Your Menstrual App Is Probably Selling Data About Your Body

Chupadados, a feminist online cyber-security guide, is designed to answer exactly those kinds of questions in order to arm consumers—particularly women—with the information they need to safely navigate the growing world of Big Data, in which the dominant business model is to scrape information about users from profiles, private messages, and tracked browsing habits, to sell to advertisers. In a survey of four popular menstrual apps the Brazil-based team of activists, writers, and technologists behind the project found that most rely on the production and analysis of data for financial sustainability. In other words, they make money off information about users' bodies and habits gathered from their profiles on and interactions with the app.

And for many of these apps, the guide notes, users aren’t just tracking their periods and ovulation: “Monitoring your cycle using a menstruapp means telling the app regularly if you went out, drank, smoked, took medication, got horny, had sex, had an orgasm and in what position, what your poop looked like, if you slept well, if your skin is clear, how you feel, and if your vaginal discharge is green, has a strong odor or looks like cottage cheese.” In addition, depending on your privacy settings, the app may also know things like your location and browsing history.

As is the case with Facebook and many other apps and social networking sites these days, that data is then used to create consumer profiles for use in targeted ads. And because everyone knows that no one actually reads the terms of service before clicking “I Agree,” the Chupadados team lays out the need-to-know info in each. Glow, which has over 3 million users, the guide notes, builds-in the ability to share data with third parties, use data to inform users about products, keep data even after users have deleted the app, allow companies that have contracted Glow for targeted advertising to use embedded cookies to learn about its users, and in only some cases make that data anonymous.

The most trustworthy app included in the survey was Clue, an ad-free and (optionally) password-protected period and ovulation tracking app that does not require users to create an account, meaning that data can be stored on the user's device rather than the app's servers. If users do decide to create an account, personal information is encrypted and stored separately from health information, and they can request that their information be deleted form the servers at any time.

Some people may say, So what? Perhaps it feels worth it to be advertised to in exchange for a free service. But for Joana Varon, the lead creator of Chupadados, data privacy is a crucial component of contemporary feminism. And she’s committed to combatting the fact that, while users mostly do technically consent to sharing intimate data, they often aren’t fully aware of what they’re getting into (such as when Grindr users didn't realize the app was sharing their HIV status), and companies often end up breaking terms of services anyways, either intentionally or through leaks.

Varon, who’s based in Brazil, has been working in digital rights for over a decade. After Wikileaks emerged, she decided to start giving digital security trainings and found that most of the people who showed up to the open calls were women. “It was much easier to start the conversation about safe space and protection with them because we are used to discussing that in the feminist agenda, too,” Varon says. “And the feminist discourse also talks a lot about consent, which the data protection framework is based in. When we know that consent has been abused, not properly informed, or not continuous, all those issues are feminist issues, no?”

In 2016, Varon started Coding Rights, a women-led coalition of digital activists, artists, and technologists that create projects intended to translate cyber security practices and human rights issues related to technology into easily digestible content as well as create tools that help people be safer and more informed online—all with a focus on gender. “I wanted to open up space for [women] to collaborate, think together, reframe the issues from a female perspective,” says Varon. “I do believe that we look at things differently.”

Coding Rights’ first project was a zine on how to safely take nudes, aimed to combat the dominant condescending rhetoric that in order to be safe online, women should simply refrain from taking naked selfies. Since, with the help of a Mozilla Media Fellowship, they’ve moved on to bigger and bigger projects, including Chupadados.

The website, which was first launched in Portuguese and Spanish and was translated to English in late 2017, focuses on explaining the corporate practices of Big Data through accessible examples that affect our everyday lives. The site even has an evil mascot, the Datasucker (or Chupadados) to help illustrate our relationship with tech and data. “The Datasucker's obscure intelligence realized that every search, click, like, share and even how long our mouse hovers over a specific image are information to be monetized,” the site’s “about” page reads. “As a result, the Datasucker’s logic possesses a significant amount of our technological devices, and we feed him on our own cost without even noticing.”

The site is broken up into three sections of journalistic pieces and inforgraphics: Body, Pocket, and City—which a fourth, Home, coming soon. Along with the menstruation app breakdown, Pocket contains an “STD(ata)” piece about data transmission on dating apps, which looks at four of the most popular dating apps—Tinder, Grindr, Happn, and OKCupid—and tells you, according to each app’s terms of services, what information the app collects and who it has permission to share it with. It also notes that, in many cases in the past, dating apps have leaked sensitive information that they don’t have permission to share.

Aside from privacy, Varon and the rest of the team behind Chupadados are also interested in the ways that Big Data and targeted advertising feed off of and perpetuate harmful race and gender stereotypes. In a piece for the Pocket section, for instance, Varon had a friend monitor which ads she received on Facebook throughout her pregnancy. The woman found that, while she once received ads related to politics and technology, as soon as she was pregnant (and before she had even told her family) she began exclusively receiving ads revolving around pregnancy and motherhood. After giving birth, she began receiving ads about how to get her body back in shape and how to get her husband to be attracted to her again.

In the case of menstruation apps, Varon noted that the majority use the narrative of motherhood and fertility. She’s interested in questions like: Would that be the case if the app was made by women coming from a feminist perspective? “Maybe it wouldn’t be so focused on pregnancy as the role of women in society. Maybe it would say, ‘Oh, you’re so stressed today, have a drink, or have sex!’”

Recently, Coding Rights started expanding the Chupadados project with “Safer Sisters,” a series of super simple cyber security guides in the forms of sharable GIFS. Three have been published so far, and they plan to publish a new one every Monday.

“Privacy and data protection are some of the core components for freedom of expression, democracy, reproductive rights, and gender equality,” says Varon. “There’s a need to communicate that to people and show why it’s important.”

Correction: Information about Clue's privacy policy have been updated in this version.