Estimated read time: 3-4 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
Shamim Zam Anyfar has been hitting the gym for years. Recently, he added a new tool to his routine, a FitBit Charge.
"I always wear it," Anyfar told us. "It gives your heart rate, which is nice at the gym. Calories burned — which is also nice."
Anyfar is one of millions sporting fitness trackers. Some cost as little as $25. Many are in the $80 to $100 price range. Or, you can shell out $250 on up. The devices track steps, sleep, calories — you get the picture — and it's all synced wirelessly to your smartphone or tablet.
"So, you can do your metabolic rate to see how many calories you need to drop," Anyfar said, "or to eat, to lose or gain weight — whatever you want to do."
Like many fitness tracker wearers, Anyfar hasn't quite gotten around to reading his device's privacy policy.
"Nobody reads those," Anyfar laughed. "Have you seen those things?"
Device privacy policies
Cyber security expert Earl Foote sat down with me as I poured through the privacy policies of my device. He says the first step for anyone is to read those policies.
"It can collect data such as the number of steps you take and your sleep quality," Foote said. "That information can be shared with other parties."
That information includes your height, weight, how often you exercise, routes you take, when you sleep — when you don't — not to mention your name, email and more.
All that personal data is stuff you input when you set up your new tracker and sync it to an app you download. Then, using GPS and other technology, the manufacturer can learn a lot about your everyday fitness, eating and sleeping habits.
Utilize 'opt-out' features
To minimize how much of your data gets shared with others — and those pesky marketing e-mails you get because you signed up — use "opt-out" features whenever they're available.
"Big Data is big business in our world now," said Foote. "Companies want to know and find out as much information as they can possibly find about you."
Identity theft
Foote's next big privacy concern is identity theft. He's worried about taking wearable trackers into gathering spots like airports, libraries and cafes.
Here's why: Let's say you're sitting around, wearing a fitness tracker that syncs to your phone or your laptop. A hacker sitting nearby first infiltrates your tracker's Bluetooth signal, then secretly winds his way into your phone or laptop.
"And within 10 seconds a hacker could then connect into your laptop that you're sitting at the coffeeshop with — and begin to siphon off your personal information," said Foote.
That hacker could steal photos, emails, personal documents — whatever you have stored — all while you're sipping coffee or waiting to board your flight.
For now, Foote considers that risk remote. One manufacturer publicly dismissed the hack scenario.
Data collection from devices
Foote says there's one more thing you should know. The manufacturers store your data, which could fall into the wrong hands if their systems were ever hacked. He's not suggesting people shouldn't wear fitness trackers. But he does say you should be aware of the potential privacy pitfalls and know what you're getting into.
As for Anyfar, he says he's not too worried about it and he'll keep working out with his tracker on hand.
"Okay, hack into that," laughed Anyfar. "Go for that!"