I’m working on Reflect [0], it’s a private self discovery and self experimentation app. You can track metrics, set goals, get alerted to anomalies, view correlations, visualize your data, etc.
I’m working on Reflect [0], it’s a private self discovery and self experimentation app. You can track metrics, set goals, get alerted to anomalies, view correlations, visualize your data, etc.
I make Reflect with my partner. I do it on the side, they do it fully. It’s a private, local-first app to track and analyze your own personal data and run N=1 experiments.
I purposely did not set up any infrastructure for my iOS app Reflect and made it local-first [0]. I did it so that I could make the app completely private but it’s come with the wonderful side effect that the product is easily horizontally scalable. The only overhead I have for more users is a busier discord channel and so far that community growth has felt very rewarding.
I make an app called Reflect [0] that’s designed to track things like chronic pain and help you get to the root cause with self guided experiments. I’ve used it for my own pain symptoms, especially joint pain. Happy to answer any questions. Wish you the best on your journey.
I’m working on Reflect [0], it’s a private self discovery and self experimentation app. You can track metrics, set goals, get alerted to anomalies, view correlations, visualize your data, etc.
Very cool app. Is there a way to periodically import from a Google Sheets spreadsheet? I track a bunch of things there on a daily basis and would love to have those pulled into this application.
If anyone is interested in a privacy focused tracking app that stores all your data locally, I make an app called Reflect [0] whose sole purpose is this, plus on-device analysis.
We’re working on a menstrual tracking feature right now and it’s pretty far along. We’ve just released an anomaly detection feature as well.
The report in the OP raises valid concerns about SDKs from third parties, including Google and Facebook. Your own site showcases the Reflect SDK which is, I quote:
> The Reflect SDK is the iOS framework that powers the Reflect – Track Anything app and is designed to help you:
>
> Create forms to track customer product usage and experience
> Collect customer biometric data [...]
This is a totally valid concern. Initially we were considering augmenting our income with a B2B model to license the library we’ve built, but that didn’t pan out and our priorities have changed, so we solely work on the apps for customers now. I actually forgot this was even on our website and, since we aren’t trying to offer those services or license anymore, I’ve removed them.
What I mean by valid is that, without knowing all the information, skepticism is a good thing. Too many companies take a mile when you give an inch and take advantage of ambiguity.
The SDK simply doesn’t exist as a product any more and so doesn’t make sense to keep on our website as an offering. So I’m glad you brought that to my attention.
If there are any specifics about the privacy of Reflect you’d like me to elucidate, I’m happy to do that.
> Too many companies take a mile when you give an inch and take advantage of ambiguity. [paragraph break] The SDK simply doesn’t exist as a product any more and so doesn’t make sense to keep on our website as an offering.
Would you say that you had an epiphany about respecting privacy, after earlier dabbling in intimate surveillance capitalism, and are now firmly committed to privacy?
If so, have you found a way to lock in that commitment?
For example, some kind of contractual assurance, which can't be revoked by the usual "we've updated our privacy policy" (such as might accompany a leadership change, or change of heart), and which effectively survives any merger/acquisition or sale of assets?
(Of course, even with that in place, technologically, a new version of an app could be pushed that irrevocably violates all the users' privacy, in a matter of hours. But at least then, the company, executives, and owners might be sued into oblivion, and even face criminal charges in various jurisdictions.)
Good question. I'm realizing I did not really communicate this well.
The full story is that we went to a conference for biohacking, spreading the word about Reflect, and businesses wanted to white label the product so that they could have the same capabilities but for their own niches.
Those businesses wanted to be able to do things like create surveys using our form building library and have users collect their own data for things like N=1 experiments with their products.
What those businesses wanted to use that functionality for was up to them and their privacy policies, but the terms we talked about were something similar to "you can't use our SDK without users explicitly opting into any data collection". We never ended up actually licensing the SDK or making any deals with any companies.
Hope that makes things a little clearer. As far as Reflect the app, that was started from the beginning with privacy in mind and local-first. I have a long blog post I've been sitting on explaining the whole story, which I will publish soon hopefully, but I've been revolted by surveillance capitalism for a long time and originally made Reflect to help my partner get off of using google forms for tracking mood.
You have a good point regarding the privacy policy. We haven't found a way to lock in that commitment, and that's obviously not ideal from a user's perspective. People do place trust in Reflect not to pull the rug out from under them.
This looked promising, but the first two things I tried to record with it seemed just outside of its capabilities. I track blood pressure daily, but it didn’t seem to have a way to record a metric that has two numbers. In addition, I record the sodium and potassium values of everything I eat, and I want a way to record the name of the food item along with those two values (preferably providing a dropdown for previous entries that auto-fills the numeric parts).
Also, the nagging about buying premium was quite aggressive and it made me feel like I couldn’t even get a feel for what the app is like first.
Yeah, there is no support for “multi-dimensional” metrics. So systolic and diastolic would each have to be their own metric. Food tracking in Reflect could use some work, but if you link with Apple Health, Reflect can pull data from Cronometer or MyFitnessPal for example.
Any particular place you thought the premium was very aggressive? I’m open to changing that, it’s not the kind of feedback we normally get. Thanks for saying so
A lot of things I clicked on just led to an upsell page that wanted me to do a week trial that led to a $49 monthly, which surprised me since I hadn’t even begun to explore and only had a single metric which I’d never even recorded a datapoint for. And it seemed like I only was allowed to define a single metric, so I tried to delete it in order to create a new one, but clicking “delete” on it was apparently a premium feature as well. I gave up.
You really need to let people actually use the product with no commitment, see how it’s useful, and then bug them a month later.
Btw, I found a bug: on the page where there are three big buttons and the third is “load a csv”, the csv button isn’t clickable. Only the icon on it is.
Thanks for all that feedback! One minor point is that the 49.99 is annual. You can define and record unlimited metrics and data on the free version so if you can’t then that’s a bug for sure. Also, noted regarding the import bug, thanks for that.
Could you elaborate on which features are premium only? Or maybe also put them in the AppStore description? I tend to be averse to even downloading apps with IAP, without knowing what they are going to be.
Reflect started as a passion project for myself and my partner with no intention to make a product out of it. By the time we thought to do so, we’d already put so much into just iOS that doing an Android version as well was its own huge project.
That’s a tough guarantee, ultimately you’re placing trust in the device’s security once you limit your attack surface to just local data. So that’s why we’re working on encryption with key custody. Any feature like cloud backups are explicitly opt-out by default so no one is putting their data onto someone else’s servers without knowing what they’re getting into.
(Don't take any of the below in a negative sense! It's awesome you built a privacy-first solution and care about these things, to the extent practical. Below just musings)
I assume the attack vector here is more along the lines of 23andme bankruptcy -- if developer is bought by a new corporate entity / priorities change, what guarantees exist that privacy architecture won't backslide via updates?
Users shouldn't be concerned that a minor update or corporate sale will change the bargain they made around their privacy.
Honestly, it'd be great if there were scaled third-party cloud key escrow services coupled with enforced legal guarantees.* ^
It feels like we did cloud wrong from a legal/privacy perspective by not separating keyholder from data-at-rest-holder (legal entity wise). Tenant-based encryption is basically there... just still mingling data and key ownership in the same entity.
GDPR / right to be forgotten would be trivial if there were always a third party (who enforced requirements on any first party) I could submit a request to, that would burn my keys on their side, thus rendering first-party stored data un-practically-retrievable.
(And a third party because, similar to the browser+CA system, balancing power against each other to enforce guarantees of good behavior seems effective)
* Legal guarantees like "no caching keys for longer than X" or "no unencrypted user data at rest"
^ Cloud hosting encryption keys would also solve the ugly UX edge of strong encryption around "I lost my key... help?"
I agree about a) but b) does not make sense to me, otherwise you cannot instal the app in the first place. I think that a quick internet search about the apps privacy is sufficient for b), definitely better than automatic updates. And it does not have to happen for every release.
Still, I can steal your phone or use my $5 wrench to get the data. There is no guarantee, so why bother. Hypotheticals can always be used to shit on any idea. They just are not always helpful
I wish this were a capability you could (as a user) grant or reject at will. But there’s a UI problem: people are sick of clicking accept on a million dialog boxes already.
For people living in the US of Freedom, wouldn't it be good think to 'keep putting in' cycles, despite pregnancy?
Should anything untoward happen later, a quick flash o' the app and "Nope, Officer, no siree. Like clockwork, me...".
Duress modes are a frequently overlooked feature in general - e.g. I don't want to just block access to my location, I want to lie about my location entirely.
I also would like “give an incorrect location” as an option. Something like that would probably never be supported by Google or Apple officially, because unlike some other privacy features, it’s actively and overtly hostile to advertisers.
Not just location, but all privacy sensitive API's. The OS should have built in support for segregating location, contacts, calendars, storage, etc. (GrapheneOS does this quite well with storage scopes). As part of this segregation you should be able to redirect the API to a custom implementation.
Thus, my transit app would have access to my real location while Amazon thinks I'm still at home and Pokemon Go thinks I'm on an around-the-works trip to collect location specific items.
It depends on how many people are doing it though, right? If you make it trivially easy by building the functionality into the operating system—and potentially even prompting people to lie when the app asks for their location—I feel like things would be very different.
You don’t even have to guess about what will happen. We have examples. For instance, someone made a chrome browser extension that clicked through every single ad on the page. It was immediately banned by Google. You could have always built said tool yourself and used it, but the second it became immediately available to the masses it was crushed.
For years when Android was a lot more root friendly, this was easy to do. IIRC there was an Xposed module you could activate to do it. If you root I'm certain there are still apps that will do it, though I'm sure Google/Apple will be actively hostile against it, let alone actually support it
regardless of what apple/google allow officially, the cell carrier also has tracking locations. if you're going out to do something that you would want to hide your location, it's best to just leave the device at home. get a burner phone paid for in cash by someone not you doing the transaction.
Your cell carrier operators under very different laws and ability to harm you. Sure they know where you are, but most of the data flowing across their network is encrypted and so they mostly know you have a lot of data to AWS, google, and the like but not what it is. Google as the endpoint of that data has the decrypted version of the data and so they know what it is, and so they can target you in different ways.
If you are going to commit a crime (rape, murder), then all the police need is to know who owns the phones in the area and so you need a burner phone to hide your tracks.
However most of us are not worried about crimes. We are worried about privacy. We are not doing anything illegal, but google still knows far too much about us and is using that to legally abuse us with advertisements. While we all want to pretend we are good at ignoring advertisements, most of us have bought things we don't need and don't really want (or spent too much on things we did need/want).
You seem to have lost the plot a bit. In several locations, it is illegal for women to get certain health care. There are parties out there that are very interested in policing those policies. To prove that, it doesn't matter where they get the tracking data as long as they can prove your location. If someone needs a warrant/subpoena to get the data from a cell carrier or some app developer it doesn't matter to the person being persecuted for seeking health care.
Just pointing out this is an all-or-nothing strawman argument summed up as: if you can't have it all, don't bother trying. It's fallacious. That is all. :^)
I disagree to it being a strawman. If you are doing something where you location being identified could put you in a spot of bother, do not carry anything that can track your location. There's just no way around it. If you want to use wavy hands to pretend tracking of location isn't so bad, then you go ahead and call it a strawman. For people whose physical safety depends on not being tracked, it is not a strawman.
Apps that fuzzy or fake your GPS location are available on android.
I needed one when working on an app with store location detection and it worked pretty decently. I have no idea what it became or if it can be recommended, but there should be a bunch with recent reviews in the Store.
I want this for my contact address book too. “This app would like to know all your contacts. Allow / send empty contact list / generate garbage data”
I’d also enjoy if my advertising cookies were randomly reused by people all over the globe. And I’d like my phone number and email address to get associated with dozens of other identities.
there is an alternative contact app that doesn't share your data. you can then fill the default contact app with fake data or leave it empty.
i am not sure if the last point is a good idea though. i get what you want to achieve. anonymity in numbers and plausible deniability, but you are more likely to get mixed up with problematic stuff others are doing rather than protecting yourself. having a common name already shows that. it is both a blessing and a curse.
yes, fair point. i solve that by using shelter where the app and a contact app run with an independent configuration. the downside is that i have to duplicate contacts in the shelter vs outside. however that is what i want because not all contacts are duplicated.
I don't get the downvotes. Plausible deniability is a valid concern when menstrual cycles and geolocation can lead to criminal repercussions in many states of USA [0].
Nevertheless, if I was a fertile woman, I'd be more concerned of my phone/tablet/car leaking my visits to an abortion clinic than a police officer checking my phone.
Currently for general data there is pearson correlation, five different anomaly detection algorithms, and T tests for significance among other things.
The work in progress we have for menstrual tracking takes temperature, flow, and past grund truth data into account. I know that’s vague, and it’s because my partner is working on it, not me :)
When we release the cycle tracking we’ll have a full writeup
I agree it could make sense one day but, as I mentioned in another thread, we don't have any servers and so we don't collect or host any user data (encrypted or not). In fact, I really don't want to; it's overhead and costly, and might involve compliance with HIPAA or GDPR, and I just would rather the user be in charge of their own data.
Having FHE for local data would be very interesting though.
Some disorders more or less require tracking to make them diagnosable and their symptoms managable (e.g. PMDD). Managing tracking with paper is ofc possible, but apps allow for reminders and gamification that help on challenging days.
Sure, I'm not saying categorically don't just that people especially in the US and other countries that are having backslides on reproductive rights should think really hard about using period tracking apps if they don't have a strong reason to like you mentioned and even in those cases consider a more deniable and private option.
It’s always worth pointing out there are many billions of people who live completely free of this fear of reprisals from the state/country they live in
Unfortunately, the right to abortion is under fire worldwide. I'm not just talking about the usual suspects like Russia or Islamist theocracies, but also here in Europe... Hungary and Poland being the first suspects, but Italy is also planning to restrict it [1]. And in Germany, the last government at least banned "pro-life" haunting events, but there are wide swaths especially in Bavaria where there is no doctor or clinic providing abortion at all, even in medical emergency scenarios, because church-run hospitals can and do ban it.
Yeah the conservative rubber banding and backsliding isn't isolated to just the US right now we're just ahead of the rest of the pack partially because of our government and election structure being more beholden to the GOP because of the senate and gerrymandering in the states after the 2010 election and subsequent redistricting.
True, but for many, even “local only” apps store their data on devices managed by US-based companies. Would Apple sell your data to advertisers? - probably not. Would Apple share your data with law enforcement? - of course, and they don’t even need to tell you.
That's what I got out of isodev's comment too. The data is accessible by US companies still. If it comes down to being able to sell services and phones to the US market or giving up your data to a warrant I don't think Apple would stand on principal and lose US market access. [0]
[0] To clarify preemptively I mean if it came down to that in the end. I think Apple would attempt to fight it but if they lost in the Supreme Court and had to make the choice I think privacy would lose that fight.
maybe, but it reads like IT managed devices owned by your employer. i've never seen it referenced as "managed" when referring to the fact that iOS/Android are US companies. seems a strained way to phrase it
Your iPhone is fully managed by Apple. They control which apps are preinstalled, which apps you can install and uninstall, they can even intervene and install/uninstall apps without your intervention. Your phone needs to communicate with Apple even to just be a phone for calling and SMS.
The data from apps is included in your iCloud backups (in addition to the data some apps choose to share with iCloud so it syncs between devices) and so easily accessible. We’re not talking about individual targeting here, but there are no technological barriers to guard against your data being shared by “the platform”.
An iOS device is a device managed by Apple, though. The user doesn't manage it themselves. I didn't get a hint of employer owned devices from that happen.
I can understand that. We are also working on an encryption feature that doesn’t use the default encryption primitives so people can have custody over their own keys and feel better about their data security at rest
Is that better than using the secure enclave type of default? Not everyone is an HN reader that would even know what a personal/private key pair is let alone how to properly/securely handle them.
As with most advanced features in Reflect, we’ll expose a low friction version to those who don’t want the control, but also the option for more control in the form of key management if they wish
Seems too nerdy for the market at large - the correlation etc. features might well be as good as or better than what the likes of Flo provide, but people will have a harder time understanding that than simply 'your next date is expected to be x', 'your cycle is typically x days', etc.
We definitely cater to a niche that wants to know the nitty gritty details. We’re trying to layer the app such that you get the TLDR first if you want, and can zoom into the details of why second
This is a tough problem. I’m working on an app called Reflect [1] that lets you analyze your life’s data and the temptation to draw conclusions from charts and correlations is strong. We added an experiments feature that will let you form hypotheses and it will even flag confounding variables if you track other metrics during your experiments. Still trying to make it even better to avoid drawing false conclusions.
[0] https://apps.apple.com/us/app/reflect-track-anything/id64638...