Opt-Out Fitness Data Sharing Leads to Massive Military Locations Leak

People who exercise with fitness trackers have a digital record of their workouts. They do it for a wide range of reasons, from gathering serious medical data to simply satisfying curiosity. When fitness data includes GPS coordinates, it raises personal privacy concerns. But even with individual data removed, such data was still informative enough to spill the beans on secretive facilities around the world.

Strava is a fitness tracking service that gathers data from several different brands of fitness tracker — think Fitbit. It gives athletes a social media experience built around their fitness data: track progress against personal goals and challenge friends to keep each other fit. As expected of companies with personal data, their privacy policy promised to keep personal data secret. In the same privacy policy, they also reserved the right to use the data shared by users in an “aggregated and de-identified” form, a common practice for social media companies. One such use was to plot the GPS data of all their users in a global heatmap. These visualizations use over 6 trillion data points and can be compiled into a fascinating gallery, but there’s a downside.

This past weekend, [Nathan Ruser] announced on Twitter that Strava’s heatmap also managed to highlight exercise activity by military/intelligence personnel around the world, including some suspected but unannounced facilities. More worryingly, some of the mapped paths imply patrol and supply routes, knowledge security officers would prefer not to be shared with the entire world.

This is an extraordinary blunder which very succinctly illustrates a folly of Internet of Things. Strava’s anonymized data sharing obsfucated individuals, but didn’t manage to do the same for groups of individuals… like the fitness-minded active duty military personnel whose workout habits are clearly defined on these heat maps. The biggest contributor (besides wearing a tracking device in general) to this situation is that the data sharing is enabled by default and must be opted-out:

“You can opt-out of contributing your anonymized public activity data to Strava Metro and the Heatmap by unchecking the box in this section.” —Strava Blog, July 2017

We’ve seen individual fitness trackers hacked and we’ve seen people tracked through controlled domains before, but the global scope of [Nathan]’s discovery puts it in an entirely different class.

[via Washington Post]

Treadmill To Belt Grinder Conversion Worked Out

[Mike] had a bunch of disused fitness machines lying around. Being a skilled welder, he decided to take them apart and put them back together in the shape of a belt grinder.

In particular, [Mike] is reusing the height-adjustment guide rail of an old workout bench to build the adjustable frame that holds the sanding belt. A powerful DC motor including a flywheel was scavenged from one treadmill, the speed controller came from another. [Mike] won’t miss the workout bench: Once you’re welding a piece of steel tube dead-center on a flywheel, as happened for the grinder’s drive wheel, you may call yourself a man (or woman) of steel.

The finished frame received a nice paint job, a little switching cabinet, proper running wheels and, of course, a sanding belt. Despite all recycling efforts, about 80 bucks went into the project, which is still a good deal for a rock-solid, variable-speed belt grinder.

Apparently, disused fitness devices make an ideal framework to build your own tools: Strong metal frames, plentiful adjustment guides, and strong treadmill motors. Let us know how you put old steel to good use in the comments and enjoy [Mike’s] build documentation video below!

Continue reading “Treadmill To Belt Grinder Conversion Worked Out”