Sign up for our weekly newsletter!
REGISTER NOW
Comments
Joe Stanganelli
Joe Stanganelli
2/2/2018 10:25:41 AM
User Rank
Author
Why show off this data? Why even have it?
Frankly, what the heck were they thinking? Strava effectively used something akin to Uber's God Mode and -- granted, with "anonymized" data -- posted about it.

The fundamental lesson here (well, one of them, anyway) is that when you try to show off how fancy your data and data methods are, make sure that you aren't showing off your users' data at the same time! Because, guess what, you usually are.

Moreover, even if Strava didn't release this data so irresponsibly, people inside the company are still privy to this sensitive information -- which goes to show how problematic these devices and apps are (even to the extent of, as Tan points out, the lack of a signal).

50%
50%
mhhfive
mhhfive
2/2/2018 1:05:54 PM
User Rank
Guardian
Re: Why show off this data? Why even have it?
I think the problem here is that they weren't even thinking about this at all... not that they knew about it and ignored it. 

I'm curious how these trackers work though? do they monitor positions *anywhere* on the globe somehow? I assume not. So US military bases are already somewhat public knowledge. And the "hidden" ones.. I assume don't use these trackers. 

So this data is creepy.. but.. not exactly surprisingly secret info? I suppose it tells everyone how physically fit our best soldiers are (or aren't as the case may be). But we've already had plenty of US citizen medical data leaked online, so it shouldn't be too surprising to see our soldiers are a subset of the general population.

50%
50%
batye
batye
2/3/2018 3:11:14 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
@mhhfive sometime things happens what ever we like it or not... and most people do not know everything about devices/technology they using... and it just happens - but lesson should be learned... 

50%
50%
Susan Fourtané
Susan Fourtané
2/4/2018 12:50:13 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
As a user of Strava and a trillion more fitness applications I can tell you that you always have control of what you want to share, make public, an enable within the application. Strava is a running and cycling GPS application. Tracking your run lets you compare and analise your performance over time. It’s useful if you want to train for a marathon, or just motivate yourself when you see your progress. You need to actually use the application to see how it can help you in your fitness plan and how you choose privacy rather than broadcasting your activities. I don’t see the problem here is what the application can do, that was conceived to help those who choose to stay fit, but the fact that some guy decided to tweet something that potentially can give ideas to other people whose interest in this kind of application may be something else rather than getting a flat stomach. Do you think it’s better to stop developing applications that can help people just because there are some people out there that might use them to “locate US military bases”? This is simply solved by soldiers not using Strava or any similar application. Isn’t staying fit and exercising regularly part of their job anyway? Do they really need an application? I don’t think so.

50%
50%
Joe Stanganelli
Joe Stanganelli
2/4/2018 5:13:59 PM
User Rank
Author
Re: Why show off this data? Why even have it?
> "Do you think it's better to stop developing applications that can help people just because there are some people out there that might use them to "locate US military bases"

Kinda, yeah.

I mean, "help people" is broad. But we're not talking about ending world hunger here. We're talking about an app that's essentially a combination of an automated stopwatch and a really souped-up pedometer.

That said, sure, develop and use whatever apps you want, I say. But all I'm saying is that developers should go into development with a privacy-first and security-first mentality -- something we rarely see.

50%
50%
Susan Fourtané
Susan Fourtané
2/16/2018 4:21:02 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
Oh, really, Joe? The US military bases are not the centre of the planet. If the military people don’t know how to use the settings of the applications they use they have two choices: not to use any of those applications or learn how to use the settings to protect their data. The application does much more than what you assume it does. And in any case, other people on the planet have the right to use the application for whatever they consider is good for them. Good part of the problem here is not really knowing how the application works, what it does, and some people not knowing how to use the security and privacy settings. It’s not just about the developers.

50%
50%
batye
batye
2/3/2018 3:12:55 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
@Joe Stanganelli could not agree more interesting point... but I would ask the simple question if they know what they doing - why they did it... or they just pretend know all and hope for the best... 

50%
50%
Susan Fourtané
Susan Fourtané
2/4/2018 12:57:17 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
No, Joe. The user has the power over their data. You can choose to switch off the GPS and don’t track your route. It’s up to you what you choose to share, track, or enable within your application and settings. Strava doesn’t broadcast your data. You do if you choose to do it.

50%
50%
Joe Stanganelli
Joe Stanganelli
2/4/2018 4:32:31 PM
User Rank
Author
Re: Why show off this data? Why even have it?
> Strava doesn't broadcast your data.

But...um...that's exactly what they did, and what these news stories are about -- broadcasting user data.

Even pseuodymized or anonymized, the allowance of collection of personal data presents a "tragedy of the commons" type of situation when it comes to privacy issues -- revealing information that is sensitive to not only about the users but also to non-users.

50%
50%
batye
batye
2/5/2018 3:17:25 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
@Joe Stanganelli for me it a scary new reality where things do happens not under our control... 

50%
50%
Susan Fourtané
Susan Fourtané
2/16/2018 4:22:20 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
Barye, you can always control the applications through the settings. That’s what they are for.

50%
50%
Susan Fourtané
Susan Fourtané
2/16/2018 4:13:58 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
No, Joe. I use Strava. The application broadcasts your data, sure, if the user’s settings allow it. Isn’t that the responsibility of the user?

50%
50%
mhhfive
mhhfive
2/5/2018 3:16:40 PM
User Rank
Guardian
Re: Why show off this data? Why even have it?
>"You can choose to switch off the GPS and don't track your route. It's up to you what you choose to share"

So does this mean a whole bunch of military people are now in violation of operational security duty? The Uniform Code of Military Justice has some harsh penalties for this kind of violation....

50%
50%
Susan Fourtané
Susan Fourtané
2/16/2018 4:37:39 AM
User Rank
Guardian
Re: Why show off this data? Why even have it?
Mhh, if the military people don’t know how to use the settings in their applications they shouln’t use the applications, or they should set the privacy and security setting accondingly to operational security code they have to follow. If they don’t protect their security and privacy why someone else should have to do it for them? The application has a “Record” button. It’s up to the user to record their route. The application doesn’t record anything by itself. You need to push the button. You can also choose to turn on or off the GPS.

50%
50%
Susan Fourtané
Susan Fourtané
2/16/2018 4:54:02 AM
User Rank
Guardian
Strava’s Privacy Settings
mhh — Users can choose to make personal heatmaps. It’s optional and you need to push the button. Sharing your real-time location is a Premium feature and you choose to turn it on, In Privacy Settings you have the option to turn on the following: Enhanced Privacy, Private by Default, Group Activity Enhanced Privacy, Hide from Leaderboards, Hide from Flybys, Anonymized Data: Hide Anonymized Data in Metro and Heatmaps. There is an explanation of what each of those things does when you turn them on. Further customize your Privacy at http://www.stava.com/settings/privacy to: Hide your home, office, or any other locations by creating Privacy Zones. Did they created a Privacy Zone? No. Whose fault is this? Theirs.

50%
50%


Latest Articles
But to prepare for something usually means you have an idea about what you are preparing for, no?
An emerging and increasingly sophisticated threat campaign is employing obscure file formats.
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
An IoT device carries with it the implicit threat of being used for nefarious purposes if it has not been created with security foremost in mind.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with