Skip to content
Tech News
← Back to articles

Your Period Tracker Is (Probably) Spying on You

read original more articles
Why This Matters

This article highlights the growing concerns over privacy and surveillance in the tech industry, emphasizing how everyday apps like period trackers and face-recognition tools can compromise user data and privacy. It underscores the urgent need for increased transparency, regulation, and responsible AI development to protect consumers from invasive practices. As AI capabilities expand, both industry and policymakers must prioritize safeguarding personal information and ensuring ethical use of technology.

Key Takeaways

Hours of San Francisco Police Department drone video footage exposed on the open web illustrates a new era of incredibly granular—and consequential—urban surveillance. Meanwhile, the San Francisco City Attorney’s Office sent cease-and-desist letters to Apple and Google this week demanding that the tech giants delete 13 AI nudifying “face-swap” apps from their app stores that are almost exclusively used to target women and girls.

Since WIRED first reported in June about Meta’s NameTag face-recognition system, company executives have made opaque and conflicting comments about whether the feature even exists. We took a step back to lay out both the claims and the facts about the very real system.

In a speech on Thursday, President Donald Trump continued to push unsubstantiated and thoroughly debunked claims about interference in the 2020 US election. He even promised massive revelations in a trove of documents posted to the White House website, but the files did not prove his assertions—and in some cases actually contradicted Trump’s claims.

As adoption of AI tools rapidly expands and their capabilities increase, the tech giant Anthropic continued a push to get US states to regulate AI. Speaking about AI transparency requirements in California and New York from last year, Anthropic’s head of US state and local government relations, Cesar Fernandez, told WIRED this week, “The transparency-focused safety bills of 2025 were a really important start, but as the capabilities of AI systems continue to advance quickly—the policy responses need to match.”

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The astrology-themed period tracker Stardust sends users’ reproductive health details—birth control type, pregnancy status, moods, and symptoms as specific as tender breasts and stomach cramps—to a data firm not named in its privacy policy, according to the BBC, which first reported a Mozilla Foundation audit of six popular trackers produced in partnership with Harvard's Berkman Klein Center.

Stardust scored 2 out of 10, the worst of the group. Mozilla researcher Shoshana Wodinsky found the app pings third-party trackers from the moment it opens, before a user enters anything; the instant she logged a symptom, the details went to analytics firm RudderStack alongside a persistent user ID, with no in-app way to shut the sharing off. RudderStack is built to route data onward to destinations Mozilla couldn't observe. Stardust also hands Facebook an ad identifier that ties in-app behavior to the platform's existing profiles. The company told TechCrunch it has never received a legal demand for user data.

Euki, a nonprofit-run tracker, earned a perfect 10: no account required, health data never leaves the phone, and users can set a PIN, schedule automatic deletion, or pull up a decoy screen if someone forces the phone open. Its one soft spot is an in-app browser for educational pages that loads the usual web trackers, but it also resets identifiers between visits.

Russia’s FSB has long had a reputation for highly sophisticated cyberespionage, leaving disruptive cyberattacks to its fellow hackers in the country’s GRU military intelligence agency. But sanctions from the EU and UK this week, along with an advisory from the US Cybersecurity and Infrastructure Security Agency, the FBI, and the NSA, pinned a cyberattack against the Polish electric grid on Center 16 of the FSB, a rare example of the Kremlin agency carrying out a cyberattack that nearly caused outages in the country’s electric and water utilities. The attack, which the Polish government has said came “very close” to causing a blackout, was initially attributed by cybersecurity firms Dragos and ESET to Sandworm, also known as Unit 74455 of the GRU, a more usual suspect in infrastructure hacking given its active role in Russia’s long-running cyberwar against Ukraine. But the Polish computer emergency response team at the time disputed that finding and tied the attack to the FSB, a conclusion now supported by a wide consensus of Western governments. The incident suggests that the FSB may be taking on some of the reckless, highly aggressive tendencies—and targeting—of its GRU coworkers.

For years, the Russian cybersecurity firm Kaspersky has been alleged to have ties to the Russian government, including by US officials who banned use of the company’s products within the US government and eventually by all American customers. Yet overt evidence of those connections has been scarce. Now Reuters reports that Denis Obrezko, a Russian man facing hacking charges in Boston and an alleged member of a hacker group known as Void Blizzard or Laundry Bear, spent two years working at Kaspersky. His stint at the company took place just before he joined another cybersecurity company, Yutek-NN, where he allegedly took part in the group’s hacking campaign that stole data and communications from numerous NATO governments and at least 11 US companies, according to US prosecutors. Prior to Kaspersky, Obrevko also allegedly worked at the FSB, neatly bookending his time at the company with apparent work for Russia’s intelligence services.

... continue reading