New strife for Strava: Location privacy feature can be made transparent

Circles within circles make it easy to find the midpoint


Analysis by mobile device management outfit Wandera has suggested that newly notorious exercise-tracking app Strava's “location privacy” feature isn't very good at hiding users' homes.

Wandera's analysis comes after Strava released a "heat map" that was found to offer clues to the location of military bases. Such data was only captured because Strava's privacy feature is off by default. When it's on, the feature creates a virtual bubble in which users' activities aren't tracked.

But as Wandera's Liarna La Porta wrote, the privacy zone might not be enough: “If an activity on Strava is circular in nature and the return route is from the opposite direction, it is relatively easy to deduce the mid-point and where the privacy zone is centred on. If there are not two exact opposite points, it’s possible to use a third point from a different activity and solve the equation of a circle passing through 3 points.”

Thar she blows: Strava heat map shows folk on shipwreck packed with 1,500 tonnes of bombs

READ MORE

As the company's Dan Cuddeford added: “Assuming Strava’s user base is made up of serious cyclists who invest heavily in the best equipment, the app can be used by criminals as an accurate map of where to find expensive bikes they might want to steal.”

Wandera said it notified Strava about the issue. Strava reportedly responded by saying the feature is working as intended. However, La Porta added, it would probably be better if the Privacy Zone was randomised rather than set to a specific radius.

Another simple fix is to centre Strava's privacy zone on something other than your home, office or wherever you start to run or ride. By placing it a couple of hundred meters away, you'll make home-hacking harder. (One Reg operative hit on this idea a while ago, not to preserve privacy but to make sure his efforts on a tasty hill were included in Strava's records.)

This kind of mis-direction probably won't help military bases, which have large populations of people. But it's got to be better than the Pentagon's rushed and embarrassed response to the heat map fiasco. ®

Similar topics


Other stories you might like

  • We can unify HPC and AI software environments, just not at the source code level

    Compute graphs are the way forward

    Register Debate Welcome to the latest Register Debate in which writers discuss technology topics, and you the reader choose the winning argument. The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday. During the week you can cast your vote on which side you support using the poll embedded below, choosing whether you're in favour or against the motion. The final score will be announced on Friday, revealing whether the for or against argument was most popular.

    This week's motion is: A unified, agnostic software environment can be achieved. We debate the question: can the industry ever have a truly open, unified, agnostic software environment in HPC and AI that can span multiple kinds of compute engines?

    Arguing today FOR the motion is Rob Farber, a global technology consultant and author with an extensive background in HPC and in developing machine-learning technology that he applies at national laboratories and commercial organizations. Rob can be reached at info@techenablement.com.

    Continue reading
  • But why that VPN? How WireGuard made it into Linux

    Even the best of ideas can take their own sweet time making it into the kernel

    Maybe someday – maybe – Zero Trust will solve many of our network security problems. But for now, if you want to make sure you don't have an eavesdropper on your network, you need a Virtual Private Network (VPN).

    There's only one little problem with commercial VPNs: many of them are untrustworthy. So, what can you do? Well, run your own of course is the open-source answer. And, today, your VPN of choice is Linux's built-in VPN: WireGuard.

    Why WireGuard rather than OpenVPN or IKEv2? Because it's simpler to implement while maintaining security and delivering faster speeds. And, when it comes to VPNs, it's all about balancing speed and security.

    Continue reading
  • Boffins demonstrate a different kind of floppy disk: A legless robot that hops along a surface

    This is fine

    Those us who fear future enslavement by robot overlords may have one more reason not to sleep at night: engineers have demonstrated a few of the legless, floppy variety making some serious leaps.

    Animated pancake-like droids have demonstrated their ability to execute a series of flops in a fashion their creators – soft robotics engineers based in China – describe as "rapid, continuous, and steered jumping."

    "Jumping is an important locomotion function to extend navigation range, overcome obstacles, and adapt to unstructured environments," Rui Chen of Chongqing University and Huayan Pu of Shanghai University said.

    Continue reading

Biting the hand that feeds IT © 1998–2021