How Private is my FitBit Data?

Written by: Emily Goodwin

When it comes to wearable fitness trackers, scholars are primarily concerned with privacy, and rightly so. With any piece of technology, there is a potential for it to be hacked into and infected with a virus, or for the parent company to sell off your personal health data, or for more of your data to be defaulted to “public” than you originally thought.

Case in point: Fitbit came under fire in 2011 after users found that the sexual activity they tracked and inputted with their FitBits could be found through a simple Google search. They had no idea FitBit’s default setting on that type of data was the “public” setting, and apparently the company didn’t realize this either, since most of the data has “public” as its default setting “...to encourage social sharing and competitiveness” (Hill, par. 3).

Needless to say, FitBit had to act quickly to solve this problem. Now users know to actually check the status of their settings while setting up their device.

To read the full article, search for “FitBit Moves Quickly After Users’ Sex Stats Exposed” of Forbes.

Academic Joseph Wei addresses the increased vulnerability associated with devices that use multiple platforms. Because data ends up being transferred through an internet connection from a user’s device to a social platform, there is a higher risk of the data being intercepted during the transfer (p. 1).

You may not think this is too serious - it’s just how many steps I walked in a day, why would it matter if someone hacked into my account? Honestly, that’s what I thought at first, too. But there’s so much that you can track about yourself, especially with more sophisticated devices that can track location, meals, body biometrics, and medical conditions - in addition to workouts - and that amounts to being a lot of data another person could access and use against you.

It isn’t that difficult to hack into wearable fitness trackers. just last year, Netflix had a competition for its employees to create new features for Netflix to provide users. A group of employees came up with the idea of a “‘Sleep Bookmark’” (Betzner par. 1), which involved hacking into FitBits in order to track when users were beginning to fall asleep, and pause the program they were watching (Betzner, par. 1).

This very act may have been harmless, but it demonstrates how easy it would be for someone to harm you through your FitBit.

You can read the full article by searching for “Hacking Into Your FitBit” on Valley News.

Zhou and Piramuthu collaborated on another article expressing their concerns over the lack of privacy guaranteed for users. Companies selling the activity trackers need to act quickly and efficiently to come up with the best possible solution to “...ensure that associated privacy and security vulnerabilities are kept to a minimum” (p. 1).

If companies fail to do this, I know I won’t be purchasing one of their products anytime soon. Even if it’s not being used to blackmail you, would you still want a stranger to know that much about what makes you who you are?

Should further default setting scandals or security breaches arise in the future, I believe it could be the end of the wearable activity tracker era. People want their digital data to be secure. Measures are taken to make sure your credit card numbers can’t easily be accessed when an online shopping website is hacked into, so the same thing needs to be done with our personal health data.

Works Cited

Betzner, Jacob. "Hacking Into Your Fitbit." Valley News. N.p., 9 Aug. 2015. Web. 24 Nov. 2015.

Hill, Kashmir. "FitBit Moves Quickly After Users' Sex Stats Exposed." Forbes. Forbes Magazine, 5 July 2011. Web. 24 Nov. 2015.

Wei, J. (2014). How Wearables Intersect with the Cloud and the Internet of Things : Considerations for the developers of wearables. IEEE Consumer Electron. Mag., 3(3), 53-56. doi:10.1109/mce.2014.2317895 Zhou, W., & Piramuthu, S. (2014). Security/privacy of wearable fitness tracking IoT devices. 2014 9th Iberian Conference on Information Systems and Technologies (CISTI). doi:10.1109/cisti.2014.6877073