The Weight of Technology – You are not alone.

The Weight of Technology – 740 page – Now available in Kindle & Paperback

RSS
Follow by Email
Facebook
X (Twitter)
FbMessenger

Always On Your Wrist, Always Watching: How Smartwatches Track Your Body, Your Life, and Your Data

If you find this article interesting, you should check out and find out more exposed facts about technology you SHOULD be aware of.

The Weight of Technology, Now available on Kindle and Paperback version on Amazon

Smartwatches are sold as tiny wellness coaches and productivity buddies: count your steps, poke you to stand up, flash your texts, let you pay for coffee with a wrist flick.

But once you strap one on, you’re not just tracking it. It’s tracking you — continuously, intimately, and often in ways that are easy to forget.

This deep dive is meant to fit right into the JeremyAbram.net universe: skeptical of “smart” hype, focused on the real data flows, and practical about how to defend your privacy (and the privacy of everyone around you).

1. What actually makes a watch “smart”?

Under the glass and glossy marketing, a modern smartwatch is basically:

  • A small computer (CPU, RAM, storage, GPU)
  • Running a full operating system (watchOS, Wear OS, proprietary OS from Garmin, Fitbit, Huawei, etc.)
  • Loaded with sensors:
    • Accelerometer & gyroscope (movement)
    • Optical heart-rate sensors (green LEDs + photodiodes)
    • Sometimes ECG, SpO₂, skin temperature, skin conductance
    • GPS, barometer, ambient light, sometimes magnetometer
    • Microphone (almost always)
    • Sometimes a camera (front-facing or in the strap on some Android watches)
  • Connected via Bluetooth, Wi-Fi, NFC, sometimes LTE/5G

It doesn’t live alone. It’s tightly coupled to:

  • A phone companion app (Apple Health, Google Fit, Samsung Health, vendor apps)
  • Vendor cloud services, backing up and analyzing your data
  • Third-party apps, watch faces, and integrations (fitness programs, meditation apps, health insurers, employers’ “wellness” platforms, etc.)ExpressVPN+2IAPP+2

The hardware is just the first layer. The real “smart” part happens when all this raw sensor data is fused, modeled, and monetized.

2. Biometrics 101: what your watch reads from your body

2.1 Core sensors and what they measure

Most smartwatches use combinations of these:

  • Heart rate (PPG – photoplethysmography)
    Green (sometimes infrared) LEDs shine into your skin; a photodiode measures tiny changes in light reflected from blood vessels as your heart beats. Software turns that into:
    • Heart rate (BPM)
    • Heart rate variability (HRV)
    • Rough “stress” or “readiness” scores via algorithms
  • ECG (electrocardiogram)
    Higher-end watches let you touch the crown or bezel to complete a circuit and record a 1-lead ECG. This can detect rhythm irregularities like atrial fibrillation, though not with the detail of a 12-lead clinical ECG.ScienceDirect+1
  • SpO₂ (blood oxygen)
    Uses red and infrared light to estimate how much oxygen is bound to your hemoglobin. Useful for sleep apnea screening, altitude acclimation, etc.
  • Skin temperature & skin conductance (EDA/GSR)
    • Skin temp trends can hint at illness, ovulation, or circadian rhythm changes.
    • Skin conductance responds to sweat gland activity and can correlate with arousal or stress states.
  • Motion sensors (accelerometer, gyroscope, sometimes magnetometer)
    Track:
    • Steps, walking/running cadence
    • Sleep vs wake vs “lying on the couch doom-scrolling”
    • Workouts (running vs cycling vs HIIT, etc.)
    • Posture and fall detection (sudden acceleration + impact patterns)
  • GPS + barometer
    Maps where you go, your elevation gain, and outdoor routes in detail.
  • Microphone (and sometimes speaker)
    • Handles voice assistants, calls, dictation, and “raise to speak” features.
    • Hardware can pick up ultrasonic frequencies (above human hearing) too, which matters for some tracking and attack techniques.Wikipedia+1
  • Camera (on some models)
    • Used for quick photos, video calls, or body/room snapshots.
    • Even if your watch doesn’t have one, it may be able to remotely trigger your phone’s camera.

2.2 From raw signals to “insights”

Using machine learning, the ecosystem (watch + phone + cloud) can infer:

  • Activity type (walking, running, cycling, driving, sitting)
  • Sleep stages & sleep duration
  • Estimated VO₂ max, cardio fitness, recovery
  • Heart rhythm issues (e.g., AFib notifications)
  • Emerging features like AI-based blood pressure notifications, which correlate large sensor datasets against real blood pressure readings without a physical cuff.Reuters+1

There’s also a big push toward emotion and stress inference from wearables — combining HRV, skin conductance, activity, and sleep. Research shows they can sometimes predict stress episodes and emotional states, but accuracy is patchy and highly individual.PMC+2ScienceDirect+2 Recent work has even found consumer smartwatches can be terrible at measuring stress reliably in the real world.The Guardian

So the biometrics themselves are very real and very sensitive. The “insights” are a mix of science, statistics, and marketing.

3. What data does your smartwatch actually collect?

Depending on brand, model, and apps, you’re typically generating:

  1. Health & fitness data
    • Steps, distance, workouts, calories (estimated)
    • Heart rate & HRV
    • Sleep duration and quality
    • SpO₂, skin temperature, stress/load scores
    • Menstrual cycle logs, pregnancy-related notes via apps
    • Medical-style metrics (ECG traces, blood pressure notifications, irregular rhythm alerts)
  2. Location & movement
    • GPS routes, timestamps, elevation
    • Patterns: “this person usually leaves home at 7:45, gets to Office X at 8:10, visits Gym Y three nights a week”
  3. Identity & account data
    • Device ID, watch serial, OS and app versions
    • Linked email, Apple ID / Google account / vendor account
    • Cross-device identifiers used across phone, laptop, TV, smart speakers
  4. Communications metadata
    • Notifications mirrored from your phone: sender, time, sometimes message preview text
    • Call logs, missed call metadata, voice commands (and sometimes audio snippets, depending on settings)
  5. Payment & wallet info
    • Tokens used for NFC payments
    • Transit passes, access cards, loyalty cards
  6. Behavior & engagement
    • Which apps you open and how often
    • Which watch faces you use
    • Which nudges you respond to (stand reminders, workout suggestions)
    • Which health features you enable or ignore

Studies show around 90% of wearable devices collect health/wellness data (heart rate, activity, sleep), and a large majority also log location, usage patterns, and other behavioral metadata.Security Magazine+2JMIR Publications+2

4. Where your smartwatch data actually goes

4.1 On-device vs phone vs cloud

In principle:

  • Some data is processed on the watch (e.g., step counting, simple notifications).
  • Lots of it is synced to your phone.
  • Much of the important stuff is backed up and processed in the vendor’s cloud and/or third-party servers (app developers, cloud analytics providers, etc).IAPP+2PMC+2

For example, Apple heavily advertises on-device processing and encryption for Health data, with many health features running locally and health records encrypted in transit and at rest.Apple+2Apple+2 But third-party apps that you authorize to access that data might have very different practices.

4.2 Third-party apps, insurers, and employers

Your data may also flow to:

  • Fitness and wellness apps (meditation, coaching, diet trackers)
  • Health insurers offering “step count discounts” or wellness incentives
  • Employers running “corporate wellness” programs
  • Clinical research studies, often de-identified but not always fully anonymizedDuke Pratt School of Engineering+2JMIR Publications+2

Each of these parties may:

  • Combine your wearable data with other datasets (claims, purchasing history, credit data)
  • Build risk/behavior profiles
  • Sell or share data with data brokers, depending on their policies and the law in your jurisdiction

How transparent they are about this varies wildly. A 2025 review of top wearable privacy policies found big gaps in clarity around data sharing, user rights, and secondary uses (e.g., marketing, research, algorithm training).PMC+2ScienceDirect+2

5. Smartwatch data and the ad ecosystem

5.1 Official story: “We don’t use your health data for ads”

Most major vendors publicly claim they don’t use health data for targeted ads, and often wall it off legally as “sensitive”. Apple, for example, has separate privacy documentation for health data and for its advertising platform; it says health data isn’t used for Apple-delivered ads and emphasizes user control.Apple+2Apple+2

However:

  • Non-health data from your watch (device IDs, app usage, location, engagement) can absolutely feed into advertising profiles.
  • Third-party apps you connect to your watch/Health data may have terms allowing them to use that data for marketing, analytics, and sharing with “partners” unless you opt out.TermsFeed+1

Even if your heartbeat isn’t used directly, the patterns around your behavior can be incredibly revealing for ad and profiling purposes.

5.2 Cross-device tracking and ultrasonic beacons

The advertising ecosystem doesn’t just follow a single gadget. It uses cross-device tracking to link your phone, tablet, laptop, TV, and sometimes IoT devices via:

  • Shared logins and account IDs
  • Browser fingerprinting and IP correlations
  • Mobile ad IDs
  • Ultrasonic audio beacons: inaudible high-frequency sounds embedded in TV ads or apps that can be picked up by device microphones, then used to link multiple devices in the same room to a single user profile.The Hacker News+4Wikipedia+4Federal Trade Commission+4

Historically, ultrasonic tracking has been more visible on phones and TVs than on watches — but the underlying requirement is simple: a microphone and an app that’s allowed to access it. Many smartwatches have both.

Regulators (like the FTC) have warned app developers about non-transparent ultrasonic tracking, but the basic technology exists and remains a privacy red flag in the broader ecosystem.Federal Trade Commission+1

6. Can smartwatches listen to or see a room to drive ads or content?

Short answer: Technically yes, in some scenarios — but not usually in the explicit, sci-fi way people imagine. The risks are real, but they come mostly from accidental activation, shady apps, or advanced attacks, not mainstream “we’re literally listening to your living room to pick your ads” from Big Brand X (at least, not openly).

6.1 Listening: wake words, voice assistants, and accidents

Most smartwatches support assistants like Siri, Google Assistant, or Bixby. That means:

  • The microphone is passively listening for a wake phrase (“Hey Siri”, “Hey Google”). That matching is usually done on device, with audio only streamed after a trigger.
  • However, we know from lawsuits and settlements that accidental activations and over-collection happen.

Apple, for instance, agreed to a $95 million settlement over Siri allegedly recording private conversations when it shouldn’t have, and claims that those conversations influenced related ads seen later. Apple denies using Siri data for marketing, but the case shows how fragile the “we only listen when you say the magic words” promise can be in practice.The Guardian+1

On a smartwatch, that same assistant logic runs very close to your body, in:

  • Bedrooms
  • Bathrooms
  • Private meetings
  • Therapy sessions
  • Medical appointments

If the assistant misfires in any of those contexts, sensitive audio can be captured and transmitted, even if policies say it isn’t used for ads.

6.2 Seeing: cameras and remote triggers

  • Some smartwatches have built-in cameras (often on Android-based models or specialized devices).
  • Even watches without cameras can act as remote shutters for your phone’s camera, meaning:
    • You can accidentally (or intentionally) snap photos or videos of rooms and people from your wrist.
    • If malware or a compromised app takes control of that functionality, it becomes a remote surveillance interface.

As of now, mainstream ad platforms are not openly scanning smartwatch camera feeds for ad targeting — that would be a regulatory nightmare — but the capability path is there if someone were reckless or malicious enough to try.

6.3 Advanced attacks: ultrasonic exfiltration & espionage scenarios

Recent research introduced “SmartAttack”, a technique where a compromised air-gapped machine sends data via ultrasonic signals that are picked up by a nearby smartwatch’s microphone. The watch then exfiltrates that data over the network.SC Media+3SecurityWeek+3arXiv+3

This is not an everyday consumer threat; it’s more of an espionage or high-value corporate scenario:

  • The attacker already controls the sensitive system.
  • They also control a smartwatch in the room.
  • Data rates are low and distances limited.

But it demonstrates a key point: a mic on your wrist is a real security sensor — for you or for someone else.

7. Business vs residential risks

7.1 Residential & personal risks

For individuals and households, smartwatch data can expose:

  1. Deeply personal health information
    • Potential pregnancy indicators
    • Sleep problems, possible sleep apnea
    • Heart conditions, arrhythmias
    • Activity patterns that correlate with depression or other mental health issuesCIGI+2cdh.brown.edu+2
  2. Relationship and lifestyle patterns
    • When you’re usually home, away, or asleep
    • Sexual activity patterns (inferred from heart rate + movement + time)
    • Alcohol or substance patterns (e.g., irregular heart rate + late-night activity + poor sleep)
  3. Location-based risks
    • Stalking or domestic abuse if someone gains access to your accounts or device
    • Law enforcement or litigants subpoenaing smartwatch records (location, health, sleep) to reconstruct timelines
  4. Data breaches & secondary use
    • If a cloud service or app storing your wearable data is breached, intimate health and location data may leak.
    • Data brokers may buy and resell “anonymized” wearable datasets that can often be re-identified.
  5. Surveillance pricing & discrimination
    • As regulators have warned, companies increasingly use personal data to set personalized prices or rates (“surveillance pricing”). Wearable-derived risk scores could, in theory, influence insurance, credit offers, or other pricing, even if not explicitly labeled as such.Federal Trade Commission+2JMIR Publications+2

7.2 Business, corporate, and institutional risks

For organizations:

  1. Confidentiality in sensitive environments
    • Smartwatches can be:
      • Recording mics
      • Covert cameras (on some models)
      • Ultrasonic receivers for covert channels (SmartAttack-style)
    • That’s a serious issue in:
      • R&D labs
      • Defense or national security facilities
      • Regulated medical and financial environments
  2. Corporate espionage & insider threats
  3. Workforce surveillance & trust
    • If employers issue or require wearables, they can track:
      • Activity during work hours
      • Location on the job
      • Break habits and movement patterns
    • Even if it’s framed as “safety” or “wellness,” overuse can create a high-surveillance workplace and legal risks.
  4. Policy compliance
    • Many regulated environments now treat wearables like phones:
      • No cameras/mics on the floor
      • Mandatory device check-in zones
    • Failing to control wearables can lead to privacy violations, compliance failures (HIPAA, GDPR, etc.), and reputational damage.

8. Security vulnerabilities: where smartwatches get hacked

Smartwatches share classic IoT security problems:

  1. Weak authentication and lock screens
    • Studies have found many devices lack strong PIN enforcement, don’t support two-factor auth, or make it easy to bypass device locks.Bitdefender+1
  2. Insecure Bluetooth pairing & data transfer
    • Researchers have demonstrated passive and active attacks during the pairing process:
      • Eavesdropping on data
      • Impersonating the phone or watch
      • Injecting commands or modifying data streamsPMC+1
  3. Unencrypted or poorly protected APIs
    • Health and fitness APIs (vendor or third-party) sometimes:
      • Use weak auth tokens
      • Transmit data without proper encryption
      • Have poorly documented access controls
  4. Cloud and backend vulnerabilities
    • The watch might be well-secured, but the back-end cloud APIs can be exposed:
      • Misconfigured databases
      • Excessive privileges for partner apps
      • Flaws in web dashboards and developer portalsScienceDirect+2IAPP+2
  5. Lost or stolen devices
    • If your watch isn’t locked, a thief can:
      • View notifications and recent messages
      • Access payment features (depending on vendor)
      • Pair it with their own phone and siphon data
  6. Cheap/clone devices
    • Off-brand or ultra-cheap smartwatches may:
      • Run outdated OS versions
      • Lack meaningful security updates
      • Phone home to unfamiliar servers in other jurisdictions
      • Ship with hard-coded passwords or backdoors

9. How to protect your privacy (and other people’s) with a smartwatch

Here’s a practical mitigation checklist you can mostly implement in under an hour.

9.1 Lock down the device itself

  • Set a strong passcode on the watch (not just the phone).
  • Enable wrist detection / auto-lock so the watch locks when you take it off.
  • Turn on two-factor authentication for your main platform account (Apple ID, Google account, vendor account).Mozilla Foundation+2Apple+2
  • Make sure “wipe after X failed attempts” (if available) is enabled.

9.2 Cut unnecessary sensors and always-on listening

  • Disable “raise to speak” or always-listening assistants if you don’t truly need them.
  • Turn off microphone access for apps that don’t absolutely require it.
  • If your watch has a camera, treat it like a phone camera:
    • Disable or cover it in sensitive environments.
    • Revoke camera access for untrusted apps.

In high-sensitivity situations (therapy, doctor visits, legal consultations, confidential strategy meetings), consider removing the watch entirely or switching it to airplane mode.

9.3 Tighten app permissions and sharing

On both watch and companion phone:

  • Audit which apps can access:
    • Health data
    • Location
    • Microphone
    • Contacts/calendar
  • Revoke any that:
    • You don’t recognize
    • You no longer use
    • Are clearly ad-tech or “engagement optimization” tools
  • In the platform’s Health/fitness settings:
    • Disable sharing with third-party apps you don’t absolutely need.
    • Turn off “share analytics” and “improve our services” toggles where possible.Apple+2Apple+2

9.4 Reduce ad tracking and cross-device linkage

  • On your smartphone (which ties the whole ecosystem together):
    • Limit or reset ad IDs regularly.
    • Turn off “Allow apps to request to track” / cross-app tracking where supported.
  • Avoid installing apps known to use ultrasonic tracking or aggressive analytics. If an app asks for mic access but has no clear reason, that’s a red flag.Federal Trade Commission+2National Law Review+2

9.5 Control cloud storage and history

  • Check your vendor’s cloud dashboard:
    • Can you delete old health and location data?
    • Can you turn off certain categories of data collection?
  • Prefer local-only storage where possible for the most sensitive metrics, understanding you may lose some cross-device features.

9.6 Think about others’ privacy too

Your watch doesn’t just capture your life; it may capture:

  • The heart rate spike during someone else’s medical emergency you attend
  • The audio of other people’s conversations in your meeting, classroom, or therapy group
  • The presence of people in restricted places (e.g., undocumented workers, protestors, whistleblowers)

Practical steps:

  • Ask before recording workouts, classes, or events with a watch camera.
  • In any environment with no-phone policies, assume watches should also be muted or removed.
  • If you’re running a business or club (hello, Elks Lodges, bars, fraternal orgs, etc.), consider explicit signage or policies about wearables in sensitive areas.

9.7 For businesses and organizations

  • Create a clear wearables policy:
    • Where watches are allowed
    • Where mics/cameras must be disabled
    • Where they’re completely banned
  • Segment IoT and personal devices onto separate network segments where possible.
  • Require up-to-date firmware, locked devices, and basic security hygiene for any employees wearing smartwatches in corporate environments.
  • For very sensitive work, treat smartwatches as you’d treat USB sticks or phones: they simply don’t come into the secure room.

10. The trade-off: convenience vs a wrist-mounted tracking device

Smartwatches can absolutely be life-enhancing:

  • Early detection of arrhythmias or high blood pressure trends
  • Better awareness of sleep and activity patterns
  • Subtle notifications that keep your phone out of your hand
  • Support for chronic conditions and remote care

But they also:

  • Turn your body into a continuous data feed
  • Plug that feed into sprawling data ecosystems and ad infrastructures
  • Extend microphones and sometimes cameras into spaces that used to feel private

The core question isn’t “Are smartwatches evil?” It’s closer to:

Are you consciously deciding what this device is allowed to know and share — or just accepting the defaults?

If you treat your watch as powerful medical-adjacent equipment plus a potential surveillance node, you’ll make better choices:

  • Lock it down.
  • Turn off what you don’t need.
  • Be choosy with apps and data sharing.
  • Take it off when the stakes are high — for you or for the people around you.

Then your smartwatch can stay a useful tool on your wrist, instead of a silent, glowing observer that reports more about your life than you ever intended.

If you find this article interesting, you should check out and find out more exposed facts about technology you SHOULD be aware of.

The Weight of Technology, Now available on Kindle and Paperback version on Amazon

facebookShare on Facebook
TwitterPost on X
FollowFollow us
PinterestSave

admin