Peloton Bike

Warning: *privacy not included with this product

Health & Exercise Exercise Equipment

Peloton Bike

Peloton
Wi-Fi Bluetooth

Review date: Nov. 8, 2021

|
Mozilla researched 6 hours
|

Mozilla says

|
People voted: Not creepy

Getting outside to exercise can be hard. Which has made Peloton's connected exercise bike a must have for those who can afford the $1,500+ price tag. The networked bike comes with a 20+ inch touchscreen display that streams thousands of live or on-demand workouts. The Peloton app tracks your every drop of sweat to make sure you're burning enough calories for that creepy boyfriend (yeah Peloton, we haven't forgotten your creepy boyfriend ad!). We do like that Peloton took quick action to shut down the spread of QAnon conspiracy theories from their forums and leaderboards. We don't like that they had to.

What could happen if something goes wrong?

Peloton became one of the go-to workout machines for those who could afford them during the pandemic. They’ve had a rough 2021 though. Here’s what happened. Peloton sells expensive treadmills alongside their popular exercise bikes. Tragically, a 6-year old was killed in an accident on one of these treadmills. Due to safety concerns, Peloton issued a recall and added a feature called Tread Lock that requires a four-digit passcode to keep their treadmills from starting up for anyone without authorized access.

Sounds great, right? Here’s the problem. Peloton treadmill users needed that Tread Lock four-digit passcode to unlock their treadmill and Tread Lock required a $39 per month subscription. If users cannot unlock their treadmill, they can’t use the machine at all. Peleton offered the Tread Lock subscription at no cost for three months and in August updated that so all Tread owners could access Tread Lock and Just Run without a subscription. This is good as many Peloton users worried their costly treadmills would turn into expensive towel racks - not something they signed up for when they bought the treadmill. This issue of who owns and controls a connected device after purchase will almost certainly be a growing concern in the years ahead. Especially with a company like Peloton, which makes quite a lot of money off the content sold to users of their workout equipment.

As for Peloton’s privacy, they do a decent job. They say they don’t sell your personal information. They may share your information with third parties for marketing after they de-identify it, which is normal and generally ok, although we should probably put out that many privacy researchers have demonstrated how it can be relatively easy to de-anonymize such data. Unfortunately, we could find no mention of their data retention or deletion policies. In early 2021, a bug in the Peloton system reportedly exposed personal user data on their servers, including gender, age, location, and more, to anyone on the internet. It appears to be fixed now, but what's not good is that it took Peloton more than three months — and a call from a journalist — to address the vulnerability, according to the security researcher who discovered the problem.

What’s the worst that could happen? Well, a child dying is pretty much the worst thing that could happen. We’re glad Peloton worked to fix this problem. We hope nothing like that ever happens again.

Tips to protect yourself

  • Opt out from sharing of your information with third parties for marketing purposes via the form
  • Be very careful what third party companies you consent to share your health data with. If you do decide to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
  • Once you do not use a device any more, make sure to request deletion of all your data
  • mobile

Can it snoop on me? information

Camera

Device: Yes

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Peloton does not sell personal information. Peloton may share your information with third parties for marketing purposes, in de-identified form.

How can you control your data?

No deletion rights are stated for users not covered by CCPA and GDPR. Peloton says they retain the Personal Information they receive for as long as you use their Services or as necessary to fulfill the purpose(s) for which it was collected. Peloton says, "When we are no longer required to retain your Personal Information as described above, we will destroy, erase, or de-identify it in accordance with our data retention policies and applicable law."

What is the company’s known track record of protecting users’ data?

Needs Improvement

Peloton had a reported security vulnerability in 2021 that may have leaked user privacy account data from their servers and apparently didn't fix it in a timely manner.

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Peloton provides recommendations on your workout.

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Yes

*privacy not included

Dive Deeper

  • Peloton’s leaky API let anyone grab riders’ private account data
    TechCrunch
  • Peloton is figuring out how to moderate extremist content
    Axios
  • We read Peloton’s privacy policy for you – here’s what you need to know
    James Gelinas
  • Peloton Studio Security Breach
    Tom
  • Tour de Peloton: Exposed user data
    Pen Test Partners

Comments

Got a comment? Let us hear it.