Flo released an "Anonymous Mode" on Wednesday, which allows people to use the app without linking their data to their name, email address, or internet protocol address.
The company hopes the new feature will set a new standard for privacy protections in health apps. The reproductive justice advocates raised the alarm over the use of sensitive data collected by period tracking apps in prosecuting abortion seekers.
According to Roman Bugaev, chief technology officer at Flo, the world is not designed for privacy. The internet needs to be reexamined with this in mind.
It's not designed for privacy.
Users of period tracking apps were concerned that the data trail from those apps could be used against people suspected of having an abortion after the Supreme Court decision. This kind of data request is not the main way law enforcement will pursue reproductive health cases, but the result was still a new sensitivity towards data collection for any product related to reproductive health. When the decision was leaked, most cycle tracking apps said they wouldn't change their policies.
Flo, which has 40 million monthly users, has stumbled publicly in its handling of user data because period and cycle tracking apps don't have great privacy protections. It settled with the FTC over allegations that it shared health information with outside companies after promising users it wouldn't.
Bugaev says the team learned a lot about privacy and user trust. We decided to double down on this.
Flo started talking to people who were worried about using cycle trackers because of the Supreme Court's plan to overturn the abortion law. The vice president of product at Flo said that they were worried about the consequences of using Flo. We knew we had a user problem and they wanted us to fix it.
In June, the decision was released. Twelve states have banned most abortions since then, and the bans are working their way through the courts in other states. New protections for abortion rights have been put in place in some states.
When the case was decided, Flo quickly developed the feature. It wasn't easy to solve the issue by just removing users' contact information. The strength of an app like Flo is in the insights it can give to a user by finding patterns in many different data points, and sending that data over the internet from a phone to Flo's cloud server.
Flo worked with Cloudflare to implement an emerging web standard known as "Oblivious HTTP." A relay service can be used to transfer data between an app user and Flo's server. Flo can see what the data contains but she won't know where it came from.
It is possible for users to still have a personalized experience and insight based on the data that they provide but, at the end of the day, that data cannot be tracked back to them.
Bugaev says that the team won't be able to see how many people use the feature. They will be able to get a general estimate, and they expect it to be in the millions.
Flo users who choose the anonymous mode will lose some features. They are not able to use the paid version of the app. They can't use a device that's Wearable If their phone is broken or stolen, they can't transfer their data to a new phone. Bugaev says that the team had to make tradeoffs because of the challenges in building a truly anonymous product.
Flo hopes the mode will inspire other groups to build similar systems that put anonymity at the forefront. Bugaev thinks we should work on some of the issues. It is very difficult to move the entire industry.