Oura says it gets government demands for user data

Posted by donohoe 6 hours ago

Oura says it gets government demands for user data(this.weekinsecurity.com)

212 points | 126 commentspage 2

andrepd 2 hours ago|

What in god's name possesses someone to buy (and pay a subscription for) a device that gathers and sells their health data in exchange for a placebo dashboard of numbers...

reaperducer 2 hours ago|

What in god's name possesses someone to buy (and pay a subscription for) a device that gathers and sells their health data in exchange for a placebo dashboard of numbers...

Social media, mostly.

akersten 4 hours ago||

IPOing soon at $11B btw

kkotak 2 hours ago||

Oh! The Audacity!

shevy-java 4 hours ago||

We can not trust any government here.

throwawa1 4 hours ago||

Another reason to add to my list to justify not wearing my Apple watch and moved to a mechanical watch.

ck2 5 hours ago||

Oura doesn't even have GPS does it?

Government can already get ALL your celltower locations without a warrant

AND read all your emails and text messages that are over 6 months old, without a warrant

arusahni 5 hours ago||

In a society where women are being prosecuted for medical procedures, menstrual data becomes very risky to have handed over.

kevin_thibedeau 3 hours ago|||

I sat in a meeting at a data broker in 1998 where one of their product managers was strangely proud about how they could determine menstrual cycles from purchase records. It wasn't just hygiene products either. They already have that data and manipulate women with targeted ads timed for the optimal receptivity.

michelb 4 hours ago|||

Probably this yeah. Your location data can be obtained from other devices than your own, but this medical data cannot.

speff 4 hours ago|||

From what I understand, they can get call records and subscription info w/ administrative subpoenas, but this is the first I've heard of them being able to get location data without a warrant.

Assuming you meant directly from the telcos and not from the data broker loopholes - in which case pretty much anyone should be able to do that. Emails and texts they still need a warrant for.

n8m8 3 hours ago|||

Great, so they can further extrapolate what exact locations you get nervous / are more relaxed / walk more quickly… the understated problem with PII isn’t about any single data point, it’s about combining data to make probable inferences.

ethersteeds 3 hours ago||

The ring doesn't have gps but its app requires location permission so it gets it from your phone. It continually asks me to turn on background sync, which would presumably upload my location regularly as well. I decline and only allow location when the app is open to sync.

treesknees 2 hours ago|||

Location is used for tracking distance/speed for certain activities and measuring VO2 max levels, and for finding a lost ring.

dalyons 2 hours ago|||

They already know where your phone is…

johnnyApplePRNG 4 hours ago||

OURA is a joke. My GF bought two for us and after a week I made her return them due to non stop dark patterns coming out of that company.

Everything about that company is disgusting.

Such a shame, too. I was eager to learn more about my health.

Forge36 3 hours ago|

Can you elaborate?

mystraline 5 hours ago|

I was definitely interested in some sort of comprehensive sensor bundle for my healthcare.

But every one of these devices demands some Android/Apple app, and shipping all my health data to basically non-HIPAA data brokers.

Id be all over a local-only no-data-exfiltration health tracker. But the companies do NOT want to provide that.

I, uh, guess, "go surveillance capitalism", for more choices?

duskdozer 5 hours ago||

If your concern is that the government may access the data, whether it's covered by HIPAA or not is irrelevant, because HIPAA allows government access. Though yes, it would still be better than non-HIPAA in general.

permutations 4 hours ago|||

I will once again proselytize for the new pebble time 2 (I am quite a fan of it). Open source and comes with standard sensors for health monitoring (6 axis imu, heart rate monitor, SpO2). Health data can be kept and analyzed on your phone and there are various apps that can do so. Suffice to say there are “surveillance-free” options out there, and if you’re not satisfied with current app options it is easy to hack your own together

RunningDroid 4 hours ago|||

Many times GadgetBridge* can be used instead of the official app

*https://codeberg.org/Freeyourgadget/Gadgetbridge

SkyPuncher 5 hours ago|||

HIPAA is completely irrelevant to any of this. Ours is technically HIPAA complaint because the data they process is not subject to HIPAA.

In overly simple terms, if insurance is not involved, then it’s not subject to HIPAA.

Aldipower 5 hours ago||

I am using Withings in combination Tredict. Both GDPR-compliant.