back to article IT bloke: Crooks stole my bikes after cycling app blabbed my address

An IT manager in Manchester, England, says thieves stole his bikes after a smartphone cycling app pinpointed the location of his garage. Mark Leigh, 54, of Failsworth, said his two bicycles – worth £500 ($750) and £1,000 ($1,500) – were nicked shortly after he made his address and details of his bikes public on the popular …

Page:

  1. Anonymous Coward
    Anonymous Coward

    Common sense

    Which is why I don't start the computer running until I'm half a mile from home, and stop it half a mile from home on the way back.

    1. Graham Marsden
      Thumb Down

      Re: Common sense

      Common sense *should be* designing an app with security *first* in mind, not 27th after all the bells and whistles and pretty bits...

      1. Adam 52 Silver badge

        Re: Common sense

        In fairness to Strava it is built into their app and the new user messaging does remind you to set it up.

        1. Johan Bastiaansen

          Re: Common sense

          It should have been the default setting!

          In all fairness to Strava, that's just bs, giving their lawyer some legal ammunition.

          Bad design.

          1. Infernoz Bronze badge
            FAIL

            Re: Common sense

            He and the other victims need to sue Stava for a negligent, default security fail!

            GPS cloud tracking apps must have a minimum radius around detected start/end points where tracking data is always hidden from the public to avoid this kind of security fail.

            Publishing any movements you make is a security risk anyway and could get you directly hurt or otherwise compromised.

            1. BebopWeBop Silver badge
              Facepalm

              Re: Common sense

              While I appreciate concerns over Strava - as an IT 'professional' didn't he even think of the downsides of detailing his possessions and using an application that identified his start point? The article was a little unclear, and I presume that Strava does not reveal the actuall adress rather than GPS source location, but still.

              Another example of security and privacy being last on the list of a number of 'professionals' in the business. Depressing to think how this extends into toehr walks of life (the 'rob my home' warner being an amusing attempt to highlight the problems).

              Little sympathy for professional stupidity though. Will his insurance company pay up given he advertised location and details of his valuables?

          2. chris 17 Bronze badge

            Re: Common sense

            @johan

            You have to tell it your address so it knows to block out anything within a certain distance from your home. Else it'll block a certain radius from your start point which is a pain if you drive to an event or otherwise don't want the start blocked.

            1. Adam 52 Silver badge

              Re: Common sense

              Quite. And for all those saying it should block automatically, all that does is give you a nice circle centred on your house.

              1. Smooth Newt Silver badge

                Re: Common sense

                I don't think enabling a feature like this it will produce a circle centred on the house since people leave their house along one or two routes, unless they live in a featureless desert, rather than travel out in a random direction each time.

                The circle needs to be big enough, though, say a few hundred metres, to encompass many houses. It also needs to be big enough so you don't have to give the exact location anyway, since a copy of the database may be sold on when it is eventually stolen.

                1. BebopWeBop Silver badge
                  Happy

                  Re: Common sense

                  I do hope that circle is randomly assigned a centre/radius. Of course if the app writers decided that to be smart, they would re-centre every time the location was looked at, or very time a new ride was displayed, some enterprising thief might get the idea that they could collect enough data from a keen rider to better identify the real start location.

                  1. John Robson Silver badge

                    Re: Common sense

                    You define the circles yourself - so I have several covering my local estate - there are only three paths out, but all it says it what estate I am on.

                    Same around my office.

                    Not that any of my local rides are publically shared, nor do I record them any more...

                    1. Lee D Silver badge

                      Re: Common sense

                      Is it really just me?

                      Why the hell are you sharing rides on your bike with the world in the first place? I mean... why? Isn't that like the old slide-projector enthusiasts who just show you every detail of their trip when you go around their house? Why?

                      Just... WHY?

                      (Why?)

                      1. Stuart 22

                        Re: Common sense

                        "Why the hell are you sharing rides on your bike with the world in the first place?"

                        We use a similar app and publish our club rides every week so people on the ride can know where they have been and newcomers have an idea of the type of rides we do.

                        Thankfully if any naughty people try and use it to track the start/finish they will end up at a telephone box in South Croydon. No bikes inside and very rarely a handset. Guess that was all they could find.

                      2. AdamWill

                        Re: Common sense

                        It's exactly like that. You get to be part of a 'community' where everyone pretends to be wildly interested in where and how fast everyone else is riding their bike, the payoff being that other people will pretend to be wildly interested in where and how fast you're riding *your* bike. Doesn't that sound fun?

                2. BebopWeBop Silver badge

                  Re: Common sense

                  Although of course, something of a 100 metres of so and a rider who regularly shares their rides, might get some lowlife loitering one morning to identify the actual house - and bingo. Sometimes this urge to share/brag goes a little too far.

              2. 's water music Silver badge

                Re: Common sense

                all that does is give you a nice circle centred on your house.

                Only if you centre a privacy zone on your house and then only if you cycle enough different routes to and from your house to enable the zone's centre to be triangulated.

          3. John Robson Silver badge

            Re: Common sense

            Ok - so where do you conceal by default?

            The number of people who drive to the start of a bike ride is quite high, and there is no benefit to "concealing" the start of that ride.

            The setup takes you through setting up privacy zones, and you then have to make each ride public.

          4. paulc

            Re: Common sense

            bit difficult to be the default setting... how on earth can the app possibly know where your home base is, you might have installed it and activated it someplace else from home...

            1) I've set up several privacy zones, home, work, and normal destinations for some of my rides.

            2) Even having the garage door locked is not enough, you need a decent ground anchor and to lock the bikes through the frame to that ground anchor, then they need to use noisy power tools to cut them loose.

            My insurance insists on me having them secured with a ground anchor when at home and not leaving them locked up overnight either.

            1. BebopWeBop Silver badge
              Happy

              Re: Common sense

              My insurance insists on me having them secured with a ground anchor when at home and not leaving them locked up overnight either.

              Doesn't this requirement not to leave them locked up reduce the need for a ground anchor?

              1. paulc

                Re: Common sense

                forgot to type 'outside' ... as in not to leave them locked up outside overnight...

                anyway, my expensive bikes are in my storage unit... ride my cheapo to it and back when I go out for a training ride.

          5. 's water music Silver badge

            Re: Common sense

            It should have been the default setting!

            Strava doesn't know your address by default. Would it be better for them to gather further data for them to lose. In any case, who is to say where you want or need a privacy zone? I need several that aren't at my house. As has been noted, you do get prompted to set up a zone and you have to enable ride sharing

      2. kiwimuso
        FAIL

        Re: Common sense

        Why the hell would anyone possibly need an app to go for a bike ride, fer fuck's sake!!!!

        Deserves all he got.

        Poor security despite my remark.

    2. Anonymous Coward
      Anonymous Coward

      Re: Common sense

      I used to do that, then I was spotted entering my house. I now beam myself home from half a mile away. That way no one will see where I live.

      1. DrGoon

        Re: Common sense

        My solution is to attach cell phones to all the stray cats in the area and have then all share the same cycling app account. This does of course mean that for the decoy to work effectively one has to cycle at night, but it's a small price to pay.

    3. TeacherMARK

      Re: Common sense

      I don't believe you do that.

      1. RubberJohnny

        Re: Common sense

        Make your start point and finish point a mile or so away from home. Use the travelling to the start point as a warm up and travelling home from it as a warm down. Don't record the warm up / warm down.

        A few years ago I bought a new bike, it was stolen the same night. Quite a lot of it was happening, people were being followed home from the shop.

    4. John Sanders
      Holmes

      Re: Common sense

      Common sense should be not to tell the entire world what are you up to the minute, applications or not.

      Privacy has been eroded dramatically already, no need to also publish your every move.

  2. Anonymous Coward
    Anonymous Coward

    Social - adjective used to be associated with diseases

    Till recently social and disease used to be a very good fit. It looks like they still are.

    Social support in an app - no thanks. Share? No thanks either. I grew up in a place where "sharing" was taught in schools as a virtue. If you were more observant to notice what was behind the high fences of the Politburo dachas you were quick to comprehend that sharing is for the plebs. The ones that benefited from it did not share a dime. Or a kopeika to be more exact.

    Share my location? Share my data? Sorry, I know what "sharing" proposed within the context of social by a "business" really means - I had 20+ years of childhood training on that. It means you are screwed and some f***head gets to be a billioner.

    Nope, you cannot make me into a sharing sort of person for the life of god. Share? Some other time. Pay me, and you may get stuff.

    1. P. Lee Silver badge
      Childcatcher

      Re: Social - adjective used to be associated with diseases

      >I grew up in a place where "sharing" was taught in schools as a virtue.

      It still is. However, we still have semantic errors which mislead people. I don't "have the internet on my iphone," I do allow random people on the internet to send stuff to a computer I neither really control nor understand but to which I trust an awful lot of personal information. I do not "have" this app, I HAVE installed a random bit of code, from people I don't know, with whom I have no discernible relationship, on a computer with lots of personal data on it.

      Its good that people share these stories. The more publicity this sort of thing gets, the more people understand that the more (even transient) information (such as whereabouts) is stored and shared with code of unknown origin, strangers, government, corporations, cloud storage organisations, the more dangerous it is to you personally. Stop contributing to these infrastructures.

      My take on the matter is simply don't do it. Don't bother trying to secure a zillion and one apps, just stop sharing where you run, cycle, walk, what you had for lunch and where it was. No-one needs to know that. My weather app doesn't need my location. I can use privacy mode in the browser and give it a postcode of a major town nearby - it doesn't need to know I'm down at the bottom of my garden. That URL gets stored in the local history, not synced up to some cloud, not even for Firefox.

      Give me rsync over ssh over a vpn to my machine at home for "cloud," and I'll be happy. OneDrive I do not want even if it did have unlimited free storage. Application-level clouds are even worse. Per-application storage protocols? No thanks.

      If I want to socialise and share with friends, I'll schedule some time to be with them. "You're my friend, but I'm only going to broadcast my information to you, not spend time listening to you" doesn't cut it, not even if the broadcast is two-way. Why have have something as inhuman as a computer mediate social activity? Go back to the clubhouse or pub or invite people home and regale them of stories of the close calls you had with a bus on your bike ride. That is how you build friendships - not by clicking "like" or sending them GPS coordinates of where you ride or where you had lunch.

      Stop sharing with corporates, software and devices and start sharing directly with people you know. That is how you develop appropriate trust boundaries.

      1. chris 17 Bronze badge

        Re: Social - adjective used to be associated with diseases

        @p.lee

        You'll not want or like IPv6 then without nat, which encourages anything to connect to anything everywhere and discourages hiding your multiple devices behind an obfuscation device like nat!

        Privacy is constantly being eroded on the net, opportunities to enhance privacy are often deliberately engineered out, I.e tracking cookies.

        1. Anonymous Coward
          Anonymous Coward

          Re: Social - adjective used to be associated with diseases

          I'm already on IPv6 and I've natted off all the devices on my home network. Does not matter if the support IPv6 already, they are natted off the Internet.

          My Internet Point of presence was in London E17 but something seems to have (and despite all my best efforts) found my home location. I'm going to move ISP's in January and hope that I can keep my real location obscured from the unwashed masses who would steal it in a flash.

          Yes I know that keeping your real ID off the interwebs is getting harder and harder but at least I'm trying unlike a good many of the population who seem to be Social Media Addicts and get their kicks from telling the world what they had for brekkie, how the got to work, where they work etc etc etc

          1. Peter2 Silver badge

            Re: Social - adjective used to be associated with diseases

            More over, if your broadcasting this information your also telling people where your house is and what your schedule is, so a thief can identify when your not in your house and when a convenient time to rob your house is.

            Call me old fashioned, but if somebody was checking my house out every day when I went to work who didn't live in the area then i'd be getting alarmed by it. Simply posting all of this information online alarms me to a similar extent.

            Maybe i'm just paranoid (or an introvert...)

          2. Voland's right hand Silver badge

            Re: Social - adjective used to be associated with diseases

            but something seems to have (and despite all my best efforts) found my home location

            Most likely Android - Google correlates between your WiFi SSID, your visible IP address and various other (a)GPS data. The WiFi vs location is well known and publicized, the IP to other data not so much. It is there and it is being done even if you did not provide them with exact address by associating a payment method to your google play account. It also works if the payment method is registered to a different address. Long live conditional probability and statistics.

            Granted, so far there has been only a couple of cases where a person in the google staff has abused their position to access data inappropriately. As it grows the probability for this increases. It is further increased by adding M2M, IoT, etc. It is only a matter of time until it is compromised for use in burglaries. It is not a question of if, it is a question of when and how many.

      2. PeteA
        Thumb Up

        Re: Social - adjective used to be associated with diseases

        Well said, sir.

  3. Jay 2

    From reading the headline I had a sneaky feeling it was Strava. I feel sorry for the guy having his bike nicked, but surely as an IT bod he should have been all over the settings for a location/social-based website?

    1. Johan Bastiaansen

      it was bad design

      I'm so old, I remember when cars came without safety belts. But hey, you could add them yourself.

      Kids pyjamas would be so inflammable, they would turn your offspring in a burned crisp in seconds. But hey, a parent should keep them away from open fires right?

      It is bad design. And the only way it will be corrected is to enforce it by making them pay for the damages caused by their stupidity.

    2. Anonymous Coward
      Anonymous Coward

      Not the guy you would employ for setting up things like secure networks or in deed any form of security in an IT setting.

    3. js1592

      He's an IT Manager; clearly he has no time for security.

      1. Anonymous Coward
        Anonymous Coward

        >He's an IT Manager

        So what do you all think an IT Manager is?

        Personally I'm rather tired of the overuse of the IT tag for anything from retail store PC sales droids, call centre first line support, virtually anything under the sun that involves using Windows to real professionals.

        For anyone to descibre themselves as an IT manager means they are not an expert in anything IT otherwise they would be more specific.

        1. Anonymous Coward
          Anonymous Coward

          "or anyone to descibre themselves as an IT manager means they are not an expert in anything IT otherwise they would be more specific."

          I think you're thinking of an IT consultant.

          1. Anonymous Coward
            Anonymous Coward

            Ah, seems like I touched a nerve with self proclaimed IT managers. So fess up, WTF do you manage? I'd bet the shirt off my back you couldn't manage security at Mothercare.

  4. nsld

    over sharing

    Sometimes its just TMI thats the issue.

    That and a lack of decent security and its adios to the wheels.

    Alarms, CCTV, embedded locking post and a baseball bat all help.

    1. YetAnotherLocksmith

      Re: over sharing

      Get a couple of layers of security, spend some money on Sold Secure Gold rated kit, & add some sort of alarm/CCTV/pager that'll tip *you* off about something happening, as well as the neighbours.

      1. Anonymous Coward
        Anonymous Coward

        Re: over sharing

        And people wonder why my bikes live in my kitchen. Or perhaps now they don't wonder so much anymore. :^\

      2. John Tserkezis

        Re: over sharing

        "Get a couple of layers of security, spend some money on Sold Secure Gold rated kit"

        No, you would be better off growing a brain and NOT publically sharing your name, address, portable goods, and the fucking convenience of a GPS track leading to your front door.

        CCTV was never designed to cover morons.

        Back when I used to ride, I was the tight-arse of the group, my bike barely made the AU$4K mark. There were others in the group who topped AU$12K. And we had multiple bikes to boot, and we would never share last names with unknowns, and certainly never addresses.

        Obvously $1500 shows a different class of customer. Share everything, complain later. He isn't going to get any sympathy from me.

        And no, if you're thinking of going shopping, I sold the bikes years ago since my hips completely wore out. The best I can offer now is a limp.

        1. Lamont Cranston

          @John Tserkezis

          A limp what?

    2. Anonymous Coward
      Anonymous Coward

      Re: over sharing

      "Sharing". The lie that keeps on giving.

      The people who use these apps aren't "sharing"; "sharing" is the neu-tek term for "narcissism". I'm not seeking attention nor am I seeking affirmation, I'm really just "sharing"!

      There is no reason for these "sharing" apps to share details like precise speed, personal diet, maintain a leaderboard (Strava), power, cadence, personal activity logs and even heart rate...except for the goal that, in "sharing" these personal tidbits, you'll get attention for something you've done. If these apps were about sharing a road map for others to enjoy, then your personal, intimate details wouldn't matter.

      Did you "share" your precise minute-by-minute GPS road track data with your co-workers from your last weekend out on a drive, plus include your last health exam data as well? No, you didn't. We, don't. But you just HAVE to post all your sordid details about your little runs and bike rides, and everything about yourself as you did them, in the hopes that your friends, using the same apps, will give you all the lovely attentions that you've always asked for. They'll call you out for just how good a job you did. Give you a cheer because you are just so special. These apps are the Twitter / Facebook for the self-assigned "athletes", the people who make sure that everything they do is realized as...something important.

      So you posted stupid personal details about your stupid, inconsequential personal activity...and you got nipped for it. Good for you.

      Idiot.

      1. LaeMing Silver badge

        Re: over sharing

        The funniest thing is that these 'friends' will be too busy 'sharing' their own 'achievements' to be really interested in yours. The big test is to look at how much you care about what others do (not in comparison to yourself, however). There is a good chance those others care just as much about you (not in relation to themselves).

      2. Anonymous Coward
        Anonymous Coward

        Re: over sharing

        Dammit. That sounds like trolling...... but I agree with it anyway. AC because confused.

      3. Anonymous Coward
        Anonymous Coward

        Re: over sharing

        The "look at me" irony is strong with this one - especially now it has over 30 upvotes

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019