[notatoad]

>Strava just released it.

Strava didn't release it. It's not strava's job to stop you from uploading sensitive information. Strava does not have a security clearance. Military personell released it to strava. Surely the military already has rules about not uploading GPS tracks of their bases to random websites?

[smallnamespace]

Surely the issue is not that Strava decided to release sensitive information, or the military decided to release sensitive information, but that neither actor realized that they were in aggregate revealing sensitive information ahead of time.

If one guy runs around a base using Strava, that's not an issue. If a few hundred do, then it lights up on the map. But realizing that is a potential issue ahead of time and then proactively addressing it is the challenge.

[notatoad]

>neither actor realized that they were in aggregate revealing sensitive information ahead of time.

right, but what i'm saying is that i don't believe this. I'm sure every military has rules about uploading GPS tracking of soldier's movements to civilian websites, and those rules are being disobeyed or not being enforced.

and if the military doesn't care, i'm not sure why strava (or HN) should.

[carbocation]

I'm surprised that using a GPS tracking tool is permitted in forward operating bases. I guess I would think that if one guy runs around the base with Strava, it actually is an issue.

[Humdeee]

I imagine many of these soldier's higher ups are unaware that such networked 'workout by GPS' services exist to provide insight beyond a personal means. If so, I wonder why soldiers were permitted to run with GPS watches or phones.

Many professional endurance based athletes also do not track using GPS for similar reasons. Openly sharing training programs is an advantage to opposition and their coaches. Especially with Strava, where people are searchable by name like facebook.

[zimpenfish]

> Many professional endurance based athletes also do not track using GPS for similar reasons.

That might need a citation. They might not be using Strava and posting them publically (although a lot of pro cyclists do) but instead use something like Training Peaks for communication with coaches etc.

[Humdeee]

I would wager that many, many more professional athletes and teams all over the world do not use GPS over those that do. Do you really see the thousands of coaches all over the world backing up their athletes data to the cloud or using some company platform and making sure every workout is on private mode? Or do you see pen and notebook, excel docs, and local hard drive folders full of manually written logs? The world extends far beyond the borders of 'mericuh.

[mxfh]

What would be the bigger security risk? Uploads of ambivalent track data or the existence of a dataset of geofenced high importance areas shared with private companies?

[JohnStudio]

It's sort of in that realm of de-identified personal data. I think that location data is right up there with physical address. It's because one doesn't have to take a very large stretch to identify your house ... from cross-identified information publically on the WWW and use it maliciously with this. with basic code skills. (I just did)

[gaius]

Strava has a “privacy zone” but you have to update the centre of the zone yourself.

[Humdeee]

It also has a setting for private and public workouts that can be set as default. Whether or not a private workout adds to global heatmap data, I am unsure...

[gaius]

It does not, nor will it count towards challenges, so if you’re into that (which I am so I can’t really fault anyone else) you are incentivised to be public

[JohnStudio]

I call this data scrapping .. two sets of data, and making correlations is my primary job function. I can't tell you how easy it is to take static data and make it dynamic with a series of algorithms that are well thought out, for correlation longitudinal goals.