Polar Flow User Data Can Be Used to Identify Military and Intelligence Personnel

Remember how in January the mobile fitness app Strava was found to reveal the training routes and user data of military and security personnel? It wasn’t just Strava. A joint investigation by Bellingcat and De Correspondent found that the data for users of the Polar Flow app is even more exposed: even the names and home addresses of military and intelligence personnel working at embassies, bases, intelligence agencies and other sensitive locations could be figured out from the user data. De Correspondent shows how.

Polar, the Finnish company behind the app and service, announced that they were suspending the Explore feature that made the data accessible. They also note, and it’s worth remembering, that Polar data is private by default. If you’re military or intelligence and using a fitness app, what the hell are you doing exposing your location data—especially if you’re in a sensitive location?

The report also contains one hell of a buried lede. They tested other apps, namely Strava, Endomondo and Runkeeper, and, well: “Though it’s harder to identify people and find their home addresses than it is through Polar, we were ultimately able to do so using these apps. In contrast to Polar’s app, there is no indication that people whose profiles are set to private can also be identified in these apps. We informed them of our findings last week.” In other words, this is an industry-wide problem, not just a problem with one or two services. [The Verge]

An Update on Leonia, NJ’s War on Waze

Leonia, New Jersey’s decision to close its residential streets to non-residents (previously)—an attempt to deal with the traffic being routed that way by navigation apps like Waze—has also, like the apps that created the problem in the first place, resulted in some unintended consequences. On, for example, visiting relatives and local businesses.

Previously: New Jersey Borough to Close Streets to Congestion-Rerouted Traffic.

The Ordnance Survey Launches a Line of GPS Devices

Now seems an odd time to be launching a line of standalone, single-purpose GPS devices, but the Ordnance Survey has gone and done so: they’ve announced a total of four devices, ranging in size from the cycling-friendly Velo to the robust Aventura and in price from £370 to £500. The OS has been offering third-party devices from the likes of Garmin and Satmap through its online store; it’ll be interesting to see how people see these as measuring up against those devices—or against an app on the smartphone they may already own. More at Road.cc.

Gladys West, GPS’s Hidden Figure

The Associated Press has a story about Gladys West, now 87, an African-American mathematician who did pivotal early work on the calculations that led to GPS.

She collected information from the orbiting machines, focusing on information that helped to determine their exact location as they transmitted from around the world. Data was entered into large scale “super computers” that filled entire rooms, and she worked on computer software that processed geoid heights, or precise surface elevations.

The process that led to GPS is too scientific for a newspaper story, but Gladys West would say it took a lot of work—equations checked and double-checked, along with lots of data collection and analysis. Although she might not have grasped its future usage, she was pleased by the company she kept.

If that reminds you a bit of Hidden Figures, it’s not just you. And if reading this piece makes you want to read about the process that led to GPS, even if it’s too scientific for a newspaper story, it’s not just you either. [Blavity]

Strava, Responding to Security Concerns, Disables Features

Strava has reportedly disabled certain features in the wake of the privacy and security issues raised last month, with users reporting that they can no longer create workout segments. In a statement given to The Verge, Strava said: “We are reviewing features that were originally designed for athlete motivation and inspiration to ensure they cannot be compromised by people with bad intent.” [Canadian Cycling Magazine]

Previously: Strava Heat Map Reveals Soldiers’ LocationsNon-Anonymized Strava User Data Is Accessible.

Non-Anonymized Strava User Data Is Accessible

More on the privacy issues regarding Strava’s global heat map and its customer data. Now Wired UK is reporting that Strava’s data isn’t anonymous. Because you can compare your results with nearby users, all it takes is a local GPS tracklog—which can be created out of whole cloth, as Steve Loughran’s blog post demonstrates—to see detailed information about users. Wired UK:

By uploading an altered GPS file, it’s possible to de-anonymise the company’s data and show exactly who was exercising inside the walls of some of the world’s most top-secret facilities. Once someone makes a data request for a specific geographic location—a nuclear weapons facility, for example—it’s possible to view the names, running speeds, running routes and heart rates of anyone who shared their fitness data within that area.

The leaderboard for an area, the Guardian reports, can be extremely revealing. “The leaderboard for one 600m stretch outside an airbase in Afghanistan, for instance, reveals the full names of more than 50 service members who were stationed there, and the date they ran that stretch. One of the runners set his personal best on 20 January this year, meaning he is almost certainly still stationed there.”

Which makes the security issue regarding military personnel using fitness trackers even worse than simply the anonymous aggregate of the routes they take. Yes, this is very much an unintended and unforseen consequence of relatively innocuous social sharing bumping up against operational and personal security protocols; and it’s as much on military personnel to, you know, not use GPS-enabled devices that upload your location to a third-party server as it is on companies to have clear and effective privacy controls. This is very much the result of a whole lot of people not thinking things through.

Previously: Strava Heat Map Reveals Soldiers’ Locations.

War Games Disrupting GPS in the Western U.S.

Meanwhile, aerial war games conducted by the USAF over Nevada will disrupt GPS in the western U.S. over the next few weeks. As The Drive reports, “the USAF is going to blackout GPS over the sprawling Nevada Test and Training Range to challenge aircrews and their weaponry under realistic fighting conditions. The tactic will spill over throughout the region, with warnings being posted stating inconsistent GPS service could be experienced by aircrews flying throughout the western United States.” The disruptions will occur through 16 February. [Matt Blaze]

Strava Heat Map Reveals Soldiers’ Locations

Strava is a mobile fitness tracking app that uses GPS data from phones and watches. It has access to a lot of data, and has been using that data to create a global heat map showing the paths taken by its cycling and running customers. The map’s most recent update, last November, aggregates user data through September 2017. But analyst Nathan Ruser noticed a problem: in places where local Strava use is low, the map can reveal the paths of people from wealthy western countries—for example, soldiers at U.S. military bases overseas, whether they’re patrolling or simply exercising. (U.S. troops are encouraged to use fitness trackers.) Which is to say, suddenly Strava is a security problem. Details at BBC News and the Washington Post.

New Jersey Borough to Close Streets to Congestion-Rerouted Traffic

When your navigation app (e.g. Waze) suggests an alternate route to avoid congestion, that has knock-on effects on the communities you’re routed through, particularly when a lot of traffic gets pushed onto quiet residential streets.  That’s the situation in Leonia, New Jersey, the New York Times reports, where later this month the police will be closing some 60 streets to non-local traffic in hopes of routing all that Wazer traffic somewhere else. Some of the somewhere elses aren’t happy with this move, naturally. [Engadget]

NATRF2022 Datum Coming to North America in 2022

Geoff Zeiss posts about the forthcoming NATRF2022 datum, which will replace NAD 83 and NAVD 88 in 2022. It will address the shortcomings of the earlier datums and for the first time provide a common datum for Canada, the U.S. and Mexico. “Practically,” Geoff writes, “this means that elevations may change by up to a meter and horizontal location by up to 1.5 meters. The actual corrections to elevations and horizontal locations will depend on where you are in North America. The greatest changes are in the Pacific Northwest and the least in the southeastern U.S.” [Dave Smith]

William Rankin Profiled

Over at the Toynbee Prize Foundation’s Global History Forum, Timothy Nunan has a long article about Yale history of science professor William Rankin, author of last year’s After the Map: Cartography, Navigation, and the Transformation of Territory in the Twentieth Century (book website, publisher, Amazon, iBooks) and the themes—the shifting relationship between map and territory, for example—addressed by that book. [WMS]

Previously: After the MapWilliam Rankin, Author of ‘After the Map,’ Interviewed.

Satnavs and ‘Switching Off’ the Brain

More on the impact of GPS on our cognitive function. A new study identifies brain activity in the hippocampus and prefrontal lobes while navigating city streets—areas of the brain involving memory, planning and decision-making. There was no additional brain activity from the control group (using satnavs). The University College London news release on the study suggests that using a satnav “switches off” those parts of the brain, but it may be more fair to say that it fails to switch them on.

It’s hardly groundbreaking news to suggest that not having to think about where you’re going results in less activity in the areas of the brain that involve remembering things and deciding what to do next, but experimental research does need to establish such things. [The Truth About Cars]

William Rankin, Author of ‘After the Map,’ Interviewed

after-the-mapYaleNews interviews William Rankin, who’s a history of science professor at Yale, about his book, After the Map: Cartography, Navigation, and the Transformation of Territory in the Twentieth Century (University of Chicago Press, July 2016), which, the article says, “explores, among other topics, the shift in maps from a ‘gods-eye-view’ to the embedded experience of GPS.” A sample:

It would be tempting to say that life is just getting better and better because now we can do all of these amazing things with GPS that we couldn’t do with paper maps. We can find new restaurants anywhere in the world, just by following directions on a screen! But it’s also tempting to say that we’re losing our sense of place, our ability to navigate on our own, or even the joy of getting truly lost. It’s sad to think that our children won’t pore over maps the way we did when we were young.

There’s something to be said for both of these responses, but rather than just choosing between progress and decline I’m more interested in how GPS is changing what’s possible. It’s possible now to connect a series of disconnected points relatively easily. On a personal level, this means being able to travel between A and B without knowing anything in between. You can’t do this with a paper map, since navigating outside the map’s boundaries is quite difficult. But at the same time, we are definitely giving up the kind of in-depth knowledge of a larger neighborhood that we get from traditional maps. So it’s not really about life getting better or worse, but about exchanging an intensive understanding of a particular area with this much more expansive ability to connect a series of points.

The interview also includes a short video (see above). [Tony Campbell]

Previously: After the Map.

Continental Drift, GPS and Europe

In response to the news that Australia has to correct its GPS coordinates to account for continental drift, the Ordnance Survey blog examines whether Great Britain will have to do the same. “The situation for us (and most of Europe) is not so bad. Europe’s GPS compatible datum, ETRS89, is fixed to the European tectonic plate at the time 1 January 1989 and moves by around 2.5 cm each year. In theory, GPS-derived coordinates are now about 70 cm away from where they should be in the ETRS89 system.”