91 points | by kawera21 hours ago
As the security detachment tend to travel with the people they protect, political leaders locations can be inferred.
The article talks about body guards not being allowed to use social media/apps while on the job, they allow for provisions on use when not on active duty. So, I guess, the guards get a day off, use the app, wherever they are, broadcasting their location.
Crazy stuff.
This was either a gap in social media policy by the guards, or a violation of that policy on the part of the guards.
https://www.theguardian.com/world/2018/jan/28/fitness-tracki...
Even if they use the anonymizing feature that masks their start/end points, if you find a few other members, you could be able to triangulate a big hotel near them and guess that that's where the crown prince stayed... and the next time you hear he's coming to NY/Paris, you have this information.
https://www.washingtonpost.com/national-security/2024/02/22/... has a fun story about a time at Fort Irwin (US Army laser tag in the desert) one side couldn't figure out how an attack helicopter got through their defenses, until they did some queries on a commercial cell phone tracking database and found the cellphone moving across the desert at 120mph. Hole identified, plugged for the next round.
And also talks about how the Ukrainians and Russians are having a great deal of trouble with cell phone OPSEC even after years of shooting war.
Seeing through walls with WiFi is better. Or slurping up the main pipes and decrypting it. Which they also have.
“Now the police dreams that one look at the gigantic map on the office wall should suffice at any given moment to establish who is related to whom and in what degree of intimacy; and, theoretically, this dream is not unrealizable although its technical execution is bound to be somewhat difficult. If this map really did exist, not even memory would stand in the way of the totalitarian claim to domination; such a map might make it possible to obliterate people without any traces, as if they had never existed at all.”
- Hannah Arendt
And, yeah, unintended uses are usually prime locations for security breaches. For a long time (maybe still?) metadata on pictures that people post would reveal far more than people meant. Thumbnails of cropped pictures, even.
Military tech is always a decade ahead of civilian, that's why the US has easily won every armed conflict they've entered into in the past 50 years
For nuclear energy, this might be true. But for nearly any other topic I’m very skeptical.
That's just false. Ok, maybe you don't count Vietnam, because the US "entered" there in the '60s, but Afghanistan was a sure loss and I'd say the same for Iraq (seeing how it's now in Iran's sphere of influence, which it wasn't under Saddam). Yes, they might have won some tactical battles, most probably all of them, come to think of it, but the wars themselves were lost.
Read like sarcasm to me.
Strava heatmap can be used to locate military bases - https://news.ycombinator.com/item?id=16249955 - Jan 2018 (271 comments)
Turns out soldiers enjoy tracking their runs around the base!
Then you just make compliance with the lists necessary for certain security clearances.
- apps that are allowed to be installed, pinned by version with a person responsible for monitoring them
Yes, it's an extra step after my workout to edit, add pics if any, choose my activity level if I was too lazy to put on my HR monitor, and then only post to my followers.
Yes, this means I get less likes and can't participate in challenges etc. But it's really about sharing with my colleagues and friends so they can motivate me for my next ride.
You travel with one of the most powerful people in the world?
Everyone deserves privacy - just like with Facebook, a bad actor watching your profile could infer your movements on Strava (or lack thereof) and use that to break into your home or steal your ride.
I'm taking issue with your statement that locating powerful people is somehow a threat model that is relevant to you. It isn't.
> a bad actor watching your profile could infer your movements on Strava (or lack thereof) and use that to break into your home or steal your ride.
Everyone using Strava who thinks this is relevant to their threat model is free to use the hidden address privacy feature, or the myriad other privacy features.
At the end of the day, Strava is an app for sharing your data. You have a lot of options for how much you want to share or limit that sharing. If you don't want to share anything ever, it probably isn't for you.
You likely have bot followers and API calls that can read your latest activity GPX data
The 2nd video focuses on the US Secret Service, finding 26 profiles of Biden's protection (and 100+ users who were geolocated inside the S.S. training facility). During the credits of that video, a journalist says, "Despite our warning about this issue to the US authorities, 14 of the 26 profiles are still public."
[1] - https://www.forbes.com/sites/cyrusfarivar/2024/10/12/strava-...
[2] - https://communityhub.strava.com/t5/strava-features-chat/opt-...
They have a feature to block part of your route when near your home but some folks aren’t aware of it (or learn the hard way)
Speaking out of most likely ignorance of Secret Service, I was in the US Marines. I dealt with marine snipers a few times during training exercises, we were mainly serve as security protections. I've seen them train, shoot and handle combat scenarios. If any of those marine snipers want to take shot at a VIP, I can't imagine Secret Service will be able to do anything to stop it. Some of the snipers are putting rounds into a postal stamp at 1,000 yard / 900 meters.
Not sure why Strava deserves any blame here. It's explicitly a social network for sharing your location and other training data. If you use it and share your location, that's it functioning exactly as designed.
One has to actively search to disable it. And the integrations with Garmin Connect and the others are even worse.
if you don't want to share your location, you probably should not use location-sharing apps.
When I think of location sharing apps, I think of garmin inreachme for search amd rescue.
Strava’s anonymization algorithm (the bubble feature) is primitive and trivially de-anonymized with basic triangulation.
The company has never adequately responded to privacy concerns despite many abuse cases.
That is not true. It picks a single random centroid near your privacy location and does the privacy feature based on that. Triangulation finds the random centroid, which is crucially not your hidden location.
Anyway, I think true claims make for much more interesting criticism than false claims.
I have the record on a short inconsequential running course near me. I occasionally get a notification that someone beat my record and I am forced to look at it; it is always someone on a bike or car, and I flag it and it eventually goes away. Also, my own record activity has been flagged multiple times despite it only being slightly faster than the second place finisher - I no longer bother trying to contest it. The joke is on the flagger since I have run the exact same record time, several times, so I still have the course record.
https://www.forbes.com/sites/kashmirhill/2012/06/20/a-quanti...
But it should be noted that the Strava user in question doesn't seem to have been cheating. For some reason, they were trying to set a legitimate score in an ill-advised way. There's no evidence here that cheating in Strava is a problem.
Is Strava promoting unsafe riding? Maybe. I don't really think so. But it's not connected to the cheating question.
I also use the gamification to compete - but really only against myself.
Above all, it's a social network based around sport. No baby photos, no politics, just people happily practising their sport - it's the anti-Tweeter and it's great.
People that can legitimately get a KOM on a segment tend to be known in a local community. If someone new shows up at #1, it's pretty obvious looking at their workout if its legit or not to someone familiar with the sport.
What's the point of wikipedia? Can't people just easily publish fake information? Like what happens if I make an article about myself?
It's pretty much a solved problem.
That's all I have to say about this.
Along with Out-Run on iphone.
Both work well and are pleasant to use. Record your exercise for yourself with no cloud.