Upon further investigation, researchers found all of the recorded workouts in classified military operations zones were completed and uploaded by a user named Geraldo Rivera.

The issue here really isn't strava. It's forward deployed military personnel who are negligent in operational security.

There is no use case for anyone on a forward deployed base to upload an activity to strava. Zero. Zilch. None.

But even if they do it, any activity marked private is excluded from the heatmap. And there is definitely no use case to upload an activity from a forward deployed base that is viewable by the public.

It's amazing that it didn't occur to some of these guys that they shouldn't be recording their workouts with gps and uploading them to the internet.

As an analyst, I find this story interesting because it brings up interesting ethical issues. Even though people upload and share their data knowingly, companies do need to give a lot of thought to how much of that data they should share, even when they think it's anonymized.

It definitely shows sloppiness on their part not to do a check of their output for that before publishing.

It took a while, but I just got it

---

"What's your claim?" - Ben Gravy
"Your best work is the work you're excited about" - Rick Rubin

This is actually one of my pet peeves of Strava. Well actually not Strava but users. I get it, we all like Strava and use it extensively. However, I wish more people would default their uploads as private. We don't need to see your bike ride to the grocery store, walking the dog/kids, splashing around in the backyard pool or really for that matter all the damn Zwift/Trainer Road rides. I do all of these things (except trainer rides) but they (and everything else I do) are marked private from start. I then make public my actual workouts.

So what about segments and KOM’s?

---

Matt

I just retired two and a half years ago and when I signed my disclosure statements, was debreifed and “read off” this came up if I had uploaded any GPS training logs to an online training journal so I guess it’s been going on for a bit.
I agree no excuse for these guys/gals. Pull their Clearances, that’ll have a huge domino effect on them for their carelessness.

https://vitals.lifehacker.com/...-you-live-1822516959

https://blog.strava.com/privacy-14288/

---

"What's your claim?" - Ben Gravy
"Your best work is the work you're excited about" - Rick Rubin

They could, but that would only work for known named facilities. There’s times when SpecOps and OGAs designate an Operating base or area that’s only named by a number and known on a need to know basis.
It’s not so much the imagery I see as a problem, I see the problem as back tracked to who the person that was known to be in that area and connecting to dots.

Squid, you're probably former Navy so this isn't directed at you. It's a general point.
A good fraction of military folks are children. In the past 20-30yrs we've made it even worse because we treat the E1-3's like children instead of trying to quickly turn them into adults.

On TV and in the movies we see military types portrayed by adult-ish types portraying them as adult-ish characters. But the truth is that there's a huge # of 18-20yr old types that are still knuckleheads. That's not really a criticism, mind you. The vast majority of them are loveable hard-chargers, but they're still largely knuckleheads stuck in a system that doesn't expect them to show that much maturity for years yet.

I was a Marine 82-88 and in the Army 88-'05. I saw big changes occur during that period. In the '80's there seemed to be an expectation of adult behavior from us youngsters. Example: I was issued live ammunition as a Marine Corps PFC (E2) because I had "guard duty" in garrison. The most dangerous thing we faced during those nights was falling out of a top bunk. That's how much we were trusted, live ammo IN GARRISON. And we tried hard to earn and retain that trust. But by the late '90's in the Army, young soldiers were treated, imo, like junior HS kids. And those young soldiers fulfilled that expectation. If you expect a lot, you can usually get a lot. But if you don't expect a lot, you get that also.

---

Books @ Amazon
"If only he had used his genius for niceness, instead of Evil." M. Smart

Good point. I would assume that the exact position of any base secure enough to go for a jog around is know to any enemies. But it would be pretty easy for someone to match up all the guys who went for a run in, say, San Diego with the same user names as guys who took a jog in Africa or the Middle East and make some use of that.

Maybe we hired some guys to run squares out in the desert and the real base is 10 miles away . . . . .

Since a GPS receiver is a only passively receiving signals from GPS and GLONASS satellites there isn't a security risk from "connecting" to Russian satellites.

On the other hand, if you're worried about the Russians messing with your KOM attempt by altering/jamming their own GLONASS signals, then definitely turn GLONASS off.

Please be careful Ranger Gress. Because what you just said could be taken out of context and you would sound like a "Liberal Military Hating Teacher" in California.....Sorry I could not resist

---

2017 Cervelo P2
2017 Cervelo S2
itraininla.com
#itraininla

<ouch> You wound me sir! <g>

---

Books @ Amazon
"If only he had used his genius for niceness, instead of Evil." M. Smart

I'm frequently surprised by how many people think GPS watches and phones are communicating with satellites. I suppose the fact that satellite phones *do* communicate with satellites is at least partly responsible for that confusion

I don't know about that. There are now well over a dozen Strava-like apps. Is the U.S. military supposed to send them all like a weekly list of the locations and boundaries of all their forward operating bases so they can be properly blacked out? That, in itself, sounds like a really Bad Idea for a variety of reasons.

I'm not sure the analogy to Google maps is a perfect one.

Strava does a lot of stupid things.
I think strava should figure out that when I worked out with.... myself, that really, I was just using both my watch and phone.
I wish they could set, say, Bolt's pace in the 200 as an automatic flag for running times.

This one I can't blame them for. I don't think you can blame a GPS social media ap for uploading GPS data to its social media platform. Strava is what it is and I don't see anything here that differs from its stated intention.

I do wonder about the wisdom of the military's 2013 distribution of fitbits, which seem to play into this story as well.

I've been working with industrial-grade GPS (if we want to call it that) since 1994 and also with these wearable GPS devices since the first Garmin forerunner that was the size of a pregnant hockey puck maybe 15 years ago. What's happening is the tech is moving faster than the average person can keep up with and understand. The nuances of what gets recorded, what gets uploaded, and how to prevent it on all the different platforms is too much for any individual to know unless that's their specialty. Hell, I work in this field and I have to double-check what's happening just to keep up, and I am actually trained in the science of it.

Some of this hidden base stuff is unintentional. Turning it off is yet another setting on yet another page, buried 4 pages in on your profile that people only kind of understand what the language means, based on a device that was given to them as an Xmas present and they just turned on and started using and didn't know.

Think of how simple life's things to remember or know was just 50 years ago vs. today. Some of this hidden base problem is just pure overwhelm of "too much crap to keep up with" for people who's it's not their specialty. Steve or Sally's specialty is already negotiating Iraqi land ownership feuds in Farsi; they don't have time to keep up with where Polar and Strava put their stupid privacy settings this week, if they knew about them at all.

One part of my job has to do with planning bike lanes and sidewalks and such around my city. I might have been the first ever person to show planners the Strava heat map the day it first came out. But I had to caution them; This is not where people who need to ride bikes ride bikes to get to work or school or whatever. This is where people like to ride bikes to exercise. A planner's first priority is to get people to work or school, recreation comes second. Just because nobody's biking down Smith Ave. on the Strava heat map doesn't mean you shouldn't put a bike lane there. 6th graders aren't on Strava. The cooks that make minimum wage at the Mexican restaurant and bike or walk to work don't use Strava. And those people need sidewalks and bike lanes more than we sporty cyclists ever could. Their routes put food in their kids mouths and a little bit of pavement and a white stripe where they bike could make all the difference in the world.

Like I said, it's becoming more and more difficult to keep up with the tech and what the tech actually means. We have to be patient and show some extra restraint and understanding and try to move towards handling this stuff in a productive way.

---

----------------------------------------------------------
Zen and the Art of Triathlon. Strava Workout Log
Interviews with Chris McCormack, Helle Frederikson, Angela Naeth, and many more.
http://www.zentriathlon.com

You’re correct on both statement 100%. Google maps is not 100% restricted to the land space as far as being a sensitive site, now what you see in sensitive areas is a different story. You won’t see a B2 or F-117 on the tarmac anywhere. Those will be sanitized from the imagery.

You'd think this would be common sense in a world where both PERSEC and OPSEC (Personal Security and Operational Security) are preached, but it's actually not shocking that it wasn't. Activity trackers are highly encouraged in the military world, where physical fitness matters. Apps like Strava are especially useful because they provide quality tracking while costing a junior enlisted soldier nothing. (These kids can't exactly afford a new Garmin.)

The tricky thing is that the younger servicemen and women grew up in a social media world and don't know life without it, and therefore don't think about it the same way even a 30-year-old does. I'm sure some of the hot spots were also 36-year-old men with decent security clearance and zero social media sense. It might seem crazy to STers, but some people use Strava just for the tracking and don't clue into or care about the social aspects. It's plausible that quite a few of the offenders are very strict with security on their social media sites like facebook and instagram and literally do not think of Strava as social media. So they all obey the specific OPSEC rules to not post on facebook about locations and deployment dates, etc., but something like Strava publishing their seemingly meaningless data doesn't even cross their minds. Therefore, these issues need to be identified, addressed, and spelled out at a basic level to make sure everyone is both conscious of the risks and compliant with the rules.

On a similar note, I make a point of never making an activity public if I started or finished it within a certain radius of my house. My husband, however, used to share workouts that literally started at our front door. That extra level of security had just never occurred to him, because he is a man and doesn't naturally think about safety precautions the same way women have to. (That said, he cringed when he saw this report, so at least he gets it when it comes to national security, ha.)

1) I set up 'privacy zones' around a few spots - my parents' houses, the kid's school - so that none of that information is easily available to someone who just clicks on my profile. (our house is one of 1400 apartments in our complex, so i don't bother w/one there).

2) I assume that those privacy zones don't really do that much. They just make it so that if someone is after me, they'll need to do modicum of legwork to figure out my more precise locations.

3) But: i'm just a guy. I've got zero security clearances or anything like that.

I still don't get how people didn't realize that a location tracking ap was tracking their location....