According to the period tracking app Flo, Santiago Mayer is a woman in Texas. But in reality, he’s a cisgender man who wants “cause chaos” in the wake of the Supreme Court’s ruling in Dobbs. On June 26, soon after the Dobbs decision was released, Mayer tweeted about his plan to create false data and make it harder for law enforcement to identify people who may have had abortions. One of many digital privacy hacks people are trading back and forth on Twitter, the thread went viral, with about 200,000 likes and 15,000 retweets.
The goal is worthy, but the question is: Can men and other non-menstruating individuals using period tracking apps cause enough chaos to interfere with abortion prosecution? And how can you be sure which viral digital privacy tools and tricks are worth implementing and/or sharing?
To start, we have to explain what exactly the people adding bad info to apps are fighting against. Since the draft Dobbs decision overturning Roe leaked, there have been reports of how companies collect data from period trackers, with some selling that information. As Jane C. Hu describes in a Slate article from May:
Apps sell data to third parties, who then feed up targeted advertisements; for instance, if an advertiser knows you’ve downloaded an app designed to track cycles for pregnancy reasons, they might show you more baby product ads. According to a Financial Times analysis, knowing someone is in her second trimester of pregnancy is worth about 220 times more than the average person’s data.
And now, with Roe v. Wade overturned, this data could be used against users who are looking to get an abortion. “App data could be to establish when a person became pregnant, and show when they became aware of that pregnancy or when they began experiencing symptoms leading up to a pregnancy loss,” Hu writes. “Some apps, like Flo, ask things like whether the user smokes or how often they drink alcohol; that data could also be of interest to a prosecutor trying to charge someone with endangering a fetus.”
There are two main ways that the data could be used to prosecute individuals who received or attempted an abortion. If someone is suspected of having an abortion, law enforcement prosecutors could subpoena the data . Unfortunately, people downloading apps to create enough noise to hide a signal can’t help there. (It’s worth noting that some apps, like Clue, have released saying statements that they will not hand over data if subpoenaed. Furthermore, some experts point out that it’s more likely prosecutors will prioritize other digital data such as texts and search history.)
But there’s one place where causing mischief could have an effect: if prosecutors acquire giant batches of data from period tracking apps to try to identify users who may have had an abortion.
Mayer, a 20-year old student at California State University Long Beach and the founder of votersoftomorrow.org got the idea from another Twitter user. “When they’re looking for suspicious activity or anything that they would like to investigate, they would find an account that isn’t real and hopefully, that would take resources away from harassing a woman who had an abortion,” Mayer told me. “This would do nothing if your data is personally subpoenaed but hopefully it would save [someone] if they’re going through the database.”
The concept is known as obfuscation: “the deliberate addition of ambiguous, confusing, or misleading information to interfere with surveillance and data collection,” as researchers Daniel Howe, Mushon Zer-Aviv, and Helen Nissenbaum described it in 2014 when they created a browser extension called AdNauseam that automatically clicks on web ads to interfere with tracking. (It was able to evade Google’s most advanced defenses.)
Faking period data is, in essence, manual obfuscation. Nissenbaum, a professor of information science at Cornell Tech and coauthor with Finn Brunton of a 2015 book on the topic, sees obfuscation as an effective tool.
As Nissenbaum explains, the period tracking algorithm works by creating profiles based on user data. When people start injecting false data, that prevents the app from creating profiles like “this person is exhibiting this kind of behavior, therefore we know she is pregnant.”
But Brandeis Marshall, the CEO of DataedX Group, was less optimistic about the potential for these tricks to really fool the algorithm. Although it’s a noble effort, she believes that there would need to be a ton of people to truly make a dent on the algorithm.
“If there were 40 million men to mess up data, that would be great, but they would have to know how to mess it up correctly because they don’t have a cycle so they don’t understand a 10-day cycle is not going to work,” Marshall said. “It’s going to be an anomaly.”
After his thread went viral, Mayer told me, he heard from many experts who had mixed reactions as to how well this would work. The consensus was that, as Marshall suggests, the data would have to appear like the data of a normal user.
“If you’re just actively creating chaos, it’s very clearly a fake account and easy to filter out. If you’re putting some effort into making it seem real and you have enough people doing that, you can have an impact,” he said. So if you’re someone who doesn’t menstruate and wants to help, first educate yourself on the basics of period tracking—so you know what makes sense and what doesn’t—and then recruit a few million of your friends to contribute.
Marshall was adamant that the safest way to maintain digital privacy was to go back to the basics: pen and paper. “Back in the day, we used to have a yearly calendar, and you used to X where day 1 started when it comes to tracking. We need to go back to some of those kinds of tactics.”
However, both she and Nissenbaum are cognizant of the fact that many people may not want to change their habits.
“You can decide you’re not going to have a phone, you can limit the number of apps on your phone, you could narrow the zones of vulnerability by being careful about the privacy policies of the various apps,” Nissenbaum said. “But even a conscientious person doesn’t have the time.”
One easy thing that Nissenbaum does advise is for users to really consider whether they need location services or certain apps. As she points out, your individual choice to press the download button or track certain data can affect others.
“Only 20 percent of a community needs to be willing to provide data, whatever the relevant data, in order for a company to create the profile that can be telling,” she said. “It’s not only ‘do I need the app?’ but ‘is my willingness to partake going to affect other people’s vulnerability?’ We’re so used to thinking about our own privacy. But the fact is even if you say no, other people’s decision can affect you so you need to have social responsibility because of these connections.”
As for how to assess the quality of the tsunami of suggestions about digital privacy that you may find online?
“With all these suggestions, you really have to stop and not get on every bandwagon,” Marshall said. “Give it 24 hours. Give it 48 hours. Give it a week and see what is really bubbling from the top and then decide.”