Abstract
In the IoT era, sensitive and non-sensitive data are recorded and transmitted to multiple service providers and IoT platforms, aiming to improve the quality of our lives through the provision of high-quality services. However, in some cases these data may become available to interested third parties, who can analyse them with the intention to derive further knowledge and generate new insights about the users, that they can ultimately use for their own benefit. This predicament raises a crucial issue regarding the privacy of the users and their awareness on how their personal data are shared and potentially used. The immense increase in fitness trackers use has further increased the amount of user data generated, processed and possibly shared or sold to third parties, enabling the extraction of further insights about the users. In this work, we investigate if the analysis and exploitation of the data collected by fitness trackers can lead to the extraction of inferences about the owners routines, health status or other sensitive information. Based on the results, we utilise the PrivacyEnhAction privacy tool, a web application we implemented in a previous work through which the users can analyse data collected from their IoT devices, to educate the users about the possible risks and to enable them to set their user privacy preferences on their fitness trackers accordingly, contributing to the personalisation of the provided services, in respect of their personal data.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
The results of the questionnaires and the datasets analysed during the current study are available in the Zenodo repository: https://doi.org/10.5281/zenodo.6458107.
Notes
References
Aktypi, A., Nurse, J.R.C., Goldsmith, M.: Unwinding Ariadne’s identity thread: privacy risks with fitness trackers and online social networks. In: Proceedings of the 2017 on Multimedia Privacy and Security, pp. 1–11 (2017)
Al-Makhadmeh, Z., Tolba, A.: Utilizing IoT wearable medical device for heart disease prediction using higher order Boltzmann model: a classification approach. Measurement 147, 106815 (2019)
Alhalabi, L., Singleton, M.J., Oseni, A.O., Shah, A.J., Zhang, Z.-M., Soliman, E.Z.: Relation of higher resting heart rate to risk of cardiovascular versus noncardiovascular death. Am. J. Cardiol. 119(7), 1003–1007 (2017)
Alqhatani, A., Lipford, H.R.: Exploring the design space of sharing and privacy mechanisms in wearable fitness platforms. In: Workshop on Usable Security and Privacy (USEC), vol. 7 (2021)
Arca, S., Hewett, R.: Privacy protection in smart health. In: Proceedings of the 11th International Conference on Advances in Information Technology, pp. 1–8 (2020)
Bada, M., von Solms, B.: A cybersecurity guide for using fitness devices (2021). arXiv preprint arXiv:2105.02933
Balas, V.E., Solanki, V.K., Kumar, R., Ahad, M.A.R.: A Handbook of Internet of Things in Biomedical and Cyber Physical System. Springer (2020)
Becher, S., Gerl, A., Meier, B.: Don’t forget the user: from user preferences to personal privacy policies. In: 2020 10th International Conference on Advanced Computer Information Technologies (ACIT), pp. 774–778. IEEE (2020)
Blasco, J., Chen, T.M., Patil, H.K., Wolff, D.: Wearables security and privacy. In: Mission-Oriented Sensor Networks and Systems: Art and Science, pp. 351–380. Springer (2019)
Blow, F., Yen-Hung, H., Hoppa, M.: A study on vulnerabilities and threats to wearable devices. J. Colloq. Inf. Syst. Secur. Educ. 7, 7 (2020)
Booth, F.W., Roberts, C.K., Laye, M.J.: Lack of exercise is a major cause of chronic diseases. Compr. Physiol. 2(2), 1143 (2012)
Bourreau, M.: Google—Fitbit. https://voxeu.org/article/googlefitbit-will-monetise-health-data-and-harm-consumers (2020). Accessed 25 Dec 2021
Can a fitness tracker detect diabetes? https://precisiondrivenhealth.com/can-a-fitness-tracker-detect-diabetes/ (2017). Accessed 2 Aug 2022
CEOToday: is data the new gold? https://www.ceotodaymagazine.com/2018/04/is-data-the-new-gold/ (2020). Accessed 2 Aug 2022
Challa, N., Yu, S., Kunchakarra, S.: Wary about wearables: potential for the exploitation of wearable health technology through employee discrimination and sales to third parties. Intersect Stanford J. Sci. Technol. Soc. 10(3) (2017)
Chang, L., Jiaqi, L., Wang, J., Chen, X., Fang, D., Tang, Z., Nurmi, P., Wang, Z.: Sleepguard: capturing rich sleep information using smartwatch sensing data. Proc. ACM Interact. Mobile Wearable Ubiquitous Technol. 2(3), 1–34 (2018)
Chen, L.F., Ismail, R.: Information technology program students’ awareness and perceptions towards personal data protection and privacy. In: 2013 International Conference on Research and Innovation in Information Systems (ICRIIS), pp. 434–438. IEEE (2013)
Chen, Y., Shen, C.: Performance analysis of smartphone-sensor behavior for human activity recognition. IEEE Access 5, 3095–3110 (2017)
Cho, J.Y., Ko, D., Lee, B.G.: Strategic approach to privacy calculus of wearable device user regarding information disclosure and continuance intention. KSII Trans. Internet Inf. Syst. (TIIS) 12(7), 3356–3374 (2018)
Cook, J.: Inferring religion. https://dzone.com/articles/inferring-personal-information-from-fitness-data (2021). Accessed 25 Dec 2021
Cooney, M.T., Vartiainen, E., Laakitainen, T., Juolevi, A., Dudina, A., Graham, I.M.: Elevated resting heart rate is an independent risk factor for cardiovascular disease in healthy men and women. Am. Heart J. 159(4), 612–619 (2010)
Cremonini, M., Braghin, C., Ardagna, C.A.: Chapter 42—privacy on the internet. In: Vacca, J.R. (ed.), Computer and Information Security Handbook, 2 edn, pp. 739–753. Morgan Kaufmann, Boston (2013). ISBN: 978-0-12-394397-2. https://doi.org/10.1016/B978-0-12-394397-2.00042-8
Das, A.K., Pathak, P.H., Chuah, C.-N., Mohapatra, P.: Uncovering privacy leakage in BLE network traffic of wearable fitness trackers. In: Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications, pp. 99–104 (2016)
Dennedy, M.F., Fox, J., Finneran, T.R.: The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value. Springer Nature (2014)
Fernström, M., Fernberg, U., Eliason, G., Hurtig-Wennlöf, A.: Aerobic fitness is associated with low cardiovascular disease risk: the impact of lifestyle on early risk factors for atherosclerosis in young healthy swedish individuals-the lifestyle, biomarker, and atherosclerosis study. Vasc. Health Risk Manag. 13, 91 (2017)
Fietkiewicz, K., Ilhan, A.: Fitness tracking technologies: data privacy doesn’t matter? the (un) concerns of users, former users, and non-users. In: Proceedings of the 53rd Hawaii International Conference on System Sciences (2020)
Forbes: data is the new gold. https://www.forbesafrica.com/technology/2019/07/18/data-is-the-new-gold/ (2019). Accessed 2 Aug 2022
Foukia, N., Billard, D., Solana, E.: Pisces: a framework for privacy by design in IoT. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 706–713. IEEE (2016)
Fourberg, N., Serpil, T., Wiewiorra, L., Godlovitch, Ilsa, De STreel, A., Jacquemin, H., Hill, J., Nunu, M., Jacques, F., Ledger, M., et al.: Online advertising: the impact of targeted advertising on advertisers, market access and consumer choice (2021)
Furberg, R., Brinton, J., Keating, M., Ortiz, A.: Crowd-sourced Fitbit datasets 03.12.2016-05.12.2016 (2016). https://doi.org/10.5281/zenodo.53894
Gabriele, S., Chiasson, S.: Understanding fitness tracker users’ security and privacy knowledge, attitudes and behaviours. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–12 (2020)
Gross, C., Wenner, W., Lackes, R.: Using wearable fitness trackers to detect covid-19? In: International Conference on Business Informatics Research, pp. 51–65. Springer (2021)
Hantke, F., Dewald, A.: How can data from fitness trackers be obtained and analyzed with a forensic approach? In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 500–508. IEEE (2020)
Henriksen, A., Mikalsen, M.H., Woldaregay, A.Z., Muzny, M., Hartvigsen, G., Hopstock, L.A., Grimsgaard, S., et al.: Using fitness trackers and smartwatches to measure physical activity in research: analysis of consumer wrist-worn wearables. J. Med. Internet Res. 20(3), e9157 (2018)
Hicks, J.L., Althoff, T., Sosic, R., Kuhar, P., Bostjancic, B., King, A.C., Leskovec, J., Delp, S.L.: Best practices for analyzing large-scale health data from wearables and smartphone apps. NPJ Digit. Med. 2(1), 1–12 (2019)
Högström, G., Nordström, A., Nordström, P.: Aerobic fitness in late adolescence and the risk of early death: a prospective cohort study of 1.3 million Swedish men. Int. J. Epidemiol. 45(4), 1159–1168 (2016)
Horvitz, E., Mulligan, D.: Data, privacy, and the greater good. Science 349(6245), 253–255 (2015)
Hunter, S., Robson, S.C.: Adaptation of the maternal heart in pregnancy. Br. Heart J. 68(6), 540 (1992)
Ilhan, A., Fietkiewicz, K.J.: Data privacy-related behavior and concerns of activity tracking technology users from Germany and the USA. Aslib J. Inf. Manag. 73, 180–200 (2020)
IotaComm: how does iot affect big data? https://www.iotacommunications.com/blog/iot-big-data/ (2020). Accessed 27 June 2021
Jones, J.C., Seladi-Schulman, J.: Causes of slow heart rate. https://www.healthline.com/health/slow-heart-rate#causes (2021). Accessed 5 Nov 2021
Jung, G., Lee, H., Kim, A., Lee, U.: Too much information: assessing privacy risks of contact trace data disclosure on people with covid-19 in South Korea. Front. Public Health 8, 305 (2020)
Kaiser, D.W., Harrington, R.A., Turakhia, M.P.: Wearable fitness trackers and heart disease. JAMA Cardiol. 1(2), 239 (2016)
Kang, H., Jung, E.H.: The smart wearables-privacy paradox: a cluster analysis of smartwatch users. Behav. Inf. Technol. 40(16), 1755–1768 (2021)
Kazlouski, A., Marchioro, T., Manifavas, H., Markatos, E.: Do you know who is talking to your wearable smartband? Integr. Citizen Centered Digit. Health Soc. Care Citizens Data Producers Serv. Co-Creators 275, 142 (2020)
Kim, J.W., Moon, S.-M., Kang, S., Jang, B.: Effective privacy-preserving collection of health data from a user’s wearable device. Appl. Sci. 10(18), 6396 (2020)
Kounoudes, A.D.: Questionnaire on fitness trackers user privacy concerns. https://forms.gle/uzVzVhew2Jq3XeAS9 (2022a). Accessed 27 Mar 2022
Kounoudes, A.D.: PrivacyEnhaction Evaluation Questionnaire. https://forms.gle/KCJ2xx23quK4A8wk8 (2022b). Accessed 27 Mar 2022
Kounoudes, A.D., Kapitsaki, G.M.: A mapping of IoT user-centric privacy preserving approaches to the GDPR. Internet Things 11, 100179 (2020)
Kounoudes, A.D., Kapitsaki, G.M., Katakis, I., Milis, M.: User-centred privacy inference detection for smart home devices. In: 2021 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/IOP/SCI), pp. 210–218. IEEE (2021)
Kröger, J.: Unexpected inferences from sensor data: a hidden privacy threat in the internet of things. In: IFIP International Internet of Things Conference, pp. 147–159. Springer (2018)
Kröger, J.L., Raschke, P., Bhuiyan, T.R.: Privacy implications of accelerometer data: a review of possible inferences. In: Proceedings of the 3rd International Conference on Cryptography, Security and Privacy, pp. 81–87 (2019)
Krzanich, B.: Data is the new oil in the future of automated driving. https://newsroom.intel.com/editorials/krzanich-the-future-of-automated-driving/ (2016). Accessed 27 June 2021
Langley, M.R.: Hide your health: addressing the new privacy problem of consumer wearables. Geo. LJ 103, 1641 (2014)
Lee, L., Lee, J., Egelman, S., Wagner, D.: Information disclosure concerns in the age of wearable computing. In: NDSS Workshop on Usable Security (USEC), vol. 1, pp. 1–10 (2016)
Lehto, M., Lehto, M.: Health information privacy of activity trackers. In: European Conference on Cyber Warfare and Security, pp. 243–251. Academic Conferences International Limited (2017)
Lovejoy, B.: Smartphone and smartwatch data led husband to confess to murdering his wife. https://9to5mac.com/2021/06/18/smartphone-and-smartwatch-data-murder/ (2021). Accessed 27 Mar 2022
Maganti, K., Rigolin, V.H., Sarano, M.E., Bonow, R.O.: Valvular heart disease: diagnosis and management. In: Mayo Clinic Proceedings, vol. 85, pp. 483–500. Elsevier (2010)
Michael Mangrum, J., DiMarco, J.P.: The evaluation and management of bradycardia. N. Engl. J. Med. 342(10), 703–709 (2000)
Masuch, K., Greve, M., Trang, S.: Fitness first or safety first? Examining adverse consequences of privacy seals in the event of a data breach. In: Proceedings of the 54th Hawaii International Conference on System Sciences, p. 3871 (2021)
McGowan, E.: Here’s what your Fitbit knows about you. https://blog.avast.com/what-fitbit-knows-about-you-avast (2021). Accessed 19 February 2022
Meteriz, Ü., Yıldıran, N.F., Mohaisen, A.: You can run, but you cannot hide: using elevation profiles to breach location privacy through trajectory prediction (2019). arXiv preprint arXiv:1910.09041
Mohzary, M., Tadisetty, S., Ghazinour, K.: A privacy protection layer for wearable devices. In: Foundations and Practice of Security: 12th International Symposium, FPS 2019, Toulouse, France, November 5–7, 2019, Revised Selected Papers, vol. 12056, p. 363. Springer Nature (2020)
Molich, R., Nielsen, J.: Improving a human–computer dialogue. Commun. ACM 33(3), 338–348 (1990)
Nagai, M., Hoshide, S., Kario, K.: Sleep duration as a risk factor for cardiovascular disease-a review of the recent literature. Curr. Cardiol. Rev. 6(1), 54–61 (2010)
Obar, J.A., Oeldorf-Hirsch, A.: The biggest lie on the internet: ignoring the privacy policies and terms of service policies of social networking services. Inf. Commun. Soc. 23(1), 128–147 (2020)
Pan, S.B.: Get to know me: protecting privacy and autonomy under big data’s penetrating gaze. Harv. JL Tech. 30, 239 (2016)
Parate, A.: Designing efficient and accurate behavior-aware mobile systems (2014)
Peek, S.T.M., Wouters, E.J.M., Van Hoof, J., Luijkx, K.G., Boeije, H.R., Vrijhoef, H.J.M.: Factors influencing acceptance of technology for aging in place: a systematic review. Int. J. Med. Inform. 83(4), 235–248 (2014)
Peppet, S.R.: Regulating the internet of things: first steps toward managing discrimination, privacy, security and consent. Tex. L. Rev. 93, 85 (2014)
Perez, A.J., Zeadally, S., Cochran, J.: A review and an empirical analysis of privacy policy and notices for consumer internet of things. Secur. Privacy 1(3), e15 (2018)
Prince, A.: Location as health. Houston Journal of Health Law and Policy, Forthcoming, U Iowa Legal Studies Research Paper (2021-06) (2021)
Psychoula, I., Chen, L., Amft, O.: Privacy risk awareness in wearables and the internet of things. IEEE Pervasive Comput. 19(3), 60–66 (2020)
Rahmany, M., Zin, A.M., Sundararajan, E.A.: Comparing tools provided by python and r for exploratory data analysis. Int. J. Inf. Syst. Comput. Sci. (IJISCS) 4(3), 131–142 (2020)
Reichherzer, T., Timm, M., Earley, N., Reyes, N., Kumar, V.: Using machine learning techniques to track individuals & their fitness activities. In: CATA 2017, pp. 119–124. ISCA (2017)
Reinhardt, D., Borchard, J., Hurtienne, J.: Visual interactive privacy policy: the better choice? In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1–12 (2021)
Saint-Maurice, P.F., Troiano, R.P., Bassett, D.R., Graubard, B.I., Carlson, S.A., Shiroma, E.J., Fulton, J.E., Matthews, C.E.: Association of daily step count and step intensity with mortality among us adults. JAMA 323(12), 1151–1160 (2020)
Sarstedt, M., Mooi, E.: Descriptive statistics. In: A Concise Guide to Market Research, pp. 91–150. Springer (2019)
Sathyanarayana, A., Joty, S., Fernandez-Luque, L., Ofli, F., Srivastava, J., Elmagarmid, A., Arora, T., Taheri, S.: Sleep quality prediction from wearable data using deep learning. JMIR Mhealth Uhealth 4(4), e125 (2016)
Sigmund, T.: Attention paid to privacy policy statements. Information 12(4), 144 (2021)
Skiljic, A.: Health inferences. https://iapp.org/news/a/the-status-quo-of-health-data-inferences/ (2021). Accessed 5 Nov 2021
Tang, Q.: Automated Detection of Puffing and Smoking with Wrist Accelerometers. Northeastern University (2014)
Tedesco, S., Sica, M., Ancillao, A., Timmons, S., Barton, J., O’Flynn, B.: Accuracy of consumer-level and research-grade activity trackers in ambulatory settings in older adults. PLoS ONE 14(5), e0216891 (2019)
Thakkar, P.K., He, S., Xu, S., Huang, D.Y., Yao, Y.: “It would probably turn into a social faux-pas”: users’ and bystanders’ preferences of privacy awareness mechanisms in smart homes. In: CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2022)
Thomaz, E., Essa, I., Abowd, G.D.: A practical approach for recognizing eating moments with wrist-mounted inertial sensing. In: Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, pp. 1029–1040 (2015)
Torre, I., Koceva, F., Sanchez, O.R., Adorni, G.: Fitness trackers and wearable devices: how to prevent inference risks? In: Proceedings of the 11th EAI International Conference on Body Area Networks, pp. 125–131 (2016)
Tudor-Locke, C., Bassett, D.R.: How many steps/day are enough? Sports Med. 34(1), 1–8 (2004)
Vailshery, L.S.: IoT connected devices worldwide 2030. https://www.statista.com/statistics/802690/worldwide-connected-devices-by-access-technology/ (2021). Accessed 27 June 2021
Valdez, P.: Focus: attention science: circadian rhythms in attention. Yale J. Biol. Med. 92(1), 81 (2019)
Velykoivanenko, L., Niksirat, K.S., Zufferey, N., Humbert, M., Huguenin, K., Cherubini, M.: Are those steps worth your privacy? Fitness-tracker users’ perceptions of privacy and utility. Proc. ACM Interact. Mobile Wearable Ubiquitous Technol. 5(4), 1–41 (2021)
Vemou, K., Karyda, M., Kokolakis, S.: Directions for raising privacy awareness in SNS platforms. In: Proceedings of the 18th Panhellenic Conference on Informatics, pp. 1–6 (2014)
Vitak, J., Liao, Y., Kumar, P., Zimmer, M., Kritikos, K.: Privacy attitudes and data valuation among fitness tracker users. In: International Conference on Information, pp. 229–239. Springer (2018)
Vuori, I.: Physical inactivity is a cause and physical activity is a remedy for major public health problems. Kinesiology 36(2), 123–153 (2004)
Wachter, S., Mittelstadt, B.: A right to reasonable inferences: re-thinking data protection law in the age of big data and AI. Column Bus Law Rev. 2019, 494 (2019)
Webster, D.E., Tummalacherla, M., Higgins, M., Wing, D., Ashley, E., Kelly, V.E., McConnell, M.V., Muse, E.D., Olgin, J.E., Mangravite, L.M., et al.: Smartphone-based vo2max measurement with heart snapshot in clinical and real-world settings with a diverse population: Validation study. JMIR Mhealth Uhealth 9(6), e26006 (2021)
WEF: Data is the new gold. This is how it can benefit everyone—while harming no one. https://bit.ly/3eazKmm (2020). Accessed 2 Aug 2022
Whittaker, Z.: How Strava’s “anonymized” fitness tracking data spilled government secrets. https://www.zdnet.com/article/strava-anonymized-fitness-tracking-data-government-opsec/ (2018). Accessed 17 Feb 2022
Wu, Q., Sum, K., Nathan-Roberts, D.: How fitness trackers facilitate health behavior change. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 60, pp. 1068–1072. SAGE Publications Sage CA, Los Angeles (2016)
Yan, J., Liu, N., Wang, G., Zhang, W., Jiang, Y., Chen, Z.: How much can behavioral targeting help online advertising? In: Proceedings of the 18th International Conference on World Wide Web, pp. 261–270 (2009)
Yan, T., Lu, Y., Zhang, N.: Privacy disclosure from wearable devices. In: Proceedings of the 2015 Workshop on Privacy-Aware Mobile Computing, pp. 13–18 (2015)
Yao, Y., Song, L., Ye, J.: Motion-to-BMI: using motion sensors to predict the body mass index of smartphone users. Sensors 20(4), 1134 (2020)
Zimmer, M., Kumar, P., Vitak, J., Liao, Y., Kritikos, K.C.: There’s nothing really they can do with this information: unpacking how users manage privacy boundaries for personal fitness information. Inf. Commun. Soc. 23(7), 1020–1037 (2020)
Author information
Authors and Affiliations
Contributions
The authors did not receive support from any organisation for the submitted work.
Corresponding author
Ethics declarations
Conflict of interest
The authors have no competing interests to declare that are relevant to the content of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Dini Kounoudes, A., Kapitsaki, G.M. & Katakis, I. Enhancing user awareness on inferences obtained from fitness trackers data. User Model User-Adap Inter 33, 967–1014 (2023). https://doi.org/10.1007/s11257-022-09353-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11257-022-09353-8