect a user to do
It's an important health app (rather than frivolous selfies) that outright stole health data, it's pretty crap of you if you're blaming the victims here
I don't think it applies.
I'm assuming the original poster uses banking apps because they promise not to send his data to Zuck, as do most of us. I'd also imagine if their banking app of choice was found leaking data about your balances and purchases to advertisers they'd be rightfully incredulous that their promises of privacy were broken.
The only difference here being it happened to a menstruation app and therefore women, eh? amirightlads? etc
My credit card company "helpfully" auto-linked my rewards with Amazon - allowing Amazon to see the current rewards balance. As the card gives 1% reward per purchase, and 1% on payment, it would be trivial to monitor the balance and make a list of the size of every transaction; as the big ones would be payments, they could tell when I pay off the card and whether I'm getting further into debt.
But the CC co. wasn't interested in hearing the privacy implications of this.
There is only one proper fix to this mess - ban tracking for real, which will kill targeted advertising. Which is fine.
It's doubtful whether it's any good at expanding markets. The only thing it's good for is to get product sellers to have to bid against each other in rigged auctions, held by a handful of brokers, in order to get slightly ahead of their competitors. That's all money that could be better spent on improving their products; hell, even just giving out dividends would be better than that.
The legal framework is nearly already there. Just say that everything a browser sends to a server, including the fact that a request was sent, is PII under the GDPR. Then enforce it. Problem solved.
Your comment reminded me of a short clip from Tornado, a sketch-based Swedish comedy show from the 1990s. The link between each sketch was an Olympic torch bearer running from place to place, passing by random situations on his run. The camera kept panning with the runner and it'd simply come to a halt when he ran past the next skit. One of the tableaus he ran past was a political demonstration held by people in full business attire. One of the placards they had proudly stated "WE ECONOMISTS DEMAND THAT WE ECONOMISTS ARE NECESSARY" (sic! - it's a clunky sentence in Swedish too - "VI EKONOMER KRÄVER ATT VI EKONOMER BEHÖVS"). Not-so-subtle satire, I'm sure; as this was in the wake of one of the larger privatization rushes in Sweden.
(Icon for protests, generally.)
Oh, they are good at selling stuff too¹, but it's a red queen's race. Consider this.
Targeted ads will be shown to people who are already generally interested in a Gizmo anyway (because that's what targeted ads do). This means they are not very effective at expanding the market for Gizmos.
What they are extremely effective at, though, is making those people buy an Ecorp Gizmo instead of an Acme Gizmo. Acme Gizmo Company can't counter this by buying generalist ads, because the new Gizmo buyers this creates would be eventually hoovered up by Ecorp Gizmo Company anyway via targeted ads. No, the only thing Acme Gizmo Company can do is... buy more targeted ads, to claw back Gizmo buyers from Ecorp.
In all of this, the only one who is actually making more money is the ad broker.
On the other side of the equation, you have the Content Creators. They produce Eyeballs. But because they each only control their own website, they cannot do tracking, and therefore cannot do targeted advertising. So they can either sell their Eyeballs to general ad companies, which don't get very much money because all the ad money goes to targeted ads, and therefore won't pay very much for the Eyeballs, or they can install tracking and sell Eyeballs to the ad brokers.
And there are like maybe three of them in total, so they can set their own price.
You see now where the problem is. Tracking and targeted advertising need to be killed with fire. The relationships between content creators, consumers, ad companies, and product makers, need to become very-many-to-very-many again. It will just be good for everyone - Product makers, Content makers, consumers and non-oligarchy ad companies.
It won't be good for ad brokers, of course. Fuck 'em.
[Now feel free to add the privacy argument on top of all of the above.]
--
¹I make an effort to elude trackers and I purposefully avoid products that I see in obviously targeted ads. But there will never be enough people behaving like me to make a difference.
There's another good reason to kill targeted advertising: it can be used to launder bigotry.
Everyone who looks at an advertisement on a billboard, in a newspaper or on broadcast TV sees the same advertisement. This is something we take for granted. (See, that psychology experiment with a Smarties tube and a pencil.)
But on social media, or any Internet site where users have individual logins, the potential exists to subvert this expectation by displaying different advertisements to different users.
When Ron the Racist logs into his local "Spotted in the Neighbourhood" page on Facebook and sees adverts where people are openly using the P-word, right next to posts from people whom he would have expected would protest about it and they are saying nothing. He assumes their silence is because they deem it acceptable, because he simply can't deal with the idea that they never even saw those racist advertisements. It goes against all his experience of billboards, newspapers and broadcast TV. And if he ever watched the 1998 movie The Truman Show, he might even have formed the impression that it would be extraordinarily difficult to present someone with a carefully curated but false impression of reality.
There are other forms of psychological warfare that could be waged using the same technique.
This post has been deleted by its author
This post has been deleted by its author
I only recently learned of a cool setting in iPhones for examining app traffic to figure out what app sent it what.
Settings,
Privacy & Security
scroll way way down to...
App Privacy Report
make sure it's on, then after been one for at least hours...
In the report section click an app, like Paramount+, which communicated with 96 (yes, ninety-six) urls with mostly different domains, all ranked by activity.
A different app showed communication with meta even though the user hadn't signed in with facebook credentials.
Scroll down further to see Most Contacted Domains and tap Show All.
A firewall blocked an iPhone user's transmission to a weird domain flagged as virus activity. With the iPhone's IP and figured out whose iPhone it was, then looking through the iPhone setting described here, I saw activity for that domain, then tapped that domain and saw the app that communicated with it. Busted. Deleted. Rebooted.
Summary: the setting shows app-to-domain and domain-to-app history. Great for forensics.
Enjoy.
For Android, try NetGuard. It's a no-root firewall that pretends to be a VPN to intercept and block traffic by domain name. It's shocking just how many different domains any given app talks to - and Meta/Facebook is almost always one of them, even when there's no option to log in with Facebook credentials.
There's offline tracking apps (e.g. Track & Graph on Android), has your basic but versatile plotting and recording of arbitrary data.
As was noted in first class of cryptanalysis, if you don't want it out there, don't share it.
There's also a deceptive misunderstanding of what T&C actually do, it's a bit of wording that may or may not be used by lawyers if something eventually gets to court, but has limited potential for redress as it can never supersede legislation, and is usually calculated in price of doing business anyway.
It's not as if the decision makers who authorized the leakage and got the bonus, will now be asked to return that.
This is the equivalent of going around a city, looking in people's bins for used menstrual products; then breaking into their homes, reading their diaries and compiling dossiers on them.
So why are we treating these people any more leniently than the kind of pervert who would do that?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
