Your fitness is their business. Nothing personal

October 30, 2014

It has become somewhat of an embarrassment to talk about privacy these days. What use is it to protect privacy if careless users are eager to exhibit their personal data to anyone on social networks anyways? Today, users are readily spending their hard-earned money to sign up, deliberately, for house arrest-style services similar to those used for tracking criminals.

fitness

We are not talking about just wristbands or clips here; don’t forget about the thousands of apps tracking your sleep and movements, diet and cycle, and symptoms and medication schedules. For being so varied, they are not all that different: all of them are sending your data to a network.

And that’s where the big ‘oops!’ is. Research published by FTC this May, brought to light some interesting features that these apps (free and paid) have, after analyzing 43 apps. To start with, 26 percent of free apps, and 40 percent of paid, do not deploy any kind of privacy policy.

Impressed so far? How about this revelation: 20 apps on the list sent data to third-party companies (70 recipients in total), who mostly represent advertisers and ad analysts using the data to better target their campaigns. As for data encryption, the situation is even more drastic: only 13 percent of free and 10 percent of paid apps had this capability enabled. So, just one out of ten tracking apps had at least basic means to protect user data!

The next stage of the research involved 12 apps and two wearables. The data was sent to 73 third-party organizations without a user’s consent. By the way, the information those fitness and health app developers tampered with so irresponsibly included the user’s sex, name, device IDs, e-mail, information on physical exercises and diet, postal code and location, symptoms searches and the user’s unique IDs that are able to track him/her through other apps.

Information those fitness and health app developers tampered with so irresponsibly included the user’s name, sex, device ID and other additional data, making it possible to track him/her through other apps.

Just to help you deal with the fact that your data is no longer yours, we recommend that you check out the researchers’ website to better understand how information about you is sent through apps to their developers. That means that not only law enforcement officials, but other bureaus and companies as well may get full access to your data, and most likely, without any constraints, given how bad app developers are at keeping your data private.

Even though major fitness tracker vendors have assured users that they do not discreetly pass private information to third-party companies, it does not mean they would not intend to do it in the future. Even anonymous data (something the companies in question are eager to boast about) may be of use, especially when combined with open source information and metadata – in that case, it’s like Christmas came early for all the interested parties.

Fitness trackers, for instance, employ smart movement sensors, which can help to identify movements other than hiking and running. With that in mind, BP’s initiative to provide all employees and their families with free Misfit trackers looked particularly fishy. Misfit’s CEO admitted that such deals presupposing the discounted sale of thousands of trackers equipped with tracking software to corporate clients, is one of the fastest-growing domains of the company’s business.

Don’t assume that this data is processed by only a handful of people, and that maybe they have no time to get to yours due to a heavy workload. That’s not how it works. All of this bulk data is easily processed by Big Data technologies without involving any human efforts. Your profile is not a file on the shelf among millions of similar files, where it can eventually get lost. Your profile is a batch of bytes which may be stored at anyone’s place, depending on the interest this company or person might have in you, based on the particular patterns the system would find in your data.

Urban planning, traffic controltargeted advertising and even de-anonymizing are mere peanuts compared to the shock you may get one day upon receiving increased insurance bills. ‘Why is that?’ you’d ask. But it would be due to the fact you were less actively moving, doing less physical exercise, and slept less than last year and thus are more exposed to the risk of heart and neurological diseases. Some developers confessed that selling data like this to insurance companies generates 50% of their earnings.

So, perhaps it is time to just give up thinking that your life is private. It is well known that your health is someone’s business. Nothing personal. The good news is that at the moment, law-abiding citizens are not forced to use trackers. So all you have to do to keep this particular bit of your life private is to avoid this kind of stuff.