Warning: *privacy not included with this product
Getting outside to exercise can be hard. Which has made Peloton's connected exercise bike a must have for those who can afford the $1,500+ price tag. The networked bike comes with a 20+ inch touchscreen display that streams thousands of live or on-demand workouts. The Peloton app tracks your every drop of sweat to make sure you're burning enough calories for that creepy boyfriend (yeah Peloton, we haven't forgotten your creepy boyfriend ad!). We do like that Peloton took quick action to shut down the spread of QAnon conspiracy theories from their forums and leaderboards. We don't like that they had to.
What could happen if something goes wrong?
Peloton became one of the go-to workout machines for those who could afford them during the pandemic. They’ve had a rough 2021 though. Here’s what happened. Peloton sells expensive treadmills alongside their popular exercise bikes. Tragically, a 6-year old was killed in an accident on one of these treadmills. Due to safety concerns, Peloton issued a recall and added a feature called Tread Lock that requires a four-digit passcode to keep their treadmills from starting up for anyone without authorized access.
Sounds great, right? Here’s the problem. Peloton treadmill users needed that Tread Lock four-digit passcode to unlock their treadmill and Tread Lock required a $39 per month subscription. If users cannot unlock their treadmill, they can’t use the machine at all. Peleton offered the Tread Lock subscription at no cost for three months and in August updated that so all Tread owners could access Tread Lock and Just Run without a subscription. This is good as many Peloton users worried their costly treadmills would turn into expensive towel racks - not something they signed up for when they bought the treadmill. This issue of who owns and controls a connected device after purchase will almost certainly be a growing concern in the years ahead. Especially with a company like Peloton, which makes quite a lot of money off the content sold to users of their workout equipment.
As for Peloton’s privacy, they do a decent job. They say they don’t sell your personal information. They may share your information with third parties for marketing after they de-identify it, which is normal and generally ok, although we should probably put out that many privacy researchers have demonstrated how it can be relatively easy to de-anonymize such data. Unfortunately, we could find no mention of their data retention or deletion policies. In early 2021, a bug in the Peloton system reportedly exposed personal user data on their servers, including gender, age, location, and more, to anyone on the internet. It appears to be fixed now, but what's not good is that it took Peloton more than three months — and a call from a journalist — to address the vulnerability, according to the security researcher who discovered the problem.
What’s the worst that could happen? Well, a child dying is pretty much the worst thing that could happen. We’re glad Peloton worked to fix this problem. We hope nothing like that ever happens again.
Tips to protect yourself
- Opt out from sharing of your information with third parties for marketing purposes via the form
- Once you do not use a device any more, make sure to request deletion of all your data
What can be used to sign up?
What data does the company collect?
Name, email, phone number, address, age, gender, location
Weight, height, voice recordings, visual image
Friends you follow
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
Peloton had a reported security vulnerability in 2021 that may have leaked user privacy account data from their servers and apparently didn't fix it in a timely manner.
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Peloton’s leaky API let anyone grab riders’ private account dataTechCrunch
Peloton is figuring out how to moderate extremist contentAxios
Peloton Studio Security BreachTom
Tour de Peloton: Exposed user dataPen Test Partners
Got a comment? Let us hear it.