Personal sensing devices are becoming more commonplace in everyday life. Unfortunately, radio transmissions from these devices can create unexpected privacy concerns if not carefully designed. We demonstrate these issues with a widely-available commercial product, the Nike+iPod Sport Kit, which contains a sensor that users put in one of their shoes and a receiver that users attach to their iPod Nanos. We find and technically explore example scenarios, such as stalking, where the Nike+iPod Sport Kit’s design can lead to a compromise of personal privacy and safety. Our results exploit the fact that, when a Nike+iPod user walks or runs, the user’s Nike+iPod sensor broadcasts a unique identifier that can be detected up to 60 feet away. We implement a prototype surveillance system that can track people wearing Nike+iPod sensors, plotting their location on a GoogleMaps-based website and emailing and text-messaging real-time surveillance data to an attacker. Our surveillance system can track individuals when they are working out, as well as when they are casually walking and do not have their iPods with them. The smallest node in our real-time surveillance system is currently a miniature gumstix computer (8cm x 2.1cm x 1.3cm). We also develop a method to convert a third-generation iPod into a surveillance device. Using a second-generation Intel Mote and a Microsoft SPOT Watch, we develop the means for an attacker to obtain real-time surveillance data on his or her wrist watch. To counterbalance our attacks, we present simple changes to the Nike+iPod Sport Kit’s design that, if implemented, would have significantly improved the kit’s resistance to the attacks in this paper. This work suggests a greater need for rigorously evaluating the privacy of new technologies before deployment.