U.S. military revising its rules after fitness trackers exposed sensitive data

<i>One popular route on a base in Iraq has been nicknamed “Base Perimeter” by the U.S. runners who regularly use it.</i><p>I&#x27;m truly gobsmacked that it never occurred to anyone that this might pose a problem. Maybe not the 19 year old grunt who signed up because getting a master&#x27;s in CS wasn&#x27;t in his future, but c&#x27;mon, there isn&#x27;t <i>someone</i> responsible for preventing data leakage? This is not some corner case, or some side-channel attack; Strava&#x27;s <i>whole business model</i> rotates around &quot;track where you&#x27;ve been with extreme accuracy, and let the world know about it&quot;. Otherwise I&#x27;d just keep the data locally, like I did in the old days.<p>But even if kept locally, what happened to the worry of radio leakage? Ten years ago I worked on some stuff that might end up being used by the military, and I distinctly remember a co-worker who used to be pretty high up in the army (colonel, maybe?) pointing out that in the field things like Bluetooth, et. al., were generally frowned upon for what I <i>thought</i> would be obvious reasons. Perhaps with the subsequent advent of more and more devices emitting radio signals, what used to be obvious isn&#x27;t so obvious anymore, so now we let military personnel run around with devices on their wrist that signal to anyone within 30m that they&#x27;re there.

What an interesting time to be in intelligence gathering.<p>Why even bother breaking into an air gapped DoD network to get classified data when you can target all these third party cloud companies that have secondary data that isn&#x27;t air gapped in classified networks, and most won&#x27;t have the security resources to really lock things down.<p>This is somewhere in the awkward middle between what&#x27;s called &quot;open source intelligence&quot; and traditional intelligence.<p>I don&#x27;t envy defensive cybersecurity staff and their jobs&#x2F;responsibilities.

I think that the idea of privacy is wishful thinking if the people in these locations are allowed to have their own unvetted electronics. It would not take more than one trojan smartphone application with a social media login until you are able to identify the person (and maybe graph more out of that, no GPS needed!).<p>And as an anecdote, back during my conscription, we were told to disable location services altogether and not take photos during training sessions, but I honestly think it had more to do with keeping in mind the best practices rather than avoiding anything to get &quot;leaked&quot;. The officers were sometimes seen with phones of their own, meaning the government issued tinfoil ones.

What activity would generate the tracks in the middle of the ocean? As I understand Strava whenever I switch it on it tracks my activity at that moment until I switch it off. Looking at the heat maps I get the impression that there is always on data being tracked in addition to those that are intending to track a specific activity. Do fitbit worn 24&#x2F;7 submit data constantly to strava?

I saw this unfolding bit by bit and thought: Wow, these people have not been paying attention during the AOL &#x27;anonymized&#x27; research database fiasco.<p>Let&#x27;s wait to see how long it will take before someone figures out how to ID the security detail jogging with a president somewhere.