Fitbit
Do noszenia Zdrowie reprodukcyjne Reproductive Health: Wearables

Fitbit

Google
Bluetooth

Data recenzji: 9 sierpnia 2022

|
Mozilla badała przez 8 godzin
|

Według Mozilli:

|
Według użytkowników: Bardzo przerażające

If you want to hit your personal best and kick life’s butt, you’ve already wasted too much time reading this sentence. Your metabolic rate has dropped 2% lower than a sprinting cheetah. Just kidding. Fitbit, Google's GPS tracking, heart rate monitoring, sleep tracking, stress managing, stairs climbed, calories burned, swim proof line of fitness tracker pairs with your phone and computer to tell you if you are, indeed, kicking life’s butt (or if life is kicking your butt instead). Good luck with that!

Update: In June 2022, after Roe vs Wade was overturned allowing US states to make access to abortion illegal, we took another look at the privacy and security of Google's Ftibit fitness trackers that can track menstrual cycle data. Our updated review is below. Overall, Fitbit is owned by Google, for better and for worse. That means your data is owned by the advertising giant (although not used for advertising, according to them). It also means Google has the resources to push back against law enforcement requests for data if they chose.

Co się może stać, jeśli coś pójdzie nie tak?

As of January 14, 2021, Google officially became the owner of Fitbit. That worried many privacy conscious users. However, Google promised that “Fitbit users’ health and wellness data won't be used for Google ads and this data will be kept separate from other Google ad data” as part of the deal with global regulators when they bought Fitbit. This is good.

And Fitbit seems to do an OK job with privacy and security. It de-identifies the data it collects so it's (hopefully) not personally identifiable. We say hopefully because, depending on the kind of data, it’s been found to be pretty easy to de-anonymize these data sets and track down an individual’s patterns, especially with location data. So, be aware with Fitbit—or any fitness tracker—you are strapping on a device that tracks your location, heart rate, sleep patterns, and more. That's a lot of personal information gathered in one place.

What is not good is what can happen with all this very personal health data if others aren't careful. A recent report showed that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third-party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness-tracker users was left exposed because the company didn't password protect or encrypt their database. This is a great reminder that yes, while Fitbit might do a good job with their own security, anytime you sync or share that data with anyone else, it could be vulnerable. And Fitbit partners with many third parties such as employers and insurance companies. I don’t know about you, but I don’t need the world to know my weight and where I live. That’s really dang creepy.

Update, August 2022 following the overturn of Roe vs Wade protection reproductive health rights in the United States.
Fitbit seemingly hasn't focused much time and resources into developing period and pregnancy tracking features in their app, at least according to the users who want such features. The Fitbit app does allow for period tracking though. And the app, like most wearable tracking apps, collects a whole bunch of person, body-related data that could potentially be used to tell if a user is pregnant.

Fortunately, Fitbit doesn't sell this data but it does say it can share some personal data for interest-based advertising. Fitbit also can share your wellness data with other apps, insurers, and employers if you sign up for that and give your consent. Their privacy policy says, "You may also direct us to share your information in other ways, for example, when you give a third-party application access to your account, or give your employer access to information when you choose to participate in an employee wellness program. Remember that their use of your information will be governed by their privacy policies and terms." Remember, every time you share that data, it becomes more and more vulnerable and you have to trust more and more people to protect it. Generally, it's better to not share such data with anyone else at all, if you can avoid it.

As for how Fitbit says they share data with law enforcement, they say, "We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person. Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person." It's a least nice Fitbit notes to users their policy to notify you if there is a legal request to access your data. With this much sensitive data collect, we would like to see them clarify even more that they won't give up user data to law enforcement unless required to under subpoena, and even then, we like to see them commit to only giving up the bare minimum necessary.

Fitbit isn't the wearable we'd trust the most with our private reproductive health data. Apple, Garmin, Oura all make us feel a bit more comfortable with this personal information. That said, Fitbit also doesn't have a pregnancy tracker and seems to have more limited period tracking in their app, which might be good in the long run. There are better options out there, all around.

Wskazówki, jak się chronić

  • Follow Fitbit's advice to keep your stats private
  • Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
  • Stop sharing friends' lists: Under “Friends” on your profile page, select Privacy Setting and then Private.
  • When you no longer use the app, go to "Delete account" in the app menu
  • Turn off precise location sharing!
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • mobile

Czy może mnie podsłuchiwać? informacje

Aparat

Urządzenie: Nie

Aplikacja: Tak

Mikrofon

Urządzenie: Nie

Aplikacja: Tak

Śledzi położenie

Urządzenie: Tak

Aplikacja: Tak

Czego można użyć do rejestracji?

Jakie dane zbiera ta firma?

Jak ta firma wykorzystuje te dane?

Fitbit never sell the personal information of their users.

Fitbit says that they transfer information to their corporate affiliates, service providers, and other partners who "process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures." You may also give consent for Fitbit to share your information in other ways, for example, when you give a third party access to your account, or give your employer or insurance company access to information when you choose to participate in a wellness program. Remember when you do that, their use of your information will be governed by their privacy policies and terms.

How the company says they may share data with law enforcement:

Fitbit says that their policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.

Jak możesz kontrolować swoje dane?

We ding this product as not all users may be able to delete their data.

You can choose not to sync the device with the app.

Fitbit keeps your account information, like your name, email address, and password, for as long as your account is in existence. Fitbit keeps your exercise or activity data, until you use your account settings or tools to delete the data or your account. Fitbit also keeps information about you and your use of the services for as long as necessary for their legitimate business interests, legal reasons, etc.

If you live in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you can exercise your privacy rights under the European Union’s General Data Protection Regulation (“GDPR”).

Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?

Średnia

Unfortunately, Fitbit's security measures did not prevent the major data leak of 61 million fitness tracker data records, including Fitbit user data, by the third-party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.

Informacje o prywatności dziecka

"Fitbit allows parents to set up accounts for their children to use with select Fitbit devices (“Children’s Account”). Children’s Accounts are subject to a separate Privacy Policy for Children’s Accounts which explains what information we collect to set up these accounts, what information we collect from a child’s use of our Services, and how we use and share that information. Parents or guardians must consent to the use of their child’s data in accordance with the Privacy Policy for Children’s Accounts in order to create such an account.

Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at [email protected]"

Czy ten produkt może być używany bez połączenia z siecią?

Tak

Przyjazne dla użytkownika informacje o prywatności?

Tak

Despite being acquired by Google, Fitbit keeps its own privacy policy, written it relatively simple language.

Odnośniki do informacji o prywatności

Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa? informacje

Nieznane

Szyfrowanie

Tak

Silne hasło

Tak

To create a Fitbit account, users are required to provide strong, complex, passwords during onboarding.

Aktualizacje zabezpieczeń

Tak

Zajmuje się problemami z bezpieczeństwem

Tak

Zasady ochrony prywatności

Tak

Czy produkt wykorzystuje sztuczną inteligencję? informacje

Nie można ustalić

Czy tej sztucznej inteligencji nie można ufać?

Nie można ustalić

Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?

Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?

Nie można ustalić

Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?

Nie można ustalić

*Prywatność do nabycia osobno

Dowiedz się więcej

  • Period-tracking apps face intense data privacy scrutiny in wake of Roe reversal
    Android Police
  • Fitbit fitness tracker detects woman's pregnancy
    CBS News
  • How to use Fitbit’s female health tracking tool
    The Verge
  • 61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data Breach
    Health IT Security
  • Fitbit faces anger for setting limits on women's periods
    BBC

Komentarze

Masz uwagi? Podziel się nimi z nami.