Fitness app Polar even better at revealing secrets than Strava

Discussion in 'Off Topic' started by hmscott, Jul 9, 2018.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    5,074
    Messages:
    17,798
    Likes Received:
    21,827
    Trophy Points:
    931
    Fitness app Polar even better at revealing secrets than Strava
    'I spent a year hiding in shrubs, and they just … publish their daily runs'
    By Richard Chirgwin 9 Jul 2018 at 03:03
    https://www.theregister.co.uk/2018/07/09/fitness_app_polar_data_leak/

    "Online investigations outfit Bellingcat has found that fitness tracking kit-maker Polar reveals both the identity and daily activity of its users - including soldiers and spies.

    Many users of Polar's devices and app appear not to have paid attention to their privacy settings, as a result a Bellingcat writer found 6,460 individuals from 69 countries. More than 200 of them left digital breadcrumbs around sensitive locations.

    Bellingcat's report claimed the Polar Flow social-fitness site produces more compromising data than other fitness-trackers than previous leaks: “Compared to the similar services of Garmin and Strava, Polar publicizes more data per user in a more accessible way, with potentially disastrous results.“

    “Tracing all of this information is very simple through the site: find a military base, select an exercise published there to identify the attached profile, and see where else this person has exercised.”

    Bellingcat notes that the big difference between Polar and Strava is that the former offers more comprehensive data, more easily, covering everything a user has uploaded to the platform since 2014.

    The investigation describes all sorts of interesting targets in the data: an officer whose air base hosts nuclear weapons; Western military personnel in Afghanistan; yet another officer whose profile carries his name, and whose location hosts drones. People exercising near their homes, and also near their workplaces – which happen to be intelligence agencies.

    “We were able to scrape Polar’s site (another security flaw) for individuals exercising at 200+ of such sensitive sites, and we gathered a list of nearly 6,500 unique users. Together, these users had made over 650,000 exercises, marking the places they work, live, and go on vacation,” Bellingcat's Foeke Postma wrote.

    Polar told the publication it had updated its policy in August 2017 so accounts have more secure default settings, and the platform has blocked users from exploring its data while it investigates fixes.

    Over the weekend, in response to the revelations, the Dutch Minister of Defence issued an edict that military personnel should remote fitness apps from their smartphones.

    Running in circles
    The Dutch response may well feel familiar because Shortly after Nathan Ruser of the Australian National University revealed the extent of the Strava leak in January this year, the Pentagon warned personnel to lock down their privacy settings.

    The official response included an investigation in the US military, but such things proceed relatively slowly. Army Colonel Robert Manning III said at the time: “DoD personnel are advised to place strict privacy settings on wireless technologies and applications”

    However, even if military and intelligence users had locked down their defaults after that warning, Bellingcat's Postma wrote that the platform still kept old data public until it stopped Internet passers-by browsing peoples' records.

    Yes, people with sensitive jobs need to be careful with social technologies, but it seems to be an open question just how well people in general understand how much data leaks when they sign up for online services.

    The US military is, after all, easily large enough to act as a proxy for the whole population, and people at scale aren't paying close attention to how their data leaks, until it stings them."
    Comments
     
  2. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    5,074
    Messages:
    17,798
    Likes Received:
    21,827
    Trophy Points:
    931
    Previous Strava posts:
     
  3. Papusan

    Papusan JOKEBOOKS = That sucks! Dont wast your $ on FILTHY

    Reputations:
    16,428
    Messages:
    20,187
    Likes Received:
    31,872
    Trophy Points:
    931
    I fixed this :) The sad is they don’t care.
     
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    5,074
    Messages:
    17,798
    Likes Received:
    21,827
    Trophy Points:
    931
    Another fitness app reveals data that can be used to identify soldiers and spies
    https://www.technologyreview.com/th...t-can-be-used-to-identify-soldiers-and-spies/
    [​IMG]
    "Polar’s Flow app exposes sensitive information that can be used to work out where people live and work.

    The news: A report from De Correspondent and Bellingcat, which conducts online investigations, has shown how data from Polar’s app can be used to reveal the identity of military and security personnel, and also their home or workplace addresses.

    Track changes: By looking at exercise routes shared by Polar users and combining these with data from online searches, investigators identified the names and home addresses of some people working for intelligence agencies in the Netherlands, the US, and other countries, as well as the names and whereabouts of military personnel at bases in regions like the Middle East and Africa. They also managed to identify people who worked at nuclear facilities, maximum-security prisons, and other locations.

    Untrack changes: Polar has taken its activity-tracking map offline and has published a statement stressing that the default setting on tracking in its app is private, and that people chose to share their exercise routes publicly.

    Why this matters: Terrorists and other bad guys could use data from fitness apps to target individuals and spot secret facilities. That risk was highlighted earlier this year by researchers using public mapping data from Strava, another social fitness app.

    The Polar case shows it’s still not being taken seriously enough.

    IMAGE CREDIT: POLAR"

    Fitness App Reveals Top Secret Military Movements
    First was Strava, now Polar.
    By David Grossman, Jul 9, 2018
    https://www.popularmechanics.com/te...ss-app-reveals-top-secret-military-movements/
     
  5. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    5,074
    Messages:
    17,798
    Likes Received:
    21,827
    Trophy Points:
    931
    Surge in wearable health tech prompts privacy concerns
    CBS This Morning
    Published on Jul 12, 2018
    More than 50 percent of adult Americans have at least one chronic health condition. Tech companies are now introducing products that promise to help users keep a constant eye on their health including blood pressure, glucose levels and heart problems. The so-called "wearable hospital" is a more than $6 billion industry and it's growing. While the products offer hope, many people have security and privacy concerns. Brian Cooley, editor-at-large at CNET, joins “CBS This Morning” to discuss how users’ private information could be at risk.


    The dark side of wearables: How they're secretly jeopardizing your security and privacy
    The seductive lure of activity and health wearables make it easy to forget, or ignore, the inherent security and privacy risks involved.
    By Teena Maddox
    https://www.techrepublic.com/articl...retly-jeopardizing-your-security-and-privacy/
     
    Last edited: Jul 12, 2018
Loading...
Similar Threads - Fitness Polar better
  1. SMGJohn
    Replies:
    1
    Views:
    585

Share This Page