Your Period Tracker Is (Probably) Spying on You
This weekly security roundup highlights significant privacy concerns with popular period tracking apps, the proliferation of AI-powered face-swap apps targeting women, and ongoing debates around AI regulation and facial recognition technology.
Intelligence analysis by Gemini 2.5 Flash

A recent audit revealed most period trackers share sensitive health data with third parties without explicit user consent, while San Francisco authorities are pushing to remove AI nudifying apps from app stores. Meanwhile, Meta's facial recognition system remains controversial, and AI developer Anthropic advocates for stronger state-level AI transparency regulations.
Imagine you have a secret diary where you write down how you feel every day. Some apps, like period trackers, are like diaries that secretly send copies of your secrets to other companies, even if you don't know it. Also, some smart computer programs, called AI, can be used to change pictures of people in bad ways, and big companies like Anthropic are asking grown-ups to make rules so these smart programs are used safely and fairly.
Analysis
AI's Darker Side: Nudifying Apps and Facial Recognition
The article brings to light concerning applications of artificial intelligence that directly impact personal privacy and safety. San Francisco's City Attorney's Office has taken a firm stance against 13 AI nudifying "face-swap" apps, demanding their removal from Apple and Google app stores. These applications are reportedly almost exclusively used to target women and girls, raising serious ethical and legal questions about the misuse of AI for creating harmful and non-consensual content. This incident underscores the urgent need for platforms to vet AI-powered tools more rigorously and for legal frameworks to address the proliferation of deepfake technology used for malicious purposes.
Beyond explicit misuse, the article also revisits the ongoing controversy surrounding Meta's NameTag face-recognition system. Despite WIRED's initial report, company executives have offered conflicting and opaque statements regarding the feature's existence and functionality. This lack of transparency surrounding powerful AI surveillance tools like facial recognition systems is a significant privacy concern. It highlights the challenge of holding large tech companies accountable for technologies that can have profound implications for individual liberties and public surveillance, often operating with minimal oversight or clear public disclosure.
The Push for AI Regulation
Amidst the rapid expansion of AI tools and capabilities, the tech giant Anthropic is actively advocating for US states to regulate artificial intelligence. Cesar Fernandez, Anthropic’s head of US state and local government relations, emphasized the need for policy responses to match the fast-advancing capabilities of AI systems. He noted that "transparency-focused safety bills of 2025 were a really important start," but stressed that more comprehensive measures are required as AI technology evolves. This proactive stance from a major AI developer signals a growing recognition within the industry that self-regulation alone may be insufficient to address the complex ethical and societal challenges posed by AI.
Anthropic's advocacy for regulation, particularly focusing on transparency requirements, suggests a potential path forward for establishing guardrails around AI development and deployment. Such regulations could mandate clearer disclosures about how AI systems are built, what data they use, and how they make decisions, thereby empowering users and regulators to better understand and mitigate risks. This industry-led call for government intervention reflects a maturing understanding of AI's power and the collective responsibility required to ensure its beneficial and safe integration into society.
Data Privacy Beyond AI: Period Trackers
While not directly an AI issue, the article's deep dive into period tracker privacy issues serves as a stark reminder of broader data privacy vulnerabilities in consumer technology. A Mozilla Foundation audit revealed that most popular period tracking apps, such as Stardust, extensively share sensitive reproductive health details—including birth control type, pregnancy status, moods, and symptoms—with third-party data firms not explicitly named in their privacy policies. This data sharing often occurs instantaneously upon app opening or symptom logging, with no in-app options for users to disable it. The analytics firm RudderStack, for instance, receives this data alongside persistent user IDs, which can then be routed to other destinations.
This situation is particularly alarming given the highly personal and sensitive nature of reproductive health data. The potential for this information to be misused, sold, or accessed without consent poses significant risks, especially in contexts where such data could be used to discriminate or target individuals. In contrast, Euki, a nonprofit-run tracker, achieved a perfect privacy score by requiring no account, keeping all health data on the user's phone, and offering features like PIN protection and automatic data deletion. This stark contrast highlights that robust privacy-by-design is achievable, underscoring the need for greater accountability and user control over personal data, regardless of whether AI is directly involved in its processing.
Key points
- Most popular period tracking apps share sensitive user health data with third parties, often without clear consent.
- San Francisco authorities are demanding Apple and Google remove AI nudifying "face-swap" apps, primarily targeting women and girls.
- Meta's NameTag facial recognition system continues to face scrutiny over its existence and privacy implications.
- AI developer Anthropic is actively advocating for US states to implement stronger AI transparency and safety regulations.
- A nonprofit-run period tracker, Euki, demonstrated a perfect privacy score by keeping all health data on the user's device.
The push for AI regulation by companies like Anthropic, alongside government actions against harmful AI apps, suggests a growing commitment to responsible AI development and user protection. The existence of privacy-focused apps like Euki demonstrates that secure alternatives are possible.
The widespread data sharing by period trackers, the proliferation of AI-powered face-swap apps, and the lack of transparency around facial recognition systems highlight significant and immediate threats to personal privacy and safety in the digital age.


