FUDiabetes

Data leak on nightscout

I set up nightscout yesterday in readiness for my miaomaio to arrive. I got a web address myuser.herokuapp.com. All very good.

I went back to my browser later and accidentally mistyped that address and got a page full of data. I was a little surprised that data was present in my nightscout. I puzzled over it for some time. The data went back months!

The penny finally dropped that I had mistyped the url and when I returned to mine it was, as expected, empty.

A couple of questions:

  1. Is it usual for the nightscout page to be completely open? I don’t have a clue who this person is, but s/he has a samsung 10 phone, measures in mmol/L, and speaks English.

  2. Any idea how I could contact this person and tell them their data is open to the world?

1 Like

Anyone can see anyone else’s Nightscout page if you happen upon it or they share the url. Admin rights are reserved fort those who can “unlock” (provide the api secret) the Nightscout account.

1 Like

I think that is a pretty strange and in general unacceptable system. Some people will inadvertently be giving away a lot of info there. Is there a way of deploying to anywhere other than heroku?

What info are you giving away that can somehow hurt you? No name, ssn, phone number, address, etc.

No PII data at all. It’s just some anonymous persons bg data.

I swap NS urls with other parents at times as a way for us to see if we can find patterns and try to help each other manage our kids ngs i wouldn’t care if our url were public

1 Like

Yeh people said that when google and facebook started collecting “anonymous” data about us too.

I put the question back to you: why would you share intensely personal data with the world, even anonymously? I think we all need to protect any and all personal data where possible.

Why do you consider bg data “intensely personal data”?

I don’t personally. Everyone has bgs

But my recommendation to anyone is do what you’re comfortable with. If you think it’s a data leak, data mine, insecure zone for personal data theft, i recommend not using the system.

I don’t know anything about nightscout or even what @nickr is referring to directly… but I 100% understand his concern about bg data being intensely personal…

It’s different for adults than children… adults have careers, are subject to nonsensical bureaucracy etc… there are a lot of potential ramifications to blood sugar data already and even more potential for the future… it’s a very slippery slope imo

Historically I don’t even share electronic bg data with my own doctors… although that’s becoming harder and harder to do…

Here is Nightscout.

Find anything personal.

Even if you landed on my url. So what. Adult, child, doesn’t matter imo.

But i say again… Don’t do anything that makes you uncomfortable.

Everything off a security risk these days. Can’t stop living out of fear.

Hypothetical—- your son wants to fly an airplane someday and some bean counter decides that the acceptable bg range for someone with that diagnosis is something absurd like “bg managed between 90-125 100% of the time”

Not that this particular platform is directly accountable to him but it is just an example of why electronic data tracking in the public domain makes some people like the OP and like myself very nervous

And?

Definitely don’t use it then. Doesn’t make it insecure. Just elevates your worries

OPs question answered. Moving along. :wink:

You use mg/dL so you are probably in one of a limited number of countries.

You have hidden the panel at the top which shows your name, but that would normally be visible.

By hovering over the battery indicator I can see what sort of phone you have. By going into reports I can see your timezone.

It is just unheard of in this day and age to put data like this on the web.

If you tell me it helps the developers to analyse the performance of their software, that is one thing.

Putting personal data on the net with no warning is bad bad practice.

Not true. What is displayed is what i tell ns to display. I could have it read Sams pancreas if i wanted too.

Really? Lol

Again… NO PERSONAL DATA. I work in personal data so I’m aware of what constitutes personal data.

You’re stretching. You sound like you are definitely NOT a good candidate for NS though… And that’s ok… To each their own.

You can make Nightscout only accessible to persons you specify in the settings. It depends on how you set it up.

3 Likes

Can you enlighten me further? I can’t see that setting.

And thank you for an answer that is actually informative and helpful.

There are a wide array of admin tools for those who need them.

1 Like
1 Like