Comment by NoTranslationL
6 days ago
If anyone is interested in a privacy focused tracking app that stores all your data locally, I make an app called Reflect [0] whose sole purpose is this, plus on-device analysis.
We’re working on a menstrual tracking feature right now and it’s pretty far along. We’ve just released an anomaly detection feature as well.
[0] https://apps.apple.com/us/app/reflect-track-anything/id64638...
The report in the OP raises valid concerns about SDKs from third parties, including Google and Facebook. Your own site showcases the Reflect SDK which is, I quote:
> The Reflect SDK is the iOS framework that powers the Reflect – Track Anything app and is designed to help you: > > Create forms to track customer product usage and experience > Collect customer biometric data [...]
Source: https://ntl.ai/products/
Let's just say I'm skeptical about your claims.
Edit: provided a more extensive quote and link to source.
This is a totally valid concern. Initially we were considering augmenting our income with a B2B model to license the library we’ve built, but that didn’t pan out and our priorities have changed, so we solely work on the apps for customers now. I actually forgot this was even on our website and, since we aren’t trying to offer those services or license anymore, I’ve removed them.
[flagged]
9 replies →
This looked promising, but the first two things I tried to record with it seemed just outside of its capabilities. I track blood pressure daily, but it didn’t seem to have a way to record a metric that has two numbers. In addition, I record the sodium and potassium values of everything I eat, and I want a way to record the name of the food item along with those two values (preferably providing a dropdown for previous entries that auto-fills the numeric parts).
Also, the nagging about buying premium was quite aggressive and it made me feel like I couldn’t even get a feel for what the app is like first.
Yeah, there is no support for “multi-dimensional” metrics. So systolic and diastolic would each have to be their own metric. Food tracking in Reflect could use some work, but if you link with Apple Health, Reflect can pull data from Cronometer or MyFitnessPal for example.
Any particular place you thought the premium was very aggressive? I’m open to changing that, it’s not the kind of feedback we normally get. Thanks for saying so
A lot of things I clicked on just led to an upsell page that wanted me to do a week trial that led to a $49 monthly, which surprised me since I hadn’t even begun to explore and only had a single metric which I’d never even recorded a datapoint for. And it seemed like I only was allowed to define a single metric, so I tried to delete it in order to create a new one, but clicking “delete” on it was apparently a premium feature as well. I gave up.
You really need to let people actually use the product with no commitment, see how it’s useful, and then bug them a month later.
Btw, I found a bug: on the page where there are three big buttons and the third is “load a csv”, the csv button isn’t clickable. Only the icon on it is.
1 reply →
Could you elaborate on which features are premium only? Or maybe also put them in the AppStore description? I tend to be averse to even downloading apps with IAP, without knowing what they are going to be.
That looks very interesting. I'm building almost the same actually: http://dailyselftrack.com/
Any reason your app is iOS only?
Reflect started as a passion project for myself and my partner with no intention to make a product out of it. By the time we thought to do so, we’d already put so much into just iOS that doing an Android version as well was its own huge project.
We still plan to implement Android, we have a roadmap where we track this: https://changemap.co/ntl/reflect/task/9239-android-version-o...
Are you going to have it be local only?
I think you would be interested in seeing what Flo has done using OHTTP: https://oblivious.network/ohttp
It won't be local-only, it will be local-first. So you won't have to put your data online if you don't want to.
That sounds like a good idea with one obvious challenge: how can you prove that data will remain private forever?
That’s a tough guarantee, ultimately you’re placing trust in the device’s security once you limit your attack surface to just local data. So that’s why we’re working on encryption with key custody. Any feature like cloud backups are explicitly opt-out by default so no one is putting their data onto someone else’s servers without knowing what they’re getting into.
Just to be clear, you’re saying cloud backups are off by default, and the user must explicitly enable them?
If so, just FYI I believe that pattern is usually referred to as “opt-in.” As in, the feature is off by default, and the user must opt in to using it.
1 reply →
(Don't take any of the below in a negative sense! It's awesome you built a privacy-first solution and care about these things, to the extent practical. Below just musings)
I assume the attack vector here is more along the lines of 23andme bankruptcy -- if developer is bought by a new corporate entity / priorities change, what guarantees exist that privacy architecture won't backslide via updates?
Users shouldn't be concerned that a minor update or corporate sale will change the bargain they made around their privacy.
Honestly, it'd be great if there were scaled third-party cloud key escrow services coupled with enforced legal guarantees.* ^
It feels like we did cloud wrong from a legal/privacy perspective by not separating keyholder from data-at-rest-holder (legal entity wise). Tenant-based encryption is basically there... just still mingling data and key ownership in the same entity.
GDPR / right to be forgotten would be trivial if there were always a third party (who enforced requirements on any first party) I could submit a request to, that would burn my keys on their side, thus rendering first-party stored data un-practically-retrievable.
(And a third party because, similar to the browser+CA system, balancing power against each other to enforce guarantees of good behavior seems effective)
* Legal guarantees like "no caching keys for longer than X" or "no unencrypted user data at rest"
^ Cloud hosting encryption keys would also solve the ugly UX edge of strong encryption around "I lost my key... help?"
5 replies →
Simple + open source + no access to network + no updates (idk about Android/iOS cross-app data sharing).
Still data can be uploaded to the cloud and will be available to cloud providers.
So there is more vectors to protect user data.
8 replies →
I was going to say operate it under a non-profit but then I laughed in Altman.
For people living in the US of Freedom, wouldn't it be good think to 'keep putting in' cycles, despite pregnancy? Should anything untoward happen later, a quick flash o' the app and "Nope, Officer, no siree. Like clockwork, me...".
Duress modes are a frequently overlooked feature in general - e.g. I don't want to just block access to my location, I want to lie about my location entirely.
I also would like “give an incorrect location” as an option. Something like that would probably never be supported by Google or Apple officially, because unlike some other privacy features, it’s actively and overtly hostile to advertisers.
13 replies →
I want this for my contact address book too. “This app would like to know all your contacts. Allow / send empty contact list / generate garbage data”
I’d also enjoy if my advertising cookies were randomly reused by people all over the globe. And I’d like my phone number and email address to get associated with dozens of other identities.
3 replies →
I don't get the downvotes. Plausible deniability is a valid concern when menstrual cycles and geolocation can lead to criminal repercussions in many states of USA [0].
Nevertheless, if I was a fertile woman, I'd be more concerned of my phone/tablet/car leaking my visits to an abortion clinic than a police officer checking my phone.
0. https://states.guttmacher.org/policies
Is this actually enforced?
1 reply →
[dead]
Are you using OHTTP? If there are cloud aspects - I think you would want to. Learn more: https://oblivious.network/ohttp
No, because we don’t have any servers. We don’t track anything about our users, not even logs or usage.
Are you affiliated with OHTTP?
What kind of "analysis" is done on the data ? We have apps like mensinator that are very simple.
I'd like to know if it is different from these simple apps ?
Note: im a guy btw
Do you mean for menstrual data specifically?
Currently for general data there is pearson correlation, five different anomaly detection algorithms, and T tests for significance among other things.
The work in progress we have for menstrual tracking takes temperature, flow, and past grund truth data into account. I know that’s vague, and it’s because my partner is working on it, not me :)
When we release the cycle tracking we’ll have a full writeup
What homomorphic encryption technology have you looked into using? this is a good use case for that technology.
I agree it could make sense one day but, as I mentioned in another thread, we don't have any servers and so we don't collect or host any user data (encrypted or not). In fact, I really don't want to; it's overhead and costly, and might involve compliance with HIPAA or GDPR, and I just would rather the user be in charge of their own data.
Having FHE for local data would be very interesting though.
Do you have a link to the Android app?
Unfortunately no android yet, but you can track progress here: https://changemap.co/ntl/reflect/task/9239-android-version-o...
I'm building an app with the same concept but web based first and converted to Android and iOS via Capacitor, for now.
It's not released yet, but if you'd like to get an e-mail notification you could take a look here: https://dailyselftrack.com/
Really neat app, thanks for sharing.
Thanx - sounds like what I need ;-)
[flagged]
Some disorders more or less require tracking to make them diagnosable and their symptoms managable (e.g. PMDD). Managing tracking with paper is ofc possible, but apps allow for reminders and gamification that help on challenging days.
Sure, I'm not saying categorically don't just that people especially in the US and other countries that are having backslides on reproductive rights should think really hard about using period tracking apps if they don't have a strong reason to like you mentioned and even in those cases consider a more deniable and private option.
1 reply →
It’s always worth pointing out there are many billions of people who live completely free of this fear of reprisals from the state/country they live in
Unfortunately, the right to abortion is under fire worldwide. I'm not just talking about the usual suspects like Russia or Islamist theocracies, but also here in Europe... Hungary and Poland being the first suspects, but Italy is also planning to restrict it [1]. And in Germany, the last government at least banned "pro-life" haunting events, but there are wide swaths especially in Bavaria where there is no doctor or clinic providing abortion at all, even in medical emergency scenarios, because church-run hospitals can and do ban it.
[1] https://www.rnd.de/politik/abtreibungsgesetz-in-italien-rech...
1 reply →
True, but for many, even “local only” apps store their data on devices managed by US-based companies. Would Apple sell your data to advertisers? - probably not. Would Apple share your data with law enforcement? - of course, and they don’t even need to tell you.
7 replies →
I can understand that. We are also working on an encryption feature that doesn’t use the default encryption primitives so people can have custody over their own keys and feel better about their data security at rest
Is that better than using the secure enclave type of default? Not everyone is an HN reader that would even know what a personal/private key pair is let alone how to properly/securely handle them.
1 reply →
I guess using FHE like from https://zama.ai you could provide server-side features without compromising privacy