|
Strava is hella leaky anyhow. I played with stuff to determine home locations of people who own high value bikes. Strava obscure this information by excluding a circle of X metres around the person's house. With enough data it's trivial to figure out where they live, just look at the centre of the literal dead spot. That's why I set my home location as someone else's address -- with my place still in the dead spot, just not the centre.
|
#
?
Jan 30, 2018 10:20
|
|
|
|
| # ? May 3, 2024 18:24 |
|
|
Chalks posted:I'd say it was absolutely the military. Yeah, releasing this sort of data is arguably irresponsible, but malicious actors don't need to wait for something like this to be released publicly if there's no policy against carrying these devices.
|
|
#
?
Jan 30, 2018 10:30
|
|
|
yoloer420 posted:Strava is hella leaky anyhow. I played with stuff to determine home locations of people who own high value bikes. lol at that obfuscation
|
|
#
?
Jan 30, 2018 10:30
|
|
|
also wheres cheese-cube at
|
|
#
?
Jan 30, 2018 10:31
|
|
|
anthonypants posted:counterpoint: maybe we shouldn't allow corporations to collect non-anonymous data on this scale without an explicit opt-in Sure, but requiring a malicious actor to observe a tracking "opt-in" box isn't a particularly secure way of avoiding being tracked. Laws to enforce that sort of thing are great for average civilian vs evil megacorp, but not terribly useful in a military personnel vs foreign intelligence operatives which is what we theoretically have here. It's absolutely up to the military to prevent this sort of thing because no matter what, you can't trust random people writing software for your civilian phone.
|
|
#
?
Jan 30, 2018 10:46
|
|
|
LIVE AMMO ROLEPLAY posted:Can’t wait until we find out the moon landing was fake because sombody played Pokemon Go in a classified location or some poo poo. counterpoint: the global failure of democracy and the coming panopticon ubiquitous police state does not, in fact, rule
|
|
#
?
Jan 30, 2018 10:55
|
|
|
Krankenstyle posted:also wheres cheese-cube at oh i got too drunk and fell asleep. also i stand corrected re severity of the strava poo poo, i had no idea it was an "always on" deal, that's kinda hosed who would opt-in (or out?) to that? i thought it was just one of those things that you start and stop when exercising or something.
|
|
#
?
Jan 30, 2018 11:19
|
|
|
My understanding is that it is only on when you manually start tracking. Unless you're using certain fitness trackers which will automatically export data to Strava.
|
|
#
?
Jan 30, 2018 11:50
|
|
|
anthonypants posted:counterpoint: maybe we shouldn't allow corporations to collect non-anonymous data on this scale without an explicit opt-in but installing the app, or wearing a fitness tracker and uploading everything is about as opt-in as it gets? people just don't give a poo poo about any of this
|
|
#
?
Jan 30, 2018 11:53
|
|
|
FAT32 SHAMER posted:My question is who is more fault here, Strava for releasing the map, or Military institutions for not banning these devices both deeply at fault, even if the military did everything right they are still only serving as the example of the issue with strava releasing the data
|
|
#
?
Jan 30, 2018 11:56
|
|
|
military has policies on these devices anyway, it's lack of enforcement and exemptions
|
|
#
?
Jan 30, 2018 12:07
|
|
|
strava quite clearly did the whole exercise as a PR stunt which honestly has worked magnificently for them because the main narrative being pushed is that the end-users are at fault and "should have known better" as opposed to "strava released data from their users to the entire world in an irresponsible manner" edit: actually one thing im not clear on is how the software works. does it need a network connection to upload positioning and poo poo in realtime or does it just record position data and upload when next on the network? Pile Of Garbage fucked around with this message at 12:16 on Jan 30, 2018 |
|
#
?
Jan 30, 2018 12:14
|
|
|
Intel may have informed the Chinese their CUPs had flaws before the US: https://www.technologyreview.com/th...chnology+Review
|
|
#
?
Jan 30, 2018 12:15
|
|
|
cheese-cube posted:strava quite clearly did the whole exercise as a PR stunt which honestly has worked magnificently for them because the main narrative being pushed is that the end-users are at fault and "should have known better" as opposed to "strava released data from their users to the entire world in an irresponsible manner" I don't think the release of the data itself is all that important in this case - the fact that this tracking data exists means it was always possible for it to get out, be it through hacking or whatever. You can't have a problem with Strava showing this information to random people but at the same time be happy with them collecting it and storing it. It's effectively the same thing, the data is always at risk of exposure so the company may as well be straight about it being accessible.
|
|
#
?
Jan 30, 2018 12:23
|
|
|
cheese-cube posted:strava quite clearly did the whole exercise as a PR stunt which honestly has worked magnificently for them because the main narrative being pushed is that the end-users are at fault and "should have known better" as opposed to "strava released data from their users to the entire world in an irresponsible manner" i know the phone app can either upload over mobile network or wifi and i think default is wifi only, you can choose which because data rates etc. no idea about how fitness trackers work. also, i'm definitely not arguing this is the users' fault in any way, this is all on strava. i'm just saying people don't give a gently caress about privacy
|
|
#
?
Jan 30, 2018 12:27
|
|
|
cheese-cube posted:does it need a network connection to upload positioning and poo poo in realtime or does it just record position data and upload when next on the network? Real time upload is a feature available to pro users. You gotta pay monthly for that stuff.
|
|
#
?
Jan 30, 2018 12:38
|
|
|
yoloer420 posted:Real time upload is a feature available to pro users. You gotta pay monthly for that stuff. hahaha
|
|
#
?
Jan 30, 2018 12:39
|
|
|
Wiggly Wayne DDS posted:military has policies on these devices anyway, it's lack of enforcement and exemptions ding ding ding
|
|
#
?
Jan 30, 2018 13:50
|
|
|
Chalks posted:I don't think the release of the data itself is all that important in this case - the fact that this tracking data exists means it was always possible for it to get out, be it through hacking or whatever. You can't have a problem with Strava showing this information to random people but at the same time be happy with them collecting it and storing it. It's effectively the same thing, the data is always at risk of exposure so the company may as well be straight about it being accessible. but isn't the fact that it records where you go and poo poo a literal feature of the app? the apps' existence and continued usage guarantees existence of the data. you can't exactly criticise them for doing exactly what it says on the box. however im sure you can criticise them for the way in which they did it (opt-out instead of opt-in) and the way that they explained it to the end-users. by using the app people are choosing some functionality over their own personal privacy and the only way to really prevent that is through educating them i guess.
|
|
#
?
Jan 30, 2018 14:19
|
|
|
LIVE AMMO ROLEPLAY posted:Can’t wait until we find out the moon landing was fake because sombody played Pokemon Go in a classified location or some poo poo. well poo poo how else do you get a mew huh?
|
|
#
?
Jan 30, 2018 14:19
|
|
|
Truga posted:but installing the app, or wearing a fitness tracker and uploading everything is about as opt-in as it gets? I think it’s more the average person doesn’t realize they have to give a poo poo. Information privacy isn’t exactly a topic covered in schools.
|
|
#
?
Jan 30, 2018 14:24
|
|
|
i constantly argue with people on a local tech forum about this poo poo and the replies, every single time, boil down to "well, i'm not a criminal so i have nothing to hide", despite being shown tons of evidence how lack of privacy can ruin lives of entirely normal people. it's just not seen as an immediate threat like violence, even though it should be imo.
|
|
#
?
Jan 30, 2018 14:29
|
|
|
cheese-cube posted:but isn't the fact that it records where you go and poo poo a literal feature of the app? the apps' existence and continued usage guarantees existence of the data. you can't exactly criticise them for doing exactly what it says on the box. however im sure you can criticise them for the way in which they did it (opt-out instead of opt-in) and the way that they explained it to the end-users. by using the app people are choosing some functionality over their own personal privacy and the only way to really prevent that is through educating them i guess. I'm not totally familiar with the app itself, but from what I've read it markets itself as a social media platform for athletes - so uploading your tracking data seems like its primary feature. An explicit opt in for an application like this would be like Facebook having an opt in that makes your profile visible. If you don't want the app to perform its primary function then I'd have to question why you're paying for it. I'm not saying that the users are to blame - I'm just saying that I imagine that, for most users of a social activity tracking app, uploading your activity is it working as intended. If there are users out there who didn't think this was happening then I wonder what it was they thought it was doing. Chalks fucked around with this message at 14:55 on Jan 30, 2018 |
|
#
?
Jan 30, 2018 14:32
|
|
|
Main Paineframe posted:oh no, this authoritarian regime purging tens of thousands of people based on shoddy-to-nonexistent evidence might have made a tech mistake!!! eh, to me it's more about the measures developers should probably take to protect their users' privacy because seemingly minor things (like a tracking cookie, for example), could be used by authoritarian regimes to purge people.
|
|
#
?
Jan 30, 2018 14:39
|
|
|
Are people itt operating under the belief the Strava has 24/7 tracking data? Because that’s not how it works at all. You’ve got to consciously turn on tracking by starting an activity. “Real-time” premium tracking just means that a given activity is updated live rather than uploaded after it has been completed. Also this heat map has been available for years. yoloer420 posted:That's why I set my home location as someone else's address -- with my place still in the dead spot, just not the centre. As far as I know this is common practice for the obvious issue you mention. I do it, and I know a bunch of my Strava connections do too. edit: It seems like people are conflating Fitbit always-on step counting with Strava activity upload. Those mil guys chose to track and upload their PT.
|
|
#
?
Jan 30, 2018 14:39
|
|
|
Loucks posted:Are people itt operating under the belief the Strava has 24/7 tracking data? Because that’s not how it works at all. You’ve got to consciously turn on tracking by starting an activity. “Real-time” premium tracking just means that a given activity is updated live rather than uploaded after it has been completed. goons don't know something but still talk about it with an attempt at authority? stop the presses!
|
|
#
?
Jan 30, 2018 14:41
|
|
|
Was just trying to clarify. Am I wrong? Feel free to enlighten me when you’re done with the snark.
|
|
#
?
Jan 30, 2018 14:43
|
|
|
MononcQc posted:eh, to me it's more about the measures developers should probably take to protect their users' privacy because seemingly minor things (like a tracking cookie, for example), could be used by authoritarian regimes to purge people. authoritarian regimes don't actually need a reason though
|
|
#
?
Jan 30, 2018 14:46
|
|
|
it looks a lot worse for them if their excuse is obviously bullshit though, and looks are a a big part making an authoritarian regime not topple. in most cases, anyway
|
|
#
?
Jan 30, 2018 15:00
|
|
|
hey didn't we have a separate opsec thread? might be good to move the discussion over there or something. alternatively,  edit: vvv oh yeah i remember that now lol. it went full lf and imploded vvv Pile Of Garbage fucked around with this message at 15:21 on Jan 30, 2018 |
|
#
?
Jan 30, 2018 15:05
|
|
|
opsec thread was closed twice
|
|
#
?
Jan 30, 2018 15:12
|
|
|
Loucks posted:Was just trying to clarify. Am I wrong? Feel free to enlighten me when you’re done with the snark. you were right, other goons were wrong
|
|
#
?
Jan 30, 2018 15:25
|
|
|
Loucks posted:Are people itt operating under the belief the Strava has 24/7 tracking data? Because that’s not how it works at all. You’ve got to consciously turn on tracking by starting an activity. “Real-time” premium tracking just means that a given activity is updated live rather than uploaded after it has been completed. I’m pretty sure no one thought it was 24/7. The issue is "why is this information public, by default." I want to track my work outs, it’s motivation. I don’t want everyone to see my workouts. My privacy should be the default. I should not have to take extra steps to not share information.
|
|
#
?
Jan 30, 2018 15:34
|
|
|
the fact that the data collection isn't 24x7 isn't really relevant because people have already shown that it's possible to compromise people's privacy using the data that's been published edit: should say it's possible, not quite easy, i cant attest to the difficulty involved Pile Of Garbage fucked around with this message at 15:45 on Jan 30, 2018 |
|
#
?
Jan 30, 2018 15:42
|
|
|
Chalks posted:I don't think the release of the data itself is all that important in this case - the fact that this tracking data exists means it was always possible for it to get out, be it through hacking or whatever. You can't have a problem with Strava showing this information to random people but at the same time be happy with them collecting it and storing it. It's effectively the same thing, the data is always at risk of exposure so the company may as well be straight about it being accessible. that's why my email provider is just being straight with me when they upload everyone's emails to usenet they have the data so might as well just publish it right? otherwise people won't know they have any data WORTH KEEPING SECURE
|
|
#
?
Jan 30, 2018 15:54
|
|
|
Chalks posted:I'm not totally familiar with the app itself, but from what I've read it markets itself as a social media platform for athletes - so uploading your tracking data seems like its primary feature. An explicit opt in for an application like this would be like Facebook having an opt in that makes your profile visible. If you don't want the app to perform its primary function then I'd have to question why you're paying for it. no, the main function is recording your runs or bike rides for your own use, e.g. keep track of how fast you're going compared to previous trips, or how far you've gone over some period. sharing anything is additional functionality i mean i wouldn't expect a goon to know much about exercise regimens but goddamn
|
|
#
?
Jan 30, 2018 16:02
|
|
|
Loucks posted:Was just trying to clarify. Am I wrong? Feel free to enlighten me when you’re done with the snark. Ty for posting. I've been to busy to effort post. Side note: there are several Strava employees that post on the forum.
|
|
#
?
Jan 30, 2018 16:05
|
|
|
cheese-cube posted:oh i got too drunk and fell asleep. also i stand corrected re severity of the strava poo poo, i had no idea it was an "always on" deal, that's kinda hosed who would opt-in (or out?) to that? i thought it was just one of those things that you start and stop when exercising or something. I don't think it's always on, but a lot of vaguely fitness-minded people will use it throughout the day to track the number of steps they take as they walk around doing whatever the gently caress they do, and the "post everything to totally public heatmap" setting is opt-out rather than opt-in Wiggly Wayne DDS posted:military has policies on these devices anyway, it's lack of enforcement and exemptions lots of companies have policies on not clicking strange email attachments security would be a much easier field if you could trust users to follow simple instructions and not be huge idiots
|
|
#
?
Jan 30, 2018 16:06
|
|
|
Avenging_Mikon posted:I’m pretty sure no one thought it was 24/7. The issue is "why is this information public, by default." I want to track my work outs, it’s motivation. I don’t want everyone to see my workouts. My privacy should be the default. I should not have to take extra steps to not share information. yeah this. Local storage/no upload should be default
|
|
#
?
Jan 30, 2018 16:07
|
|
|
|
| # ? May 3, 2024 18:24 |
|
|
The Electronaut posted:Ty for posting. I've been to busy to effort post. Side note: there are several Strava employees that post on the forum.  so what? SHOW YOURSELVES, COWARDS!!!
|
|
#
?
Jan 30, 2018 16:08
|
|