Fitness tracking app can leak sensitive troop movement info, but not if it’s turned off
- Fitness app causes theoretical security breach
- Authorities to scrutinise
- Realists say “jog on, nothing to see here”
It seems that anything vaguely ‘social’ involving data collection is now automatically suspected of being an Internet bad actor in the wake of Facebook/Russian influence ferago (and several other Internet scandals and obvious shortcomings).
Take Strava, an innocent and (as far as we can judge) well-meaning maker of a fitness tracking app and Website - a sort of virtual Fitbit. Strava uses your smartphone’s geographical positioning smarts to track your fitness regime - assumed to be either jogging or cycling (walking to the refrigerator and back apparently doesn’t count).
Like many such IoT applications (the ‘things’ in this case being athletes) the individual raw data streams which make up each user’s jogging or cycling record is tremendously unexciting - even to them. But once you turn those millions of records into anonymised ‘big data’ it can all start cooking.
The so-called ‘heat map’ (illo above) is simply an expression of all the Strava users’ exercise movements around the world. Where it’s white hot there’s either a lot of jogging/cycling going on or a lot of Strava apps being used (apparently England and the Netherlands expends more sweat than anywhere else) or a lot of both. If you zoom in using the map, you can see the individual cycling or jogging routes.
But the real reason for the collection is so that users can, like the basic Fitbit, track their fitness regime and use the data to compare themselves to other users to spur themselves on to greater things. There are also games they can play using the data.
But like many big data collections extra utility is gained when it can be correlated with other things to derive interesting information - often gaining insights that nobody (least of all the app developers) expected.
In this case an analyst from United Conflict Analysts called Nathan Ruser used the data to correlate the known locations of military bases (easily spotted in many cases on Google maps) and use the Strava data to extrapolate the likely fitness routines of the personnel within.
This is a bit of a ‘so what?’ when it comes to US-located bases (surely the Russians already know where they are and that jogging/cycling service personnel are likely to be stationed in them), but it does get theoretically more serious when the locations are forward bases in combat zones like Afghanistan. Nathan suggested on Twitter that hostile forces could work out the movements of patrols or individuals by reference to the map, especially as the only Strava users likely to be in the wilds of Afghanistan were US military.
A hue and cry went up about the irresponsibility of Strava for making the information available in such a form.
The reality is, however, that US and other military personnel have long been lectured about turning off tracking applications and gadgets when in and around military facilities. Now they will just have to be lectured some more about Strava. And again, when another data collecting application gains traction amongst military personnel.