Is Your Fitness Tracker Sharing Your Vital Statistics?


I’m out here in Vancouver. I just took a run and it reminded me of a question that someone asked me in one of my speeches this morning, which is: Are those fitness tracking devices sacrificing our privacy? I’m going to tell you whether or not they are and how to stop it if you hang on for just a second.

I’m John Sileo and this is Sileo on Security. The great rage right now is fitness or health tracking devices, the Fitbits, the Garmins, even the Apple watches that we wear to track everything that we do.  It could be the mileage we go, the steps we take, the elevation we gain, our pulse, our heartbeat. Are we in good shape or bad shape? It tracks that data and syncs it from the device to an app on our phone or on our computer and then it aggregates that data.

The big question that people have is:   Is this being tracked? Is this incredibly vital health information being sold to other companies? Is it being sold to insurance companies who want to know if I’m healthy or not and may want to raise or lower my rates based on that. Is it being sold to marketers who want to know if I’m overweight or underweight, or if I like fitness of a certain type?  These devices track intensely personal stuff, so you’ve got to know what you’re doing. I want you to look at three different factors.

Number one: the hardware. It’s different if you have a Garmin or a Fitbit or an Apple Watch. They all have different policies on how they share information. You need to know by device.

Next, you need to take a look at the apps that are collecting the data. Are you using the Fitbit app that comes along natively with the Fitbit device?  Because that is different than if you’re using an app all by itself that you got on the App Store. You need to go through and read that privacy and data policy for the specific app to see how they’re sharing your intimate information.

Third, you need to consider not syncing that device to an actual app. Just track it on the device.  Then it never gets back into the cloud and never gets back to those companies at all. It’s certainly not as functional, but it is one option.

Here’s your One Minute Mission. I want you to Google the name of your device (“Fitbit”, for example) and enter the words “privacy policy” or “security” and I want you to research what others are saying about it in any current article. The reason is that these companies change their privacy and security policies all the time. They start with really good privacy policies and then they migrate to something less and less private.

Listen, I love these devices. I love the fact that they keep us fit and healthy. I love that they keep us competing with our friends and family to have a healthy lifestyle, but you can’t operate them without knowing what you’re doing, without knowing what information you’re giving away. Take a few minutes to take these steps and then go out and get healthy and use these devices. For Sileo on Security, I’ll see you on the next episode.


Securing the Smartphone Supercomputer in Your Pocket

What do you call this thing? A phone, right? That’s exactly where all the trouble starts.

When we call it a phone, we treat it like a phone. This is a phone. And this. Phone. Phone. Phone. Even this is a phone. But this? This is a teeny tiny super computer that just happens to make phone calls.  

On average, you use your smartphone to make calls only 20% of the time. The rest of the time you’re doing what? You’re Computing! Emailing, working, surfing antique Hummel auctions for your Grandma Thada. That is actually my Grandma Thada.  

Since it’s a computer, treat it with the same love you give your laptop. Here’s how to get started. First, if you don’t already have a passcode turned on, TURN IT ON! You shouldn’t be texting and driving anyway!

Second, instead of using an easily hackable four-digit passcode, make it long and strong. Here’s the best combination: Make it 6 or more characters for security’s sake and then turn on Touch ID to make it super convenient to actually use. Biometrics aren’t 100% secure, but they are way better than a four-digit passcode!

Third, make possession an obsession. Don’t leave your smartphone alone, even while you get a refill. With control of the email account on this little portable ATM, a criminal can do a bank-account-password-reset-savings-account-balance-transfer-to-Eastern-Europe faster than it took me to just say that.

Here’s your One Minute Mission: I want you to call your mobile provider and ask them to put a call-in password on your account. That way, if a hacker gets ahold of your mobile computer and calls your provider to take over the account, their call… doesn’t… connect. But make sure you share the password with your spouse so they don’t feel like the criminal. So you need a device passcode and a call-in passcode: These are two steps that will take you two minutes and make you ten times as safe.  

For Sileo On Security, always remember to treat this like a computer. Grandma Thada would be proud.

Are You a Victim of Credit ID Theft & Don’t Know it?

Here’s something you might not know. Twenty-five percent of you have already been victims of identity theft and you don’t know it. I’m going to show you how you can tell if you have or not. Stick around.

I’m John Sileo and this is Sileo on Security. If you haven’t already checked your credit report, you have to do it. Your credit is a compilation of your loans, credit cards, bank accounts… everything that determines how much buying power you have, how much credit you can borrow. So it’s totally imperative that you keep your credit profile clean because you want to be able to do things like take out a bank loan or take out a home loan and you don’t want identity thieves destroying your credit score.

There’s a super simple way to do this.  It’s called  It shows you your credit profiles from the three credit reporting bureaus: Equifax, Experian and TransUnion. So when you first go to, they’re going to take you to a form and ask for all kinds of personal information. I don’t want you to be freaked out. They already have this information on you; they’re just they’re just verifying that it’s actually you filling out the form. People ask me all the time, “Is it safe giving them this information?” If your computer is well-protected and you’re on a safe Internet connection, you’re going to be just fine.

So here’s your One Minute Mission. I want you to go to and I want you to apply for one of the three credit reports. Not all three of them, just the Equifax report. And then in three or four more months I want you to go back and do the same thing on the Experian report.  And three or four months after that I want you to do it with TransUnion. This way you are cycling the reports and you’re looking at your credit every couple of months. That keeps you safe year after year.

You know, monitoring your credit isn’t just about securing it against identity theft. It’s about making sure that your financial buying power is intact. For Sileo on Security, I’m John Sileo. We’ll see you next time.


3 Secrets of Hack-Proof Passwords

All right be honest with me. You’re still creating passwords on your online accounts that use your dog’s name or your kids’ birthdates or your high school sweetheart. You know better, but you still do it. Well, there’s an easy way to create simple passwords that are easy to remember and I’m going to show you how.

I’m John Sileo and this is Sileo on Security.  Most bank, investment, email and Facebook accounts get hacked because of weak passwords. These criminals have software that will try a million different combinations a second to guess your password. It’s called a brute force attack and the way to prevent it is to take these three steps to protect and build strong passwords.

First of all, your passwords need to be long. I’d recommend they’re at least 15 characters. Second, they need to be strong. That means that you need to use numbers and letters and characters and even spaces to make them harder to guess. And finally, the most important step of all is it’s got to be memorable. That’s our problem. We have so many passwords across so many sites. We need to make them simple so we can remember them.

So here’s the technique you can use. Associate the name of, for example, a bank with your password. If you bank at Wells Fargo, maybe it’s a line from an Orson Welles movie. Maybe it’s ro5ebud_ThE_sleD. Or maybe it’s something from Fargo, maybe something about a wood chipper. The crazier that it is the easier it will be for you to remember.

So in this episode I want to simplify the One Minute Mission. I want you to simply go change your passwords on all of your financial sites. Not on every website, that will be the next step, but just on your financial websites. I want you to make them long and strong and something that you can remember. If you want to take it even one step further, research password protection software, which we’re going to talk about in a future episode. But for right now I just want you to go and create those long, strong and memorable passwords for your financial websites.  We’ll see you back here next time on Sileo on Security.



Threat Alert: Ransomware Becoming Rampant


One of the very greatest threats you face in terms of cyber crime is something called ransomware. It’s a type of cyber blackmail that is rampant. I’m going to take a few minutes and show you how to keep yourself from becoming a victim.

Hi, I’m John Sileo and this is Sileo on Security. I’m here at a conference in Florida where everybody wanted to know about ransomware. Here’s what it is. It’s a type of malware, it’s a virus that gets on your system, often times because you click on a link you shouldn’t. It infects your system, it freezes it up with encryption, it locks it down so that you can’t get to your photos, your tax files, your documents. You can’t get to any of that until you pay the ransom. Believe it or not, about 90% of people end up paying the ransom in order to unlock those files because they haven’t taken the preventative steps that I’m going to give you right now.

Number one. Never click on a link in an email if you don’t know exactly where it’s coming from, who sent it or where it’s taking you to. That’s how most of this malware, this ransomware malware, gets installed on your computer. You can also hover over the link to see if it’s going where it’s supposed to be going.

Number two. You need to have an offsite backup like in the cloud or elsewhere that is well-protected that happens daily on your data. That way, if ransomware is installed on your system, you have a copy from which to restore your good data. You have the ransomware cleaned off before it enacts and you’re back up and running.

Finally, the option I like the least is paying the ransom. That just encourages this problem to go on and on, but sometimes you have no choice. I see a lot of businesses and a lot of individuals who will pay the $2,000 or $3,000 because they want those photos back, they want those tax records, whatever it is that has been locked up. When you pay it, just know you’re setting yourself up to be a victim again because now they know that you’re going to pay that ransom.

So here’s your One Minute Mission. I want you, if you don’t already have it, to go and set up an offsite backup of your information. You can use sites like SOS Back Up or Carbonite as long as it’s encrypted and protects your data, you’re better to have a copy up in the cloud well-protected, than to have no copy at all to restore from. So I want you to go research it, find a good backup company off-site, and right now, get your system back up.  This protects you not only from ransomware, but if your software ever goes down in another way.

When you have taken this step of backing up all of your systems on an off-site backup, I want you to call the person who subscribed to Sileo on Security for you and I want you to thank them because they are making you safer and your valuable data much more secure.  For Sileo on Security, I’m John Sileo.  We’ll see you next time for another great tip.