Your smartphone is already gathering a ton of information about you – everyday. Intentionally or not you are tracking yourself. But that’s nothing compared to what’s about to happen when you join the new wave of wearable technology for tracking even more aspects of your life. Probably also the most personal and sensitive part of you: Your health. The good thing about this, like wearing fitness trackers, is that it may improve your health. The flip side isn’t so bright: It will kill you privacy. What would you prefer? Or can you have both? Let me give some comments on this issue based on a security report from Symantec.
How does a self-tracking device work?
Symantec, one of the biggest security companies in the world, was out with a report earlier this year that raises questions about the security of wearable technology. Fueled by technological advances and social factors, the “quantified self” (i.e. self-tracking) movement has experienced rapid growth. It aims to improve lifestyle and achievements by measuring and analyzing key performance data across a range of activities, according to the report.
Before discussing the security aspects, let’s have a short look on how these self-tracking devices work – at least the way Symantec describes it. And they do it in a very nice way, so please read the report to get the details. Just let me give you a couple of headlines here.
Many people self-track with devices like wristbands, smart watches, pendants, and even smart clothing. These gadgets typically contain a number of sensors, processor, memory, and communication, which enable the user to effortlessly collect, store, and transmit the data to another computer for storing, processing and reporting. The image below explains how it works.
Despite the growing use of specifically designed devices, smartphones are perhaps the most common way to perform self-tracking. It’s packed with a wide range of different sensors that can be used by various applications as the image below shows.
To start self-tracking, simply install an app, sign up, and start tracking. At the end of your session, review and sync the collected data to a cloud-based service.
So far so good. Or?
What’s the privacy problem?
This is how Symantec puts it in their report:
“Each day, millions of people worldwide are actively recording every aspect of their lives, thoughts, experiences, and achievements in an activity known as self-tracking (aka quantified self or life logging). People who engage in self-tracking do so for various reasons. Given the amount of personal data being generated, transmitted, and stored at various locations, privacy and security are important considerations for users of these devices and applications.”
Also: When we hand over our personal and quantified self data to different service providers, are we misplacing our trust in them? How do we know that they are taking the steps necessary to protect our information and our privacy? To answer this question Symantec looked at what’s currently going on in the world of self-tracking. And they examined what vendors are doing to protect users of their services by taking a closer look at some of the most popular devices and apps on the market.
They have found security risks in a large number of these devices and apps. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking. They also found vulnerabilities in how personal data is stored and managed, such as passwords being transmitted in clear text and poor session management. The report has all the details, but the image below will give you some clues.
What can you do about it?
Here’s the obvious conclusion from the report:
“At first glance, self-tracking and privacy may appear to be strange bedfellows. How can recording lots of data about yourself and maintaining privacy even be possible? Considering the security and privacy issues that we have seen, the obvious conclusion is, if you value your privacy, the best thing is to not do any self-tracking at all!”
But that won’t happen. Despite the risks to security and privacy, this wave will continue to grow the years to come according to a report from ABI Research that wearable computing devices will exceed 485 million annual shipments by 2018.
To ensure that users can continue to enjoy this activity in safety, Symantec recommend that they take some basic security precautions:
- Use a screen lock or password to prevent unauthorized access to your device
- Do not reuse the same user name and password between different sites
- Use strong passwords
- Turn off Bluetooth when not required
- Be wary of sites and services asking for unnecessary or excessive information
- Be careful when using social sharing features
- Avoid sharing location details on social media
- Install app and operating system updates when available
- Use a device-based security solution if available
- Use full device encryption if available
If you want all the details, you’ll find the Symantec report here. It’s really wort reading, both regarding the content and images. I’ve chose to focus on this report this time, but there are a lot of stuff out there covering this theme. Just give it a search. Jut let me mention a blog post kalled “Your fitness is their business. Nothing personal” from Kaspersky Lab worth reading with this conclusion:
“So, perhaps it is time to just give up thinking that your life is private. It is well known that your health is someone’s business. Nothing personal. The good news is that at the moment, law-abiding citizens are not forced to use trackers. So all you have to do to keep this particular bit of your life private is to avoid this kind of stuff.”
I’ve been using a couple of these devices for testing the last year, first the first version of Nike Fuelband and then Polar Loop. Now I’m using Polar V800 because it’s better for training, but it’s the first training computer that also has 24/7 activity monitor.
Enjoy your next secure self-tracking session!