Mozilla security researcher Shoshana Wodinsky analyzed the network traffic of six popular period trackers to uncover how data flows between devices and external servers. Among the group, Stardust was the only application found to be sharing granular health details with RudderStack, an analytics company. This data, linked to unique identifiers rather than names, remains susceptible to re-identification, a vulnerability the Federal Trade Commission has repeatedly flagged as a significant privacy risk.
This is not the first time the app has faced scrutiny over its security claims. Following the 2022 surge in downloads after the reversal of abortion rights in the United States, investigations revealed that Stardust’s assertion of total end-to-end encryption was technically inaccurate. While a Stardust spokesperson defended the partnership by stating RudderStack is contractually prohibited from using the data for its own purposes, the arrangement still exposes users to potential law enforcement subpoenas for their health records. Neither Stardust founder Rachel Moranis nor the company provided comment on whether such legal demands have already been received. In contrast, Mozilla highlighted the app Euki as a secure alternative, noting that it keeps health data strictly on the user’s device without third-party exposure.

Comments (0)
No comments yet. Be the first!