Attention : *Confidentialité non incluse avec ce produit
Ever wanted to row, row, row, from the comfort of your own home? Well, if you have the will -- and about three thousand dollars -- there’s a way! Peloton has added an at-home rower to their line-up of fitness equipment. And it comes equipped with features you never knew you needed, like form rating and stroke rate. Got to love numbers and scores! It’s also, Peloton says, super quiet. I guess that means you won’t wake your family up while you row-row. Heh. Just remember that if you want access to all those sweat-inducing motivational classes, you’ll have to purchase a membership too. Oh, and sadly, their privacy and security isn't so great.
Que pourrait-il se passer en cas de problème ?
Peloton became one of the go-to workout machines for those who could afford them during the pandemic. They’ve had a pretty rough go of it since though. In early 2023, they agreed to pay a $19 million civil penalty for a flaw that resulted in a 6-year old being killed in an accident on one of their treadmills back in 2021. Worse, the United States Consumer Product Safety Commission reported that Peloton was aware of “incidents associated with pull under and entrapment in the rear of the treadmills, including reports of injuries” before that design flaw ended in tragedy. The CPSC also said that company staff claimed Peloton continued to distribute the dangerous treadmills even after they recalled it. (If you have one of these machines, you can now request a safety guard from Peloton that will be available in early 2024.)
After the incident, Peloton did add additional safety features including a four-digit passcode to keep their treadmills from starting up for anyone without authorized access. Sounds great, right? Unfortunately they added a paywall too which meant unless you paid a subscription fee, your pricey Peloton could turn into an expensive towel rack. They did reverse that decision and unlock the “Just Ride,” “Just Run,” and “Just Walk” features plus a limited number of pre-recorded classes per month for “non-members.” But this issue of who owns and controls a connected device after purchase will almost certainly be a growing concern in the years ahead. Especially with a company like Peloton, which makes quite a lot of money off the content sold to users of their workout equipment.
And Peloton isn’t out of the woods yet regarding the safety of their machines. They had to issue another recall in mid-2023 for their bikes -- because the seat post can break or detach during use. As if spin classes needed to be any scarier.
As for Peloton’s privacy, they aren't exactly stellar there either. They say they don’t sell your personal information for money. In their U.S. States Privacy Notice for states with stricter privacy laws, like California and others, they clarify that some of the ways they share might be considered a sale according to those laws, referring specifically to website cookies and tracking technologies. That's pretty standard stuff, but still not the best. They do say they can share sensitive personal information (like age and gender), how you use your Peloton (like class performance history and leaderboard rank) as well as geolocation with third party advertising partners. That’s not cool. In their general privacy policy, they do say they will only share your “Fitness Data” in aggregated and anonymized format, which is normal and generally ok, although we should probably put out that many privacy researchers have demonstrated how it can be relatively easy to de-anonymize such data.
Security-wise, there have been some blunders too. In early 2021, a bug in the Peloton system reportedly exposed personal user data on their servers, including gender, age, location, and more, to anyone on the internet. It appears to be fixed now, but what's not good is that it took Peloton more than three months -- and a call from a journalist -- to address the vulnerability, according to the security researcher who discovered the problem. Recently, in the summer of 2023, it was reported that Pelotons may still have a number of security issues that could allow bad actors to get access to sensitive information. Eesh.
What’s the worst that could happen? Well, a child dying is pretty much the worst thing that could happen. We hope nothing like that ever happens again. As for what's the worst things that could happen from a privacy perspective...well, we sure hope Peloton gets their security act together because their pricey rowing machines do come with cameras and microphones included and no one needs to hack into those and watch you grunting away during your workout.
Conseils pour vous protéger
- Opt out from sharing of your information with third parties for marketing purposes via the form
- Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
- Once you do not use a device any more, make sure to request deletion of all your data.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Ce produit peut-il m’espionner ?
Caméra
Appareil : Oui
Application : Non
Microphone
Appareil : Oui
Application : Non
Piste la géolocalisation
Appareil : Oui
Application : Oui
Que peut-on utiliser pour s’inscrire ?
Adresse e-mail
Oui
Téléphone
Non
Compte tiers
Non
Quelles données l’entreprise collecte-t-elle ?
Personnelles
Name, mailing address (including zip code), billing address (including zip code), email, date of birth and phone number; Delivery information (including billing, shipping and delivery address); Geolocation.
Corporelles
Any additional information you choose to provide to enhance your use of the Services, including your weight, height, gender, general location, photo, picture, tags, image, avatar; Voiceprint, your Image or likeness; Information you provide in order to track your performance while using our Services, e.g. height, weight, heart rate (if a compatible heart rate monitor is connected).
Sociales
Comment l’entreprise utilise-t-elle les données ?
Comment pouvez-vous contrôler vos données ?
Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?
In July 2023, Check Point security experts unveiled vulnerabilities found in workout equipment made by Peloton. Exploiting these vulnerabilities could potentially grant threat actors access to user databases, exposing sensitive data of Peloton users.
Peloton had a reported security vulnerability in 2021 that may have leaked user privacy account data from their servers and apparently didn't fix it in a timely manner.
Informations liées à la vie privée des enfants
Ce produit peut-il être utilisé hors connexion ?
Informations relatives à la vie privée accessibles et compréhensibles ?
Peloton's privacy policies aren't the most difficult to read and understand that we've ever seen. We're still not sure we'd call them user-friendly though.
Liens vers les informations concernant la vie privée
Ce produit respecte-t-il nos critères élémentaires de sécurité ?
Chiffrement
Mot de passe robuste
Mises à jour de sécurité
Gestion des vulnérabilités
Politique de confidentialité
Cette IA est-elle non digne de confiance ?
Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?
L’entreprise est-elle transparente sur le fonctionnement de l’IA ?
Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?
Pour aller plus loin
-
Peloton Bugs Expose Enterprise Networks to IoT AttacksDark Reading
-
Peloton Recalls Two Million Exercise Bikes Due to Fall and Injury HazardsUnited States Consumer Product Safety Commission
-
Peloton Agrees to Pay $19 Million Civil Penalty for Failure to Immediately Report Tread+ Treadmill Entrapment Hazards and for Distributing Recalled TreadmillsUnited States Consumer Product Safety Commission
-
Peloton’s leaky API let anyone grab riders’ private account dataTechCrunch
-
Tour de Peloton: Exposed user dataPen Test Partners
-
Peloton Recalls Tread+ Treadmills After One Child Died and More than 70 Incidents ReportedUnited States Consumer Product Safety Commission
-
Peloton Recalls Its Tread+ and Tread Treadmills After They're Linked to Serious Safety HazardsConsumer Reports
-
Peloton Tread+ Recall: What Owners Need to KnowNew York Times
-
Peloton is updating its treadmills to again be useful without a subscriptionThe Verge
-
Peloton comes out with new treadmill after recallMobi Health News
-
Peloton is figuring out how to moderate extremist contentAxios
-
We read Peloton’s privacy policy for you – here’s what you need to knowJames Gelinas
-
Peloton Studio Security BreachTom
Commentaires
Vous avez un commentaire ? Dites-nous tout.