Slashdot Mirror
Nike+ FuelBand: Possibly a Big Security Hole For Your Life
MojoKid writes "Nike+ FuelBand is a $149 wristband with LED display that tracks your daily activity, tells you how many calories you've burned, lets you know how much fuel you have left in the tank, and basically keeps track of 'every move you make.' If you think that sounds like a privacy nightmare waiting to happen, it pretty much is. A source directly connected to Nike reported an amusing, albeit startling anecdote about a guy who got caught cheating on his girlfriend because of the Nike+ FuelBand. 'They shared their activity between each other and she noticed he was active at 1-2AM, when he was supposed to be home.' That's just one scenario. What if the wristband gets lost or stolen? How much data is actually stored on these sorts of devices? And remember, you're syncing it to the cloud with an iOS or Android app."
So... people voluntarily do this to themselves? Weird.
The determined Real Programmer can write Fortran programs in any language.
Yes. It keeps track of what you're doing. You know this because you can see the data it captures.
And yes, if you share what you're doing with someone else, they might notice you aren't doing what you're supposed to be doing.
I don't understand the constant alarmism.
http://lkml.org/lkml/2005/8/20/95
For being a techno-iHipster? Seriously, who needs a $149 motion tracking wristband?
I want to delete my account but Slashdot doesn't allow it.
Fear the automated Facebook status updating and Tweeting of every step.
You seem to regard science as some kind of dodge... or hustle.
Since I can't think of anything worthwhile to say on this subject other than "yeah, whatever" since it's some cheap dorky product being abused by vapid boring yuppies... I thought instead I would offer up this filthy sea shanty, which is MUCH more amusing:
Twas on the good ship Venus,
By God you should have seen us,
The figurehead was a whore in bed
And the mast the Captainâ(TM)s penis.
The captain of this lugger,
He was a dirty bugger,
He wasnâ(TM)t fit to shovel shit
From one ship to another.
The captainâ(TM)s wife was Mabel.
Whenever she was able,
Sheâ(TM)d fornicate with the second mate
Upon the galley table.
The cabin boy was Kipper,
A dirty little nipper,
We stuffed his arse with broken glass
To circumcise the skipper.
The captain had a daughter,
Who fell into the water,
We heard her squeal and knew an eel
Had found her sexual quarter.
The second mateâ(TM)s name was Andy,
His balls were long and bandy,
We filled his arse with molten brass
For wanking in the brandy.
The captainâ(TM)s name was Morgan,
By Christ he was a gorgon!
Ten times a day sweet tunes heâ(TM)s play.
On his productive organ.
The captainâ(TM)s daughter Mable,
They laid her on a table!
And all the crew would come and screw
As oft as they were able.
âoeTwas on a Chinese station,
We caused a great sensation.
We sunk a junk in a sea of spunk
By mutual masturbation.
Another cook was Oâ(TM)Malley,
He didnâ(TM)t dilly dally.
He shot his bolt with such a jolt
He whitewashed half the galley.
If you want news from today, you have to come back tomorrow.
facepalm.
...because I don't have a whole lot of sympathy for cheaters, and the choice in a story citing the privacy issues as felt by a cheater don't really give me any feeling of a cause.
And, if you choose to use a tracking device then you should know that you're subjecting yourself to being tracked. Nearly all of us do with our cell phones, but some go much further, with things like those insurance trackers, or leaving the GPS enabled on the phone, or the like.
If there were a way to have a smartphone without having the ability to be tracked, I think that a lot of people would sign up for that. Unfortunately all that we can now do is hope that the companies that we have agreements with follow the law and only surrender information when it's requested through warrants, which doesn't seem to be the policy these days.
Do not look into laser with remaining eye.
he deserved it.
I actually own a Fuelband, unlike to poster and the original story. It is basically a pedometer, sensing motion, nothing else. No or any other thing to guide them to my house. It sends information to the cloud, but has a lot less info than facebook. You can actually sign up for an account its free and see how little is actually stored. I be more worried about the data on my phone or in my wallet, both which will lead someone to my house, than on this thing.
Half of writing history is hiding the truth.
It is a high end pedometer, that you can link to friends, total stairs climbed etc, quite good actually. Operates on low power wifi as well as a charging dock, runs for 7-10 days between charges.
Best you read about it here. http://www.fitbit.com/home
So why would I want to share that kind of information? If you want to know what I'm up, you're going to need a whole
lot of cameras and sensors all over the place, because I am surely not going to help you by wearing a tracking device.
Obviously this is to gather location and activity data, both for medical "research" and for research into personal mobility.
Nike: Go fuck yourselves.
I have a Fitbit. It's just a fun way to track some of my activity levels. I do heavy compound lifts 3 times a week/try to make it a habit to walk a lot, take the stairs etc on off days. I also like to track my calories, thus giving me an idea of what my intake and output is daily. Yes it's overkill, no it's not necessary, but I find it fun to track these things and it has certainly made my weight loss/strength gain goals much easier to achieve.
Same with this Nike thing-- maybe it's not YOUR thing, but some people like to track this shit. Let them have their fun.
The guy managed to be active for a whole hour? surely either the data cannot be trusted or he should be issued a medal
Hmm, so if you explicitly share your information with someone in a trusting relationship, then you break that trust and screw them over, you might get caught. The person you gave the information to might see something in the information you gave them. Where's the news in this? Just like if you share a phone account with your GF and you're calling another woman at 1AM, she might notice. Duh. Don't fake trust (like by sharing an account) and then go cheat on her. This warning was documented over 2000 years ago.
Having the fitbit myself I can say yes, I can share that I'm active in the middle of the night with some torrid affair, or, being slightly aware of my actions, just take it off during said torrid affair. I can then just say I forgot to push the sleep button the night of indiscretion, and nothing more than that would ever be known (assuming I actually were having an affair, or had a girlfriend/wife to have an affair with....geez, when did FUD become so depressing...).
><));>
If you wear the thing on your wrist and it detects motion then I would have thought that the excuse "I woke up in the middle of the night and was thinking about you" would have been plausible...
This reminds me of the time I tried to use Google Latitude, but it seemed to require that you update your location in new locations. Since I live and work at home, it was always "here, here, here, here, here, here, here, here" and Latitude simply didn't grok it.
Long story short: Google discriminates against hermits.
Most of these "privacy concern" articles are things that can be handled by simply going home to your wife and kids when you are supposed to. Sounds like a lot of folks with these "privacy concerns" are just trying to hide their marital affairs.
Or, the way law enforcement usually phrase this, "if you are doing nothing wrong, you have nothing to hide".
While I agree with the original commenter that this story is lame, because people see exactly what is logged, this comment is precisely why privacy matters.
Giving up privacy means pushing people toward conformity. Everyone are pressured to behave the same, because any deviation from what is normal is immediately shown to everyone. This means complete stagnation.
I have never cheated on a partner. Furthermore, I have had a partner cheat on me, and the feeling is horrid. Having said that, a society in which cheating is impossible is not one I would like to live in.
Shachar
So, it looks like mojokid got caught out on being a two-timer. Good riddance.
Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware
In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87
How many rootkits does the US[2] use officially or unofficially?
How much of the free but proprietary software in the US spies on you?
Which software would that be?
Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.
How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?
If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?
I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:
APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.
Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.
The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.
Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.
Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware
Several of my friends use Fitbits, and one of them has it set to upload to Twitter with her daily distance count. (Wow, she puts on a lot of miles!) I don't know if it's providing more detail at her fitbit website, or if all the detail stays on her home computer (I'm guessing the latter.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I was thinking of getting this until I realized there was no Android app...
There are some really nice applications out there for runners to track their regular runs and display them on Google Maps, and while I can see the appeal of having all that information sometimes, I'm not really thrilled with making it available to Google or whoever else has access to it. It sounds like a really good job for a PC-based mapping program.
I would assume that by now these things are implemented as iPhone/Android apps that use the GPS locations (or maybe less-granular cellular locations) so your phone will track you in real time while you're running, as well as showing your heartbeat and playing your music. And we'll start seeing lots more user interface and user experience, and the apps may track you more intensively than Angry Birds if you don't watch carefully.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Thats not a technology problem, its a human problem.
What a stupid example.
Hivemind harvest in progress..
Was it Petraeus making it with his wife?
Sheesh, evil *and* a jerk. -- Jade
Clearly, he was so determined to lose calories that he made some extra work out during he night... And how do you work out if not with Nike+?
How about you just don't cheat on your partner and you should be fine. I have an UP. It's great (other than they break all the times requiring them to be replaced by Jawbone. I'm on my 10th). No worries about privacy. I choose to share the info I choose to share with others. Just like I choose to share the pictures I choose to share on Facebook. Should I lost my UP (pretty hard when it's firmly wrapped around your wrist all the time), people can't get the info from it. If you plug the band into a new iPhone, the app will alert you that the band has not been synced with that phone before. It then gives you the option to sync it with the new phone (which wipes any previous data) or to cancel.
See, a breach in privacy is when people find out personal information about you that you DIDNT share with them. When youre just stupid and share things you shouldnt, thats your own fault!
tells you how many calories you've burned, lets you know how much fuel you have left in the tank,
If you live in pretty much any Western country, you have not burned enough calories and you've got way more than you need left in the tank.
Stop dicking about with gadgets and get back on that bike. Seriously, it's a lovely day outside and you need to pedal off all that overprocessed greasy food.
Guy who shares tracking information gets tracked by person he shared it with.
Next story, girlfriend goes through boyfriends SMS messages and...
Then you will be able to track the perpetrator down. It's not a bug, it's a feature.
There is an Android app. It's not great, and really just acts as a mobile version of the desktop site, but it exists.
Sounds like a non-issue to me. If you're going to cheat then take it off first.
It's not about people failing to trust one another. It's about people trolling the Internet bored looking for exciting stories about hypothetical people who fail to trust one another, it's all about the blip in heart rate at 1AM, just the thought of that is supposed to make us go HMMMM... and trigger that lizard brain yearn for romantic gossip and gushing tabloid release.
Empirical test of hypothesis: for example, does this event generate tabloid excitement and sexual innuendo if I tell you it supposedly happened 'at 1AM'...?
"One day, a student caregiver noticed Figaro pushing a stone pebble through the aviary wire mesh, where it fell on a wood structural beam. Unable to retrieve the stone with his foot, Figaro then fetched a piece of bamboo and again attempted to retrieve the stone using the bamboo stick. ... "
Wow! What a rush.
<blink>down the rabbit hole</blink>
Micromanaging your calorie intake is a rediculous way to live your day. Just remember to get on the bike or go for a jog, and don't eat so much fatty and sugary foods.
Some technology that you use volenteerily to track your own movement...check
Someone stupid enough not to monitor their own information like a responsible adult...check
Someone stupid enough to share said data...check
= Stupid article on Slashdot about the destruction of privacy!
a. The user tracks their own data
b. The government is not involved, and will still need a court order to get that data
c. The user is not forced to use the wrist watch
d. THIS IS NOT A BREACH OF PRIVACY SLASHDOT
I think we should combine Gizmondo and Slashdot into Gizdot so that I can have all the bullshit tech articles in one location saving me time and bandwidth.
Fitbit and Fuelband to essentially the same thing. FuelBand doesn't do GPS either. If you wear your FitBit in bed, or had it on when you went to the girlfriends house at 1am and then share that data with your wife, you too can be caught in exactly the same way the FuelBand guy was. I too have a FitBit and I do wear it to bed (it's supposed to track the quality of your sleep).
and certainly open source alternative to this is cronometer, http://www.cronometer.com/
Good people go to bed earlier.
If you look at the images in the article...
I wonder if this activity fell under the "Best Day," "Longest Streak," and "Weekday Bests" categories?
I have one of these and LOVE it!
How exactly is it "tracking" me? All it's doing it collecting accelerometer data... that's it! No GPS, no audio, no video, no still images... If somebody REALLY wants to see that I'm active at 1am, good for them!
In the case of the idiot who got caught cheating - Don't cheat if you don't want to get caught!
About the only way I could see this data getting abused is if somebody saw it and noticed that I'm usually asleep from 12am-7am, and figured that would be a good time to break into my house... Otherwise, WTF could you POSSIBLY use this data for???
You cannot even begin to accurately gauge calories burned merely from the available data of movement, gender, age, height and weight. I've seen some heart rate monitor watches that allow you to enter your VO2Max (the measurement of how much oxygen your blood can transport) into it to increase the accuracy, but even then there are still broad assumptions made, making the calories burned a highly inaccurate number. Some of you may be familiar with treadmills, elliptical cross-trainers, and other equipment at your local gym that purport to tell you how many calories you burned while using them; they are so grossly inaccurate as to be utterly useless, and worse, report their inaccurate guesses way on the high side, to keep you motivated to use their machine, thinking you're doing much better at burning off excess fat than you really are. This "technology" from Nike has to be at least as bad at guessing calories burned than even the treadmill at the gym, likely worse. Now, realizing this, you come to understand that all you're doing by wearing this is allowing your activity to be tracked. I assume there is a website you upload the data to? All it needs now is a GPS receiver's data, and you have fairly complete tracking of your activities, 24 hours a day; for arguments' sake, we'll say that your smartphone, which most people have attached to them like an appendage, has a GPS receiver you can't turn off (which in most cases you can't). Why would you do this voluntarily? As described in the featured article someone has already had their life affected in a negative way by this device. My advice to anyone who owns this device right now is to destroy it immediately.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
How is this a securty hole?
To begin with, I imagine they meant "privacy", not "security".
Secondly, what actually happened in this case is that the user shared the infomation logged by a device to his GF, and she found out about it.
With that same argument, I can make a 1990 photo camera into a "privacy hole" - if I use it while cheating on my GF and then show her the data (pictures), she'll find out what I did.
It's called risk/reward. For some of us non-consipiracists out there, a product like this (or Facebook, or using the Internet, or doing a pub-crawl in front of all the CC TVs) has benefits that far outweigh any supposed privacy risks. I'll stop now, because I know this will be modded flame-bait and not many of you can think outside of your own little world-views.
Don't confuse having no enemies with having no enemies that you know of.
I for one aren't right keen on you, though frankly you aren't worth the waer on my air jordan's to walk two blocks to stuff your cock through a hole in an asbestos tile, set up y a mirror so you can see it and incinerate the tiny thing.
# every breath you take. /#
every cake you bake,
every earth you quake,
I'll be watching yoooooohhhhh
Confucius say, "Find worm in apple - bad. Find half a worm - worse."