Data From Fitness Tracker Broadcast For All To See

Quite by accident, an Australian student studying international security came across a global heat map posted online by Strava, a San Francisco based company. He recognized that the heat map showed exact locations of military personnel and bases worldwide. He thought, “That can’t be good.”

The heat map lights up with users keeping track of their workouts using smartphones and fitness trackers like Fitbit and Jawbone. Users upload workout data to Strava, creating aerial heat maps based on their activity. Strava’s intent is to provide a type of worldwide social network for athletes, allowing them to compare their workouts with those of others across the globe. It’s what Strava does with the data that’s recently come under fire.

GPS tracking is a huge component of the workout data Strava collects. In November 2017, Strava posted locations of billions of users to create a global heat map. Using the combination of Strava’s heat map alongside Google or Apple Maps, one can spot exactly where exercise activity is taking place. According to the US military, locations of secret bases could be found using the workout activity of military personnel. The exact “when and where” of individual military members using the apps creates a path of potential attack and a huge security threat.

Remember that any data stored about you, be it your job or the route you ran last week, it’s subject to hacking. It’s also subject to sale. In this case, it could be used to market items to you. For example, if you upload that your activity is hiking, you may see ads for hiking-related gear. That may be OK with you. Just know that it can and likely is happening.

Before using any type of tracking device, consider the possibility that what data is collected may someday be accessed by an unauthorized party as well. Do you want strangers to know where you start and stop your running routes? If you have a ride-sharing service pick you up at home often, do you want the driver and/or someone stealing data to know your address? Do you want a hacker to know your movements?

Consider this:

• Start your GPS tracking in a different location each time, just to mix it up.
• Have your ride-share driver pick you up and drop you off in different locations other than always at your home.
• Don’t share your workout data or other data that is tracked using GPS. Do your Facebook friends really need to know your biking route?
• Use fake names in your user profiles so that your activity is not traceable to you.

Remember that the data you share is not just being viewed by your friends and those you choose to share with. Always consider that it’s being stored somewhere and likely being used to generate statistics at a minimum. Don’t give away information you really want to keep private as there is the possibility that wherever it’s stored will be accessed by a hacker at some point, or as we now are well aware, be sold.

Stickley on Security
Published April 19, 2018