Strava’s Heatmap Is Revealing the Layout of Military Bases

[Megalith]

Fitness-tracking app Strava’s heatmap was designed to offer insight on where its users sported and exercised, but the GPS-dependent technology can be used to disclose both the location of bases and the movement of personnel. Soldiers wearing Fitbits are inadvertently tracing the layout of outposts and supply or patrol routes.

 

[scojer]

Hmm... guess no one in Area51 wears them. It's black on the map.

 

[viper1152012]

Hope there is a Morgan Freeman at the company keeping the switch turned off.......

 

[TheHig]

Hmm... guess no one in Area51 wears them. It's black on the map.

Nice! First thought but didn’t actually look.

 

[sfsuphysics]

Hmm... guess no one in Area51 wears them. It's black on the map.

Yeah something tells me that people personal devices might go into a locked cabinet before hand, and they can pick them up after their shift. Maybe a tad more security there.

 

[umeng2002]

He's been selling the data to the highest bidder for years and is about to attempt a hostel takeover of Wayne Enterprises.

 

[oldmanbal]

I love this.

 

[noko]

lol

 

[Revdarian]

you all know that ever since cellphones had built in GPS's this has been a thing? i mean, fitbit is putting it on public display, but all those smartphones through the last decade have leaked all manner of information already

 

[kju1]

Fitness-tracking app Strava’s heatmap was designed to offer insight on where its users sported and exercised, but the GPS-dependent technology can be used to disclose both the location of bases and the movement of personnel. Soldiers wearing Fitbits are inadvertently tracing the layout of outposts and supply or patrol routes.

I dont see anything here a satellite or google maps wouldnt already tell you...

 

[motomonkey]

I dont see anything here a satellite or google maps wouldnt already tell you...

What it tells you, is where a lot of soldiers are, that you would not ordinarily know. patrol routes, where soldiers will be working out (and possibly vulnerable to attack) locations where troops are actually active. as opposed to a bunch of empty buildings. much of this information would be common knowledge to anyone in the area already, but if you get "heat traces" in the middle of a supposedly empty area, where they should not be it could compromise an operation. I have no idea on the time interval between someone using this device and the heat map being updated, but information of this type isn't something that should be available. Opsec and Persec is something that has to be taken very seriously or people get killed.

 

[kju1]

What it tells you, is where a lot of soldiers are, that you would not ordinarily know. patrol routes, where soldiers will be working out (and possibly vulnerable to attack) locations where troops are actually active. as opposed to a bunch of empty buildings. much of this information would be common knowledge to anyone in the area already, but if you get "heat traces" in the middle of a supposedly empty area, where they should not be it could compromise an operation. I have no idea on the time interval between someone using this device and the heat map being updated, but information of this type isn't something that should be available. Opsec and Persec is something that has to be taken very seriously or people get killed.

Sure, I couldn't read this version of the article (blocked by work) so maybe theres more in there. But what I did read was saying this is "nice to heave" ancillary information but its still bad opsec.

Not live data:

The map is not live — rather, it shows a pattern of accumulated activity between 2015 and September 2017.

 

[kidstechno3]

Is there no-one that's reviewing technology procedures/device usage at the Pentagon or what?

 

[motomonkey]

Is there no-one that's reviewing technology procedures/device usage at the Pentagon or what?

It's a thing, but sometimes stuff like this bites you on the ass. The ramifications of new technology are seldom apparent until after the fact. The Germans didn't realize how dangerous Radar was until after the battle of Britain was over, and any chances of an invasion of England were done.

There is so much new Tech that has military implications being developed now, the next war is going to be just full of juicy surprises that get people killed, multiple untested weapon systems that may or may not work at advertised (Cyberwar/infowar, the Chinese DF-21 carrier killer, 5th Gen fighter aircraft, Unmanned Combat Aircraft, battlefield Internet and Blueforce trackers, etc, etc.)

It's just a matter of time before the US and China have a confrontation over the South China sea. They are poised to be a regional superpower in the near term, if not world Superpower in the next 20 years. they are building a world class Navy and Air force and lack only real world combat experience that the US has by the bucket loads now. but experience is a commodity with a short shelf life.

 

[Zarathustra[H]]

I heard of this on the radio this morning.

I was surprised, not because something like this happened, but because I had never heard of Strava. I fully expect Fitbit, Garmin and the like are spying on us via our fitness devices.

 

[motomonkey]

I heard of this on the radio this morning.

I was surprised, not because something like this happened, but because I had never heard of Strava. I fully expect Fitbit, Garmin and the like are spying on us via our fitness devices.

Welcome to the Brave New World, where if you wear a fitness tracker, your insurance rates are lower, (until it's canceled when your obviously a high risk customer) and failure to register as a Genetic Risk with the Health Dept. if you have faulty genes means you have to pay a penalty on your federal tax return.

Coming soon to a nightmare near you.

 

[spugm1r3]

Seriously, being in the military can suck. I miss my time in the service, but everything civilians do without a second thought becomes a liability for a service member. Don't wear your work clothes in public, don't tell your family where you are going when you are on a work trip, don't tell people what you do for a living on social media,etc... Now, don't use biometrics to improve your health.

Every cybersecurity expert expert knows, your biggest liability is people. How long before our service members are stowed away in vacuum-sealed containers, only to be unpacked for the "big show"? On the plus side, those would be some epic unboxing videos...

 

[motomonkey]

Seriously, being in the military can suck. I miss my time in the service, but everything civilians do without a second thought becomes a liability for a service member. Don't wear your work clothes in public, don't tell your family where you are going when you are on a work trip, don't tell people what you do for a living on social media,etc... Now, don't use biometrics to improve your health.

Every cybersecurity expert expert knows, your biggest liability is people. How long before our service members are stowed away in vacuum-sealed containers, only to be unpacked for the "big show"? On the plus side, those would be some epic unboxing videos...

Same here, I still miss it at times. I was able to do and see things I never would have as a civilian. some things I would rather forget, certainly a life changing experience. I still even after all these years have a hard time carrying anything in my right hand without feeling twitchy.

 

[iamjanco]

Here's something that comes with a heat map that probably can't be tracked by way of Strava's app (you might find it on a military installation though, at least per my experiences):

(for the curious)

 

[kju1]

Is there no-one that's reviewing technology procedures/device usage at the Pentagon or what?

These have been approved for about 2-3 years if not longer. Clearly the employees in question couldve done a better job with not allowing location tracking. Still this does not show anything that wasnt already known...anyone with a little bit of time on their hands can go google all of those locations and find out they are very public and have been discussed multiple times.

I heard of this on the radio this morning.

I was surprised, not because something like this happened, but because I had never heard of Strava. I fully expect Fitbit, Garmin and the like are spying on us via our fitness devices.

Is it spying if you give them permission and they told you they were going to do it?

That aside just what do you think they are doing? Taking your data and selling it? They told you they were going to do that. Recording your location with a gps enabled device? They told you that when you bought it.

Here's something that comes with a heat map that probably can't be tracked by way of Strava's app (you might find it on a military installation though, at least per my experiences):

(for the curious)

WTF does that have to do with this?

 

[Gavv]

What’s amazing is once uploaded it gives you all that information and strava’s been around since 2006? 2008?

Hard to believe it has taken this long to figure it out and for it to become a problem.

 

[Zarathustra[H]]

That aside just what do you think they are doing? Taking your data and selling it? They told you they were going to do that. Recording your location with a gps enabled device? They told you that when you bought it.

We shouldn't have to sell our souls in order to use any consumer device.

I fully believe in enacting regulation that mandates that all services and devices must make any data sharing OPT IN, defaulting to the least permissive setting, and may not make any access to services contingent on the user sharing data, unless the service depends on that data in order to function, and even then they should be prohibited from using that data in any other way than what supports the functioning of the service, unless a user opts in.

It is absolutely disgusting that Fitbit forces me to enable GPS on my phone before it allows me to sync my device.

I can't believe there isn't more of an angry backlash against this. Big data needs to be mercilessly slaughtered, and I don't care if it takes the entire tech industry down with it in the process.

 

[kju1]

I can't believe there isn't more of an angry backlash against this. Big data needs to be mercilessly slaughtered, and I don't care if it takes the entire tech industry down with it in the process.

That is a bit extreme. Big data is a pretty wide field to accuse of being "dirty" and needing to die. There are some very valuable questions you can answer with big data that would otherwise be impossible to even ask. I dont mean valuable in the monetary sense either. I mean valuable to science/society as a whole.

I am of the opinion that if you dont like it dont use the device. Speak with your wallet. Buy the non fitbit device. Or if you feel that strongly and you think theres a market build one that doesnt do that level of tracking.

Youre going to argue you shouldnt have to not use the device. In a perfect world...sure maybe. But lets be realistic companies are out to make money. The products are their way of getting you to give them money and data is valuable to them as a source of revenue. Fitbit has to make money somehow or it goes out of business. So either they charge way more for the product (and nobody buys it) or they sell it for a loss and make it up on the data?

To me this isnt structurally different from companies selling the data they had about you before the internet: your address, your credit history, etc. They just have more data points because the consumer has given it to them. And yes the credit card companies sell this mercilessly and have done so long before "big data" so do you want them to die also?

 

[Zarathustra[H]]

Youre going to argue you shouldnt have to not use the device. In a perfect world...sure maybe. But lets be realistic companies are out to make money. The products are their way of getting you to give them money and data is valuable to them as a source of revenue. Fitbit has to make money somehow or it goes out of business. So either they charge way more for the product (and nobody buys it) or they sell it for a loss and make it up on the data?

If Fitbit can't stay in the black by charging $100-$200 for a watch that self destructs before its 2nd birthday and people loyally replace, and needs to monetize user data to make their business model work, they should just pack their bags and go home. They are one giant fail.

As a society we regulate many things we think businesses should not be able to do, if we find that they are pervasive and harmful to society. This is no different.

The truth with Fitbit is this. They have succeeded in making their tracking more accurate than their competitors. If you want to track energy consumed and energy burned, there really is no other feasible option. Fitbit is off by as much as 20%, the competition anywhere from 50-120% in recent tests. This is a device I need, and I shouldn't have to enter into a devils bargain for my personal data in order to buy and use one.

Privacy first, and privacy above all. I don't care if they say they anonymize all the data, because research has proven it is fairly trivial to assign names to "anonymized data".

The truth is that whenever data is collected, it becomes a target for theft, or a temptation for misuse. The only way to avoid this problem is to make sure data is never collected, by anyone. Not businesses, and not even national security minded three letter agencies.

 

[kju1]

This is a device I need, and I shouldn't have to enter into a devils bargain for my personal data in order to buy and use one.

I disagree. You wont die if you dont have your fitbit. Its a device you WANT.

 

[Zarathustra[H]]

I disagree. You wont die if you dont have your fitbit. Its a device you WANT.

Nope. It is a need. With my busy work schedule, it is the only way I can keep on track of my health. If I don't have it, I will invariably lose my battle with staying in shape, and die an early death. I need it.

 

[kirbyrj]

Nope. It is a need. With my busy work schedule, it is the only way I can keep on track of my health. If I don't have it, I will invariably lose my battle with staying in shape, and die an early death. I need it.

That sounds ridiculous, so much so, I'm tempted to believe its sarcasm. If you will "invariably lose" your battle with staying in shape by not wearing a device, you are putting way too much faith in that device's ability to influence your health. The reality is it DOESN'T influence your health at all. YOU influence your health by looking at it. You're prioritizing your "busy work schedule" over your health, and you WANT a device to help you. The problem is you.

 

[DocNo]

I remember when people used to deride Apple's statements about valuing and prioritizing their customers privacy as pompous and irrelevant grandstanding. Maybe the tide will finally turn and more companies will see privacy as an important feature too as more and more people wake up and realize the implications of "free" services that harvest every aspect of their life in order to monitze that information to sell to advertisers. It would be nice to have some pressure from the opposite direction of things by more companies.

 

[Zarathustra[H]]

I remember when people used to deride Apple's statements about valuing and prioritizing their customers privacy as pompous and irrelevant grandstanding. Maybe the tide will finally turn and more companies will see privacy as an important feature too as more and more people wake up and realize the implications of "free" services that harvest every aspect of their life in order to monitze that information to sell to advertisers. It would be nice to have some pressure from the opposite direction of things by more companies.

Mostly agreed, except typically these fitness devices are not the typical "free" data supported model.

Take Fitbit as an example. If you want a model with GPS tracking and heart rate monitoring, you are paying $200 for it, and since their reliability is piss poor, unlike a traditional $200 watch you might hand down to your kid, and they to theirs, you are paying that $200 every two years or so.

That's $17 per month...

 

[jlbenedict]

Not sure what kind of data that Strava publishes on tracked runs... but this is huge in regards to operational security.... or just common sense security for that matter..
If you publish your runs, and have your profile "public"... now if I am in the market to cause harm.. I could stalk your profile and figure out the time of day that a certain victim runs.. what route... and put that data together to draft a plan of "attack"

Or am I thinking way too much into it

 

[kirbyrj]

Mostly agreed, except typically these fitness devices are not the typical "free" data supported model.

Take Fitbit as an example. If you want a model with GPS tracking and heart rate monitoring, you are paying $200 for it, and since their reliability is piss poor, unlike a traditional $200 watch you might hand down to your kid, and they to theirs, you are paying that $200 every two years or so.

That's $17 per month...

I agree with that. It's practically a subscription model with the way the things fall apart.

 

[kirbyrj]

Not sure what kind of data that Strava publishes on tracked runs... but this is huge in regards to operational security.... or just common sense security for that matter..
If you publish your runs, and have your profile "public"... now if I am in the market to cause harm.. I could stalk your profile and figure out the time of day that a certain victim runs.. what route... and put that data together to draft a plan of "attack"

Or am I thinking way too much into it

You complain about that but don't understand why police don't like Waze because they don't want a potential ambush attacker to know where they are.