Do you wear a Fitbit?
If you do, satellites may be watching you.
Yesterday, Strava, a social network that collects data from devices with GPS, uploaded a heat map of its users around the world to the internet. Intelligence services are now combing that map for data about hidden military bases and other tidbits. It’s apparently not just fitbits, but mobile phones and a lot of other devices.
The Guardian gives a few examples. Here are a few more.
TIL there's a lot of folks in North Korea with fitbits. Here's their preferred running routes. pic.twitter.com/fakDf1irZc
— Pwn All The Things | Secret Society Member Id #372 (@pwnallthethings) January 28, 2018
My focus is on Syria, but obviously works all over. French military base Madama in Niger: pic.twitter.com/1e9SRR73xS
— Tobias Schneider (@tobiaschneider) January 27, 2018
this is what Alakurtti military base in Russia looks like in the heat map pic.twitter.com/6Wu2zFHwNa
— Virpi Heikkilä ? (@VirpiHeikkila) January 27, 2018
Not just US bases. Here is a Turkish patrol N of Manbij pic.twitter.com/1aiJVHSMZp
— Nathan Ruser (@Nrg8000) January 27, 2018
Here are some FOBs in Afghanistan. pic.twitter.com/JoB7hKHwyh
— Nathan Ruser (@Nrg8000) January 27, 2018
@Viss last one, and a hell of a bright spot on the heat map for the Quad Cities Nuclear generating station…
4 out of 6 Illinois nuclear generating stations have significant walking traces on Strava… pic.twitter.com/pa2010hemo
— admford (@admford) January 28, 2018
Mesmerizing heat map of Burning Man from @Strava https://t.co/ec8eSL0TKi pic.twitter.com/pFRWtLKQoK
— Jason Chen (@jhchen) January 28, 2018
This is Britain’s GCHQ, the equivalent of the US’s NSA.
I don't usually comment on my old employer, but seriously who are the ridiculous people running around the doughnut with gps trackers on? pic.twitter.com/DsvqEA3sEl
— Sarah Jamie Lewis (@SarahJamieLewis) January 28, 2018
Pretty faint but data from the Strava exercise app shows like China has deployed joggers to its disputed Woody Island in the South China Sea, in addition to fighter jets and HQ-9 SAMs pic.twitter.com/HG6zkb8tcw
— Adam Rawnsley (@arawnsley) January 27, 2018
Adam Rawnsley and Tobias Schneider are particularly active in locating sites, but you can find more if you search Strava heat map on Twitter.
Cross-posted to Nuclear Diner.
Baud
I have nothing to hide.
aimai
I love the line “deployed joggers.”
Roger Moore
Shorter: even anonymized data can spoil your op-sec, so turn of sharing.
Schlemazel
For years google and Apple have allowed you to see a track of everywhere you have been over any given period of time. I’d have to look up how you get that but my assumption has always been that if they know any sufficiently advanced government or individual can know also. Privacy is a thing of the past now.
Mnemosyne
Isn’t Strava primarily a bicycling app, or is there more than one company with the same name doing fitness tracking?
Corner Stone
How the hell many fitbits have been sold in the world? According to the linked Wiki on Strava:
All this data from 1M people?
Cheryl Rofer
According to the Wikipedia article linked in the top post, it looks like Strava tracks anything with GPS capability.
Major Major Major Major
@aimai: I was just gonna comment that!
@Schlemazel: yep, your phone follows you everywhere you go. Not much way around it except not having it with you.
Schlemazel
@Major Major Major Major:
YOu can always turn on the “don’t track me” option in which case they a will not tell _you_ where you have been.
Major Major Major Major
@Cheryl Rofer: I see it saying that they can track users on many different devices, where does it say they can track anything that has GPS ability?
Quinerly
@Baud: Neither does Poco 2020! Campaigning hard in Santa Fe, NM.?
lollipopguild
@Baud: Is President-in-waiting Baud letting it all hang out?
Corner Stone
Saw this on Malcolm Nance’s twit feed:
WaterGirl
@Schlemazel: How do you get to the do not track me option on an iPhone?
Cheryl Rofer
@Major Major Major Major: I inferred that, could be wrong.
Uncle Omar
Glad I’m still stuck in the 20th century.
different-church-lady
“TURN OUT THAT
LIGHTPHONE!”Schlemazel
@WaterGirl:
Sorry, I am a droid so I am not sure. Here is a web site that says it is not easy to do. http://www.idownloadblog.com/2016/04/28/how-to-stop-phone-location-tracking/
When the Mrs. finally got a smartphone I begged her to go with Android so I could help when needed. She got the iPhone & I remind her of that conversation every time she asks me “How do I get X on this phone?”
BTW – don’t think for a minute that turning these things off means the devices and some number of apps on it means some outfit is not keeping track of your movements. Android or Apple, does not matter. It is already too late.
efgoldman
@Major Major Major Major:
How about physically turning it off? That’s what we old farts, who actually use our phones to make calls, do.
different-church-lady
THINGS MODERN PHONES CAN DO: Allow your enemies to track you from space.
THINGS MODERN PHONES CAN’T DO: Allow you to make audible phone calls.
Kirk
@efgoldman: So truly, “Don’t call me I’ll call you?”
Cheryl Rofer
More from the Washington Post.
Schlemazel
@efgoldman:
That works for now . . . I think
Corner Stone
@Schlemazel: And if you do somehow manage to turn off a “feature” you do not want, sometimes when you check back after a while you will discover it’s back on again.
Another Scott
@efgoldman: Lots of phones supposedly aren’t really fully off unless you remove the battery. Or at least can be turned on without your knowledge.
Wrapping them in aluminum foil or a similar “Faraday cage” would work though…
Cheers,
Scott.
Mel
@WaterGirl:
This is how it works o my iPhone, but it’s an older one (5s).
Open “Settings”.
Select the “Privacy” option.
Then, select “Location Services”.
You can then toggle on or toggle off the tracking for certain functions.
There is an option to turn off all Location Services functions at once, but that will prevent you from being able to use features like “find my iPhone“.
Hope that is helpful!
Corner Stone
@efgoldman: IIRC, there is no way to actually completely “turn off” an iPhone. That would require taking out the battery, which you can’t do easily.
Cheryl Rofer
MattF
There’s a ton of data about you, specifically– all in the ‘cloud’. It’s all being sifted, tracked, compared, correlated, and monetized. And, btw, a large part of Amazon’s business is commercial provision of ‘web services’.
MattF
@Corner Stone: Right. If you can press a button to turn it on, you can’t turn it off.
B.B.A.
@efgoldman: Most phones these days still keep some “background services” running even when they appear to be turned off.
John Revolta
@efgoldman: @Schlemazel: Ahahahaha.
Listen, don’t worry about your phones. Your CAR keeps pretty good tabs on you nowadays.
WaterGirl
@Mel: Thank you! I had most everything turned off, but found a few apps that were always on. I also turned on something that can tell me whenever my location is being requested by an app.
Magda in Black
I’ve pretty much concluded “they” know everything there is to know about me…and that most of it is laughable at best and embarassing at worst. I hope.
Schlemazel
@Corner Stone:
YES! I have seen this particularly with a couple of apps I have loaded but only use infrequently.
tychay
@Mnemosyne: you are correct, but they added running a couple years back and in the last year the running feature has gotten very popular on my social network. The reason this is the case is Strava haas built a far
More active community than previous places
Like MapMyFitness.
The reason this is news is unlike them, Strava provides publicly available heatmaps. Makes you wonder what is sitting on goggle or apples servers…
Major Major Major Major
@MattF:
I have it on very good authority that Amazon doesn’t spy on AWS machines.
MattF
@Major Major Major Major: My point, fwiw, is that there are a lot of companies out there who are trying to monetize your data. Amazon is definitely one of them, and has the added revenue stream of providing these capabilities to other companies. That’s bad enough.
patrick II
Beginning in 2019, the FCC will require strict standards for equipment provided by cell phone carriers to provide more precise locations. The ostensible reason is so that 911 callers may be more exactly found. Actually, that’s a good reason, but that’s not all it will be used for.
Schlemazel
@Major Major Major Major:
please define “spy”
BTW – does everyone know that when they send their little spit-wad into 23AndMe or Ancestry.com etc. that the license agreement gives them ownership of your DNA? They can do whatever they chose with it. Of course they say they will only ever use your data as part of aggregated & anonymous groupings. But, as with these sorts things once it is stored anywhere in a computer ic can become knowledge that others can aquire.
J R in WV
I’m pretty sure my Android phone isn’t drawing any power when it’s turned off. It stays a nearly the same % battery for a very long time. I lost my phone for a while, it was in a knapsack pocket and I didn’t find it until I used the pack again. It was still well charged up after 6 weeks in the dark.
I WILL wrap it in a Faraday cage if needed! But I think it’s really off when I turn it off, just enough power to keep it listening for a power up command. Which isn’t much at all.
Schlemazel
@patrick II:
These things are always double-edged swords. There are a ton of very good uses for a smartphone. EVery new innovation has benefits and costs and nobody ever really knows all of each until they are ingrained into our lives.
Mel
@WaterGirl: You’re welcome!
Major Major Major Major
@Schlemazel:
In any way observe the information on an EC2 instance, or private S3 bucket, etc. without the affirmative permission of the people using the servers.
Ruckus
@Schlemazel:
Your phone can not stop tracking it’s location. If it did it couldn’t find you to ring your phone or know if you moved from one tower to the next. 15 yrs ago I went to NZ and my phone worked perfectly, although making an international call required that I let my provider know that I needed that service. I don’t believe you need to do that any more. You have a cell phone and it’s turned on, at the very least, one cell provider knows where you are.
Le Comte de Monte Cristo, fka Edmund Dantes
In Southeast Asia this month, I operated solely on airplane mode and used WiFi in hotels and airports. When out, there were no signals that should have been exchanging.
In Vietnam and Cambodia, looking at my phone, the locations of the photos drilled down to an amazing degree, even though not connected. Villages outside Hoi An and Saigon are reflected. In Cambodia, I get differentiation between Angkor Wat, Angkor Thom and Ta Prohm.
The only place that this did not happen was in Laos, which read everything as Luang Prabang.
Same thing happened in China last year.
It was a little spooky, to be honest.
Ruckus
@different-church-lady:
This being a good thing depends upon your point of view, an owner or an owned.
Major Major Major Major
@Ruckus: Well, tracking your constant pings of cell towers is different from tracking your actual GPS data, they’re two different streams.
@Le Comte de Monte Cristo, fka Edmund Dantes: They can ascertain your location fairly well by knowing only what wifi networks are near your device, since many of the networks have known locations and they can triangulate by strength.
raven
Don’t have a watch
Don’t have a cell phone
Don’t use Amazon
Don’t watch TV
Don’t watch sports
Don’t read the Times
Don’t listen to NPR
Don’t BUG me!
different-church-lady
Can we get 3000 joggers to run around city blocks in a pattern that spells “STRAVA SUCKS”?
Schlemazel
@Ruckus:
The tracking is supposed to stop then from cataloging that information. I assume that still leaves them a lot of leeway for gathering the info that makes it available to lots of people, some of whom they might even know about.
different-church-lady
@Magda in Black: I’ve always said the FBI agent assigned to read my e-mail must be the most bored mofo on the planet.
Schlemazel
@Major Major Major Major:
how about the information going into and out of their servers?
Ruckus
@Le Comte de Monte Cristo, fka Edmund Dantes:
If your phone is turned on and looking for a cell tower and finds one, it will know where you are and that tower will know that phone is on line. That is it’s function as a cell phone. And in many places where running copper/optical cable would be horribly expensive, cell phones work wonderfully. How many places in the world did not have common landline service even 10 yrs ago and still don’t to this day? Far more than have it I’d bet.
Schlemazel
@different-church-lady:
They have AI that is capable of sifting through the flotsam and identify the gems for human review.
different-church-lady
@Schlemazel:
They’re going to lose on the deal.
Ruckus
@Major Major Major Major:
True but your location is not that far off if you have a tower signal, they are line of sight. And how many people do you think have turned off tracking? 5%? I’d be amazed if it’s higher than that.
different-church-lady
@Schlemazel:
Which is why I hate people who tout self-driving cars.
efgoldman
@Kirk: Basically, we use it for 911, AAA, and the occasional “should I pick up…” call from the store.
Ruckus
@Schlemazel:
I’d say that’s a pretty good assumption.
Major Major Major Major
@Schlemazel: That’s basically just data on the open Internet, as interceptable as any other traffic.
Schlemazel
Here is another BTW. The USPS offers a service that will email you photos of every piece of mail delivered to your home the morning it is sent out for delivery. I’m sure for some people this could be a useful app. I imagine that they can also use that information to demonstrate penetration for mail vendors and a lot of other things
aimai
@Cheryl Rofer: Running around in circles? The jokes just write themselves.
different-church-lady
@Schlemazel: You’re the worst straight-man ever.
efgoldman
@J R in WV:
Are the date/time functions internal or external?
different-church-lady
@Major Major Major Major:
If I ever change my alias, that’s going to be it.
Jeffro
@raven: I’m pretty sure that list could be set to the tune of “Splendid Isolation” without too much effort (and the same effect) =)
Ruckus
@J R in WV:
My android phone runs it’s battery down a lot slower when it’s off as well but it does go down. I doubt it would last 6 weeks but then I’ve never left it off for that long. Normal usage the battery loses charge every 2 to 4 days. Depends if I actually use it as a smartphone, ie data. If I only use it as a phone it can last for a week.
BTW T-Mobile has a new neat feature that allows you to block phone numbers. Works far better than the do not call site, which of course doesn’t work at all. However it still allows the caller to leave a voicemail. So good but not great.
Anonymous At Work
Um…how much of this could be false data designed to confound NSA or Western intelligence services or anyone that has a backdoor into Fitbit’s systems?
raven
@Jeffro: He’d a fit right in!
Chet Murthy
@different-church-lady: At least a few times in the recent past, a company has changed their privacy policy to allow them to sell already-collected data for profit. In the case of DNA information, the obvious play is to sell it to insurers. This play has been written-about in mainstream newspapers (FNYT? I forget which) for quite a while now.
In short: if you want to prevent insurers from discriminating against you for picking the wrong parents (and gametes) never get a DNA test.
WaterGirl
@raven: So raven, did you end uo with a relapse after you were starting to feel better? Asking for a friend. (or possibly myself, because I think it may be happening to me.)
Sister Rail Gun of Warm Humanitarianism
@Schlemazel: Source on that Ancestry and 23 and Me claim? Because the professionals in the community have been pushing back on the hysterical clickbait for a while now.
raven
@WaterGirl: Yep, I’ve never slept more than I have this weekend. Wake up, get pissed off by dopey threads, go back to sleep. Rinse, repeat.
Steve in the ATL
@Anonymous At Work: any data that shows me jogging is fake
Ruckus
@efgoldman:
Even if the clock/date setting is network, the phone keeps time so that it can show when you don’t have a signal. So I’d have to answer both.
Now depending on how old that cell phone is might just make a big difference in how or if shutting it off truly does. I’d bet none of the latest phones or operating systems really never shut off. My old Blueberry battery would last a very long time if it was shut off. Would last a couple of weeks when on. But then it had a screen the size of a large postage stamp so it was pretty useless as a smartphone.
Big R
@Baud: I have nothing to show.
No Drought No More
Makes me wonder if all those peeping Toms can discern the delineation of my middle finger when looking my way. I like to think they can..
Ruckus
Speaking of too much information, I just got an email from TwitterNotifications, whatever the hell that is, that I have 4 messages.
I Don’t Have A Twitter Account.
I’m thinking spam and so was my email program.
Sister Rail Gun of Warm Humanitarianism
@Chet Murthy:
No chain of custody and limited SNPs tested. If any insurer wants your DNA, they can get it from the blood that’s drawn for your annual checkup and check exactly what they’re looking for.
different-church-lady
@Ruckus: Phishing.
MattF
@Ruckus: Have you ever had a Twitter account? Inactive accounts can be hijacked.
Baud
BTW, this security breach would be a MAJOR scandal if the president were a Dem.
Major Major Major Major
@Baud: or a normal republican.
efgoldman
@Major Major Major Major:
These ARE “normal ” Republiklowns.
They’re just sociopaths in the general spectrum of human behavior.
WaterGirl
@raven: At least you’re able to sleep!
Schlemazel
@Sister Rail Gun of Warm Humanitarianism:
here is a starting place
https://www.snopes.com/ancestry-dna-steal-own/
Though I don’t think they are willing to speculate about where this all could lead or understand that by simply storing your data it is available for theft & how that might be useful
Cheryl Rofer
Magda in Black
@different-church-lady:
Exactly ?
Major Major Major Major
@efgoldman: non-Trump, i meant.
Suzanne
@Magda in Black:
I hope they enjoy my Crate & Barrel coupons.
Mike J
Once I was working on a contract and there was another American there, and he was also based in DC. We were talking about precious gigs, and he mentioned one where they didn’t tell him the name until after he was there and told him to never mention it. He mentioned a landmark or two nearby and I said, “oh, you were at the NRO?” A couple of years after they opened they finally put up a sign saying what it was, but it was one of those things everybody who cared already knew. I checked the Strava maps and there appear to be a couple of users there. Which is ironic because I used to ride my mt bike on the site until they built that building.
On 9/11 it was sort of funny. I was taking the back rode to get home because traffic was a mess, and they had blocked off the entrances to it with cop cars. It’s on final approach to Dulles 1R where huge jets are usually at 2000′, and they were protecting it from attack with cars.
I have many other problems with fitbits besides data leakage. There is no way to get your data and evaluate it yourself without first sending it to them, and if you want detailed information off your own device, you have to pay them extra to get more, but still not all, of it. It’s a privacy nightmare from start to finish.
rikyrah
Is Dolt45 a good role model for children?
Overall
69% No
Democrats
99% No
Independent
71% No
Republicans
22% No???
Baud
@rikyrah:
Jesus H. Christ, do you have any idea how hard that level of unity is to achieve?!
Cheryl Rofer
Uh-oh
John Revolta
OT: Y’know that old saw about “Insanity= doing the same thing & expecting different results”? Yeah, well it’s time to rewrite that sucker because I do that ALL THE TIME with my computer and it works just fine. Just had it work with my old printer as well- had to turn it off & on quite a few times and then leave it alone to think about whether or not it wanted me to take it apart, and lo and behold. New times require new truths.
scav
@rikyrah: Ah that strong eeeevangelical support is once again demonstrating its essential core moral values.
T S
@raven: The ‘no watch’ part is the only one that seems mostly detrimental to one’s life.
J R in WV
@efgoldman: \
Date/time is internal, until you change a time zone. You can have it set to change when you change location from the network, or to require you to change your time zone manually, your choice.
efgoldman
@Major Major Major Major:
Hmm, let’s see….
Take away health insurance for millions of people. Check
Freely and gleefully deport people? Check
Gum up even the simplest jobs of congress, spending and the budget? Check
Lie to your constituents constantly? Check.
Keep fucking (so to speak) with women’s rights. Check
But wait, there’s more…..
Sure looks like the “normal” Republiklowns are sociopaths
WaterGirl
@Cheryl Rofer: Your privacy is very important to us. Oh yeah, sorry about giving away all the military secrets. Oh wait, no we’re not, we didn’t even acknowledge that.
Major Major Major Major
@efgoldman: if it were Jeb Bush, this would be a big scandal.
Mike J
Literary recommendation: Nick Harkaway’s new book, Gnomon, is SF and has to do with data privacy. Here’s a clip from the first chapter:
WaterGirl
@Baud: Wow, I would have said 99% was impossible to achieve, about anything. Trump is the great uniter!
FlyingToaster
So Strava is aggregating fitness app tracking, whether it’s a dedicated device (e.g. FitBit) or a fitness app on a smartdevice. Hmmm. Glad I filled in fake data and told Location Services not to allow it, and Cellular not to allow it.
Cheryl Rofer
Brachiator
@different-church-lady:
Hell, I hate the man or woman who invented the wheel. Civilization, bah! We got along nicely with scavenging.
Corner Stone
Bob Gates is another partisan hack POS. Great re-nom there again. Thanks, Obama.
Brachiator
@WaterGirl:
He should be proud to have earned the highest “hate him” score ever!
Baud
BTW, regarding the post title, Sneakers was an awesome movie. Well ahead of its time.
Corner Stone
@Baud: I always had a hard time believing Gandhi could hold a grudge that damn long.
Brachiator
Wait a minute. Where are those people who insist that Independents are really Republicans who don’t want to fess up?
Mike in DC
@Brachiator:
My general assumption is that about 1/3 of self described indies vote R fairly consistently.
Mary G
LA peeps, tried to find a way to get to the meetup, but the housemates are all at a family birthday and/or working. Even the most liberal white people I know say they’re busy but have been in the Orange County bubble so long they are convinced that going to DTLA after dark on a weekend means that they’re going to be raped and murdered.
ha
I even practiced taking my transport chair out of the car by myself, figuring you could put it back in for me, but my ankle rolled on me and I wrenched my back , so now I’m in bed on muscle relaxers.
I really wanted to see you all and meet lamh in person, but I have been reading her #LAVacay tweets, so I know she’s having fun. Wish her luck with the Will and Grace taping tomorrow!
Schlemazel
@Brachiator:
They are Republicans who don’t want to be associated with the tangerine tumor. They like their dog calls done by whistle, not megaphone.
Brachiator
OT. Ingvar Kamprad, founder if IKEA has died. I understand that he will be buried in a wooden casket. Some assembly required.
Sister Rail Gun of Warm Humanitarianism
@Schlemazel: I figured it would go back to Joel Winston. Wonder why he’s not in a panic about blood draws at the doctor?
Gotta admit that I wondered, when that article first appeared, if he was afraid some family secret would get out. That’s the biggest risk, honestly.
Another lawyer’s viewpoint.
ETA: BTW, you do realize that you give this blog a similar license over the words that you post here, yes? Can’t serve the page without it.
Mnemosyne
@Mary G:
Oh no! Sucky housemates are sucky. DTLA is seriously gentrified now, especially compared to when I first arrived.
We found out in another thread that lamh apparently has godlike powers to call lightning down on our enemies, so maybe you could have first pick of who gets fried first. ?⚡️
Van Buren
@raven: You forgot EZPass
Cheryl Rofer
Jeffrey Lewis explains some of the problems.
Villago Delenda Est
@Mike J: In a society that values people before profit, this would not be a problem.
We do not live in that society; we live in its polar opposite.
oldster
As far as I can tell, the Fitbit Alta HR does not have any GPS capability.
So it tracks my steps and heartrate, but not a GPS location. The soldiers who are giving away info to Strava must be using a better model.
ProfDamatu
@oldster: Same with the Charge 2, though that one can piggyback on your phone’s GPS (which requires that you have your phone on you).
One aspect of this that I’m still mulling over – I’m a Strava user, and though it is true that Strava collects and crunches GPS data, those data are only from “activities” – basically, workouts. If you’ve got one of the fancy Fitbits that has native GPS capability, it would be Fitbit that would have the ability to track you throughout your day, not Strava. So…people are doing workouts all around these sensitive sites, and uploading them to Strava, apparently.
Origuy
I have a Fitbit Surge, which does have GPS capability. It doesn’t record the GPS tracking unless you enable it, which uses a lot more battery. I think it does use GPS for determining things like steps and stair climbs, but doesn’t store the GPS. As ProfDamatu said, if you start a run or cycle activity, the GPS tracking is turned on. I don’t use Strava; I upload to orienteering specific sites.
DHD
Hmm, I was under the impression that I had to actually opt into sharing my data with the global heatmap, and that my “privacy zones” were excluded… At least that’s the way the Strava interface works.
I remember explicitly turning this on because I like using the heatmap to find ski and bike trails that are poorly marked and I wanted to return the favor.
I can’t say I have a lot of sympathy for military personnel who have trouble following simple instructions like this. Isn’t that, like, what they teach you to do in the military?