Re: It beggards belief
@I_am_Chris
Exactly.
But not only that, some of these devices, like the Nike device and, obviously, the Fit-bits, are designed to work via Bluetooth and, in so doing, get paired with your phone. Thus, using a fitness-tracking bracelet would likely mean that Bluetooth is enabled on both the device itself and your phone.
And, given that these bracelets are not just for when you are working out, but designed to track your activity and heart rate and even sleep patterns 24-7, it is likely that people using them have Bluetooth enabled on their phones 24-7, wherever they go.
The 'solution' so often given in response to these stories is 'turn it off' - sometimes accompanied by feigned incredulity that there are people who don't do so and the implication that those who don't are idiots. We had a story recently about stores tracking people via the wireless networking on their phones and several responses gave the supposedly sensible and 'well duh' answer that this is trivial to avoid by simply turning off the wireless on your phone whenever you're not actually using it.
Frankly, that's just not good enough.
Yes, turning off things you are not using is a security best-practice but these are consumer electronic devices and, while they contain - or essentially are - computers, to the vast majority of those using them they are no more aware of the this than they are of the computers managing their cars.
What people want and indeed what they expect is that the devices they purchase are made properly and the designers have done their best to make the device functional and stable and secure. It might seem a completely naive assumption to those of us who work in IT or are otherwise IT-savvy, but it's actually not an unreasonable stance; it's only our through our familiarity with such devices - and with computers in general - that we understand that the reality rather different.
When it comes down to it, if 'normal' users are naively trusting, then we, as IT-savvy folk, are jaded. We're actually just as much of a problem here because we 'work around' these problems by doing things like disabling Bluetooth and Wi-Fi and location services and only turning them on when necessary, and thus we essentially paper-over the problem.
Why the hell shouldn't people be able to use the features of the device they purchased without it tracking them unduly or leaking information to all and sundry or being absurdly vulnerable to basic attacks that can be performed by anyone with a modicum of knowledge and with very modest outlay?
Why should we be forced constantly deactivate and re-activate useful features all the time? Looking at the Wi-Fi issue of a few weeks ago, that might mean disabling wireless when you leave the house, enabling it on the train so you can browse on the free-wireless provided (if you are so lucky), disabling it when you get off, re-enabling it once at work - so you can get your e-mails downloaded via the wireless LAN and thus reduce the data usage on your 3G plan - turn it off again before going to lunch, back on after lunch, back off for the walk to the station, back on for the ride home, off again on the walk home, and on again at home, so you can stream some music to your stereo.
Similar story with Bluetooth.
Why should consumers who have paid good money for these devices be expected to turn convenience into inconvenience to work-around poor implementation or bad/unscrupulous practices?
Biting the hand that feeds IT
