Cell phone tracking is better at surveillance than the best stuff the military has.
https://www.washingtonpost.com/national-security/2024/02/22/... has a fun story about a time at Fort Irwin (US Army laser tag in the desert) one side couldn't figure out how an attack helicopter got through their defenses, until they did some queries on a commercial cell phone tracking database and found the cellphone moving across the desert at 120mph. Hole identified, plugged for the next round.
And also talks about how the Ukrainians and Russians are having a great deal of trouble with cell phone OPSEC even after years of shooting war.
Related:
Strava heatmap can be used to locate military bases - https://news.ycombinator.com/item?id=16249955 - Jan 2018 (271 comments)
Turns out soldiers enjoy tracking their runs around the base!
The simplest solution to this is bureaucratic. Establish an app approval cybersecurity office within some agency and have the office make two lists: apps that have specific security configurations that need to be enabled and apps that are outright banned.
Then you just make compliance with the lists necessary for certain security clearances.
This is why I only use Strava to share with my followers.
Yes, it's an extra step after my workout to edit, add pics if any, choose my activity level if I was too lazy to put on my HR monitor, and then only post to my followers.
Yes, this means I get less likes and can't participate in challenges etc. But it's really about sharing with my colleagues and friends so they can motivate me for my next ride.
Other sources: Haaretz Investigation: Intelligence Operation Collected Information on Sensitive Israeli Bases, Soldiers <https://www.haaretz.com/israel-news/security-aviation/2024-1...> <https://archive.is/2024.10.29-113518/https://www.haaretz.com...>
Not sure if the format for this article is standard these days, but oh man do I hate it.
Strava has suffered from this and had known attacks for 10+ years now. There was a famous case around Colorado of a mistaken doxxing attack driven by Reddit. Due to mistaken identity, attackers pursued an innocent victim using their Strava account. The Strava location was the cause of both the mistaken identity case and abused to find and dox the victim.
Strava’s anonymization algorithm (the bubble feature) is primitive and trivially de-anonymized with basic triangulation.
The company has never adequately responded to privacy concerns despite many abuse cases.
In video form (the Guardian article talks about a Le Monde investigation):
Was there a breach with Strava or did people simply choose to publish their location publicly?
Along these lines some cyclists have had their gear stolen by thieves who figured out where they live from Strava data.
They have a feature to block part of your route when near your home but some folks aren’t aware of it (or learn the hard way)
Strava deserves all the blames it get, but don't you need some serious skills to find out who are the agents guarding Biden/Harris/Trump? I mean, if you can literally track down the names of Secret Service agents guarding VIPs, then you can probably easily track them with other means (phone for example) no?
Speaking out of most likely ignorance of Secret Service, I was in the US Marines. I dealt with marine snipers a few times during training exercises, we were mainly serve as security protections. I've seen them train, shoot and handle combat scenarios. If any of those marine snipers want to take shot at a VIP, I can't imagine Secret Service will be able to do anything to stop it. Some of the snipers are putting rounds into a postal stamp at 1,000 yard / 900 meters.
I guess strava users didn't learn from the first time.
The problem with Strava is how invasive their location sharing is.
One has to actively search to disable it. And the integrations with Garmin Connect and the others are even worse.
Was the Biden Xi meeting supposed to be a secret? I think it's generally not difficult to locate the president.
What’s the point of Strava? Can’t people easily cheat on the results to outcompete others? Like what happens if I use an e-bike to beat the best times?
FitoTrack.
That's all I have to say about this.
Strava is a fitness app. So, apprently, the security detachment of political figures tends to use the app, presumably because they're into fitness and keep in shape, and their location can be tracked through the app.
As the security detachment tend to travel with the people they protect, political leaders locations can be inferred.
The article talks about body guards not being allowed to use social media/apps while on the job, they allow for provisions on use when not on active duty. So, I guess, the guards get a day off, use the app, wherever they are, broadcasting their location.
Crazy stuff.