Oura says it gets government demands for user data. Will it share how many?

5 comments

• sz4kerto 51 minutes ago
  "In my previous blog, I revealed that Oura data is not end-to-end encrypted. That means that an Oura user's health data can be unscrambled at certain points as it travels from a person's ring, through their phone app, over the internet, and as it lands on Oura's servers."

  Very strange -- it seems to be conflating end-to-end encryption with encryption-in-transit.

  [-]
  • ggm 42 minutes ago
    It also doesn't sound like its encrypted at rest. Perhaps each in-transit is held to be a unique e2e IP exchange?
    [-]
    • juggle-anyhow 36 minutes ago
      Encrypted at rest means something different. It means if you pull the hard drive out no one can decrypt it. Not that it is encrypted in the database.
• focusgroup0 34 minutes ago
  guy who pays $6/month to be monitored by the f3ds
  [-]
  • MassPikeMike 1 minute ago
    Judging by ads for cell phone service, most people pay more than that per month to be monitored by the Feds.
• basisword 42 minutes ago
  This is why although I don't love my Apple Watch, I'm not using anything else. It's very sensitive data and Apple is the only company worth trusting with it. They're not perfect but compared to others there's no competition.
  [-]
  • jeroenhd 36 minutes ago
    Google's Health Connect system doesn't share this data either (without a consent prompt for third party apps, off course). This is to the point where I wish it would just support some kind of sync, because two devices hooked up to the same accounts need a third party app to transfer the health info.

    Apple is subject to the same laws Oura is. The competition is too.
  • SoftTalker 25 minutes ago
    Apple might be pretty good now. There's no assurance they always will be.
  • haritha-j 16 minutes ago
    Yeah there's no one I'd trust with my personal data except Apple. Their track record of refusing to bow down to the feds has been golden. 24 carat infact.
    [-]
    • echelon 5 minutes ago
      In the US. Apple's policies are flexible when it comes to other nation states.

      All it takes is a political sea change for E2EE to go away.

      Apple already has to hand over a wealth of information when asked by the feds.
• ck2 32 minutes ago
  Oura doesn't even have GPS does it?

  Government can already get ALL your celltower locations without a warrant

  AND read all your emails and text messages that are over 6 months old, without a warrant

  [-]
  • arusahni 13 minutes ago
    In a society where women are being prosecuted for medical procedures, menstrual data becomes very risky to have handed over.
    [-]
    • michelb 2 minutes ago
      Probably this yeah. Your location data can be obtained from other devices than your own, but this medical data cannot.
• mystraline 52 minutes ago
  I was definitely interested in some sort of comprehensive sensor bundle for my healthcare.

  But every one of these devices demands some Android/Apple app, and shipping all my health data to basically non-HIPAA data brokers.

  Id be all over a local-only no-data-exfiltration health tracker. But the companies do NOT want to provide that.

  I, uh, guess, "go surveillance capitalism", for more choices?

  [-]
  • duskdozer 18 minutes ago
    If your concern is that the government may access the data, whether it's covered by HIPAA or not is irrelevant, because HIPAA allows government access. Though yes, it would still be better than non-HIPAA in general.
  • SkyPuncher 18 minutes ago
    HIPAA is completely irrelevant to any of this. Ours is technically HIPAA complaint because the data they process is not subject to HIPAA.

    In overly simple terms, if insurance is not involved, then it’s not subject to HIPAA.
  • Aldipower 42 minutes ago
    I am using Withings in combination Tredict. Both GDPR-compliant.