I think they sell a number of different devices now, but they are best known for rings. The rings you wear do things like calculate body weight and track fitness.
And they are very popular. They should be very accurate.
And they got a lot of attention a few months back because they signed a contract with the US Department of Defense, a big contract.
They are their biggest customer for military fitness tracking and health tracking.
And so that raised a lot of false headlines like they were sending data directly to Palantir and things like that, which there’s really no evidence of—it’s more of an ethical consideration of this company selling a bunch of stuff to defense organizations.
But what Zach finds out— his wife has one of these trackers.
And when all this came up, he started looking to see what data might be leaking or what data was not protected.
Because we’ve had problems for years with fitness trackers and health trackers and location trackers for kids, for adults, for everybody.
Everyone likes to wear wearables these days to track everything they do in their sleep, when they are awake, when they exercise, their health.
And we know in the case of children where they are, if they are safe at school, things like that.
And everyone has started wearing these things and they transmit a lot of data about your location, your health, your fitness, your work, what you do every day, when you work, when you don’t work, when you sit at your desk, when you walk around.
And that’s sensitive for very obvious reasons.
Of course, there are many threat models where someone wants to know where you are at home and if you are healthy, if you are sleeping, if you are awake, what health problems you have from a medical point of view.
Everyone from your insurers who want to know that in the US and health care for the benefit of a malicious person who wants to know where your child is.
So it’s been a problem for the last 10, 20 years since wearables became a thing. But now we’re looking at this Ring of Oura and Zach has done this amazing security research.
He is a journalist, but he did security research and looked at the communications coming out of Oura and they were all encrypted.
There is unencrypted data sent from Oura Rings. A really interesting set of articles he’s been running through, doing more research on Oura.
And it’s just a circular thing that we go back to – yes, everyone is using these trackers and they have really cool campaigns for Instagram and TikTok.
And the crux of his latest article though reached Oura.
Indeed, as a reporter, you reached out to them and asked them how many requests do you get from government and law enforcement to get data from these undocumented fitness trackers?
And they give a kind of boilerplate answer. They said, we receive unusual requests from the government. Unusual. They have 5 million users something like that right now.
And they say they back off when requests are illegal, broad, or inconsistent with our commitment to protecting our members’ privacy.
Now, of course, Zach did a nice journalistic thing and pushed back and said, yes, some companies provide metrics about how many requests they get from law enforcement per month, per year, and so on.
Can you give us general statistics? And basically the answer is, we don’t know how to provide that yet in a secure way, so we can’t provide those.
So, yeah, good stuff, right? So it brings us back to that discussion of we all love fitness trackers, we all love being healthy and knowing how we sleep and stuff.
