back to article All your base are belong to us: Strava exercise app maps military sites, reveals where spies jog

In November, exercise-tracking app Strava published a “heatmap” of user activity which it cheerily boasted comprised a billion activities, three trillion lat-long points, 13 trillion rasterized pixels and 10 TB of input data. It took a while, but late last week someone wondered “how many Strava users are members of the …

  1. Mark 85
    Facepalm

    see icon..... pretty much sums it all up.

  2. Anonymous Coward
    Anonymous Coward

    Collect all the data, ignore users privacy...

    ...and compromise your security.

    Dumbass.

    1. Oliver Mayes

      Re: Collect all the data, ignore users privacy...

      There are all kinds of privacy setting the users could have employed. If they couldn't be bothered to switch any of them on you can't blame the service.

      1. Doctor Syntax Silver badge

        Re: Collect all the data, ignore users privacy...

        " you can't blame the service."

        Yes you can. You can blame them for not making the privacy setting default to something sensible. This amounts to an offence under GDPR.

        I wonder how many fines its going to take until US manufacturers learn to do things right.

        1. Adam 52 Silver badge

          Re: Collect all the data, ignore users privacy...

          "This amounts to an offence under GDPR"

          I'm almost certain it won't.

          1. DavCrav

            Re: Collect all the data, ignore users privacy...

            ""This amounts to an offence under GDPR"

            I'm almost certain it won't."

            I'd be surprised if it isn't already an offence under the current regulations. They are a processor of sensitive data (where someone is) under DPA, and they cannot just publish all that information in such a way that it can be deanonymized. Obviously showing you coming out of your house is not very anonymous. They might also be in trouble over various national security legislation. Arguably this is material of benefit to terrorists, and its publication would then be an offence under UK law. (Find any route that goes into a military base, for example, and then wait along it.)

            1. Adam 52 Silver badge

              Re: Collect all the data, ignore users privacy...

              "They are a processor of sensitive data (where someone is) "

              You can look up sensitive data on the ICO website:

              https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/

              It doesn't include location.

              Excluding home addresses *is* part of the Strava sign up process. And Strava's privacy policy explicitly acknowledges that people may be identified from aggregate data:

              "If you make information or content publicly available on the Services, such information, even when aggregated, is capable of being publicly viewed and possibly associated with you"

              There are plenty of bad boys in the industry, but Strava isn't one of them.

              They have consent under current DPA for everything they do. They have consent under GDPR, although I don't think they need it (because storing location and deriving profiles from it is the whole reason for the service existing).

              Need to go now, time for my daily catch-up with the GDPR lawyers.

              1. SkippyBing

                Re: Collect all the data, ignore users privacy...

                'Excluding home addresses *is* part of the Strava sign up process.'

                Very much this, what surprises me is how many people miss it. I compared my friends house in LA with mine, he is obviously the only person living on his street to use the app despite a reasonable number of people using it as part of their running route. My house in a small town in the UK has apparently never been lived in by someone who has Strava even though I ran about 5 times the distance he did last year.

                What I did like was looking in Portsmouth harbour and seeing a feint outline of an aircraft carrier.

              2. caffeine addict

                Re: Collect all the data, ignore users privacy...

                Does it have to comply with UK DPA / ICO requirements if it's a US company shipping the data straight to the US untouched. Seems unlikely. That kind of "our law applies everywhere" mentality is normally restricted to US gov.

                1. DavCrav

                  Re: Collect all the data, ignore users privacy...

                  "Does it have to comply with UK DPA / ICO requirements if it's a US company shipping the data straight to the US untouched. Seems unlikely. That kind of "our law applies everywhere" mentality is normally restricted to US gov."

                  It depends. Did the data originate in Nigeria? No. DId it originate in the UK? Yes. Processing UK citizens' data means you fall under the purview of the ICO, and UK law.

                  1. caffeine addict

                    Re: Collect all the data, ignore users privacy...

                    It depends. Did the data originate in Nigeria? No. DId it originate in the UK? Yes. Processing UK citizens' data means you fall under the purview of the ICO, and UK law.

                    This is very much not my field, but that's not my understanding, or the reading I get from (random fairly reliable website) ThomsonReuters https://uk.practicallaw.thomsonreuters.com/1-502-1544

                    The Data Protection Act (DPA) applies to data controllers that are either:

                    * Established in the UK and process the data in the context of that establishment.

                    * Not established in the UK or an EU member state, but use equipment in the UK for processing data (excluding where that data is only in transit).

                    1. DavCrav

                      Re: Collect all the data, ignore users privacy...

                      "Not established in the UK or an EU member state, but use equipment in the UK for processing data (excluding where that data is only in transit)."

                      Well there you go. Transit means passing through, not starting from. I'm not 'in transit' at Heathrow if I get off the bus there, it's if I'm on a connecting flight. The data originated in the UK, so it's covered. And of course the equipment is the smart watch/whatever.

      2. DavCrav

        Re: Collect all the data, ignore users privacy...

        "There are all kinds of privacy setting the users could have employed. If they couldn't be bothered to switch any of them on you can't blame the service."

        You mean: there is an option in the settings for us not to come around and shoot you in the face. If you couldn't be bothered to switch it on you cannot blame us.

    2. Anonymous Coward
      Anonymous Coward

      "consider consequences on multiple levels prior to publishing private data"

      Or maybe consider consequences on multiple levels prior to collecting private data?

      Hope that once governments are bitten themselves hard by the data gathering frenzy, they'll reconsider the rules about data gathering... I wait for the first politician being shown "exercising" at his mistress house...

      And, no, opt-out is not enough - people should at least have to opt-in to any data collection.

      1. Adam 52 Silver badge

        Re: "consider consequences on multiple levels prior to publishing private data"

        "And, no, opt-out is not enough - people should at least have to opt-in to any data collection"

        Strava is a data-collection site. That's what it does. You opt-in by uploading your stuff to jt, it doesn't magically track you without consent.

        When I signed up the privacy zone was in the initial setup wizard, so it's a little deceptive for the article to call it off by default. It has to be off as far as it is, because Strava doesn't know where to put it unless you tell it.

        Heatmap is just another example of it being really hard to anonymise through aggregation.

      2. rmason

        Re: "consider consequences on multiple levels prior to publishing private data"

        @AC

        absolute nonsense.

        They purchased a device and service that is *SPECIFICALLY FOR* data gathering and sharing

        Yes, if they purchased something random that was gathering this data, fine. That's not the case though. you seriously aren't suggesting they should have to opt in to make the device function as advertised?

        Sorry, but this sort of attitude contributes to the issue. The onus is on the users to understand what they have purchased and use it correctly. The company are doing *exactly* what they say they'll do.

        1. Anonymous Coward
          Anonymous Coward

          "ervice that is *SPECIFICALLY FOR* data gathering and sharing"

          As I see it promoted, it's for activity tracking and friend sharing, not to sharing with world + dogs.

          It's still worrying that people are OK to share those data just to show theirs is longer... but we're in an era when you're a child until well into the forties.... I stopped such kind of behavior when I was eight or nine.

    3. Anonymous Coward
      Anonymous Coward

      Re: Collect all the data, ignore users privacy...

      It's not PII though. The fuzzy line shows where some of the millions of users have been. The only reason you know a line to a front door is your friend is because YOU have Personally identifiable info on your friend, like where they live and the fact that they use Strava. Without that information it may just as easily be the postman or a stalker, and the heatmap gives you no more useful information than that. "privacy experts" are driving me insane at the moment, GDPR is like cat nip for dipshits.

      1. SkippyBing

        Re: Collect all the data, ignore users privacy...

        'Without that information it may just as easily be the postman or a stalker'

        No, you can see the stalker's line in the bushes round the back.

      2. DavCrav

        Re: Collect all the data, ignore users privacy...

        "It's not PII though. The fuzzy line shows where some of the millions of users have been. The only reason you know a line to a front door is your friend is because YOU have Personally identifiable info on your friend, like where they live and the fact that they use Strava."

        I thought there were statements like 'it's not anonymous if it can be de-anonymized with extra information'.

  3. Mayday
    Holmes

    I've never understood

    Why people use and publish results from apps such as this.

    Every day I see on social media people posting their running/cycling etc details online. I can literally deduce their home address and what time they enter/leave from here. Even from people I don't know too well.

    I'm not a nasty guy, but plenty of people are and they can use this info for not so nice purposes. Seems like common sense isn't too common.

    1. A Non e-mouse Silver badge

      Re: I've never understood

      The problem with Strava is by default it shares it with the world. If you're just sharing the data with your friends*, they probably already know where you live.

      * This assumes that you only friend people who really are your friends, and not just any random Tom, Dick or Harry who ask to be your friend...

    2. Anonymous Coward
      Anonymous Coward

      Re: I've never understood

      I've seen this with some female Facebook friends, and pointed out to them that it makes it easy to figure out where they live. Some care, and correct it, others say "it isn't that hard to find out where someone lives" and don't worry about it.

      I suppose that's basically the same argument that you get against "security through obscurity".

      1. Pascal Monett Silver badge

        @ DougS

        You might remind your female friends of a basic difference : IRL, someone has to meet you, or at least be told about you, before they think of looking you up. I doubt that stalkers choose their victims by perusing the phone book. If they don't know your name, they can hardly look up your address and they'd have to follow you home before they can correlate an address to a name.

        Publishing personal info and travel data on a social site removes that sleuthing requirement. The stalker can just peruse the activities, select a woman he likes and dive into her life. Finding the address is trivial at that point.

        Security through obscurity works very well in real life. Do you know where US carrier fleets are at this time ? Hint : don't try finding out - that will land you in very hot water.

        1. MonkeyCee

          Re: @ DougS

          "Do you know where US carrier fleets are at this time ? "

          No.

          But 30 seconds on google gives me: (from stratfor)

          "Carrier Strike Groups

          The USS Carl Vinson CSG is underway in the Pacific Ocean for a western Pacific deployment.

          The USS Theodore Roosevelt CSG is underway in a deployment in the U.S. 5th Fleet area of responsibility supporting maritime security operations and conducting theater security cooperation efforts.

          The USS John C. Stennis is underway in the Pacific Ocean for routine training.

          The USS Gerald R. Ford is underway in the Atlantic Ocean conducting test and evaluation operations.

          Amphibious Ready Groups/Marine Expeditionary Units

          The USS America ARG is underway in the Pacific Ocean returning to its homeport.

          The USS Essex is underway in the Pacific Ocean for routine operations.

          The USS Bonhomme Richard is underway in the U.S. 7th Fleet area of responsibility conducting routine training."

          I await my hot water....

        2. Anonymous Coward
          Anonymous Coward

          Re: @ DougS

          If you want to know where carrier battlegroups are going to be, even if it's changing from day to day, in the future just ask the prostitutes. They always know. Hell, I've asked them before. Spent 7 years straigt serving on the same tincan (destroyer) and that's one tip most sailors know.

    3. rmason

      Re: I've never understood

      @Mayday

      to show off, they think it makes them better than those who don't do(insert activity here).

      You know, same deal as the couples who you know are always at each others throats, but social media is just lovey dovey "look at us" stuff.

      Same deal, it's to appear good on the internet.

    4. Terry 6 Silver badge

      Re: I've never understood

      No different to the people who broadcast on FaceBook that they're by the pool in Benidorm- might as well add "keys are under the mat".

      1. Uncle Slacky Silver badge
        Thumb Up

        Re: I've never understood

        There's a site which scrapes that kind of info to demonstrate just how dangerous it can be:

        http://pleaserobme.com/

    5. Platypus

      Re: I've never understood

      There are basically two reasons. One is that competition is a strong motivator. For a lot of people, including me, leaderboards can motivate people to go out more, or to push faster/further than they might have otherwise. Another is helping to cheer each other on. I have three friends on MapMyRun, I know that the encouragement I get from them is helpful when I'm not doing so well and I certainly hope it works the other way too.

      That said, there are good and bad ways to share this data. For example, on MMR those three friends are the only ones who get to see exactly where I've gone, or whether I've gone at all on runs that don't earn me a place on a leaderboard. All anyone else sees is first name, last initial, time on that segment, and date. I *could* open up full sharing, but it's not a default. No heatmaps or anything like that, though I've kind of wished for that as a way to help people find routes worth trying. Overall, I'm pretty comfortable with MMR's approach. If I used Strava, I think I'd be a bit less comfortable.

    6. PvtVoytek

      Re: I've never understood

      I'm going to take wild stab that you're usually out of your house between 11am & 3pm and even if I don't know where YOU live I know people live in houses and they're usually going to be out of them between 11am & 3pm. So, your point is?

  4. Gene Cash Silver badge
    Pint

    So where's the heatmap around El Reg? Oh wait, IT hacks don't exercise, except for their bicep in the 1-pint curls!

    1. Sampler

      I actually follow one particular el'reg journo on Strava and can tell you they exercise rather a lot, putting some of us to shame..

      1. Destroy All Monsters Silver badge

        Probably Dabbsy. He has to get rid of the anger.

        1. Sampler

          Good guess but no = )

  5. Notas Badoff

    Revealing state secrets

    Well now, that's going to restrict their movements, what with some countries jailing people for mentioning even commonly-known facts, as "revealing state secrets". Hotel California, anyone?

  6. Jonathan Schwatrz
    Facepalm

    Fail!

    If you need an app to tell you when you're "exercising properly" then you're probably not.

    1. Sampler

      Re: Fail!

      In defence, as someone who uses said app and has bought a watch specifically for the task of GPS tracking running & cycling (and swimming, but, it transpires GPS doesn't penetrate water that well, a mere seconds thought beforehand would've made the counter assumption obvious I guess).

      It's not so much for it to tell you when to exercise, but to monitor progress, am I getting faster, slower, about the same? Where are those gains being made?

      I also suffer from a terrible memory ("the worst case of sleep apnoea in someone of your age and build" means I literally spend half my time sleeping not breathing, so I never hit L3 sleep) so it's useful for tracking when I've been, how much I've done this month and should I do more. I admit my reasoning here is fairly individual.

      Plus, as a nerd, who doesn't enjoy an abundance of stats?

      1. big_D Silver badge

        Re: Fail!

        That is fine, if you are keeping the data for yourself. But the apps all seem to insist on uploading all the data to their cloud.

        I have a Fitbit, but I never activate the GPS when I go out exercising. I track how far I've been, but not where... And to be honest, now that I walk about 6KM to work and back every day, I'm rethinking the need for having the Fitbit at all.

        1. Anonymous Coward
          Anonymous Coward

          "but I never activate the GPS "

          GPS itself is no harm - it only receives, doesn't transmit. It's what the device do with the data the problem. I do use GPS devices to track where I've been and the places and times where I took photos, so I can return them if there's a good reason for.

          Just I download them to my computer only, and the data never leave it (of course, the photos with geoloc data are never uploaded to any site or cloud service...)

          The day those devices start to attempt to upload them to whatever cloudy destination, I'll stop using them.

          I don't really want someone could track where I'm while carrying several thousands $$$ of equipment...

          Just, too many apps use the "mine is longer than yours" human weakness to lure people into sharing what they shouldn't.

      2. Teiwaz

        Re: Fail!

        Plus, as a nerd, who doesn't enjoy an abundance of stats?

        I'm going to crush your nerd pride here.

        The Gov'ment likes stats too. By 'like', We're well into serious BDSM style stalker levels of 'like'. What for, I'm not sure, they think it helps make right decisions, but often the opposite seems true.

        1. Adam 52 Silver badge

          Re: Fail!

          "By 'like', We're well into serious BDSM style stalker levels of 'like'."

          What? Care to describe how stalking is a BDSM activity?

          1. Anonymous Coward
            Coat

            Re: Fail!

            Care to describe how stalking is a BDSM activity?

            I suppose it depends on what you're wearing while doing said stalking.

            1. Anonymous Coward
              Anonymous Coward

              Re: Fail!

              These days people don't know bdsm from voyeurism?

              Get off my lawn.

              1. kain preacher

                Re: Fail!

                These days people don't know bdsm from voyeurism?

                All they know is it's a kink.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Fail!

                  Yeah, but Theresa May's a massive voyeur. Leather trousers aside I've seen no clues she's into anything else.

          2. DavCrav

            Re: Fail!

            "What? Care to describe how stalking is a BDSM activity?"

            I read it more as like normal stalking, but with a collar.

            1. Anonymous Coward
              Anonymous Coward

              Re: Fail!

              If the stalker has a shock collar, and the victim the controller, it could work...

              http://dilbert.com/strip/2018-01-20

              Especially if it has also a "privacy range" of 1km where it activates automatically.

      3. dave 76

        Re: Fail!

        "In defence, as someone who uses said app and has bought a watch specifically for the task of GPS tracking running & cycling (and swimming, but, it transpires GPS doesn't penetrate water that well, a mere seconds thought beforehand would've made the counter assumption obvious I guess)."

        Put the watch under your swim cap and it should work while swimming.

  7. ThatOne Silver badge

    > Plus, as a nerd, who doesn't enjoy an abundance of stats?

    Sure, but do you need to share those stats with world & dog? Apparently the app allows to keep the data private.

    1. Sampler

      Good point, I don't share to social media as I see many do and I have security zones set around work and home to obfuscate to some degree where I live and work. Only "friends" can actually see my stream and I have to confirm each friend request (I believe by default the system allows anyone to follow you, it's an opt-in setting, but, shouldn't checking security settings be the first thing you look at when signing up to any online system, or is that just me?).

      As my use is mostly for, well, my use again I can see where my usage diverts from the majority of users. That all said, I don't think most care and it isn't really a big deal, those in government positions and especially armed forces should really be given a briefing on securing their online presence though and to think through usage of such platforms.

  8. Anonymous Coward
    Anonymous Coward

    Good

    Perhaps the spooks might respect our privacy more if we exposed their activities much more.

    Much more of this is needed to ensure that governments respect our privacy and autonomy much more than they do now.

    1. Anonymous Coward
      Anonymous Coward

      Re: Good

      "Perhaps the spooks might respect our privacy more if we exposed their activities much more."

      Good way to wind up dead or get stopped with 4 kilos of coke , a dead hooker in the trunk and bunch of kiddie porn

      1. Anonymous Coward
        Anonymous Coward

        Re: Good

        Living in exile is more likely. If we exposed the spooks, then it will limit their ability to provide 4 kilos of spare coke (they don't want to deplete their stashes) or their personal kiddie porn collections.

  9. Anonymous Coward
    Anonymous Coward

    Ahah!

    Another reason why us fatties will inherit the earth!

    1. Insert sadsack pun here

      Re: Ahah!

      Unfortunately, we will inherit it only briefly, before keeling over with a Gregg's bag in our chubby hands...

      1. Teiwaz

        Re: Ahah!

        Humm, not exercising doesn't necessarily mean always having food to hand.

      2. VinceH

        Re: Ahah!

        "Unfortunately, we will inherit it only briefly, before keeling over with a Gregg's bag in our chubby hands.."

        So we'll at least go out happy*, then?

        * Subject to liking stuff from Greggs. Other vendors are available. Your statutory rights are not affected by this footnote.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ahah!

          I've never met a sausage roll I didn't like...

  10. Anonymous Coward
    FAIL

    In defense of former and current serving military members, they were encouranged to buy and use the devices to improve physical fitness. DoD even gave away 25,000 of the devices as I recall. So the fail isn't at lower ranks alone.

    This really bothers me. While I wore the uniform I spent quite a bit of time wandering around with an M1911A1 .45 calibre pistol strapped to my right hip. I made damned sure that I randomized my check-in times and routes to there and on the rest of my patrol. Really, really random. You never knew how I was going about my affairs. I wanted to remain alive, thank you ever so much. That a device whose use is encouraged by the chain of command negates all that, or at least puts some of the rest of my mates in danger is disturbing. Fall out should be popcorn worthy even with Meltdown/Spectre already chumming the water.

    1. Adam 52 Silver badge

      I really doubt that the chain of command encourage Strava use anywhere really sensitive. El Reg's Pine Gap example, for instance, has its own Wikipedia page so its location isn't exactly secret and nor is the fact that people work there.

      1. Anonymous Coward
        Anonymous Coward

        It beggars belief that the military aren't all over the security implications of personal mobile devices and rigorously training personnel when and how they can be used. Any number of apps on an average smartphone will be sending back location data to the mothership, not just fitness apps like Strava, and the device itself by its nature is a portable beacon. I'd expect rules more like "OFF at all times while on duty or when on or within X km of the base, except in these designated areas".

        1. fajensen
          Angel

          It beggars belief that the military aren't all over the security implications of personal mobile devices and rigorously training personnel ...

          Really? Since ages past, the military have handled both Adversaries and Enemies - The adversaries are the expected ones (Napoleon, Russia, China, Terrorists ....). Except, nothing big really happens there, so, when there is not in fact a hot war going on with everyone getting plenty of personnel, funding and glory showered upon them, all of the abundant military energy and ressources are firmly concentrated on the enemies - The Other Services! Nothing else matters!!

          "They" got all the names and such anyways:

          https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/

        2. Anonymous Coward
          Anonymous Coward

          Adam 52 and Credas, it does beggar belief if you are a civilian. Frankly, this kind of opsec fail occurs regularly. Yes, the military does know how to do opsec, just look at the heat-map there. However, if you read the Washington Post article [https://www.washingtonpost.com/world/a-map-showing-the-users-of-fitness-devices-lets-the-world-see-where-us-soldiers-are-and-what-they-are-doing/2018/01/28/86915662-0441-11e8-aa61-f3391373867e_story.html?hpid=hp_hp-top-table-main_strava-415pm%3Ahomepage%2Fstory&utm_term=.a7e90c1ca729], you'll find out that use was encouraged. I got the number off freebies wrong by a factor of ten (2,500 not 25,000), usually don't make errors of magnitude but it was late here and meds kicking in.

          Any remember the flash drives with confidential files still on them sold in an Afgani bazaar? Sh*t happens and still, to this day, seeding flash drives in a parking lot is a fave for pentesters.

      2. Anonymous Coward
        Anonymous Coward

        "isn't exactly secret and nor is the fact that people work there."

        Just these data can give you how many, where they are and when....

  11. Anonymous Coward
    Anonymous Coward

    What benefit is it to Strava to make this information public? I don't understand why they would do this unless they've also sold it to someone to use for advertising bicycle and running stuff on routes popular with people that exercise.

    1. Adam 52 Silver badge

      It's a cool thing, just as a work of art.

      It's a nice little way to boast about the scope of their services.

      It's handy for traffic planners to see how runners/cyclists move about a city.

      I tend to use it when going somewhere new to find out where the good cycling is, and I've used it to get off the bog of a bridleway I was on onto something decent.

      1. Anonymous Coward
        Anonymous Coward

        Fair points, also useful to advertisers though.

        1. Adam 52 Silver badge

          A long time ago I tried to sell a dataset giving the demographics and rough volume of people passing particular sites (advertising billboards and retail sites, but it could have been anywhere). I had a few people interested but nobody actually bought it.

    2. phuzz Silver badge
      Thumb Up

      There's no such thing as bad publicity*. Now all sorts of people who'd never heard of it before, know about Strava.

      * or so the marketing types tell us

  12. Twanky
    FAIL

    Great news!

    In May 2015 many news sites carried a story that the silly Chinese army had banned it's forces wearing smartwatches and other 'wearable tech' - on security grounds. <sarcasm>Paranoia. It's clearly foolish to ban such useful kit.</sarcasm>

    2 1/2 years later and a company that tracks people through their kit publishes clear maps of where these people can be found and how frequently. Not only that but we can see where the people who are apparently most concerned about their physical fitness exercise around military and security facilities. Clearly the Chinese were not over-reacting.

    It would not surprise me if various state agencies had already issued regulations restricting the use of this kit - but as they didn't explain why, or enforce the regulation, it got ignored along with all the other apparently unnecessary cruft.

    I really hope that this becomes a much bigger news item. The world needs to understand that sharing any personal data without a damn good reason is an utterly foolish thing to do.

    1. FrozenShamrock

      Re: Great news!

      Exactly! But, if everyone was intelligent enough to figure that out Zuck would be some flunky developer at Google or somewhere similar instead of a billionaire.

  13. Kelli

    This site in the sahel lights up. On google maps you see nothing. On satellite you see this.

    Strava:

    https://labs.strava.com/heatmap/#10.62/0.34080/27.99531/hot/all

    Satellite:

    https://www.google.com/maps/@28.1309163,0.2858375,6536m/data=!3m1!1e3

    Don't know what it is, but they do jog alot.

    1. Anonymous Coward
      Anonymous Coward

      There is a Cafe REG - in the Sahel:

      https://www.google.com/maps/place/caf%C3%A9+REG/@28.0568079,2.1150361,12330m/data=!3m1!1e3!4m5!3m4!1s0x120d72cbe4bd9493:0x59abb534c996fdfb!8m2!3d28.0670575!4d2.1495867

  14. tiggity Silver badge

    Personal responsibility

    How about people have some?

    If you are sending data to the cloud, then think long and hard about whether it's a good idea and how private it is.

    Especially potentially personally identifiable data.

    .. from the strava users I know a lot of it is about "oneupmanship" e.g. showing off to others how quickly they completed cycling challenge x etc.

    Though I'm the sort of person where the only occasion I know how long a run took (time & distance) is when I do a park run (or similar) that is a known distance & my time is officially logged.

    1. Bineryfinery

      Re: Personal responsibility

      Agree totally and work on the assumption that there is no such thing as anonymous data. Disparate event data from multiple interactions can be mined to identify sources or individuals. When you don't want to be tracked, turn your phone off and keep it in a Faraday cage.

  15. Anonymous Coward
    Trollface

    Yep

    Military intelligence proven to be an oxymoron. Again.

  16. Anonymous Coward
    Trollface

    Hoots!

    Just looked for Strava heatmaps in Scotland. Blank!

  17. Vagnerr
    Alien

    Oooh Secret Alien landing sight perhaps?

    Definitely interesting considering the satellite view is blank...

    https://labs.strava.com/heatmap/#13.36/-119.21711/40.78548/hot/all

    :-)

    1. Kelli

      Re: Oooh Secret Alien landing sight perhaps?

      That is just the Burning Man Festival.

      https://www.google.com.my/maps/@40.7777659,-119.2250157,4261m/data=!3m1!1e3

  18. Miller

    Strava is a fitness social application, it's explicitly for sharing ride/running/whatever data and it does a very good job of that. Yes, there are privacy issues. Each person must make their own decision about those.

    If you thought the heatmap was revealing, check out the Strava flyby feature: it identifies the other Strava users and their ride routes that you passed or were near on your own ride. It is brilliant even while it makes a mockery of personal privacy.

  19. Daniel 18

    Rules for location privacy / security

    1. Don't share location data.

    2. Don't post anything with location data.

    3. Don't collect location data.

    4. Don't enable location determination.

    Generally this will reduce your risks. Of course, someone else may tag you in a GPS marked photo...

    1. Anonymous Coward
      Anonymous Coward

      Re: Rules for location privacy / security

      That's a start.

      Then, turn off all unnecessary radios - WiFi, Bluetooth, NFC.

      Turn off data.

      If possible, turn on Airplane mode.

      As a bonus, your battery will last a lot longer, and your distraction level will drop.

      Anyone remember those productivity improvement methods that point out the advantages of handling calls and emails three times in the workday, and not otherwise?

  20. spold Silver badge

    Fitbit seeking missile anyone?

    Also look for camps with people running backwards and forwards over obstacles...

  21. Anonymous Coward
    Anonymous Coward

    always the same....

    Yup the usual chattering techno-classes respond with meaningless, badly informed El Reg Posted Comment babble. Opinions are like ars*holes: everybody has one. Sure glad that I don't have to live or work with you morons...

  22. Bineryfinery

    MIlitary Intelligence - A contradiction in terms.

    This is an app where users share their activity. They choose what data to place in the public domain so this is no revelation especially that this information and concern was raised over three years ago when police warned that users were leading thieves to their garden sheds, where they stored their expensive bicycles by not setting up privacy zones as many people also made their make and model of bike public.

    This by its own admission, a storm in a teacup given the Google Earth pictures. When there are Strava heat maps which tally with the secret blanked out areas Google Earth we can say that there is anything other than clickbait. Anybody that does not understand they are carrying around a tracking device in their pocket whether they have Strava installed, or their GPS even turned on must have been living in a cave for the last decade at least.

    Good practice in ICT for me has always been 'opt in' as the default. Fundamentally this is what people are doing when they accept T&Cs when they install an application. But who reads T&Cs or user manuals? Certainly not anyone who signs up as cannon fodder.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like