quote:

U.S. military reviewing its rules after fitness trackers exposed sensitive data
BEIRUT —
Fitness tracking map reveals U.S. bases

GPS tracking company Strava published an interactive map in Nov. 2017, showing where people have used fitness tracking devices. (Patrick Martin/The Washington Post)

The U.S. military said Monday that it is reviewing its guidelines for the use of wireless devices at military facilities after revelations that popular fitness apps can be used to expose the locations and identities of individuals working in sensitive areas.

The review came after reports by The Washington Post and other outlets that a “heat map” had been posted online by the fitness-tracking company Strava showing where users jog, bike and exercise — and in the process inadvertently highlighting the locations of U.S. military facilities in some of the most dangerous spots in the world.

The concerns raised by the online map went beyond sensitive military sites, with evidence that Strava could help reveal the movements of international aid workers, intelligence operatives and millions of other people in many countries.

In the latest discoveries Monday, Internet sleuths found ways of using the publicly available Strava data to identify individual users of the tracking service by name, along with the jogging routes they use in war zones such as Iraq and Afghanistan.

On one of the Strava sites, it is possible to click on a frequently used jogging route and see who runs the route and at what times. One Strava user demonstrated how to use the map and Google to identify by name a U.S. Army major and his running route at a base in Afghanistan.

On a separate Internet site, it is possible to establish the names and home towns of individuals who have signed up for a social sharing network on which runners post their routes and speeds. One popular route on a base in Iraq has been nicknamed “Base Perimeter” by the U.S. runners who regularly use it. Another outside the big U.S. base in Kandahar, Afghanistan, is called “Sniper Alley.”

On Monday, the Defense Department launched a review to determine whether new policies are needed, according to Army Col. Robert Manning III, a Pentagon spokesman. The review will be led by Essye B. Miller, the Pentagon’s acting chief information officer.

“Recent data releases emphasize the need for situational awareness when members of the military share personal information,” Manning said. “We take these matters seriously, and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DOD personnel at home and abroad.”

Privacy experts noted that Strava is far from alone in collecting and using location data and that such granular information about the movements of individuals could reveal where they live, work, shop and socialize.

Devices and smartphone apps that track steps or other fitness goals typically work by monitoring the movements of their users, even when they are not exercising. Strava has drawn scrutiny for making such data widely available and for constructing its app in ways that allow users to easily find each other by name. The functions were designed in part to spur Strava users to measure themselves against one another, but the extent of the data publicly available surprised many users when revealed in news reports.

Privacy experts have long warned that tech companies often make personal information — including contact lists, social media posts and location data — available by default. That means users who do not routinely read privacy notices and tweak settings can be surprised by how much information is collected by private companies, as well as how that data ultimately is used.

“It’s very jarring when the curtain on these things is lifted a little bit,” said John Scott-Railton, a senior researcher for Citizen Lab at the University of Toronto’s Munk School of Global Affairs.

quote:

Originally posted by Balzé Halzé:
Well duh.