I ran the setup for my new fitbit Surge watch and during the Windows 10 fitbit app setup, it showed me this list of fitbit owners from MY PRIVATE CONTACTS!

In this list of fitbit owners:

• Dude from High School I barely knew
• Ex girlfriend from Jr. High.
• Several people I don’t recognize.
• Bunch of girls I knew from 1-12 grades.
• A good friend’s cheating ex.
• Little sister’s friend.
• Brother in law.
• Wife of brother in-law’s good friend (dont’ know why she’s in my contacts… probably through a facebook sync from years ago).

Also, everyone else in my contacts that do not have a fitbit account.

• Click here to follow me on Flote.

Some of these names are NOT in my contacts on my PC, which means they came from my phone.  And for the Windows 10 app to know that these 16 people have fitbits, my contacts had to have been uploaded to the fitbit servers so it could compare them to its database.  At no time was I asked permission to upload my private contacts (from either my phone nor my PC).  And I’m guessing these people didn’t explicitly grant it permission to let me know they have fitbits and they will likely be notified that I have one, even though I’ve given no such explicit permission to notify them nor any explicit permission to hijack my entire contacts list.

In addition to this, 100% of all health data that a fitbit collects is uploaded to the fitbit servers, viewable by fitbit employees… all done without notifying you and certainly without asking for explicit permission.  Turns out, the only way to use a fitbit without uploading all your private data is to not use the PC app or the mobile app, but, of course, the fitbit is mostly useless without them.  There’s no technical reason for uploading our data to the fitbit servers.  The PC and mobile software could easily have communicated with the watch without the involvement of the fitbit servers.

While on technical support today trying to resolve why my fitbit won’t charge, I discovered that they have access to all my health information collected by this watch, even though the employee I spoke with said it “only” uploads… then rattled off every thing the watch does… “for the purpose of knowing your fitbit is working”.  In addition to that, they know when we charge them, when we reboot them, and what devices we charge them from.  All this without permission from us.  Sure, some of this is somewhat inacuous data, but I did not give it permission and collected together, all this information can be used against you.  This is your HEALTH information.

Just about any kind of personal information online can be used against you and your _*personal health*_ information is especially vulnerable.  In this article, I list ways that seemingly innocent information can hurt you:

• IS THE NEED FOR A PSEUDONYM ONLY FOR “FRINGE” CASES?

So, HOW do you stop it?

1. Don’t run the mobile fitbit app.
2. Don’t run the desktop fitbit software.

Of course, without the apps, the fitbit is pretty much useless.  Your only real option here is to stop using your fitbit.  There should be other smartwatches that can do similar or better things that DO NOT send all (or any) of your private data to remote servers.

[Update] I sent my fitbit back and got my money back and bought an Android Wear watch that does everything the fitbit does, and more, but without uploading everything to its owners servers.

Thank you for sharing this article.  See this image?

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.