惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
D
DataBreaches.Net
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
V
Visual Studio Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
Recent Announcements
Recent Announcements
The Register - Security
The Register - Security
S
Secure Thoughts
Y
Y Combinator Blog
The Last Watchdog
The Last Watchdog
L
LINUX DO - 最新话题
V2EX - 技术
V2EX - 技术
腾讯CDC
GbyAI
GbyAI
G
Google Developers Blog
博客园 - 司徒正美
博客园 - 三生石上(FineUI控件)
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
Schneier on Security
Schneier on Security
Microsoft Security Blog
Microsoft Security Blog
Jina AI
Jina AI
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏
MyScale Blog
MyScale Blog
Help Net Security
Help Net Security
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
AI
AI
MongoDB | Blog
MongoDB | Blog
Scott Helme
Scott Helme
J
Java Code Geeks
Engineering at Meta
Engineering at Meta
H
Heimdal Security Blog
H
Help Net Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
S
Security Affairs
TaoSecurity Blog
TaoSecurity Blog
The GitHub Blog
The GitHub Blog
Hacker News: Ask HN
Hacker News: Ask HN
Martin Fowler
Martin Fowler
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Last Week in AI
Last Week in AI

Hacker News

Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Retrofitting JIT Compilers into C Interpreters IPv6 – Google The Accursèd Alphabetical Clock Cybersecurity Looks Like Proof of Work Now Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent When moving fast, talking is the first thing to break Too much Discussion of the XOR swap trick – Heather Cafe Introduction to Spherical Harmonics for Graphics Programmers The Grand Line Building a Z-Machine in the worst possible language High-Level Rust: Getting 80% of the Benefits with 20% of the Pain GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The air throughout our homes is infused with microplastics. But there are things you can do to breathe less of them The disturbing white paper Red Hat is trying to erase from the internet – OSnews The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong Artemis II crew splashes down near San Diego after historic moon mission We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Cooperative Vectors Introduction | Evolve Keeping a Postgres queue healthy — PlanetScale Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? The Zettelkasten Method in Obsidian: A Practical Setup Guide Artemis II Is Competency Porn and We Are Starving For It WeakC4 Flight Viz — Cockpit View A Mexican surveillance giant you’ve never heard of is now watching the U.S. border Surelock: Deadlock-Free Mutexes for Rust RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu The Problem That Built an Industry How Much Linear Memory Access Is Enough? | Solidean Investigating Split Locks on x86-64 Simplest hash functions Sybilproof reputation mechanisms (2005) [pdf] What is a property? How Complex is my Code? Static code analysis in Kotlin — tools overview Toffoli gates are all you need PGLite evangelism dcmake: a new CMake debugger UI Clojure on Fennel part one: Persistent Data Structures Fragments: April 2 Python Release Python install manager 26.1 The Life and Death of the Book Review - Liberties Introducing Database Traffic Control — PlanetScale Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Building slogbox Apple Silicon and Virtual Machines: Beating the 2 VM Limit Who was “Not Even Wrong” first? Pokemon Evolution Vs Darwinian Evolution The APL Programming Language Source Code
Your period tracking app has been yapping about your flow to Meta
campuscodi · 2026-04-28 · via Hacker News

A few years back, I had a running joke with the guy I was seeing about adding him to my period tracker. Being a women’s health expert, I enjoy weaving nerdy anecdotes about cycles and attraction and desires into my flirtations and marveling at my own wit and woo-woo mastery of my cyclical body. This ruse seemed like a harmless jab at my digitally tracked self-awareness – a very late millennial feminist living in the Bay Area version of coquetry.

It maybe wasn’t all that harmless, after all.

Turns out, the matter of sharing the data around my cycle, and potentially the even more private information about my intimate experiences, wasn’t as much of a matter of choice as I might have expected. Worse, it might have been used to sell me stretchmark creme or dental dams.

I legit went through the trouble of creating this eggplant emoji calendar in order to flirt. Is this too much? Comment below 😭.

Caught bloody handed

That period tracking app, Flo, has been found liable in connection with selling user data to Meta all the while promising their users they were protecting their privacy. The class action suit had 13 million Flo users included as plaintiffs, which is a sizeable chunk of pissed off users amongst their reported 75 million-strong user base.

Those lawsuits against Meta and Flo, first filed in 2021 with more in the US and Canada, reveal a bigger issue in non-medical health tracking software – there’s too much gray area around consent when it comes to selling your health information to advertisers.

What’s important about the legal precedent being set is in highlighting how the current guidelines around health data privacy (like HIPAA) are woefully lagging behind the health tracking tech already available directly to users. It raises a number of critical questions:

  • What does this legal vagueness mean for how we choose to self monitor our biological markers?

  • In a post-Dobbs environment, how do concerns around digital privacy impact our consumer choices in sexual health and period tracking apps?

  • Why is it still up to the consumer to run safety checks when it should be the role of product teams and healthtech brands to build less creepy tech?

  • Do we really need to be tracking every possible symptom and mood and cramp and letting private tech companies decide what to do with that data?

Feeling “creamy” today? Great, we’ll let Mark Zuckerberg know.

Joking about the consistency of my ovulation was already a bridge too far and a line I opted not to venture to cross with said beau. I certainly wouldn’t have willingly announced to anyone parsing through data at Meta if I had masturbated or had unprotected sex on any given day. The Flo app might have made that decision for me, though.

Screenshot from push-prompted Flo check-in.

For all my mental back and forths about whether or not to actually send a partner my cycle calendar, Flo might have been sending the intimate details of our sexual encounters to a bunch of tech bros behind my back. Turns out, Flo had embedded a secret “eavesdropping” tool which passed along information like menstruation cycle, ovulation, and if a user was trying to get pregnant to Meta, even while explicitly claiming not to in their privacy policy.

As slippery as an ovulation flow, Flo was telling us our private data was safely hidden from prying eyes. The guilty verdict in the August 2025 Frasco v. Flo lawsuit proved otherwise:

“Flo, through the Flo App, unlawfully shared users’ sensitive health data – including menstrual cycle, ovulation, and pregnancy-related information – with third parties such as Meta, Google, and Flurry for their own commercial use (Burr & Forman, 2025).”

The jury found Meta liable for collecting sensitive reproductive health data and using it for its own gain. The other parties listed settled out of court, which means their involvement in the breach gets to stay more private than the health data of Flo users between 2016 and 2019.

Nothing feminism needs more nowadays than a bit more irony, right?

This wasn’t a hack. It was a design decision.

It’s important to call out that these third-party platforms didn’t hack into the Flo app. The folks in charge of making privacy decisions at Flo handed them our sensitive data on a silver platter. It was simple track-and-sell data sharing and we maybe should have seen it coming.

I’ve written before about how ‘pinkwashing’ femtech can disguise a whole host of unethical product decisions. Prior to heading for greener and more private pastures with my period tracking app selection, Flo was already starting to give me the ick. The UX design was getting more convoluted, more cluttered, more cartoonish with every update.

Quickly, the Flo home screen was becoming more bloated than a late-luteal phase tummy. Opening the app to log whether I had spotted a bit that morning or had insomnia or tender breasts was like navigating a minefield of tired femme designs and redundant reminders to meditate.

With each update, the home display presented me with the option for ever growing opportunities for negative symptom reporting. Without any differentiation in hierarchy, everything seemed flatly pathological. The symptoms were pushed more and more to the front and advice popped out at every turn, essentially burying the actual cycle tracker.

In the context of the Flo-Meta filings, this makes sense – focusing on the “problems” of periods can help drive sales of items purporting to alleviate symptoms. There isn’t much to monetize from a simple period calendar, is there? It’s dystopian to realize the emphasis on symptomology was helping to drive advertising on sites even more recently found liable for personal harm on par with tobacco companies.

At the end of the day, no amount of pinkwashed ‘empowerment’ or ‘evolved’ mentions of sex toys and self pleasure can cover up who benefitted* from these design choices.

The gap between HIPAA and ‘wellness’ is where consent goes to die

Flo changed its privacy policy a whopping 13 times in the three years relevant to the legal claims (2016-2019). These lawsuits show that all those edits did nothing to make the consent users might have thought they were giving real in any meaningful way.

Lawsuits like the Flo-Meta lawsuits are notable in that they are helping to build a foundation of legal precedent within the gray zone of non-HIPAA compliant wellness tech. Much of health tech, which includes a lot of reproductive health tech currently on the market, isn’t explicitly clinical or directly tied to communications with a healthcare provider.

Which means, you can be logging some deep information about the functions of your body and given automated advice on making adjustments to potentially improve these bodily functions, and in all likelihood, it manages to not fall under the protection of current health and privacy laws. This means that it is at the discretion of the apps themselves to create the policies around what data to share or sell or report to government agencies themselves.

They also have pretty broad discretion in the designs around consent they are willing and able to offer users. The design decisions and consent frameworks in-product can be guided by best-practices, but those choices are still largely driven by the opinions within product teams. This is how sloppy consent patterns continue to get shipped out to users, even when the product might deal in incredibly sensitive data collection.

It wasn’t like some cyber criminal was holding Flo ransom, these were embedded legal, design, engineering, and sales positions that got through a chain of employees that ultimately threw users under the bus for profit.

It’s hard to track down exact information on the number of staff employed by Flo from 2016-2019 and who was directly responsible for these choices. By most accounts, it was a lean operation – probably around 350 employees at any given time in those years. That’s a pretty small group of folks making potentially monumental decisions about how highly sensitive health data got collected, stored, and shared in addition to how those processes and policies were communicated to their millions of users worldwide.

If we’re left to our own devices, who will protect us?

It seems like we can’t just necessarily leave it up to companies – or their ragtag teams of crackpot lawyers rewriting privacy policies every few months – to keep our private data private. I guess we’re left needing to hurt Mark Zuckerberg’s feelings every now and again in order to just use our vibrators in peace.

The law is slow to catch up, even more so when it comes to regulating tech. This makes me nervous when considering the rush to increase the collection of data around women’s health in an effort to close the data gap. This is a worthy aim, but how much trust can we really place in private companies operating outside of clinically guided structures?

This is even before we factor in the increased use of generative AI in populating health advice within apps which seem to intentionally circumvent the healthcare space and thus not have to be compliant with the user protections under that categorical umbrella. There is such a thing as too much data, though try telling that to a PM trying to make his KPIs. If the data comes from unmanaged flows, the collection methods prioritized for third-party ad sales, and done without the direct consent of users, how much can we even rely on the derivative generative outputs? Is this the standard we want to set for collecting women’s health data? Is it worth all the costs?

Personally, this reeks of moving fast and breaking things to me. Flo definitely broke my trust, along with at least 13 million former Flo users. With (reportedly) over a third of US women utilizing period tracking apps and a similar rate of use amongst women in the EU, there’s a significant market to capture here. Unlike in 2016 when Flo was one of few players on the field, there are hundreds of cycle tracking apps for savvy users to select from today, not to mention the increasing availability of built-in cycle trackers within other health apps and wearables.

Though Flo remains one of the top downloaded of the bunch, for many of us, it’s a matter of once burned, twice shy. Personally, I’m a big fan of WildAI, which doesn’t bother to ask me if I’ve rubbed one out and therefore has no interest in telling a tech behemoth a whole lot more than if I bothered to note if I was thirsty and horny and hungry on the same day. You and Mark can guess how much space those notes take up on my cycle calendar all on your own. I prefer it that way, and Flo should too.

*Let’s just take a moment, by the way, to reflect on how the dev dudes setting up personalized ad gating at Google might have been tracking the sex toy use and prevalence of anal sex amongst Flo users so they might drive up pay per click (PPC) rates across your apps. Obviously, this is feminism at its finest.

**It might be worth arguing if in a post-Dobbs world and in countries with wishy-washy digital privacy standards that maybe meticulously logging sexy self-play might not have the potential health benefits worth the risk having it wind up in the hands of such loose-lipped data brokers. It’s bad enough we have to worry about the privacy violations of the vibrators themselves. Maybe “dumb” dildos are the better option these days, actually. We’ll have to get to that in another post.

Share The Femtech Design Desk

Leave a comment