Soldiers wearing fitness trackers provide a lot of information about what goes on at their facility. Twitter link is worth looking at. Jogging routes, patrol routes, etc.
https://www.theregister.co.uk/2018/01/2 ... locations/
Security
Exercise-tracking app mapped military bases, revealed where spooks go jogging
Strava users ignored off-by-default privacy settings, revealed personal info
By Richard Chirgwin 29 Jan 2018 at 00:36 4 Reg comments SHARE ▼
Last November, exercise-tracking app Strava published a “Heatmap” of user activity which it cheerily boasted comprised a billion activities, three trillion lat-long points, 13 trillion rasterized pixels and 10 TB of input data.
It took a while, but late last week someone wondered “how many Strava users are members of the military or national security groups, and are uploaded their activity?” The answer is “plenty - and they've revealed where they work, where they live, when they were sent to a new outpost and where to ambush them when they least expect it."
Ever since military analyst Nathan Ruser observed that Strava's data included the exercise routes of military and natsec personnel, locating military installations in Strava's has become a social media sensation.
View image on TwitterView image on Twitter
Nathan Ruser
@Nrg8000
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://medium.com/strava-engineering/t ... fc01d301de … … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable
1:24 PM - Jan 27, 2018
46 46 Replies 1,322 1,322 Retweets 1,515 1,515 likes
Twitter Ads info and privacy
For example, in Australia, it's now possible to see where people exercise at the secretive deep desert Pine Gap sigint station:
View image on TwitterView image on Twitter
Ketan Joshi
✔
@KetanJ0
All activity + cycling routes around and inside Pine Gap military facility, Australia #Strava https://labs.strava.com/heatmap/#17.10/ ... 71/hot/all … https://medium.com/strava-engineering/t ... fc01d301de …
5:39 PM - Jan 28, 2018
2 2 Replies 2 2 Retweets 3 3 likes
Twitter Ads info and privacy
Observers have also noted that Strava hasn't revealed much more than was already already visible on Google Earth. For example, here's Pine Gap again, this time from Google:
Pine Gap on Google Maps
Google's got a much clearer image of Pine Gap
Strava's explanation of how it made the Heatmap says it excluded data that users asked to be kept private. The service allows users to create multiple "privacy zones" with a radius of up to 1km. When users enter such the zones, their digital tracks disappear in order to make it harder to figure out where they live or work.
Data revealing the location of sensitive facilities, or the habits of military personnel, would therefore have been excluded if users had employed Strava's privacy setttings.
However, as Ruser later Tweeted, the location of bases isn't the only concern: the ability to establish “pattern of life” information also makes the Heatmap a serious source of risk.
View image on Twitter
View image on Twitter
Nathan Ruser
@Nrg8000
Replying to @Nrg8000
If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away
1:56 PM - Jan 27, 2018
11 11 Replies 84 84 Retweets 180 180 likes
Twitter Ads info and privacy
The Daily Beast's Adam Rawnsley noticed the app can even reveal troop movements, if new Strava users pop up in an area around a military base:
View image on Twitter
View image on Twitter
Adam Rawnsley
✔
@arawnsley
Pretty faint but data from the Strava exercise app shows like China has deployed joggers to its disputed Woody Island in the South China Sea, in addition to fighter jets and HQ-9 SAMs
3:56 PM - Jan 27, 2018
19 19 Replies 428 428 Retweets 781 781 likes
Twitter Ads info and privacy
Beyond the military frenzy, however, El Reg agrees with observations that the heat map is sufficiently detailed to pose a risk to individuals. Brian Haugli noticed that it reaches all the way to your door:
View image on Twitter
View image on Twitter
Brian
@BrianHaugli
Replying to @Nrg8000
You can see individuals that are using Strava by zooming it to houses that have a short line. Strava gives the ability to set up privacy zones, but it's not on by default.
9:59 PM - Jan 27, 2018
1 1 Reply 18 18 Retweets 24 24 likes
Twitter Ads info and privacy
Even if the individual hasn't set up their home as a privacy zone (which Haugli noted is not the default), this is a level of personally identifying information that shouldn't have been published, according to European privacy researcher Lukasz Olejnik.
Olejnik said at the least, someone should have conducted a privacy impact statement before pressing “publish” on the dataset.
He told The Register in an e-mail: “This highlights the challenges of location data anonymisation, and how mass datasets reveal unexpected patterns. Organisations should carefully consider consequences on multiple levels prior to publishing private data.
“That said, making a privacy impact assessment of this kind of a project would be quite an adventure.”
Olejnik also Tweeted that Europe's General Data Protection Regulation (GDPR) considers location to be sensitive information, meaning publication should be handled with care. ®