I think they sell a number of different devices now, but they’re best known for the rings. The rings you wear that do things like body mass calculations and fitness tracking.
And they’re very popular. They’re supposed to be quite accurate.
And they got a lot of attention a few months back because they signed a contract with the US Department of Defense, a massive contract.
They’re a huge customer of theirs to do military fitness tracking and health tracking.
And so that raised a lot of false headlines like they were sending data directly to Palantir and things like that, which there’s really no evidence of— it’s more of the ethical considerations of this company that’s selling a bunch of stuff to defense organizations.
But what Zach found— his wife has one of these trackers.
And when all this came up, he started looking to see what data they could potentially be actually leaking or what data was insecure.
Because we’ve had problems for years with fitness trackers and health trackers and location trackers for kids, for adults, for everybody.
Everybody loves wearing wearables these days to track everything that they do in their sleep, when they’re awake, when they’re exercising, their health.
And we know in the case of kids where they are, if they’re safe at school, things like that.
And everybody’s started wearing these things and they transmit immense data about your location, your health, your fitness, your activity, what you’re doing every day, when you’re active, when you’re not active, when you’re sitting at your desk, when you’re walking around.
And that’s sensitive for very obvious reasons.
Of course, there’s a multitude of threat models where somebody wants to know when you’re home and if you’re healthy, if you’re asleep, if you’re awake, what health problems you have from a medical perspective.
Everybody from your insurers wanting to know that in the US and for-profit healthcare to a malicious person wanting to know where your kid is.
So it’s been a problem for the last 10, 20 years since wearables started becoming a thing. But now we’re looking at this Oura Ring and Zach did this amazing security research.
He’s a journalist, but he does security research and he took a look at the communications out at the Oura and they’re not all encrypted.
There’s unencrypted data being sent from the Oura Rings. So really interesting set of articles that he’s been running through, just doing more and more research on the Oura.
And it’s just such a cyclical thing of us coming back to— yeah, everybody’s putting on these trackers and they’ve got really cool Instagram and TikTok campaigns.
And the bottom line of his most recent article though is he reached out to Oura.
He actually, as a journalist, he reached out to them and he asked them how many requests are you getting from the government and law enforcement for data from these fitness trackers that’s unencrypted?
And they gave kind of a boilerplate response. They said, we receive infrequent requests from the government. Infrequent. They have 5 million users something like that right now.
And they said they push back when requests are invalid, overbroad, or inconsistent with our commitment to protect our members’ privacies.
Now, of course, Zach did the good journalist thing and pushed back and said, yes, other companies are giving out metrics about how many requests they get from law enforcement a month, a year, et cetera.
Can you give us some general statistics? And basically the answer is, we don’t know how to provide those yet in a secure way, so we aren’t going to be able to give you those.
So, yeah, good stuff, right? So it brings us back to that conversation of we all love fitness trackers, we all love being healthy and knowing how we’re sleeping and things.
Source link
About the Author
Discover more from Reelpedia
Subscribe to get the latest posts sent to your email.
