Strava is a fitness app. So, apprently, the security detachment of political figures tends to use the app, presumably because they're into fitness and keep in shape, and their location can be tracked through the app.
As the security detachment tend to travel with the people they protect, political leaders locations can be inferred.
The article talks about body guards not being allowed to use social media/apps while on the job, they allow for provisions on use when not on active duty. So, I guess, the guards get a day off, use the app, wherever they are, broadcasting their location.
Crazy stuff.
netsharc 14 minutes ago [-]
Yeah, the targetting isn't that difficult, I guess. If you know crown prince Akeem Joffer was in New York 5 days ago, and is in Paris 3 days ago, you can probably diligently query Strava users who weren't in New York for a long time but showed up 5 days ago, and see if they showed up in Paris 3 days ago, and boom, you've found a member of his entourage.
Even if they use the anonymizing feature that masks their start/end points, if you find a few other members, you could be able to triangulate a big hotel near them and guess that that's where the crown prince stayed... and the next time you hear he's coming to NY/Paris, you have this information.
mandevil 53 minutes ago [-]
Cell phone tracking is better at surveillance than the best stuff the military has.
https://www.washingtonpost.com/national-security/2024/02/22/... has a fun story about a time at Fort Irwin (US Army laser tag in the desert) one side couldn't figure out how an attack helicopter got through their defenses, until they did some queries on a commercial cell phone tracking database and found the cellphone moving across the desert at 120mph. Hole identified, plugged for the next round.
And also talks about how the Ukrainians and Russians are having a great deal of trouble with cell phone OPSEC even after years of shooting war.
jklinger410 20 minutes ago [-]
Cell phone tracking _is_ what the military has.
Seeing through walls with WiFi is better. Or slurping up the main pipes and decrypting it. Which they also have.
taeric 44 minutes ago [-]
Probably not better than the best stuff the military has... Still really good, mind.
And, yeah, unintended uses are usually prime locations for security breaches. For a long time (maybe still?) metadata on pictures that people post would reveal far more than people meant. Thumbnails of cropped pictures, even.
FactKnower69 3 minutes ago [-]
>Probably not better than the best stuff the military has...
Military tech is always a decade ahead of civilian, that's why the US has easily won every armed conflict they've entered into in the past 50 years
r00fus 17 minutes ago [-]
This is why I only use Strava to share with my followers.
Yes, it's an extra step after my workout to edit, add pics if any, choose my activity level if I was too lazy to put on my HR monitor, and then only post to my followers.
Yes, this means I get less likes and can't participate in challenges etc. But it's really about sharing with my colleagues and friends so they can motivate me for my next ride.
zardo 3 minutes ago [-]
> This is why I only use Strava to share with my followers.
You travel with one of the most powerful people in the world?
marcellus23 14 minutes ago [-]
You can set your activities to be private by default, you don't need to change it for every activity individually after you upload it.
netsharc 20 minutes ago [-]
In video form (the Guardian article talks about a Le Monde investigation):
The problem with Strava is how invasive their location sharing is.
One has to actively search to disable it. And the integrations with Garmin Connect and the others are even worse.
slibhb 44 minutes ago [-]
Was there a breach with Strava or did people simply choose to publish their location publicly?
pndy 14 minutes ago [-]
They recently introduced "Athlete Intelligence" [1][2] feature that wasn't received well by users so I'd guess this is a pr stunt so people would forget about it
Along these lines some cyclists have had their gear stolen by thieves who figured out where they live from Strava data.
They have a feature to block part of your route when near your home but some folks aren’t aware of it (or learn the hard way)
nickff 24 minutes ago [-]
That feature is fairly recent, and I believe it is now enabled by default.
hondo77 2 minutes ago [-]
If by "is fairly recent" you mean "has been around for over six years", yes.
blackeyeblitzar 23 minutes ago [-]
What’s the point of Strava? Can’t people easily cheat on the results to outcompete others? Like what happens if I use an e-bike to beat the best times?
jerlam 3 minutes ago [-]
There is no reward for getting the best time. Also, the people that you beat are extremely motivated to investigate and flag your activity; it will look pretty obvious that it was ridden on an e-bike due to incorrect / missing data like heart rate and wattage.
I have the record on a short inconsequential running course near me. I occasionally get a notification that someone beat my record and I am forced to look at it; it is always someone on a bike or car, and I flag it and it eventually goes away. Also, my own record activity has been flagged multiple times despite it only being slightly faster than the second place finisher - I no longer bother trying to contest it. The joke is on the flagger since I have run the exact same record time, several times, so I still have the course record.
r00fus 14 minutes ago [-]
Strava is a social app with a gamification angle. I use the social to share my rides (only) with people who follow me and to view people I follow to get inspired.
I also use the gamification to compete - but really only against myself.
Rendered at 21:37:34 GMT+0000 (Coordinated Universal Time) with Vercel.
As the security detachment tend to travel with the people they protect, political leaders locations can be inferred.
The article talks about body guards not being allowed to use social media/apps while on the job, they allow for provisions on use when not on active duty. So, I guess, the guards get a day off, use the app, wherever they are, broadcasting their location.
Crazy stuff.
Even if they use the anonymizing feature that masks their start/end points, if you find a few other members, you could be able to triangulate a big hotel near them and guess that that's where the crown prince stayed... and the next time you hear he's coming to NY/Paris, you have this information.
https://www.washingtonpost.com/national-security/2024/02/22/... has a fun story about a time at Fort Irwin (US Army laser tag in the desert) one side couldn't figure out how an attack helicopter got through their defenses, until they did some queries on a commercial cell phone tracking database and found the cellphone moving across the desert at 120mph. Hole identified, plugged for the next round.
And also talks about how the Ukrainians and Russians are having a great deal of trouble with cell phone OPSEC even after years of shooting war.
Seeing through walls with WiFi is better. Or slurping up the main pipes and decrypting it. Which they also have.
And, yeah, unintended uses are usually prime locations for security breaches. For a long time (maybe still?) metadata on pictures that people post would reveal far more than people meant. Thumbnails of cropped pictures, even.
Military tech is always a decade ahead of civilian, that's why the US has easily won every armed conflict they've entered into in the past 50 years
Yes, it's an extra step after my workout to edit, add pics if any, choose my activity level if I was too lazy to put on my HR monitor, and then only post to my followers.
Yes, this means I get less likes and can't participate in challenges etc. But it's really about sharing with my colleagues and friends so they can motivate me for my next ride.
You travel with one of the most powerful people in the world?
- Pt 1: https://www.youtube.com/watch?v=4eQKnV0zsMc
- Pt 2: https://www.youtube.com/watch?v=KX7f1PwXEWg
One has to actively search to disable it. And the integrations with Garmin Connect and the others are even worse.
[1] - https://www.forbes.com/sites/cyrusfarivar/2024/10/12/strava-...
[2] - https://communityhub.strava.com/t5/strava-features-chat/opt-...
They have a feature to block part of your route when near your home but some folks aren’t aware of it (or learn the hard way)
I have the record on a short inconsequential running course near me. I occasionally get a notification that someone beat my record and I am forced to look at it; it is always someone on a bike or car, and I flag it and it eventually goes away. Also, my own record activity has been flagged multiple times despite it only being slightly faster than the second place finisher - I no longer bother trying to contest it. The joke is on the flagger since I have run the exact same record time, several times, so I still have the course record.
I also use the gamification to compete - but really only against myself.