back

No Body's Business But Mine, a dive into Menstruation Apps

The Not-So Secret Data Sharing Practices Of Menstruation Apps

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:52:07
Language
English
Abstract
In September 2019, Privacy International released exclusive research on the data-sharing practices of menstruation apps. Using traffic analysis, we shed lights on the shady practices of companies that shared your most intimate data with Facebook and other third parties.

In this talk we will go over the findings of this research, sharing the tools we have used and explaining why this is not just a privacy problem, but also a cybersecurity one. This talk will also be a call to action to app developers whose tools have concrete impact on the lives of their users.

Does anyone – aside from the person you had sex with – know when you last had sex? Would you like them to know if your partner used a condom or not? Would you share the date of your last period with them? Does that person know how you feel on any particular day? Do they know about your medical history? Do they know when you masturbate? Chances are this person does not exist, as there is only so much we want to share, even with our most intimate partner. Yet this is all information that menstruation apps expect their users to fill.

With all this private information you would expect those apps to uphold the highest standards when it comes to handling the data they collect. So, Privacy International set out to look at the most commonly used menstruation apps to find out if that was the case. Using traffic analysis, we wanted to see if those apps were sharing data with third parties and Facebook in particular, through the Facebook SDK.

Our research shed light on the horrific practices of some menstruation apps that shared their users’ most intimate data – about their sexual life, their health and lifestyle – with Facebook and others.

In this talk, we will take you through the research we have conducted by using Privacy International’s publicly available and free testing environment. We will briefly explain how the testing environment work and we will showcase the menstruation apps that have the most problematic practices to show you how very granular and intimate data is shared with third parties and security implications.

Talk ID
10693
Event:
36c3
Day
3
Room
Clarke
Start
6:50 p.m.
Duration
01:00:00
Track
Ethics, Society & Politics
Type of
lecture
Speaker
Christopher Weatherhead
Eva Blum-Dumontet
Talk Slug & media link
36c3-10693-no_body_s_business_but_mine_a_dive_into_menstruation_apps

Talk & Speaker speed statistics

Very rough underestimation:
149.2 wpm
824.4 spm
While speaker(s) speak(s):
145.1 wpm
808.5 spm
142.4 wpm
798.1 spm
155.0 wpm
846.8 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
149.2 wpm
824.4 spm
dataappsfacebookappmenstruationchrissharedevahealthusersquestiontalkprivacycompaniesbitsharingpeoplemicthingtermsexampleinterestingpregnantgdprsdkuhtrackersliterallybasedyearproblemperiodsensitivemayamicrophonepersondevelopersthingscompanyandroidlookedsortcollectcollectedhappening1masturbationenterpopularpoint
While speakers speak:
145.1 wpm
808.5 spm
dataappsfacebookappmenstruationsharedtalkinterestingchrisprivacylookedtrackersevamayausersthingtermspregnantperiodbithealthsortsharingclevertapyearenteredbasedliterallyentersensitivesexpeoplemasturbationpersonpopularexamplecompanygdprsdkshareindiamiapolicyextracollectingpersonalresponseprojectpartieseuropean
Eva Blum-Dumontet:
142.4 wpm
798.1 spm
dataappsfacebookmenstruationappsharedpregnantinterestingthingtermssortusershealthmayaprivacysexmasturbationenterliterallyenteredbasedpersonchrissensitivetalkexamplegdprextrapersonalpeoplepolicymiacompanyclevertapevaperiodcyclecollectingshowingquestionsunprotectedhabitscalledreasonstepsunderstandresponseappsflyersharelooked
Christopher Weatherhead:
155.0 wpm
846.8 spm
appstrackersdatafacebookyeartalkevabitprojectapplookedmenstruationperiodpopularchrisstartedandroidsdkworksharingniceccccontextthoughtpreviousdisablingpeopleclevertapprivacyhundredsdownloadsi'ddevelopers'thirdpartiesserverindiaeuropelargenumberpi'sinterceptionreleaseforgotintroduceterriblespeakinghabitchristopherweatherhead..