back to article Fitness app Polar even better at revealing secrets than Strava

Online investigations outfit Bellingcat has found that fitness tracking kit-maker Polar reveals both the identity and daily activity of its users - including soldiers and spies. Many users of Polar's devices and app appear not to have paid attention to their privacy settings, as a result a Bellingcat writer found 6,460 …

  1. Mayday Silver badge
    Black Helicopters

    This makes me glad

    That I don't do much/any exercise. Least of all with one of these portable telescreens.

  2. This post has been deleted by its author

  3. Dr Scrum Master
    Coat

    Ill

    Army Colonel Robert Manning III said at the time: “DoD personnel are advised to place strict privacy settings on wireless technologies and applications”

    Couldn't they have found a Colonel Fit instead of a Colonel Ill instead?

    1. S4qFBxkFFg

      Re: Ill

      Sans serif - because who needs 52 unique glyphs for the Latin alphabet?

    2. Anonymous Coward
      Anonymous Coward

      Re: Ill

      If only some Yankees could think enough to find new names for their sons, instead of acting some like old, stupid, so-called "noble" family "dynasties" in Europe...

      Especially when Roman numeral could get some funny meaning...

  4. Winkypop Silver badge
    Coat

    Colonel Mustard

    On the running track with the Polar

  5. Mark 85 Silver badge

    Not just national security

    I would think that it also opens up a new world of stalking. Not just military but anyone that someone wants to harm.

    1. Joe Werner
      Unhappy

      Re: Not just national security

      Yes, and apparently there have been cases of people using data from... I forgot - Strava? - to find out who owns high end bikes in order to nick them.

      One thing, though, as a preemptive comment (also as a reminder for myself!): the readership of ElReg is likely [0] _not_ a cross section of society when it comes to educated use of that stuff, privacy concerns, or technical knowledge. And while I too bask in the smug feeling of superiority[1] of not having been in that data dump[2], nor in the CA / Faceborg data[3] (and others...) we should probably be a bit less "told ya so!! stoopid muggles!!one!eleven1!" (paraphrased).

      So, one question to all of us: Can we do something? I know that educating users is... tedious, and educating people about personal privacy, control of information, basic operational security is an uphill battle, but can't we all try and educate one or two persons each about it? They don't have to become as paranoid as some people here. Do you have strategies to deal with that?

      [0] p-almost-sure

      [1] who doesn't have this?

      [2] yes, I exercise. Yes, I use gps to track my runs / bike rides (new routes, at least, interesting to find out just where I got lost) - no, they are never put on any portal.

      [3] ok, except very likely indirectly - we are all in there unless you have never had any contact with people using any f'book stuff

      1. DropBear Silver badge

        Re: Not just national security

        So use the off-line open-source Gadgetbridge instead of Xiaomi's app and cloud - or whatever the equivalent is for your brand.

      2. Anonymous Coward
        Anonymous Coward

        Re: Not just national security

        Strava have a privacy feature where you can hide any track that lies within 1km of the fixed points you specify. So you can mark your house and office and automatically remove the first/last parts of your activities.

        Obviously people know roughly where you live and work, just not the exact house to visit to steal your bike.

        1. Joe Werner

          Re: Not just national security

          I know. They have that - now... (but then I could be mistaken and it was not Strava, I wrote I wasn't sure)

          1. JMcL

            Re: Not just national security

            @Joe Werner

            Strava have had it (privacy zones) a few years now, Garmin only recently

        2. EnviableOne Bronze badge

          Re: Not just national security

          yeah, but these just allow you to triangulate House/office/other by taking endpoints at 1km and drawing circles to find where they intersect.

          they have to ad some randomness, but even then NCC Group will probably be able to work it out from the selfies you put on insta/fb/tw/et. al

          1. Anonymous Coward
            Anonymous Coward

            Re: Not just national security

            Everyone knows not to centre their privacy zone on their house... right?

            1. stiine Bronze badge

              Re: Not just national security

              re: "Everyone knows not to centre their privacy zone on their house... right?"

              So, if I center my privacy zone on your house, am I responsible for any breakins you might experience?

        3. stiine Bronze badge
          FAIL

          Re: Not just national security

          Yes, mark your house as out-of bounds. You do realize that every one of your trips out and back will point like arrows .... to your house.

          Try again.

          1. Anonymous Coward
            Anonymous Coward

            Re: Not just national security

            On the Strava settings page:

            Enter a location (i.e. your home or office) below to have an area surrounding that location made private on your activity maps and not shared with others on Strava. To increase obscurity, the location you submit will not be centered within the privacy zone you create. If your activity starts or ends within the location you specify, the start and/or end of the activity will be hidden from other users.

  6. Anonymous Coward
    Anonymous Coward

    including soldiers and spies

    They must be pretty crap spies if people know who they are, is someone undercover in a country going to use an exercise app while scouting out foreign assets? If they are then they are in the wrong job.

    1. Anonymous Coward
      Anonymous Coward

      Re: including soldiers and spies

      Assuming the grunts aren't syncing their activity trackers with satphones, presumably the upload goes via the base WiFi? If only the military had some way to limit what the low spec wetware could send to the internet...

  7. Guus Leeuw

    Dear Sir,

    I understand that technology moves on, however for those of us who are stuck in the past, could you please explain how one would remote an application from ones mobile phone?

    Best regards,

    Guus

    1. Giovani Tapini Silver badge

      Dear Guus

      You don't have to remote any applications, the cloud element of the service publishes all your data nicely formatted so anyone driving past can take a look as people like to share (boast) about steps made, miles cycled etc.

      The people using similar user names across other services can then have data linked from other drive by sources with minimal effort, to arrive at where you live, what you look like, who your family is, where you work, etc.

      regards

      Giovani

    2. PhilipN Silver badge

      Remote > remove

      There is a button to press to alert the sub-editors so as to avoid commenting on typos in these forums. This El Reg not Private Eye.

  8. Bronek Kozicki Silver badge

    Duh

    I do have a Polar Flow account and was never under the impression that my routes are private. I wonder where did the military men get that impression from? Or perhaps they just made certain assumptions without checking?

  9. iron Silver badge

    people at scale aren't paying close attention to how their data leaks

    That would be because people, at scale or otherwise, are idiots. Generally speaking.

    1. DropBear Silver badge

      Re: people at scale aren't paying close attention to how their data leaks

      ...and that includes any large enough set of people, including that of Noble prize winners, apparently. Unfortunately I can't seem to find the study that I remember reading about, that reached that particular conclusion.

  10. Cuddles Silver badge

    Working as intended

    This keeps being reported as a security flaw, but there really isn't a problem. I don't know much about Polar, but Strava, Garmin and Suunto all make it very easy to keep everything private if that's what you want. But that's not what most people want - the entire reason for using these services and uploading everything to somewhere cloudy is to compare and compete with other people. It's a complete waste of time having "researchers" "discover" that you can find out where people do exercise and that happens to often be near home or work, because that's the whole bloody point of these apps in the first place. It's like writing an article about Twitter with the revelation that things you post on it can be seen by other people. Deliberate publication with the intent of being seen by other people is not a data leak.

    1. Doctor Syntax Silver badge

      Re: Working as intended

      "Deliberate publication with the intent of being seen by other people is not a data leak."

      How about deliberate publication to draw attention of possible consequences for people whose only idea seems to be "Look at me!!!!"?

    2. Anonymous Coward
      Anonymous Coward

      Re: Working as intended

      "It's like writing an article about Twitter with the revelation that things you post on it can be seen by other people."

      I dunno, I tend to assume that some of the most high profile users of twitter don't know their tweets are being published....

  11. Halcin

    Is it because "Talking Heads" constantly use "The Innocent Have Nothing to Hide"™ to guilt people?

    Or are App developers, by making privacy so difficult, are taking advantage of peep's laziness so they (the developers) can profit from the data? "Sharing is Caring!!!*"™

    *Three exclamation marks to indicate the (forced) manic happiness needed when expressing this statement.

    1. VinceH Silver badge
      Big Brother

      "Or are App developers, by making privacy so difficult, are taking advantage of peep's laziness so they (the developers) can profit from the data?"

      Something along those lines, I think.

      "Sharing is Caring!!!*"™

      Don't forget that"Privacy is theft!" and "Secrets are Lies!"

  12. Rich 2

    Brave new world

    It's bizarre that the default settings for anything involved with personal information seem to be "share will anyone that cares to look"

    And I really must be getting very old but I'm baffled by people's desire/apathy to have their every movement tracked, whether it's running around the park, visiting your granny, or taking the bins out.

    I've just come back from a lovely weekend away but I must be very strange because I don't feel any compulsion to advertise it on faecesbook or twitter, and while I was away, I didn't enable the satnav on my phone and sign up to "please-track-my-every-movement-and-post-it-on-the-internet.com"

    Jeez! What is wrong with me?????!!!!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: Brave new world

      Well, you can't spell "facebook" for a start ;)

    2. Aristotles slow and dimwitted horse Silver badge

      @ Jeez! What is wrong with me?????!!!!!!

      Yet you had the impulse to come and share that information on the public comments site of an internationally published IT news website?

      So in response to your request to understand "Jeez! What is wrong with me?????!!!!!!" I'd suggest it's a dose of unqualified "smug bastard-ness" with a light infection of hypocrisy.

      Just because you can doesn't mean you should, if ludditry is your game of choice.

  13. Jon Kinsey

    Military personnel found near military bases…

    That is a big surprise (secret?).

  14. Anonymous Coward
    Anonymous Coward

    whats the problem here? looking at the deluge of run stats posted on my facebook feed, i get the sense runners dont mind their information being public. Seems they might even like the service to go one step further and laser the information to my brain via my optic nerve, so i can never do anything without first knowing where and when and how far they've run today.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019