A question:
I've never synched my Fitbit to my computer. Yet, every week I receive an email "weekly summary" of my activities. I've carefully read all the privacy notices, device settings, etc. and there's nothing to "turn off" or use to "opt out". So, if Fitbit Central is somehow getting my data (synched with my iPhone), it's some code the company's incorporated into the app that's communicating back to Fitbit's computers. Is that an accurate summary of the matter? Any further thoughts/comments on security of these and related activity trackers?
Fitbit and other activity trackers?
According to the privacy policy if you sync with an app it uploads to the companies servers.
"When you sync your Device through an App or the Software, data recorded on your Device about your activity is transferred from your Device to our servers. This data is stored and used to provide the Fitbit Service and is associated with your account. Each time a sync occurs, we log data about the transmission. Some examples of the log data are the sync time and date, device battery level, and the IP address used when syncing."
- https://www.fitbit.com/ca/legal/privacy
Thanks. I somehow missed that. It's a bit worrisome that Fitbit can access the app like that. Perhaps it's cynicism admixed with paranoia, but I suspect that's not all that's being obtained, recorded and maybe re-sold to data brokers.
From a quick look at the app permissions on the Pay store, the app collects your precise location via GPS, your identity, your contacts, your phone ID, and your photos, to name a few. Based on this data alone, they are well on their way to identifying you online and offline. Details in the "Permissions" link at https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile&hl=en
To complete the circle, as disclosed in their terms, they allow a dozen third parties to collect data on you. Of course, if you want to know how each of these third parties can use your data, and what they collect, you can read each individual privacy policy (no kidding - that's really what they say here: http://www.fitbit.com/legal/privacy-policy )
The vendor takes some pretty extreme liberties with how it collects your data. Between what their app collects, and how their terms allow them to reuse that data, wearing a fitbit means sharing your location, multiple personal identifiers, and some personal habits with multiple advertisers/data brokers who can then use that data in a wide range of ways.
I obviously was negligent because Fitbit didn't disclose all that in the info supplied with the device, nor did it appear (readily) in the Apple App Store. In other words, I should have looked more carefully and been much more skeptical than I was. Thanks!
Fitbit makes it hard, and the Apple version of apps don't have the same transparency as the Android versions. The Play store does a decent job listing out the permissions.
And, the top level page that FitBit links to is this summary page: http://www.fitbit.com/legal/privacy - the information in the summary page really whitewashes their practice. Their language in the "Do we sell data" section on their summary verges on dishonest - it is certainly misleading, at best.
So, this isn't you (IMO) - this is on the company. They have made their terms very difficult to navigate, but digging in to them highlights how data sharing is a core part of their business.
Thanks, Bill. I didn't see that because I simply downloaded the app from Apple. I did look at the Fitbit privacy policy and its convoluted and deliberately opaque. I appreciate your clarifying comments!
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.