Report: Most Mental Health, Prayer Apps Have Abysmal Security And Privacy Standards
from the the-more-things-change dept
From the Internet of very broken things to telecom networks, the state of U.S. privacy and user security is arguably pathetic. It’s 2022 and we still don’t have even a basic privacy law for the Internet era, in large part because over-collection of data is too profitable to a wide swath of industries, which, in turn, lobby Congress to do either nothing, or the wrong thing.
Apps routinely aren’t much of an exception. Mozilla’s latest *Privacy Not Included guide analyzed the privacy and security standards of 32 mental health and prayer apps, and gave 29 of them a “privacy not included” warning label indicating they failed to adhere to even basic user privacy standards:
“The vast majority of mental health and prayer apps are exceptionally creepy. They track, share, and capitalize on users’ most intimate personal thoughts and feelings, like moods, mental state, and biometric data. Turns out, researching mental health apps is not good for your mental health, as it reveals how negligent and craven these companies can be with our most intimate personal information.”
The problems included an over-collection and sale of data (including the collection of some mental health chat transcripts), poor password creation standards, and nebulous and undercooked privacy policies. Better Help, Youper, Better Stop Suicide, Woebot, Talkspace, and Pray.com were deemed the worst offenders. Only three of the 32 app makers responded to a Mozilla request for comment.
The discovery shouldn’t be particularly surprising. Back in February Politico revealed that a top suicide help hotline was caught collecting and selling “anonymized” (a useless term) user data.
The U.S. isn’t known for quality mental health care, but online mental health apps and services are booming, with a particular focus on the sale of ketamine and psychedelics for therapeutic use. But many of these services have all the kinds of problems you might expect (shoddy therapy, incorrect doses) before you even get to the potential privacy problems that will ultimately and inevitably appear.
Again, abysmal federal security and privacy standards and feckless, under resourced U.S. privacy regulators are an intentional feature, not a bug.
It’s not that difficult to pass a baseline privacy law for the Internet era that at least erects some basic guard rails and base-level accountability for bad actors and executives. But we have no such law because a huge array of industries have lobbied Congress into apathy and dysfunction, with the cost being repeatedly borne by ordinary Americans.
It will keep happening until there’s a privacy and security scandal so idiotically ferocious that the problem will be impossible to ignore (probably involving either significant deaths, or the extremely sensitive and personal data of powerful people). Even then, there’s no guarantee a grotesquely corrupt U.S. Congress will be willing or able to respond competently to the challenge.
Filed Under: apps, congress, corruption, ketamine, mental health, prayer, privacy, psychadelics, startups
Comments on “Report: Most Mental Health, Prayer Apps Have Abysmal Security And Privacy Standards”
I do understand the similarities and dangers here, but seeing the phrase “mental health and prayer” in print is creating a cognitive dissonance for me, kind of along the lines of “pickles and ice cream”.
Re:
eh… they tried to pray me away for YEARS…
still very gay.
Re: Re:
The Unitarian Church tried to do the same with hate. Still a fuckton of neo-Nazis around. 😉
WE had laws.
Now your only choice is to Throw your phone away.
Then your computer.
Watched a video about a company creating the C65(modded C64) and went to the link. Virus trojan warning.
Sent msg to the Site owner to check it.
I have 3 programs running to Stop scripts and Virus. and they work, Fairly well.
But if we let them have privacy our haystacks might get smaller or people might wake up to the idea that their apps & their government don’t give them any privacy.
Re:
Actually, the haystacks are smaller because of all the strawmen being built with them. ;D
Re: Problem
Comes with all the sites created in RL, that are to Monitor us.
Then there is the reality that after you count all the Server break-ins, Including the ones NOT in the news. Every bit of our Data is already out there.
But for some reason, Who really needs Perfect Privacy? Its a dream. But there are Few reasons for it. #1 So that they can Tag you, for all the money you spend and get. With your SS#, anyone can goto the credit agency and get all your data. If you had a way to deny anything, it was lost with your Perfect privacy.
Once all the data is out there, you can deny Just about anything that does NOT match your patterns. No one checks your ID anymore, except for Cigs and alcohol.
This is why I always check permissions very carefully before installing any app, and don’t allow anything with a permission not explained by the app’s alleged functionality. This file manager wants access to the physical SD card? That’s fine. This game wants access to the dialler? It ain’t going on my phone! The only exceptions are Internet access, which is more often rhan not used to display adverts, but no keyboard app with that permission goes on any of my devices for obvious reasons.
To be fair:
“Download “Watch your back”, the mental health app made by obsessive paranoiacs” just doesn’t have the right ring to it.
Re: Siri - download "Watch your back"
Now downloading https://www.youtube.com/watch?v=N2ICtCO8TCw and https://www.youtube.com/watch?v=is6gtilerPk
Oh yeah....?
If an app or program or software didn’t have security at their base when they developed it, it’s a cats game to catch all the holes.
Re:
Nah, just shut down Bluetooth interconnectivity. It worked for Apple. 😉
Re:
And as we’ve seen they find this handy SDK that does a buncha stupid stuff they don’t want to focus on…
Like that time a whole buncha stuff we pearshaped when someone replaced trusted code with malicious code and all of these sites pulled the badware.
Just Pray
One does not need to implement security features when you can just pray for security, got to have faith
And for the less Christian-minded religionists out there, this also applies to your religion as well.
There’s been reports of Islamic prayer apps being infested with malware as well. No, I’m not being anti-Islam, it’s rather recent.
Re:
Just one of several times they got caught…
https://www.techdirt.com/2020/11/20/us-military-is-buying-location-data-data-brokers-including-data-pulled-us-app-users/
Mental Health
this article is an best article. thanks for this article.
health
This content is very natural and useful