The post-Roe data privacy nightmare is way bigger than period tracking apps

Since the Supreme Court’s draft decision overturning Roe v. Wade leaked, influencers, activists and privacy advocates have urged users to delete period-tracking apps from their devices and remove their information from associated services. With abortion now outlawed in several states, data from such apps could be used in criminal investigations against abortion seekers, and a missed period — or even simply an unlogged one — could be used as evidence of a crime.

These services, like many “wellness” apps, are not bound by HIPAA, and many have long histories of shady practices resulting in fines and regulatory scrutiny. Mistrust in them is well-founded. However, calls to delete period tracking or fertility apps are obscuring what privacy experts say is a much larger issue.

“Period tracking apps are the canary in the coal mine in terms of our data privacy,” says Lia Holland, campaigns and communications director for Fight for the Future, an advocacy group focused on digital rights. While submitting data to a cycle tracking app could lead to being “outed by your phone,” they said, there are numerous other ways actionable data could make its way to law enforcement. “That outing […] could just as easily happen because of some game you installed that is tracking your location to a Planned Parenthood clinic.”

India McKinney, director of federal affairs for the Electronic Frontier Foundation, offered similar words of warning about commonplace and seemingly innocuous online activities. “Search history, browser history, content of communication, social media, financial transactions [..] all of this stuff is not necessarily related to period trackers but could be of interest to law enforcement.”

This isn’t an abstract problem either: Before the constitutional right to an abortion was overturned, there were already cases where pregnant women had their search histories and text messages used against them after their pregnancies ended.

In one widely cited case, a woman in Mississippi who had a stillbirth at home was charged with murder because she had searched for abortion pills online. (The charges were eventually dropped.) In another case, an Indiana woman was sentenced to 20 years in prison for feticide after prosecutors cited her text messages as evidence her miscarriage had been a self-induced abortion. “Prosecutors argued that she’d taken abortion-inducing drugs purchased online, which is illegal in the United States, but police could not find evidence, beyond text messages discussing it, that the drugs were purchased,” according toThe Cut. Her conviction was ultimately overturned but only after she spent three years in prison.

There are other, more insidious ways people seeking abortions can be tracked online. A recent investigation from Reveal and The Markup found that Facebook’s advertising tools — which siphon data from vast swaths of the web, including some hospitals — were used by anti-abortion groups to keep tabs on people seeking abortion services, despite Meta’s rules against collecting such data. Data collected by the groups was also shared with separate anti-abortion marketing firms, which could allow them to target ads to “abortion-minded women,” according to the report. Experts who spoke to Reveal noted that the same data could easily be turned over to law enforcement.

Merely visiting a physical location could be enough to put someone at risk. Data brokers already track and sell location data related to abortion clinic visits. Last month, Motherboardreported that one data broker, SafeGraph, was selling a week’s worth of location data for Planned Parenthood and other clinic locations that included “where groups of people visiting the locations came from, how long they stayed there, and where they then went afterwards,” for as little as $160. The source of those datasets showing visits to reproductive health clinics? “Ordinary apps installed on peoples’ phones.”

After the report, SafeGraph said it would stop selling datasets related to locations of family planning centers. But that doesn’t mean the apps on your phone stopped tracking where you’re going. And SafeGraph is just one of many companies in the shadowy and mostly unregulated multibillion-dollar data broker industry.

“Most people don’t know the apps on their phone are doing this,” says Holland. “And in fact, a lot of developers who build these apps — because they use these very easy-to-use preset tools that have that blackbox surveillance hidden within them — don’t even know that their own apps are endangering abortion patients.”

Concern about this sort of broad location-tracking led lawmakers to urge Google to change its data collection practices for the protection of people seeking reproductive healthcare. They cited the now-common practice of geofence warrants, which are “orders demanding data about everyone who was near a particular location at a given time.” Last month they cautioned that if Roe were to be overturned “it is inevitable that right-wing prosecutors will obtain legal warrants to hunt down, prosecute and jail women for obtaining critical reproductive health care.” Despite the urgency around data collection practices for tech companies — and what new legal obligations they might now have to turn that data over to law enforcement — the industry’s largest companies have thus far remained silent.

So while concerns about period tracking apps are valid, they are only a small piece of a much larger problem. And deleting the services from your phone won’t be enough, on its own, to ensure your personal data can’t be used against you. But though users may be badly outmatched by a vast and largely unregulated industry, they aren’t entirely helpless.

Holland and McKinney pointed to the importance of protecting your private messages and browsing history, via encrypted messaging apps and privacy-protecting browsers. When it comes to menstrual tracking apps, Holland recommends looking for apps that only store data locally, not in the cloud. And if you’re visiting a place where you don’t want your phone to track you, the safest option is to simply leave your phone at home, says McKinney. “Your phone is tracking you so leave it at home if you don’t want it to know where you go.”

Ultimately, though, both Holland and McKinney agree the onus of privacy should not fall on the individual. Lawmakers need to enact privacy legislation that curtails around what kind of data apps can collect. “Right now, there’s not a whole lot of restrictions on what companies can do with people’s data,” says McKinney. “We really do need legislation to fix a lot of the stuff on the back end, and not make it so that [I] have to do research to figure out what are the best privacy practices that I need to undertake before I deal with a particularly stressful situation in my life.”

Solo Stove’s fire pits are up to 45 percent off for July 4th

If you missed Solo Stove’s Memorial Day sale, you have another chance to pick up one of the fire pits for less ahead of the July 4th holiday. Solo Stove has knocked up to 45 percent off fire pits again, so you can grab the Ranger for $200, the Bonfire for $220 and the Yukon for $400. These are some of the best prices we’ve seen on Solo Stove’s devices, and if you want to get all of the things you’ll need to use the fire pit in your backyard, a number of bundles have also been discounted, too.

Shop Solo Stove July 4th saleBuy Ranger at Solo Stove – $200Buy Bonfire at Solo Stove – $220Buy Yukon at Solo Stove – $400

We’ve recommended Solo Stove fire pits a few times in the past as they are solid alternatives to standard fire pits. All of the models actively channel smoke away from you while you’re using it thanks to their double-walled design that pulls hot air through vent holes and back into the fire. This keeps flames hot while reducing smoke and creating fine ashes.

Two out of the three Solo Stove models are also fairly portable, so you can bring them with you on a camping trip or to a party without much hassle. The 38-pound Yukon, however, is probably best left in a semi-permanent spot in your backyard. And while you don’t need any accessories to use these fire pits, there are some that might make the experience even better. For example, the essential bundle includes the fire pit of your choice plus a stand and lid. The backyard bundle includes all of those things, too, plus a shield that keeps pops and embers from escaping and a weather-resistant cover.

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.

Most of Amazon’s Eero 6 routers are on sale ahead of Prime Day

We’re fast approaching Prime Day, one of the biggest online shopping events of the year, but Amazon isn’t waiting to slash the prices of some of its own products. The company has discounted several Eero 6 routers exclusively for Prime members. The standard Eero 6, for instance, is down from $89 to $71 for Prime members. That matches the lowest price we’ve seen to date.

Buy Eero 6 at Amazon (Prime exclusive) – $71

As with the other models, the Eero 6 is a mesh router. The price is for a single node. The router supports WiFi 6 with speeds of up to 900Mbps and the ability to connect more than 75 devices. Amazon says the device will cover up to 1,500 square feet. The company’s TrueMesh tech prioritizes traffic to certain devices — a TV streaming a movie in 4K will require much more bandwidth than a smart thermostat, for instance. With the Zigbee smart home hub, which is built in, Eero 6 will connect Zigbee-compatible devices to Alexa.

Several other Eero models have dropped to new all-time low prices. Among them is the Eero 6+, which is $90, down from $139. This model supports speeds up to a gigabit and has two 1Gbps Ethernet ports. You may also get faster connectivity thanks to support for 160 MHz client devices.

Buy Eero 6+ at Amazon (Prime exclusive) – $90

The Eero Pro 6 also costs less than it ever has to this point. Amazon has lowered the price from $229 to $148. The device can cover 2,000 square feet and it supports speeds of up to 1Gbps.

Buy Eero Pro 6 at Amazon (Prime exclusive) – $148

In addition, the Eero Pro 6E is on sale. It’s down to $179, which is $120 off the regular price. As the name suggests, this router supports the WiFi 6E protocol and more than 100 connected devices. It provides speeds of up to 1.3Gbps over WiFi and 1Gbps via Ethernet. Each node covers up to 2,000 square feet. Along with Zigbee products, you can use the Eero Pro 6E as a home hub for Thread devices (Pro 6 has Thread support too.)

Buy Eero Pro 6E (Prime exclusive) at Amazon – $179

Get the latestAmazon Prime Dayoffers by following @EngadgetDeals on Twitter and subscribing to the Engadget Deals newsletter.

Firefox can now automatically remove tracking from URLs

Mozilla’s latest Firefox browser release has a new feature that prevents sites like Facebook from tracking you across websites, Bleeping Computer has reported. Called Query Parameter Stripping, it automatically removes strings of characters added to the end of an URL that allow Facebook, Hubspot, Olytics and other companies to track your clicks and serve targeted ads.

You’ve likely noticed these queries when you click on a link that comes from Facebook, for example. Rather than showing “https://www.engadget.com/example.html,” it might show something like “https://www.engadget.com/example.html?fbclid=aa7-V4yb6Yfit_9_Pd” (not a real example). 

That jumble of characters after the question mark is a query parameter that can tell a company you’ve clicked on a link, helping them profile you for ad targeting. If you enable the stripping feature in the latest version of Firefox, it’ll remove those characters before loading the URL, so Facebook will be none the wiser. It works via a blocklist and covers Olytics, Drip, Vero, HubSpot, Marketo and Facebook. 

To enable the feature, you simply select “Strict” for “Enhanced Tracking Protection” in the Privacy & Security settings. That doesn’t work in Private Mode, but you can turn it on there too by typing “about:config” in the address bar, searching for strip and setting the ‘privacy.query_stripping.enabled.pbmode’ option to true, as Bleeping Computer points out.