Tag Archives: Privacy

How to keep your fitness tracker health data to yourself

For a long time I have refrained from using fitness trackers or sport watches because I never found the time to dive into questions like:

  1. Which fitness tracker can be used without a mandatory mobile app?
  2. How can I access my fitness data conveniently but keep it away from “the cloud”?
    • Or: How can I backup fitness data on “my cloud”?
  3. Which fitness tracker works well with the Open Source ecosystem?

Well, I finally did and now this is my setup:

  1. Garmin Instinct 2
  2. The open source Android app Gadgetbridge

Honestly, the watch works well enough on its own. You need to get used to its 90s-Casio-watch-style control using five hardware buttons, but once you learned it, you could access all the relevant data without any additional connection.

But still, for a bit more convenience and more in-depth details of fitness and activity data, Gadgetbridge is quite nice. Inside the app, you can easily connect to the Garmin watch via Bluetooth.

Fetching and updating activity data is by default done manually via button press, since it may take 10-15 seconds. Once the data is downloaded from the watch, you can dive into all the details about your activities, sleep, heart rate, etc…

Screenshots from https://gadgetbridge.org/basics/features/activities/

There is a couple of maintenance steps you’ll need perform manually from time to time, as Gadgetbridge cannot interfere too much with the IP of the original manufacturers.

Firmware updates

Gadgetbridge allows you to upload updated firmware to the device, but it doesn’t tell you where to get these files from, most likely out of fear of retaliation.

So how do you get the firmware files for your Garmin watch? From a non-shady source, preferably? Easy: You can find them on Garmin’s official forum. More specifically: Their beta builds published for Side Loading contain the last official build as well, for an easy roll-back.

As an example, see their announcement Beta Version 17.04 – Side Load (Archive.org link) containing zip archives for various watch models.

  1. Download the zip file for your model
  2. Inside, you find the latest official build under SystemBackdate_XX.XX/GUPDATE.GCD
  3. Open Gadgetbridge, connect to your watch
  4. Click the three dot menu next to your watch, then “File Installer”
  5. Select the .gcd file and upload it to the watch

AGPS updates

AGPS is responsible for speeding up your GPS-based localization and make it more precise. For that, it relies on (pre-)computed satellite orbit and correction data. This must be refreshed from time to time, e.g. every 30 days.

  1. Open Gadgetbridge, connect to your watch
  2. Click on the gear to open the device-specific settings
  3. Click on “Location” and scroll down where it says “Folder”. Set a folder where you will download the AGPS file in a minute.
  4. After folder selection, back on the “Location” screen, see the AGPS 1 URL. Something like https://api.gcs.garmin.com/...
  5. Click on it to copy it to the clipboard. Open the link in a webbrowser to download the file to the folder you set before.
  6. Back on the “Location” screen, directly under the URL, select the “Local file” you’ve just downloaded
  7. The “Status” should switch to “Pending”. Whenever the watch requests an AGPS update, Gadgetbridge will now intercept that call and deliver the file. You’ll see that some days later, the Status will then show “Current”

(Cloud) Backup

The automatic export periodically stores the Gadgetbridge database at a location of your choice, which can also be an online folder, e.g. from Nextcloud if you have the app installed. The important caveat is: This only stores the already processed data from Gadgetbridge, not the raw files from the device (e.g. .fit files in case of Garmin):

  1. In the app’s settings (not the device settings!) go to “Automations”
  2. Toggle the switch for “Auto export enabled” to ON
  3. Under “Export location” select the folder where to export the Gadgetbridge.db to.

If you want to also get the raw files from the device backed up, this needs to be triggered manually:

  1. In the app, open the tab “Data management”
  2. Click “Export zip” and store the file at a location of your choice
  3. The resulting file contains the Gadgetbridge database under database/Gadgetbridge and the raw device files under files/<device ID>/

More about backups, including examples of how to process the data in the Gadgetbridge manual.

I found it funny to illustrate a post about a Microsoft bug with a Microsoft Copilot generated image containing garbled text

Can’t open a Microsoft Outlook protected message? This is how you work around it

Email encryption forever is a pain point in the IT ecosystem. PGP is a great system but hasn’t been widely adopted.
This is how I personally have used PGP in the past, for the <10 PGP emails I have received over my entire lifetime:

https://xkcd.com/1181
(Yes, I know the joke is more about sender verification and less about encryption itself)

Microsoft has rolled out their own solution to the problem: Outlook Protected Messages. A proprietary system on top of an open, wide-spread standard – I don’t really like that but hey, it is better than nothing!
If an Outlook user sends you such a protected email to a non-Outlook and non-GMail address, you will receive an email “Alice has sent you a message that was protected with Microsoft Office 365” and a link to click. You’ll be redirected to a page where you can sign in and receive a single-use code sent to your email address.

But here is the catch: This sign in just doesn’t work! The email I received these messages is not connected to a Microsoft account. So I could not login to request the single-use code. I then tried it with an email which was connected to a Microsoft account – turns out, this also doesn’t work! Even if the protected email was sent to this Microsoft account.

Somehow, the solution to this is to trick Microsoft into your browser being a mobile browser. Then, you are not asked for any sign in but can directly request the single-use code. This is how you do it, using the Browser’s developer tools:

  1. Copy the link from the protected message
  2. Open a new empty browser tab.
  3. Right-click → Inspect
  4. Click the “device icon”
    • On Firefox, it is on the right side of the bar
    • On Chrome, it is on the left side of the bar
  5. Your browser now acts as a mobile browser.
  6. Enter the link into the address bar
  7. Request the single-use code to be sent to your email
  8. Then enter the received code in the browser

Privacy in the Metaverse

Or: How to install any app on the Quest 3 without giving Meta your phone number.

With the long anticipated Apple Vision Pro become available at February 2nd 2024 (unfortunately only in the US), we’ll finally see Apple’s take on a consumer-ready headset for mixed reality – er … I meant to say spatial computing. Seamless video see-through and hand tracking – what a technological marvel.

As of now, the closest alternative to the Vision Pro, those unwilling to spend $3500 or located outside the US, seems to be the Meta Quest 3. And this only at a fraction of the price, at $500. But unlike Apple, Meta is less known for privacy-aware products. After all, it is their core business model to not be.

This post explains how to increase your privacy on the Quest 3, in four easy steps.

Continue reading Privacy in the Metaverse