Forgot your password?
typodupeerror
Security Portables Privacy Technology

Nike+ FuelBand: Possibly a Big Security Hole For Your Life 162

Posted by Soulskill
from the youtube-generation-wouldn't-even-flinch dept.
MojoKid writes "Nike+ FuelBand is a $149 wristband with LED display that tracks your daily activity, tells you how many calories you've burned, lets you know how much fuel you have left in the tank, and basically keeps track of 'every move you make.' If you think that sounds like a privacy nightmare waiting to happen, it pretty much is. A source directly connected to Nike reported an amusing, albeit startling anecdote about a guy who got caught cheating on his girlfriend because of the Nike+ FuelBand. 'They shared their activity between each other and she noticed he was active at 1-2AM, when he was supposed to be home.' That's just one scenario. What if the wristband gets lost or stolen? How much data is actually stored on these sorts of devices? And remember, you're syncing it to the cloud with an iOS or Android app."
This discussion has been archived. No new comments can be posted.

Nike+ FuelBand: Possibly a Big Security Hole For Your Life

Comments Filter:
  • by NixieBunny (859050) on Sunday November 11, 2012 @12:07AM (#41947471) Homepage
    So... people voluntarily do this to themselves? Weird.
    • by jhoegl (638955) on Sunday November 11, 2012 @01:52AM (#41947797)
      Clearly, the guy who was wearing the band forgot to take it off when he was into his laborous other activities.
      This shows the ignorance people have of technology more than anything else.
      This is how you subjugate a populace... make sure they are ignorant, make sure they get a benefit out of something, and then hide the real reason.
      I mean, it worked for that one guy with the ring in that documentary I saw.
      • by Anonymous Coward on Sunday November 11, 2012 @03:45AM (#41948115)

        *sigh* The Lord of the Rings was not a documentary.

        • by jhoegl (638955)
          Then why did they release three movies based on its power and then two more coming out based on its 500 years of being lost, then found?
          Some people o.O
      • by drinkypoo (153816)

        Clearly, the guy who was wearing the band forgot to take it off when he was into his laborous other activities.

        As sensitive as this thing apparently is, no data would be a sign you took it off. If eating a slice of pizza can rack up more points than an actual walk, then imagine what scratching your ass in your sleep might do.

        • Make your hand smell bad, I guess.

        • by Anonymous Coward on Sunday November 11, 2012 @11:09AM (#41949417)

          I assume that is has something to do with kinetics and motion, more than pulse.

          For most of the people on Slashdot they would need to make sure that choose the correct wrist to place this on. Otherwise they would see a spike during certain online activities.

          "Holy shit, were you being chased by a tiger for 45 seconds?"

          • Re: (Score:3, Funny)

            by Anonymous Coward

            Holy shit, were you being chased by a tiger for 45 seconds?

            A little ambitious there, aren't you?

        • Do you spend more time eating a slice of pizza than you spend on a walk? And do you energetically move your arm back and forth continuously during the entire duration of time that you eat pizza?

          If your answer to both of those is no, then the device would not flag your pizza eating activity as more calorie burning than your walk.

          If your answer to both of those is yes, you should record yourself eating a slice and put it up on YouTube. The sheer silliness of it would probably get millions of views.

        • by Zeinfeld (263942)
          Umm, i am wearing one right now. Sleeping in it just would not occur to me. Plus you have to take it off to charge it. So as a privacy thing, well the only reason it would get you in trouble would be wearing it during sex so you could get the fuel points. Not a security issue that worries me at all. Now the implants.. They might be an issue.
          • "So as a privacy thing, well the only reason it would get you in trouble would be wearing it during sex so you could get the fuel points."

            Seriously, if you think that is "the only reason" (way) it can get you in trouble, you have a major lack of imagination.

      • "Clearly, the guy who was wearing the band forgot to take it off when he was into his laborous other activities."

        No, clearly you don't understand how they work. If he took it off or turned it off, it would still record all the activities before and after. He would have to disable it maybe hours before he conducted his "clandestine" activities, and wait for further hours before he enabled it again... and then someone else would still wonder about the gap time.

        But this is still basically the same "cloud" problem I've been talking about for a long time. If you put your information out there, somebody is likely to get

    • There are some really nice applications out there for runners to track their regular runs and display them on Google Maps, and while I can see the appeal of having all that information sometimes, I'm not really thrilled with making it available to Google or whoever else has access to it. It sounds like a really good job for a PC-based mapping program.

      I would assume that by now these things are implemented as iPhone/Android apps that use the GPS locations (or maybe less-granular cellular locations) so your

      • I would assume that by now these things are implemented as iPhone/Android apps that use the GPS locations (or maybe less-granular cellular locations) so your phone will track you in real time while you're running, as well as showing your heartbeat and playing your music.

        Exactly true. The same is true of any of the Garmin, Polar, or whatever other brand you like GPS fitness watches. They record exactly where and when you are and a bunch of other data (depending on model). The key is simple: if you don't w

        • Yes, the guy was clearly an idiot. Much smarter: leave your Nike fuelband and your iPhone on your nightside table when you sneak out. Then, when accused of cheating, you can pull down the data from the cloud, and *prove* you were at home sleeping.

          • "Yes, the guy was clearly an idiot. Much smarter: leave your Nike fuelband and your iPhone on your nightside table when you sneak out. Then, when accused of cheating, you can pull down the data from the cloud, and *prove* you were at home sleeping."

            Except that your pulse rate will be 0, and your body temperature will be 70F.

            Yeah. That's the ticket.

      • by Cinder6 (894572)

        I use an app/service called MapMyRide that, well, maps my bike rides. It's a useful way for plotting out routes, keeping track of speed and training progress, rough estimate of calories burned, etc. Yes, I could manually keep track of this information, but the app is more useful, and it gives me route ideas based on other peoples' data (which isn't shared unless you tell it to share).

        My question is: In what way does giving Google, MapMyRide, or a different service access to my bike ride data hurt me in an

        • The first thing it does is to tie your online identity to a physical location. (Not sure about MapMyRide - but the (far better) Strava fuzzes your "home" location to help prevent this - but you can still pin down someone's home address within about 1 km. Unless you've chosen a fake name, public property records will give the exact location.

          If you've set up your profile with a bike description, and it' s a nice one, now I know you have an expensive bike, and I know your address.

          I can also go through your rid

    • It's the part where he voluntarily shared his info with his gf that makes this not really a security hole, just a stupid person.

      • It's still a security hole. Who has access to this data? Nike employees you don't know? Maybe one of them is an ex-girlfriend? Or maybe they do like a couple of big banks did: back things up to some external drive, then somehow "lose" them on the way to storage.

        Right. Give me a break. If you put it "in the cloud", watch your ass. Because you can be pretty sure somebody else is.
  • by YesIAmAScript (886271) on Sunday November 11, 2012 @12:08AM (#41947477)

    Yes. It keeps track of what you're doing. You know this because you can see the data it captures.

    And yes, if you share what you're doing with someone else, they might notice you aren't doing what you're supposed to be doing.

    I don't understand the constant alarmism.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      In this case I have to agree. Total non-story.

    • by Nimey (114278)

      Clickbait.

      • Clickbait.

        Yes. It keeps track of what you're doing. You know this because you can see the data it captures.

        And yes, if you share what you're doing with someone else, they might notice you aren't doing what you're supposed to be doing.

        I don't understand the constant alarmism.

        And the scary part is that the clickbait worked. Assuming it lives up to the hype, this is actually a rather cool product, exactly what I need.... :-D .... I wonder how accurate the calorie burn count is for different activities like static cycling, rowing or just general jogging/walking/hiking? Anybody ever used this thing? Privacy issues are a moot point, If the tracking ever gets creepy I can simply shut this thing off

        • You have sidestepped the question. Why do you need any of this data to be "in the cloud"???

          Why all the insistence by so many companies that your data be stored "in the cloud" when for most people, there is no good reason for it?

          But if you STILL think that's what you need, and have an iOS device, take a look at the Jawbone UP. [jawbone.com]
    • by fermion (181285) on Sunday November 11, 2012 @12:48AM (#41947621) Homepage Journal
      This is the most lame privacy concern ever. Anyone who can't explain the could not sleep and went for a run a 1 in the morning either deserves or wants to get caught. So yes if you like to have sex with several different people without one knowing about the other, this is a bad device to have. But really, it does track location, take pictures, or lets you input incriminating text, like "1am, left gf house, picked up a random person, took home, and achieved real satisfaction.", just as a for instance.

      You what is a real privacy and relationship killer. The pager. Can't tell you how many people have gotten into trouble because a partner read a page. Or mail. Can't tell you what receiving a postcard from a friend asking you to join on the next vacation does to a marriage. Or the phone. You never know when a spouse is going to answer by mistake. Or, seriously people, credit card bills. I mean many don't think about it, but credit card bills and receipts have gotten me into trouble on more than one occasion. Also, remember that every cell phone call you make, and Skype call for that matter, is listed in detail for anyone to see. Exactly., When. How long. Who. This is trouble in the making and no one should it. Everyone should be using a burner phone.

      • by drinkypoo (153816)

        Everyone should be using a burner phone.

        Since I don't seem to have any enemies, the only people I might conceivably be worried about getting my phone data would be the authorities. I don't store anything in my phone, and they can subpoena anything else that happens to be on it. I don't need a burner phone.

    • Privacy means you can do whatever you want and people can't see! Don't you understand?! If I am dry-humping a billy goat in front of an Italian restaurant bay window, the people taking pictures of me and posting them on reddit is an INVASION OF PRIVACY!!!!!!!!11
    • by fm6 (162816)

      I think the "alarmism" comes in when the data sharing is unintentional.

    • by mrbluze (1034940)

      I don't understand the constant alarmism.

      Slow news day.

    • by Seumas (6865)

      Plus, it doesn't even remotely apply to anyone on Slashdot, because it involves physical activity.

      • by Chrisq (894406)

        Plus, it doesn't even remotely apply to anyone on Slashdot, because it involves physical activity.

        But it also involves digital watches!

      • Funny, I was going to say the same thing except point out that it involved sex.

        • by Zeinfeld (263942)
          Was about to make a witty reply till i realized i stopped readin slashdot round about the time i got married.
    • by chrismcb (983081)
      I don't get it either. So if the girlfriend called, or stopped by at that time she might also have discovered he was not there.
      So what if you lost this... "hey boss, look, this guy was at the gym at 2pm..."
    • by Jah-Wren Ryel (80510) on Sunday November 11, 2012 @02:33AM (#41947915)

      Yes. It keeps track of what you're doing. You know this because you can see the data it captures.

      Yes, you can see the data that it captures. What you can't see is all of the things which that data may reveal about you in the hands of someone motivated enough. Don't confuse the forest with the trees - the anecdote about the guy getting caught cheating is not about the risk of getting caught cheating, it is the risk of "20/20 hindsight." In retrospect it is obvious that his data would reveal something like that to a suspicios girlfriend. But at the time it was not so obvious, it isn't like he deliberately uploaded a message that said "having sex with another girl @1am" to the nike website.

      Pervasive data collection is extremely new, we as a society have not figured out all of the risks involved. Contrast that to "living in a small town" - because society has had millenia of experience with that situation we generally have a good understanding of the risks involved. It is going to take a lot of people finding out the hard way what the problems are with pervasive data collection before we, if we ever, come to understand the trade-offs that come along with it.

      • by zill (1690130)
        GP's point is that the user willingly brought the device, willingly let it record their lives, and willingly shared that data with a third party.

        If I wear a T-shirt with my root password on it, then I deserve every bad thing that's coming to me. It's not my OS' fault nor my T-shirt's fault; I only have my own stupidity to blame.
        • Re: (Score:2, Insightful)

          by Jah-Wren Ryel (80510)

          GP's point is that the user willingly brought the device, willingly let it record their lives, and willingly shared that data with a third party.

          And my point is that his decisions were not fully informed and given the lack of experience we as a society have with panopticon-type personal information gathering it is a randian pipedream to expect the average joe to be fully informed. Especially when the people selling the product have an interest in downplaying such risks in order to keep sales up.

          • And my point is that his decisions were not fully informed

            Idiots' decisions never are.

          • by DarkOx (621550)

            I think he was fully informed he had just not thought things thru. The guy knew what the device did an how it worked. Its pretty open about exactly what it logs.

            Lets not conflate carelessness and idiocy with being uniformed. It should be enough from my to label something "toxic", I don't see why I have to sit you down and explain why drinking a quart of it might have negative consequences, for the folks who can't work that out for themselves its Darwinism at its best.

            • Exactly. Otherwise you get into the situation where people want you to label ladders as dangerous because you could fall off of them.

              Oh. Wait.

            • Lets not conflate carelessness and idiocy with being uniformed. It should be enough from my to label something "toxic", I don't see why I have to sit you down and explain why drinking a quart of it might have negative consequences,

              Wait. You JUST made that conflation in the very next sentence! The link from "toxic" to "this could kill you" is one step, that is the definition of toxic. The link from "share your heartrate and caloric burnrate with your friends" to "reveal personal secrets" is not anywhere near as direct.

    • by AK Marc (707885)
      Yeah, next there'll be an article about the dangers of pen and paper, as all the people keeping diaries are invading their own privacy.
      • by DarkOx (621550)

        Well someone should get that warning at some point, and they ought to be smart enough to generalize it to the digital world. Mom gave me some good advice when I was a kid that has served me very well.

          "Never write anything down you don't want someone else to read."

    • I think MojoKid might be theodp.

    • Yes. It keeps track of what you're doing. You know this because you can see the data it captures.

      And yes, if you share what you're doing with someone else, they might notice you aren't doing what you're supposed to be doing.

      I don't understand the constant alarmism.

      <half-humor, half-true>

      It's totally an attempt to get free circumvention / failure testing.

      Release a statement that something is scandalously related indirectly to your device, getting geeks and ones in fear of falling prey to the same failure to try and circumvent the technology or find a solution. Free testing and development.

      </half-humor, half-true>

    • by kheldan (1460303)
      The "constant alarmism" that you erroneously refer to is that corporations, and likely by extension, governments, are acquiring more and more ways to track the thoughts and movements of private citizens, usually without their consent. If you don't think this is a bad thing, then you haven't thought it all the way through. How would you feel if someone wanted to install cameras and microphones in every room of your house, GPS transponders in your vehicles, and a tracking transponder on your person to be carr
  • Fear the automated Facebook status updating and Tweeting of every step.
  • ...because I don't have a whole lot of sympathy for cheaters, and the choice in a story citing the privacy issues as felt by a cheater don't really give me any feeling of a cause.

    And, if you choose to use a tracking device then you should know that you're subjecting yourself to being tracked. Nearly all of us do with our cell phones, but some go much further, with things like those insurance trackers, or leaving the GPS enabled on the phone, or the like.

    If there were a way to have a smartphone withou
  • This is FUD (Score:5, Informative)

    by DesertBlade (741219) on Sunday November 11, 2012 @12:23AM (#41947543)
    I actually own a Fuelband, unlike to poster and the original story. It is basically a pedometer, sensing motion, nothing else. No or any other thing to guide them to my house. It sends information to the cloud, but has a lot less info than facebook. You can actually sign up for an account its free and see how little is actually stored. I be more worried about the data on my phone or in my wallet, both which will lead someone to my house, than on this thing.
    • by Nimey (114278) on Sunday November 11, 2012 @12:47AM (#41947619) Homepage Journal

      pedometer

      o.0 That's disgusting!

    • by commlinx (1068272)

      Thanks for the clarification. I'd assumed from TFS it was GPS data.

      It probably makes the anecdote suspect as well unless he's a good cheater but poor liar. I assume the sort of people who buy these products are the kind who might have trouble sleeping and end up doing a little excercise or go for a jog in the early hours.

    • by Sarten-X (1102295) on Sunday November 11, 2012 @12:51AM (#41947633) Homepage
      Didn't you read the summary? It tracks every move you make, just like GPS vehicle trackers, RFID door keys, and a jingle bell on your kid's shoelace. Clearly this is something worthy of widespread panic.
      • by chrismcb (983081)
        every move you make,

        I know you are trying to pedantic, but it doesn't actually track your every move... It tracks whether you are active or not. That is much different than a GPS device tracking your every move.

      • by 93 Escort Wagon (326346) on Sunday November 11, 2012 @03:12AM (#41948003)

        Didn't you read the summary? It tracks every move you make, just like GPS vehicle trackers, RFID door keys, and a jingle bell on your kid's shoelace. Clearly this is something worthy of widespread panic.

        Not just every move you make - also (per the summary) it tracks every step you take, every vow you break, and every smile you fake.

        It'll be watching you.

        • by kheldan (1460303)
          The irony to your comment, which was intended to be funny I'm sure, is that that Police song wasn't a love song like you might think it to be -- it's a direct reference to George Orwell's 1984.
    • by bluemonq (812827)

      Is it really that friggin' difficult to read the summary? 'They shared their activity between each other and she noticed he was active at 1-2AM, when he was supposed to be home.' She didn't gain access to his location, he gained access to the fact that he was moving around. Presumably on most days, he would be asleep, as opposed to being active.

    • by kheldan (1460303)

      ..and see how little is stored

      You mean: How little they SHOW you is stored. You have no idea how much data it's actually generating. You also are ignoring the fact that it can tell when you're active and when you're not, and that data is determined using accelerometers; with a starting location and time (not hard to determine with some datamining of most people's Facebook posts) you could generate a map of someone's movements to a fair degree of accuracy. Inertial navigation isn't a new idea or technology, it's just made easier by mode

  • It is a high end pedometer, that you can link to friends, total stairs climbed etc, quite good actually. Operates on low power wifi as well as a charging dock, runs for 7-10 days between charges.

    Best you read about it here. http://www.fitbit.com/home [fitbit.com]

    • by fishybell (516991)
      Having the fitbit myself I can say yes, I can share that I'm active in the middle of the night with some torrid affair, or, being slightly aware of my actions, just take it off during said torrid affair. I can then just say I forgot to push the sleep button the night of indiscretion, and nothing more than that would ever be known (assuming I actually were having an affair, or had a girlfriend/wife to have an affair with....geez, when did FUD become so depressing...).
    • Several of my friends use Fitbits, and one of them has it set to upload to Twitter with her daily distance count. (Wow, she puts on a lot of miles!) I don't know if it's providing more detail at her fitbit website, or if all the detail stays on her home computer (I'm guessing the latter.)

    • by rhsanborn (773855)
      Fitbit and Fuelband to essentially the same thing. FuelBand doesn't do GPS either. If you wear your FitBit in bed, or had it on when you went to the girlfriends house at 1am and then share that data with your wife, you too can be caught in exactly the same way the FuelBand guy was. I too have a FitBit and I do wear it to bed (it's supposed to track the quality of your sleep).
  • by jamesh (87723) on Sunday November 11, 2012 @01:22AM (#41947713)

    If you wear the thing on your wrist and it detects motion then I would have thought that the excuse "I woke up in the middle of the night and was thinking about you" would have been plausible...

  • Thats not a technology problem, its a human problem.

    What a stupid example.

  • by Black Parrot (19622) on Sunday November 11, 2012 @03:19AM (#41948027)

    Was it Petraeus making it with his wife?

  • tells you how many calories you've burned, lets you know how much fuel you have left in the tank,

    If you live in pretty much any Western country, you have not burned enough calories and you've got way more than you need left in the tank.

    Stop dicking about with gadgets and get back on that bike. Seriously, it's a lovely day outside and you need to pedal off all that overprocessed greasy food.

  • by buddyglass (925859)
    Sounds like a non-issue to me. If you're going to cheat then take it off first.
  • and certainly open source alternative to this is cronometer, http://www.cronometer.com/ [cronometer.com]
  • If you look at the images in the article...

    I wonder if this activity fell under the "Best Day," "Longest Streak," and "Weekday Bests" categories?

  • by kheldan (1460303) on Sunday November 11, 2012 @02:33PM (#41950791) Journal
    You cannot even begin to accurately gauge calories burned merely from the available data of movement, gender, age, height and weight. I've seen some heart rate monitor watches that allow you to enter your VO2Max (the measurement of how much oxygen your blood can transport) into it to increase the accuracy, but even then there are still broad assumptions made, making the calories burned a highly inaccurate number. Some of you may be familiar with treadmills, elliptical cross-trainers, and other equipment at your local gym that purport to tell you how many calories you burned while using them; they are so grossly inaccurate as to be utterly useless, and worse, report their inaccurate guesses way on the high side, to keep you motivated to use their machine, thinking you're doing much better at burning off excess fat than you really are. This "technology" from Nike has to be at least as bad at guessing calories burned than even the treadmill at the gym, likely worse. Now, realizing this, you come to understand that all you're doing by wearing this is allowing your activity to be tracked. I assume there is a website you upload the data to? All it needs now is a GPS receiver's data, and you have fairly complete tracking of your activities, 24 hours a day; for arguments' sake, we'll say that your smartphone, which most people have attached to them like an appendage, has a GPS receiver you can't turn off (which in most cases you can't). Why would you do this voluntarily? As described in the featured article someone has already had their life affected in a negative way by this device. My advice to anyone who owns this device right now is to destroy it immediately.

Prototype designs always work. -- Don Vonada

Working...