[maxerickson]

So what other internet services have deployed soldiers sent sensitive location data to?

Does each internet service need to proactively hire someone with clearance and coordinate hiding of sensitive information with the US military?

[iser]

We were on a separate network from the secured military network, but we had complete and free access to the internet when I was there 6 years ago. Even in the most remote combat operating posts, we had access to wifi.

Not sure if this can be solved from the civilian side. There is just too much information being transmitted out of a combat zone, and I think it has to be controlled from the source. Certain sites need to be just blocked in combat zones. Rather, we need to only have a list of allowed sites.

I know how much it sucks in a combat zone, and I know how much that internet connection makes someone feel like they are still part of the civilization. However, some data just should not be transmitted out of it, and it needs to be heavily controlled.

[znfi]

In this particular case I'm not sure that blocking internet access at the base will solve much since the data is stored on the device, and it's enough to bring the device to a location with internet access?

Basically people go home or whatever and plug in their Garmin and then it'll just upload the last 6 months of data, and there is the same issue.

[pbhjpbhj]

Why do deployed soldiers need personal fitness trackers (or what did you mean by a Garmin). Surely anything with a GPS or other wireless network abilities is an affront to opsec I'd imagine?

[Johnny555]

"need" or "want"? I'm sure they don't "need" them any more than anyone else, but I'm also sure they "want" them for the same reason as everyone else that wants them -- for fitness tracking.

[chrisseaton]

> Why do deployed soldiers need personal fitness trackers

To track their personal fitness while deployed?

[pbhjpbhj]

I was hoping for something a little more inciteful ;o)

My imagination of how an army is run requires careful maintenance of fitness of soldiers, so use of PT instructors, regular monitoring of fitness metrics. It also has dieticians to monitor food production/intake. Opsec would probably deny any personal electronic devices.

If a deployed soldier needs to track their personal fitness then that suggests a deficiency - fitness of sisters must be of prime importance during deployment? There seems no reason that soldiers wouldn't have a fitness record they could access that included all food intake, mandated exercise, regular weight monitoring, blood pressure, and whatever.

Of course, the use of personal fitness devices suggests my conception is wildly off how a deployed corpus of soldiers is actually run.

[chrisseaton]

> My imagination of how an army is run requires careful maintenance of fitness of soldiers, so use of PT instructors, regular monitoring of fitness metrics

When deployed operationally fitness is usually your own business. PTIs often have a different job operationally (something like close protection of the commanding officer), although they may provide some mentorship and help improvise fitness equipment.

Generally soldiers are treated like professionals and left to manage their own fitness when deployed, using the skills and self discipline they've been taught. A fitness monitor is a good way to do that.

> Opsec would probably deny any personal electronic devices.

It doesn't. I've been told to not connect to Afghan mobile networks, and obviously not to talk about what you are doing, but apart from that you can just use your common sense.

> Of course, the use of personal fitness devices suggests my conception is wildly off how a deployed corpus of soldiers is actually run.

It's probably far more chilled out than you imagine. In my experience tech people think the Army is all 'sir-yes-sir'. I've literally never said that in my entire life in the military.

[gaius]

use of PT instructors, regular monitoring of fitness metrics. It also has dieticians to monitor food production/intake

Check the FB group Fill Your Boots for what Army catering is really like... Nutrition seems to be very, very far down the list of priorities.

Soldiers generally lose a lot of fitness while deployed, manning an observation point or a weapons emplacement just doesn’t involve much movement, only a small minority are out on foot patrolling every day.

[JohnStudio]

They are not robots. Why do they need iPads? Why do they need personal phones? Not being snide, but when on deployment they have a LOT of tech tools, just like any other demographic of folks. It's just a thing ...

[notatoad]

tracking fitness and tracking location aren't the same thing.

[mind_bakery]

True and false. At the moment, they are inexorably linked if tracking how much and how well you move is part of your fitness plan. GPS tends to be part of a common and usually pretty smart way to do that. For people who are deployed, it's important to have metrics of personal performance and keep track of any progress or decline in physical capabilities. Using that data wisely makes them better at whatever they do.

The problem isn't just the soldiers and it's not just Strava, it's the culture around data itself. Tech companies that produce quantified-self devices or services need to realize the ENORMOUS responsibility they're taking on by collecting and using this data. Users need to realize just what it is they are sharing and how their data gets from point A to point D. Burying it in the fine print is not enough. Maybe people should get into the habit of looking at the data profiles each company has on them or at least being aware of the totality of what's collected so they can make better decisions. It is kind of ironic that the point of collecting this data is to help people make better decisions while this particular case is actually a collection of really bad decisions. Fire is both a useful tool and a dangerous chemical reaction, this is no different.

Perhaps there needs to ALWAYS be an option to route the data to a private server of the user's choosing instead. If that were standard practice, it probably could have prevented this problem.

[znfi]

Well, the data does not just appear on strava all by itself. I made an assumption that a non-neglible fraction of the data uploaded was from Garmins/fitness trackers or similar devices (like watch for tracking your running etc).

I guess people could also be using their smartphone app, which I am less familiar with. If I'm misunderstanding what the source of the data is I apologize.

[rhizome]

Doesn't the UCMJ already cover "information being transmitted out of a combat zone?"

[wbl]

I don't think that's the right response, especially not now. Tell soldiers not to bring online fitness trackers, and then punish the ones who forget.

[rhizome]

I'm saying it doesn't really seem to be a Strava problem, and that the problem on the military side likely already has a solution in place.

[JohnStudio]

It's a platform problem. The cross-availability of information on let's say ... Google Android. They can use a microphone, wifi signal analysis, and other techniques that make your GPS coordination data moot. What's getting more complex is the data itself, and how it be sorted and moved around the need for actual location data. That's why I think the "disable GPS / Location" actions in Android (and macOS) needs to be more granular. When we say "don't track me" .. it means ... on everything and protect the information from software in silos. It goes against the grain of security vs. usability .. but its gonna happen by will of the people.

[iser]

I believe it covers sensitive materials only. Soldiers should not be punished through UCMJ for using Strava. That's ridiculous. Strava just should not be accessible within Afghanistan.

[avar]

A country of 30 plus million shouldn't be able to use an app because some soldiers deployed there are bad at opsec?

[iser]

My apologies. I meant just the military members, not the country itself.

[JohnStudio]

So let me ask you .... how do IT folks actually handle this type of situation? The experience required for systems work both in the field and base are both between making soldiers at home, in combat zones, and also keeping them safe. It's something that requires a LOT of experience on new tech to really stop/filter/protect against situations where data is being transferred off base. There is also the STORED perspective. That data may not be transmitted ON base .. it could be transferred over a wifi at something like the "sister's house" or some other place you never expected on an open network for wifi with that device. It's nearly impossible to stop this. It's like White House leaks .. when there is a way to transmit, it will be used.

[tenaciousDaniel]

Exactly. I'm all for constructive criticisms to make technology better, but these services (like Strava) are reaching millions of people. We're only talking about this military base issue because we became aware of it. How many other externalities are waiting out there for us to find? We really can't expect tech companies to proactively account for all of them; that's literally impossible.

In this case, the sensitive data being uploaded is entirely the fault of the user. I'm actually shocked that soldiers would track a run around a military base. It takes about 10 seconds of thought to realize how bad of an idea that is.

[nickvbreda]

100% behind your point. You are so much putting yourself and others in danger with using internet connected devices. Why don't you only use VPN secured services to text. Fitness tracking is like a luxury problem that puts alot of people at risk.