
Warning: *privacy not included with this product
Peloton Bike
Getting outside to exercise can be hard. Which has made Peloton's connected exercise bike a must have for those who can afford the $1,500+ price tag. The networked bike comes with a 20+ inch touchscreen display that streams thousands of live or on-demand workouts. The Peloton app tracks your every drop of sweat to make sure you're burning enough calories for that creepy boyfriend (yeah Peloton, we haven't forgotten your creepy boyfriend ad!). We do like that Peloton took quick action to shut down the spread of QAnon conspiracy theories from their forums and leaderboards. We don't like that they had to.
What could happen if something goes wrong?
Peloton became one of the go-to workout machines for those who could afford them during the pandemic. They’ve had a rough 2021 though. Here’s what happened. Peloton sells expensive treadmills alongside their popular exercise bikes. Tragically, a 6-year old was killed in an accident on one of these treadmills. Due to safety concerns, Peloton issued a recall and added a feature called Tread Lock that requires a four-digit passcode to keep their treadmills from starting up for anyone without authorized access.
Sounds great, right? Here’s the problem. Peloton treadmill users needed that Tread Lock four-digit passcode to unlock their treadmill and Tread Lock required a $39 per month subscription. If users cannot unlock their treadmill, they can’t use the machine at all. Peleton offered the Tread Lock subscription at no cost for three months and in August updated that so all Tread owners could access Tread Lock and Just Run without a subscription. This is good as many Peloton users worried their costly treadmills would turn into expensive towel racks - not something they signed up for when they bought the treadmill. This issue of who owns and controls a connected device after purchase will almost certainly be a growing concern in the years ahead. Especially with a company like Peloton, which makes quite a lot of money off the content sold to users of their workout equipment.
As for Peloton’s privacy, they do a decent job. They say they don’t sell your personal information. They may share your information with third parties for marketing after they de-identify it, which is normal and generally ok, although we should probably put out that many privacy researchers have demonstrated how it can be relatively easy to de-anonymize such data. Unfortunately, we could find no mention of their data retention or deletion policies. In early 2021, a bug in the Peloton system reportedly exposed personal user data on their servers, including gender, age, location, and more, to anyone on the internet. It appears to be fixed now, but what's not good is that it took Peloton more than three months — and a call from a journalist — to address the vulnerability, according to the security researcher who discovered the problem.
What’s the worst that could happen? Well, a child dying is pretty much the worst thing that could happen. We’re glad Peloton worked to fix this problem. We hope nothing like that ever happens again.
Tips to protect yourself
- Opt out from sharing of your information with third parties for marketing purposes via the form
- Be very careful what third party companies you consent to share your health data with. If you do decide to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
- Once you do not use a device any more, make sure to request deletion of all your data
Can it snoop on me?
Camera
Device: Yes
App: Yes
Microphone
Device: Yes
App: Yes
Tracks location
Device: Yes
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Name, email, phone number, address, age, gender, location
Body related
Weight, height, voice recordings, visual image
Social
Friends you follow
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
Peloton had a reported security vulnerability in 2021 that may have leaked user privacy account data from their servers and apparently didn't fix it in a timely manner.
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Strong password
Security updates
Manages vulnerabilities
Privacy policy
Dive Deeper
-
Peloton’s leaky API let anyone grab riders’ private account dataTechCrunch
-
Peloton is figuring out how to moderate extremist contentAxios
-
We read Peloton’s privacy policy for you – here’s what you need to knowJames Gelinas
-
Peloton Studio Security BreachTom
-
Tour de Peloton: Exposed user dataPen Test Partners
Comments
Got a comment? Let us hear it.