4 stars based on
Ever since Nathan Ruser, an international security student at the Australian National University, observed that Strava's data included the exercise routes of military and natsec personnel, locating military installations in Strava's has become a social media sensation.
Strava released their global heatmap. US Bases are clearly identifiable and mappable pic. For example, in Australia, it's now possible to see where people exercise at the secretive deep desert Pine Gap sigint station:. Observers have also noted that Strava hasn't revealed much more than was already already visible on Google Earth. For example, here's Pine Gap again, this time from Google:.
Strava's explanation of how it made the Heatmap says it excluded data that users asked to be kept private. The service allows users to create multiple "privacy zones" with a radius of up to 1km. When users enter such the zones, their digital tracks disappear in order to make it harder to figure out where they live or come utilizzare 365 digital care. Data revealing the location of sensitive facilities, or the habits of military personnel, would therefore have been excluded if users had employed Strava's privacy setttings.
However, as Ruser later tweeted, the location of bases isn't the only concern: If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous.
This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away pic. The Daily Beast's Adam Rawnsley noticed the app can even reveal troop movements, if new Strava users pop up in an area around a military base:.
It also, by the way, possible to extract people's names, profile pictures, and heart rates from Strava's backend:. It just keeps getting deeper. You can also trivially scrape segments, to get a list of people who travelled a route, and trivially obtain a list of users. Beyond the military frenzy, however, El Reg agrees with observations that the heat map is sufficiently detailed to pose a risk to individuals. Infosec bod Brian Haugli noticed that the heatmap reaches all the way to your door:.
You can see individuals that are using Strava by zooming it to houses that have a short line. Strava gives the ability to set up privacy zones, but it's not on by default. Even if individuals had set up the area around their homes as privacy zones, which Haugli noted is not the default, the dataset still contains a level of personally identifying information that shouldn't have been published by Strava, according to European privacy researcher Lukasz Olejnik.
He told The Register in an email: Organisations should carefully consider consequences on multiple levels prior to publishing private data.
Olejnik also tweeted that Europe's General Data Protection Regulation GDPR considers location to be sensitive information, meaning publication should be handled with care. Minds Mastering Machines - Call for papers now open. The Register - Independent news and views for the tech community.
Botched upgrade at Belgian bank Argenta sparks phishing frenzy Is it a bird? Is it a plane? Intel, come utilizzare 365 digital care you to kill a buggy keyboard app Buggy Verge crypto-cash gets hacked, devs go fork themselves, hard. Now they can slurp info to their hearts' content What a Docker shocker: Policy The Channel Hookup classifieds ad sheet Backpage. Tesco to kill free service We put Huawei's P20 triple-lens snapper through its paces Planning on forking out for the new iPad?
Better take darn good care of it For some reason, you lot love 'em. So here are the many ThinkPads of Geek's Guide Birds can feel Earth's magnetic fields? Yeah, that might fly. Bioffins find vital sense proteins Come utilizzare 365 digital care Printing parts from p.
Artificial Intelligence Internet of Things US watchdog reckons blockchain bods Longfin were wrongfin, maybe this is their swansongfin AI can't help without your data, says Gartner, so share, share, share! Verity Stob My Tibetan digital detox lasted one morning, how come utilizzare 365 digital care yours?
Danish Navy expert finds no trace of exhaust come utilizzare 365 digital care in private submarine. All your base are belong to us: For example, here's Pine Gap again, this time from Google: Google's got a much clearer image of Pine Gap.
More from The Register. New strife for Strava: Location privacy feature can be made transparent Circles within circles make it easy to find the midpoint. Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry Nightly build fans' hostname lookups piped to Cloudflare in limited security feature trial. India's prime minister accused of privacy breaches Narendra Modi's app may be a bit too slurpy.
Canuck privacy commissioner to dig into Uber data breach Formal investigation launched. Not the first, come utilizzare 365 digital care be the last.
Mozilla pulls ads from Facebook after spat come utilizzare 365 digital care privacy controls UK advertisers' society has also fired a warning shot. Privacy activists to UK plod: Wanna slurp folks' phone records? Come back with a warrant Lack of regulation and records risks abuse, says charity.
Automation provides a new approach to IT service delivery, operations and management. Sponsored links Get The Register's Headlines in your inbox daily - quick signup! About us Who we are Under the hood Contact us Advertise with us. Sign up to our Newsletters Join our daily or weekly newsletters, subscribe to a specific section or set Come utilizzare 365 digital care alerts Subscribe.