Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re How the Spies Learned to Stop Worrying and Love Fitbit

From: "Dave Farber" <dave () farber net>
Date: Fri, 02 Feb 2018 23:48:15 +0000
---------- Forwarded message ---------
From: Justin Maxwell <soc () code404 com>
Date: Fri, Feb 2, 2018 at 5:37 PM
Subject: Re: [IP] How the Spies Learned to Stop Worrying and Love Fitbit
To: dave () farber net <dave () farber net>
CC: ip <ip () listbox com>


Hi Dave,

Thanks for inviting this discussion on IP. I'm an avid Strava user and
almost went to work there in the early days because I love their product.

that FP article is fantastic, I had no idea this had such a legacy. But I
want to address one thing since the "careless athlete" angle is getting
sensationalized:

“I am a Strava user with sharing enabled,” one former intelligence official
told FP, who described running around GCHQ, the British signals
intelligence agency.


Sure, this person was careless. But most likely weren't.

There is a key detail that is being left out of the public conversation
mostly due to headline skimming. Strava was opting people in to the global
heatmap data automatically, even if they had made their activities private.
This is where everything went wrong:

   - if a person was using Strava to track their fitness while stationed in
   a sensitive area,
   - and believed they were respecting the rules of their station by
   marking their activity as "private" (which prevents it from showing to
   others or on leaderboards)
   - That user was then unaware Strava had them "Opted-In" automatically to
   publish their activity data on the global heatmap
   - Strava buried that info here:
   https://support.strava.com/hc/en-us/articles/207343930-Privacy-Options-and-Information
   
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/0?redirect=https%3A%2F%2Fsupport.strava.com%2Fhc%2Fen-us%2Farticles%2F207343930-Privacy-Options-and-Information&recipient=ip%40listbox.com>
   - The user had no idea their data was being leaked, as from their
   perspective (the information presented to them in the app's user experience
   & interface messaging), they had followed the rules

So to be clear, it was Strava who opted in their users to leak this
information without considering the impact of it.

On Feb 2 2018, at 11:37 am, Dave Farber <farber () gmail com> wrote:




Begin forwarded message:

*From:* Richard Forno <rforno () infowarrior org
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/1?redirect=mailto%3Arforno%40infowarrior.org&recipient=ip%40listbox.com>



*Date:* February 2, 2018 at 12:28:06 PM EST
*To:* Infowarrior List <infowarrior () attrition org
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/2?redirect=mailto%3Ainfowarrior%40attrition.org&recipient=ip%40listbox.com>



*Cc:* Dave Farber <dave () farber net
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/3?redirect=mailto%3Adave%40farber.net&recipient=ip%40listbox.com>



*Subject:* *How the Spies Learned to Stop Worrying and Love Fitbit*

How the Spies Learned to Stop Worrying and Love Fitbit

The debate over whether fitness trackers should be allowed in sensitive
areas has dragged on for years.

By Jenna McLaughlin
| February 1, 2018, 12:38 PM

When researchers last weekend noticed that a private company had published
a global heat map of people running and walking around, based on data
uploaded from its fitness application, the news sparked renewed debate in
the U.S. national security community about rules governing wearable devices
that transmit data.

What wasn’t disclosed by the intelligence and military officials reacting
to the news is that the debate over whether fitness trackers should be
allowed in sensitive spaces, particularly in intelligence outposts, has
raged on for years. And many employees did in fact gain the right to wear
certain types of trackers, even in the most sensitive locations.

However, that decision has consistently led to internal disagreement. In
some cases, military and  intelligence officials have wide discretion over
where and when their employees can use those devices.

“We are aware of the potential impacts of devices that collect and report
personal and locational data, such as information contained in the Strava
‘heat map’ recently reported in the press,” a current U.S. intelligence
official wrote in an email to Foreign Policy. “The use of personal fitness
and similar devices by individuals engaged in U.S. Government support is
determined and directed by each agency and department.”

< - >

https://foreignpolicy.com/2018/02/01/how-the-spies-learned-to-stop-worrying-and-love-fitbit/
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/4?redirect=https%3A%2F%2Fforeignpolicy.com%2F2018%2F02%2F01%2Fhow-the-spies-learned-to-stop-worrying-and-love-fitbit%2F&recipient=ip%40listbox.com>

Archives
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/5?redirect=https%3A%2F%2Fwww.listbox.com%2Fmember%2Farchive%2F247%2F%3Dnow&recipient=ip%40listbox.com>
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/6?redirect=https%3A%2F%2Fwww.listbox.com%2Fmember%2Farchive%2Frss%2F247%2F18845712-12e0664b&recipient=ip%40listbox.com>
| Modify
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/7?redirect=https%3A%2F%2Fwww.listbox.com%2Fmember%2F%3Fmember_id%3D18845712%26id_secret%3D18845712-0470693e&recipient=ip%40listbox.com>
Your Subscription | Unsubscribe Now
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/8?redirect=https%3A%2F%2Fwww.listbox.com%2Funsubscribe%2F%3Fmember_id%3D18845712%26id_secret%3D18845712-41b8348e%26post_id%3D20180202143746%3A896E6E98-0850-11E8-8E1B-FFA2DA9C92A7&recipient=ip%40listbox.com>
<https://link.getmailspring.com/link/local-9fbb732b-8929@jkm-mbp/9?redirect=http%3A%2F%2Fwww.listbox.com&recipient=ip%40listbox.com>

This message was sent to the list address and trashed, but can be found
online.
<https://www.listbox.com/login/messages/view/20180202173729:A45350AC-0869-11E8-AE2D-B1D5F61207B7/>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180202184833:9206F368-0873-11E8-8527-C436A64FB4BA
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: