Is this really a privacy thing? This is behavior explicitly advertised by the product.
I’m not sure that getting a lot of “look at this totally expected behavior of modsern products” posts here is good. Tends to lead to clickbaity stuff.
I think really this isn’t the advertised behavior. While Strava does advertise activity tracking, it’s not until you mix in the occupation related PT required in the military that this emergent behavior appears where you can see very regimented fitness activity often in areas that otherwise wouldn’t have it. Together, you see the initially surprising - but entirely reasonable in hindsight - ability to locate bases. It’s something that makes you go “huh!”.
Strava advertises fitness activity tracking.
The military takes fitness seriously.
Combined, Stava can be used to identify the location of abnormal areas of activity, ie, military bases.
This is the tweet that really sums it up: https://twitter.com/gavinsblog/status/957786002751332354
The users of these devices had an expectation of privacy which has been violated.
I doubt they believed their use of a fitness device could reveal their position to the enemy.
I think it’s decent news and worthy of attention/discussion.
Have you used Strava? I have, and it is very clear when you are posting an activity publicly. (My understanding based on discussion elsewhere is that private activities are not included in the heat map. Strava also provides a feature whereby you can post an activity publicly but hide the start/end points so that your home address isn’t apparent; my understanding is that these hidden sections of public activities are also omitted from the heat map.)
I have no more expectation of privacy when I post a public activity to Strava than when I post a public photo to Instagram, or a comment to Lobste.rs.
There’s an option in Strava to exclude your data from the heatmaps. Someone should inform the military
The Strava heatmap OPSEC failure gave me an idea. Is anyone maintaining an aggregated list of OPSEC failures and successes? I’d be interested in publishing/maintaining such a list if one doesn’t already exist.