Search
Content type: Long Read
Go back to the report page Methodology We looked at the top period tracking apps downloaded in the Google Play Store, some of which we had examined in our original research, and some of which are newly emerging apps that have since grown in popularity. The top period-tracking apps with the most downloads included Flo; Period Tracker by Simple Design; and apps we'd tested in our previous research that still exist such as Maya, Period Tracker by GP Apps, as well as several apps popular…
Content type: Long Read
Go back to the full report pagePeriod Tracker by Simple Design is another popular period tracking app that has over 150 million users. To begin using this app the user answers a set of three onboarding questions for about their cycle pattern. The user has the option to answer 'I'm not sure' for each question. After answering 'I'm not sure' for these three questions, we were able to proceed on the app without having to create an account. Throughout our experience inputting our cycle…
Content type: Long Read
Go back to the full report pageThe Maya app is a period tracker app by Plackal Tech based in India. In our previous investigation, we revealed Maya was sharing a plethora of user input data to Facebook. However, in response to our 2019 research, the app claimed it had since ‘removed both the Facebook core SDK and Analytics SDK from Maya’ while ‘continu[ing] to use the Facebook Ad SDK, post opt-in to our terms and conditions and privacy policy’ for revenue purposes, the latter of which 'does not…
Content type: Long Read
Go back to the full report pagePeriod Tracker by GP Apps is another popularly downloaded app we previously looked at in 2019. In our original research, we determined that this app did not appear to share any user input data with Facebook. This time, we examined the third parties that the app appeared to integrate and what kind of data was being shared with these third parties, as well as what user data the app was storing on its own or external services. It’s worth noting that the…
Content type: Long Read
Go back to the full report pageThe WomanLog app, developed by Pro Active App SIA, is a Latvia-based period tracking app with over 10 million downloads that features an 'Intelligent Assistant' chatbot (more on this below). To get started on the app, we completed a short onboarding questionnaire about which app mode we intended to use (e.g., standard) and the length of our cycle and period. Our answers to these questions were sent across the web traffic to the app developer's API:
Content type: Long Read
Go back to the full report pageWocute is a Singapore-based period tracking app with over 5 million global downloads. To get started on the app, a user first needs to complete a short onboarding questionnaire about their goal for using the app ('track my cycle'); their year of birth (which we skipped), followed by the length of their period cycle and start date of their last period (for which we selected 'I'm not sure'). These responses were all communicated to the API:
Content type: Long Read
Go back to the full report pageStardust is a New York-based astrology-themed period tracking app that has recently risen in popularity, having received a spike in downloads in the U.S. following the overturning of Roe v. Wade. According to its website, the app takes a de-identification approach to users' privacy by utilising a third party 'security system' operated by Rownd, “an authentification platform that stores your contact information for us [Stardust] so that we cannot associate your…
Content type: Long Read
Go back to the full report pageThe last app we looked at was Euki, which has been recognised among privacy advocates. The app is a U.S. non-profit privacy-by-default period tracker app founded by a group of social tech and sexual and reproductive health organisations like Digital Defense Fund and Ibis Reproductive Health. The app has recently become open-source. We ran the Euki app through the DIAAS environment to observe its web traffic as for the above apps. There were no onboarding…
Content type: Long Read
Go back to the full report pageLimitationsBefore our analysis, we note the technical limitations (and the scope of our research) meant we did not test certain features mentioned, such as Google Fit integrations offered by some apps. We also mention the limitations of our DIAS environment, which only allows us to see web (client-side) interactions, rather than server-side interactions, the latter of which are increasingly common among more advanced platforms that utilise cloud computing (e.…
Content type: Long Read
Our research has introduced questions about the right to privacy when apps have the potential to share a range of user-related data. This is a particular concern for people using apps in countries where there are restrictions on access to abortion. In the US, after the overturning of Roe v Wade, concerns around the privacy practices of period-tracking apps have been raised in states that have introduced restrictions and bans on access to abortion. It could be very possible for some period…
Content type: Long Read
“Hey [enter AI assistant name here], can you book me a table at the nearest good tapas restaurant next week, and invite everyone from the book club?” Billions of dollars are invested in companies to deliver on this. While this is a dream that their marketing departments want to sell, this is a potential nightmare in the making.Major tech companies have all announced flavours of such assistants: Amazon’s Alexa+, Google’s Gemini inspired by Project Astra, Microsoft’s Copilot AI companion and…
Content type: Long Read
On 13 March 2025, we filed a complaint against the UK government challenging their use of dangerous, disproportionate and intrusive surveillance powers to undermine the privacy and security of people all over the world. Here, we answer some key questions about the case and the recent events that led to this development.Note: This post was last updated on 13 March 2025.What’s the fuss about?A month ago, it was reported that the UK government demanded Apple Inc – maker of the iPhone, iPads, Macs…
Content type: Long Read
What happened?On 19 July 2024, American cybersecurity company CrowdStrike released an update to its CrowdStrike Falcon software that ultimately caused 8.5 million computers running Microsoft Windows to crash. The damage done was both deep and wide: deep because the computers affected were unable to recover without direct user intervention. Wide because a whole range of companies - from airlines to healthcare to media - across a whole range of countries - from Sweden to India to New Zealand -…
Content type: Long Read
IntroductionIn early October this year, Google announced its AI Overviews would now have ads. AI companies have been exploring ways to monetise their AI tools to compensate for their eye watering costs, and advertising seems to be a part of many of these plans. Microsoft have even rolled out an entire Advertising API for its AI chat tools.As AI becomes a focal point of consumer tech, the next host of the AdTech expansion regime could well be the most popular of these AI tools: AI chatbots.…
Content type: Long Read
IntroductionHarnessing new digital technology to improve people’s health is now commonplace across the world. Countries and international organisations alike are devising digital health strategies and looking to emerging technology to help solve tricky problems within healthcare. At the same time, more and more start-ups and established tech companies are bringing out new, and at times innovative, digital tools aimed at health and wellbeing.
Content type: Examples
Google has settled a case brought in 2020 by the parents of an Illinois girl who sued the company in state court alleging that it had violated two sections of the Biometric Information Privacy Act. The case also alleged that Google had violated the law by failing to obtain parental consent to collect, store, and use biometric data belonging to millions of children and had illegally harvest other data such as physical location, website histories, personal contact lists, passwords, and…
Content type: Long Read
INTRODUCTION
In recent years, major tech platforms have been rapidly evolving their business models. Despite their dominance in various markets, tech giants like Google and Meta are venturing into new territories to expand their user base. One of the most striking ventures has been their foray into the "connectivity market" through substantial, and occasionally unsuccessful, investments in network infrastructure.
Many tech companies are investing resources into network infrastructure, either…
Content type: Explainer
IntroductionThe emergence of large language models (LLMs) in late 2022 has changed people’s understanding of, and interaction with, artificial intelligence (AI). New tools and products that use, or claim to use, AI can be found for almost every purpose – they can write you a novel, pretend to be your girlfriend, help you brush your teeth, take down criminals or predict the future. But LLMs and other similar forms of generative AI create risks – not just big theoretical existential ones – but…
Content type: Long Read
IntroductionFor years PI has been documenting the market dominance and associated power of Big Tech over the digital economy, and the threats this poses to our privacy and wider rights.The digital economy is characterised by a handful of Big Tech companies that have established and maintained dominance over the digital market through opaque and exploitative practices. Big Tech exploits the data of those who use their platforms in ways which interfere with our privacy and wider rights. In…
Content type: Long Read
Table of contentsIntroductionWeighing the (potential) benefits with the risksPrivacy rights and the right to healthThe right to healthPrivacy, data-protection and health dataThe right to health in the digital contextWhy the drive for digitalImproved access to healthcarePatient empowerment and remote monitoringBut these same digital solutions carry magnified risks…More (and more connected) dataData leaks and breachesData sharing without informed consentProfiling and manipulationTools are not…
Content type: News & Analysis
Is the AI hype fading? Consumer products with AI assistant are disappointing across the board, Tech CEOs are struggling to give examples of use cases to justify spending billions into Graphics Processing Units (GPUs) and models training. Meanwhile, data protection concerns are still a far cry from having been addressed.
Yet, the believers remain. OpenAI's presentation of ChatGPT was reminiscent of the movie Her (with Scarlett Johannsen's voice even being replicated a la the movie), Google…
Content type: Examples
Foodinho, the Italian food delivery subsidiary of the Spanish company Glovo, continues to accumulate millions of euros in fines for infringements of labour law such as collecting and misusing riders' data. New research studying Glovo's app indicates that the company appears to have created its own hidden scoring system so evaluate couriers' performance, and shares personally identified riders' after-hours location with Google and other unauthorised third-party trackers.https://algorithmwatch.…
Content type: Examples
Companies like the Australian data services company Appen are part of a vast, hidden industry of low-paid workers in some of the globe's cheapest labour markets who label images, video, and text to provide the datasets used to train the algorithms that power new bots. Appen, which has 1 million contributors, includes among its clients Amazon, Microsoft, Google, and Meta. According to Grand View Research, the global data collection and labelling market was valued at $2.22 billion in 2022 and is…
Content type: Examples
Fairplay and the Center for Digital Democracy are asking the US Federal Trade Commission to investigate whether Google and YouTube are violating the Children's Online Privacy Protection Act and the terms of a 2019 settlement agreement by serving children personalised ads on videos labelled "made for kids". The two organisations, along with EPIC and Common Sense Media, believe the FTC should seek penalties topping tens of billions of dollars. In the 2019 settlement Google and YouTube were…
Content type: Examples
Chromebooks, which many schools purchased at the beginning of the pandemic because of their lower cost compared to PCs and Macs, are proving expensive as their prices rise, the cost of repairs bites, and Google's expiration policy means many models are about to become e-waste. A study from US PIRG finds that doubling the Chromebooks' lifespan could save public schools $1.8 billion. Older Macs and PCs, by contrast, can go on being used and have resale value. Article: Chromebooks expire to…
Content type: Examples
Google is working to extend the lifespan of Chromebooks by providing software updates for up to a decade. The new policy, which will begin in 2024, will ensure that no current Chromebook expires in the next two years. The expiration dates were proving expensive for schools, which were having to spend millions of dollars on replacements because unsupported Chromebooks can't be used for mandatory state testing. Article: Google extends life of ChromebooksPublication: Wall Street JournalWriter…
Content type: Examples
UK government ministers are seeking to ensure schools benefit financially from any future use of pupils’ data by large language models such as those behind ChatGPT and Google Bard. Data from the national pupil database is already available to third-party organisations. The BCS head of education recommends that the Department of Education should write a clear public benefits statement to ensure that initiatives benefit pupils as well as providing financial benefits.https://schoolsweek.co.uk/…
Content type: Examples
Human raters have played a significant role in the rapid improvement in the machine learning models that fuel modern AI. The raters evaluate the algorithmic output of search engines and AI chatbots and provide "Reinforcement Learning with Human Feedback" (RLHF) – the technical name for the deployment of such ratings to improve AI models. The efforts of these workers, who are mostly located in the global South but include thousands in the US, is downplayed by the technology companies to whom…
Content type: Examples
Delivery drivers in Jakarta use GPS-spoofing apps in order to improve their chances of selection by the Gojek delivery and transport app, an equivalent to Apple Pay, Postmates, Venmo, and Uber all in one. Gojek that operates in more than 200 cities in Indonesia, Singapore, Vietnam, and Thailand. Other grey market apps enlarge details of orders that are too small to read, automate bidding, and apply filters to open orders. Some apps are distributed via Google Play; more are sold via driver…
Content type: Long Read
IntroductionData about our health reveals some of the most sensitive, intimate - and potentially embarrassing - information about who we are. Confidentiality is, and has always been, at the very heart of medical ethics. People need to be able to trust their doctors, nurses and other healthcare providers so that they are not afraid to tell them something important about their health for fear of shame, judgement or social exclusion.It’s no surprise then that data protection regimes around…