CliffordK

Well, the cat's out of the bag now.

The Military may well spend a Million Dollars working with Strava to try to scrub the data, or even put in fake data, but anybody wanting the data would/should download it as quick as possible now.

avole

Why bother? You can locate cinemas etc in overseas bases using google maps, as someone said. Try it.

tyrion

I think the military would require their own members to scrub their own data (clean up their own mess). If they cannot remove the offending data because the software doesn't allow that, Strava would be compelled to fix that.

Of course there will be a sizeable auditing program to ensure the data is being scrubbed.

Given this fairly big screw up, I think the DOD could use an outside white hat hacker team to be constantly trying to break the system (if they already have such a group, they failed here). Software companies will have "bug bounties" to help test their software - the DOD should be using some of the tech industry's tactics in these rapidly changing times.

CliffordK

It isn't exactly a bug.
And it isn't exactly DOD software.

The problem is that the software is performing exactly as it should perform.

Unfortunately, it is good at identifying certain classes of individuals which happen to include young American Military members.

One could, of course, blank out the "bases", as "home". The problem is if there are Strava users that travel from on base to off base, then the base will show up as a big white spot, and perhaps even highlight the soldier's routes off base.

Making all soldiers "private" will also tend to create a white base.

The reason my driveway is showing up on the heat map, I think, is an issue I've known for some time. I like to do round-trip "rides", usually just a day. Or, perhaps consolidate all my rides for a day into a single strava ride.

The problem then occurs on those rides where I head out beyond the edge of the "home base", then forget something, or otherwise, for some reason return home, then leave again (two leg trip?)

Strava then automatically blanks out the beginning and end of the ride as it should, but leaves the middle of the ride leading directly to my house.

This is complicated, as I also have defined a segment that runs past my house. And, do at least a portion of the traffic on the dead-end road. So, would look really odd showing me going along, disappearing for 100 yards, only to reappear.

The other issue is directional. The size of one's home zone is indeterminate. If one always approaches from one direction, then it is hard to predict exactly where one's zone ends. However, if one occasionally approaches from the opposite direction, then one should be able to center the zone pretty easily. Ideally, I'd like to hand-draw the exclusion zone rather than simply choosing Strava's circle. And, also determine how it deals with things like two trips from a single ride and round trips.

fietsbob

Bet they don't work , on a submarine, underway..

pdlamb

Being the paranoid type, I've been pre-treating all my Strava rides with fitfiletools to eliminate legs within some distance of home. Nice that my neighbors apparently don't, so all the bike rides in the area seem to end up at their garage. Nice for me, that is.

tyrion

Yes, it's a flaw in military security. When I suggested that the DOD needs a "white hat hacker" I meant to find these kinds of security flaws, not software bugs.

It is complicated and needs a lot of thought, but to start off I'd say, if you're in a conflict zone, no public Strava data. Period.

CliffordK

It would be easy enough to allow Big Brother to monitor which websites one could contact on government internet servers.

It still wouldn't prevent a person from going off-base to do the uploads, but could possibly knock off a lot of traffic. And, if there is a formal policy... better not be caught doing an end run around the regulations.

Likely, however, this is a case of the soldiers, managers, and IT all being on different pages.

CliffordK

I am trying to think of why a soldier would actually use Strava in a war zone. But, perhaps they aren't being paid to think.

Even in the "Green Zone" in Iraq, I don't think I'd want to advertise my favorite jogging routes, or for that matter, have others advertise them either.

tyrion

Strava makes data public by default. Lots of people probably don't even realize the data they're publishing, they think they're just recording their mileage.

CliffordK

Really?

And all those segments and challenges and KOM's... not public either?

Rollfast

This should be off to FOO.

Rollfast

Combined with this existing thread there https://www.bikeforums.net/foo/11344...area-51-a.html

Milton Keynes

The thing is that it's not hard to figure out the layout of military bases from Google Maps. And I'm sure the Russians mapped them all out using satellite imagery a long time ago.

canklecat

The concern would be for military or stealth personnel assigned to low profile installations. They may not even wear uniforms in public or places at their duty stations visible to the public or visitors. But they may be expected to maintain rigorous physical fitness standards, particularly if they're members of a special forces or similar unit. I know a few folks in similar situations.

Also, installations that are intended to be secretive or under a cover story that the installations don't house military personnel might be given away by activity data that registers as formations.

If that seems unlikely, keep in mind that some folks are so fastidious about logging their activities that they post every movement to Strava. I have some friends who log every ride or walk, even less than a mile, including short commutes and trips to/from lunch, etc. They aren't in any sensitive positions, but if there are folks in the military who are that obsessive about logging every physical activity, they might underestimate the risk associated with providing such detailed data about every habit. Particularly in duty stations where kidnapping is a greater risk than an assault on an installation or formation. Some military folks I know aren't assigned to regions associated with suicidal terrorists. They're assigned to aiding local government in controlling drug cartels, who are not suicidal and are more likely to target individuals for murders or kidnappings.

Rollfast

Again, this topic was posted to Foo in another thread. Since it isn't directly about cycling (it covers jogging and physical activities in general) and also is about US military actions being inadvertently revealed and that's also debatable but more of an embarrassment to the government if true, it does not belong in GCD.


As such I've asked that it be moved and perhaps combined with other threads.

canklecat

Yup, it's possible. I have several KOMs on private segments. Means nothing to anyone but me.

But I've noticed that some of my uploads were inadvertently made public. Not my intention so I had to re-lock those activities. Not a glitch, just a difference in how some mobile apps set defaults -- on/public vs off/private.

In some cases I just modified existing public segments to suit my personal practices. For example a popular nearby challenging roller coaster route has been my nemesis for two years. There are two public segments but neither quite suits my riding habits. One is so short I doubt it's possible to record accurately (some older Strava segments were less than 0.2 mies). Another extends four miles beyond where I usually turn. So I created my own 2 mile segment within that same route. I can monitor my own progress on the very short, steep and exhausting beginning segment just by highlighting within the full segment.

Also, it's not immediately clear to me whether Strava uses private logs to contribute to publicly visible heat maps. Last time I checked was a couple of years ago when I first created a Strava account. Haven't checked back since.

But if I were still in the military, and assigned to any sensitive duty, I'd probably avoid using Strava as my default activity app. I'd use Cyclemeter and selectively upload to Strava only after determining there was no risk to uploading to Strava publicly or privately. By default, Cyclemeter stores data only on the user's personal device. You must choose to share that data or upload to any cloud storage.

avole

Why do you think this is about US military actions? I use strava, and I’m in France, where no doubt the military use it too. Same could be said about any other country.

Anyway, it’s pointless, since, if I can find detailed photos of US bases, so can anyone.

SHBR

Most military bases are well protected, I doubt a group of cyclists pose much of a threat.

Feel free to find a historical precedent that proves otherwise.

OP is a non story, but the reactions are not.

Bike theft is probably the biggest problem related to social media and cycling.

Soldiers are more important than people.

avole

Well, there was the Japanese military using bicycles when they invaded what was then British Malaya in 1941 ...

SHBR

1941, fair enough, how bout anything in the last two decades?

thedave80

It's not about locating the military bases (except when it identifies bases or locations that aren't advertised), it's about identifying patterns that can be used against you. You look at the map and you can identify common routes people take, gathering spots, places where people aren't. All of this is information that can't be gathered from looking at a satellite photo and that would previously require someone to be on scene to inspect the area. Now it is easily accessible, eliminating the need for months, if not years of dangerous and risky intelligence gathering operations.

Soldiers more important than people? Soldiers are people, people working in locations where they are viewed as symbols and targets. It's not fun, and it's sobering when you think about that everything you do as a person doesn't matter to someone who doesn't like your country and what you're doing. And don't forget, at most bases there are many civilians working alongside the military folks.

I don't often post on here but this is a big deal, and it makes me nervous. I know there's a lot of people on here that don't care for the military and that's fine, but that doesn't negate the seriousness of this. If anything, it should underscore the need to be smart about maintaining your online presence.

Rollfast

To answer the last poster, soldiers ARE people. If you have actually read about this you'd know that the 'heat signatures' of the user profiles may be giving the enemy locations of previously secret operations.


So, it's really NOT about your bicycles. It's about national security. Therefore, it's not GCD.

SHBR

Social media is ALL about your behavior.

If users can't figure that out, they will suffer the consequences.

Anything you do or say can and sometimes will be used against you.

Anyone can be a target, and usually innocent civilians make easier, softer targets.

Trained killers should make everyone nervous.

avole

Spot on, SHBR.

Remember, these guys are talking about the countries where the US is at war, which are Afghanistan and Syria. In practice it is only in Afghanistan where this could apply, and, to be honest, the animosity of a large part of the civilian population towards their own and the US military is probably way more critical than strava's heat signatures in US bases.