So this happened. And the boss told me I should go for it as an article.
I don’t use a fitness tracker, and this is why. Not that I am nefarious enough to have imagined the scope of something like this; I’m not. (And I also don’t do any fitness activities worth tracking.) People who do use fitness trackers, however, want to have convenient access to the information from them. And putting information on the internet is certainly one way to provide unfettered access.
The only problem with this is that one aspect of the information provided by these trackers is GPS. And GPS means that the trackers are tracking exactly where on the globe the users are at any given moment (and previous moments as well.)
Let’s look at Strava as an example – a pretty good example, since Strava is the one the Washington Post found out about and has done a couple of stories on. It’s also handy for us at PP, since Strava is the one Nameless featured in a Friday Fun, almost two years ago now, because a Canadian biker was using it as an art creating device.
At the time, we all thought this was cool, and then probably forgot about it. The art in question is featured on the Strava home page of the artist, and doesn’t provide any information that can’t publicly be obtained almost anywhere. But there is more to Strava than personal home pages and art.
An interactive map posted on the Internet that shows the whereabouts of people who use
fitness devices such as Fitbit also reveals highly sensitive information about the locations and activities of soldiers at U.S. military bases, in what appears to be a major security oversight….
Most parts of the United States and Europe, where millions of people use some type of fitness tracker, show up on the map as blazes of light because there is so much activity.
In war zones and deserts in countries such as Iraq and Syria, the … map becomes almost entirely dark – except for scattered pinpricks of activity. Zooming in on those areas brings into focus … unknown and sensitive sites – presumably because American soldiers and other personnel are using fitness trackers as they move around.
The name of this map is the Global Heat Map, and it was posted online in November 2017, but it was only this week that a 20-year-old Australian student (of international security and the Middle East) looked closely at it, specifically searching for military.
Few occupations are as obsessed with the employees being physically fit as is the military. It’s not surprising that a lot of soldiers have fitness trackers. In fact, in 2013, the Pentagon gave 2,500 of them out “as part of a pilot program to battle obesity.”
I don’t suppose that there was such a thing as a Global Heat Map in 2013. However, there has been a GPS feature in fitness trackers since – well, I assume since they were invented. And it all this time. it apparently did not occur to soldiers, it did not occur to the Pentagon, it did not occur to anyone involved in the manufacture and/or coding of fitness trackers that if there were a map, it might just reveal information that impacted someone’s national security.
I am only seeing this in the Washington Post, and I would say that’s probably a good thing (why give spies ideas if they didn’t already have them?), but it has been all over the Internet, particularly people in the security community, on Twitter and others.
On one of the Strava sites, it is possible to click on a frequently used jogging route and at what times. One Strava user demonstrated how to use the map and Google to identify by name a U.S.Army Major and his running route at a base in Afghanistan.
On a separate Internet site, it is possible to establish the names and home towns of individuals who have signed up for a social sharing network on which runners post their routes and speeds.
I’m not showing any cuts from the Global Heat Map here (although the Post did – I guess they figured it was already out, so why sit on them). Instead, I’ll show a couple of “paintings” from Nameless’s article. Please realize I am not trying to pick on Strava.
Privacy experts noted that Strava is far from alone in collecting and using location data and that such granular information about the movements of individuals could reveal where they live, work, shop, and socialize.
I might point out that cell phones also have GPS technology, and many people leave theirs on all the time except when charging … so maybe the Pentagon should look into that, if they aren’t already. They have announced a huge policy review on privacy and privacy settings, so they probably are.
Privacy experts have longed warned that tech companies often make personal information – including contact lists, social media posts, and location data – available by default. That means users who do not routinely read privacy notices and tweak settings can be surprised by how much information is collected by private companies, as well as how that data ultimately is used.
And Americans in all walks of life have long routinely ignored these warnings.
The Post has a lot more on this. In fact, I haven’t done much more than scratch the surface. But one thing not mentioned did occur to me.
Can you imagine the howls from Republicans that we would hearing now and up to forever had this map been posted and this information come out on Obama’s watch? (Not that they won’t try to find a way to make it Obama’s fault somehow, of course.)
Cross posted to Care2 HERE
2 Responses to “Security Breach from Fitness Trackers”
Sorry, the comment form is closed at this time.
Holy Moly!! FitBit is commonplace around here, I know several teachers who use this form of tracking daily. I will have to pass this info on to them.
Personally don’t have one, nor do I plan on getting one, after reading this. I usually walk the dog early in the morning, w/o traffic, but I am very aware of my surroundings, and I carry a walking stick. (no…no gun)! My cell phone is usually off, or charging for usage, and I turn tech off most evenings.
Places like Diego Garcia, and the Falkland Islands’ RAF Mount Pleasant also show activity, and most other bases around the world. Un.Believable !!! (I’m sure the CT’s are busy with this information!)
Situational awareness is very important and necessary when members of our military share personal information, knowingly or unknowingly, imho. Operational security requirements and awareness classes should provide further guidance (DOD) for military personnel who are in supporting operations around the world. imho.
Cameras are very prevalent too, and can be used in courts as well.
*Joanne, Repugs would blame the Good Humor Man (a favorite of mine growing up, in the NE), if they got around with the blame game. What a pack of ID’s.
Thank you, Joanne, for this most informative post. Appreciate it.
This is the first I’ve learned of any of this, except for cell phones, and as a privacy maven, I keep my i-Phone GPS turned off, unless I’m actively using it. People in sensitive locations need to stop using fitness trackers. I have no idea how to deal with the heat tracker.
Great job, JD!