Bookmark: "Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security"

Sebastian Greger


Following the Strava heatmap debacle, I encountered this study by the University of Toronto’s Citizen Lab via Twitter:

Fitness tracking devices monitor heartbeats, measure steps, sleep, and tie into a larger ecosystem of goal setting, diet tracking, and other health activities. Every Step You Fake investigates the privacy and security properties of eight popular wearable fitness tracking systems. We use a variety of technical, policy, and legal methods to understand what data is being collected by fitness tracking devices and their associated mobile applications, what data is sent to remote servers, how the data is secured, with whom it may be shared, and how it might be used by companies.

The report, downloadable in full as PDF, x-rays some of the popular consumer tracking apps and discusses the involved privacy threats.

The key message is that there is a lot to do in terms of transparency and consent when companies deal with people’s movement data:

Fitness data can provide detailed insights into people’s lives. It is used in an increasing number of areas such as insurance, corporate wellness, and courts of law. Consumers deserve to be better informed about fitness tracking systems’ privacy and security practices to help them determine whether or not they are comfortable with how their fitness data is being used.

I'm Sebastian, Sociologist and Interaction Designer. This journal is mostly about bringing toge­ther social science and design for inclusive, privacy-focused, and sustainable "human-first" digital strategies. I also tend to a "digital garden" with carefully curated resources.

My monthly email newsletter has all of the above, and there are of course also an RSS feed and Twitter.