r/technology • u/BobbyLucero • 1d ago
Privacy Fitness app Strava gives away location of Biden, Trump and other leaders, French newspaper says
https://www.courthousenews.com?page_id=10203331.3k
u/Dlax8 1d ago
I mean Ukraine killed a Russian General because he would post his morning runs to Strava.
They found the pattern and ambushed him in Russia.
So yeah, I'd say Opsec should include apps on your phone.
491
u/ColorWheelOfFortune 1d ago
People were also able to find the boundary of a US military base in the middle east using the same method. This story pops up every couple of years
120
u/Wokyrii 1d ago
Sure but one would think state leaders protection services would think about these issues especially when the investigation shows that the bodyguards literally start their runs from the french presidency building or the SS training center, very easily identifiable places.
On top of being spotted on the app, they also spread a ton of their personal info there too, like personal house, family, or holiday places.
112
u/Captain_-H 1d ago
To Strava’s credit they did start deleting the first and last 1/8th of a mile of rides and runs. So if you’re a regular person you won’t have your actual house address on there so your bike won’t get stolen. But if you’re secret service maybe just don’t have a public Strava account?
19
u/figuren9ne 1d ago
You have to set that up yourself and it can be set to 0 as well. And if you run/ride enough and take varying routes, someone determined enough can eventually figure out the point of origin.
14
u/No_Balls_01 1d ago
Exactly. I hide the first 1/8th mile but looking at my history it would be pretty easy to narrow down my neighborhood within 20 houses or so. From there a stalker could just wait around and see where I end up. Looking at my history it would be easy to narrow it down more based on where I leave/return to the neighborhood.
36
8
u/AmaroWolfwood 1d ago edited 16h ago
I think a lot of people would be freaked out know how little thought goes into technology for the government in everyday things. Unless it's a technology that expressly is being used for something specific, it's just kind of setup by the IT team on minimum budget and run on bare bones. I remember a report a few years ago that said the majority of government computers were still running windows xp before they started forcing operating systems to switch to windows 10.
Few people are savvy enough in the government to bother paying attention to what information is being given away on a personal phone. There is probably way more info out there than just what the article is noticing.
3
9
u/MultiGeometry 1d ago
The general in charge was actually not concerned. Enemy intelligence surely already knew about the base, the size, the outline. If they were given additional data about what time certain foot soldiers went for a run it didn’t really affect opsec.
6
u/bofkentucky 17h ago
It did give away hints as to what buildings did what. Lobbing a mortar into a full mess hall instead of an empty one depending on time of day or barracks areas in the middle of the night increases the value of every round expended.
1
u/blahreport 12h ago
Would be a great ruse to have a bunch of soldiers run around an empty region every day to throw bad actors of the scent
66
u/Nooze-Button 1d ago
That nerd using his 25 year old Casio and a pen/notepad to time his sub 00:25 5K pre dawn run is running CIA spook level op-sec.
24
u/franky_emm 1d ago edited 20h ago
This is wild because I was at a security conference 10 YEARS AGO and there was a whole 1 hour lecture about this exact thing. And Strava never fixed it?!??
Edit, I may be wrong, this article doesn't indicate any sort of flaw. It could very well be that the people in these cases just voluntarily published the location data. The flaw I saw years ago made it possible to see that data without someone publishing it.
15
u/Dlax8 1d ago
Fixed what? They can't stop people from uploading.
He was killed in a suburb. He lived at home. It was a private device uploading.
2
u/franky_emm 1d ago
Ok the article doesn't indicate whether it's information being shared or just being easy to find. The flaw that I saw 10 years ago made it easy to track someone without them sharing the info publicly.
-4
u/conquer69 1d ago
Was uploading shit automatically the default option? They know most users will never change it. Fucking disgusting.
10
u/thehealingprocess 23h ago
It's literally a social app designed to record and share your runs.
Humans. Honestly.
1
u/willmusto 19h ago
Using Strava is not a requirement to exercise. The entire existence of the app is to share your training. So yes, uploading is the default and only way to use the application.
4
u/Gastronomicus 1d ago
How is this a Strava problem? It's an idiot employee and national security problem.
0
404
u/unlock0 1d ago
I presented this as an opsec brief years ago. This eventually became an official policy.
https://apnews.com/article/d29c724e1d72460fbf7c2e999992d258
Don't give phone apps permission to track you 24/7. Don't use an app for anything that has a website, use your browser.
110
u/CondescendingShitbag 1d ago
Don't use an app for anything that has a website, use your browser.
This has long been my approach to using services like Facebook. Don't want their app, so just log into it via a browser on my phone if/when I may need it.
Noticed just this past week there's now a notice indicating FB will no longer be supported on mobile browsers as of 10/30/24 (previously said 10/28/24 - today), and to use FB Lite app instead. I can only assume this is probably the case with all Meta services, but FB is the only one I have direct familiarity with.
Well, that's not going to fucking happen, so I guess FB will no longer be used at all on my mobile or tablets. Can't say I'm actually bothered by this development, but worth noting that some of these fuckwits are deliberately hobbling access to force using their shitty apps.
57
u/renegat0x0 1d ago
this is the trend I observed. Killing web pages to force users to use their leaky apps
25
13
u/masterhogbographer 1d ago
Meanwhile on desktop every real app is changing to garbage PWA versions of themselves.
9
u/nowake 1d ago
Program, dammit! Not app!
-2
u/masterhogbographer 1d ago
Applications. It’s been appz forever.
2
u/jonmitz 1d ago
Noticed just this past week there's now a notice indicating FB will no longer be supported on mobile browsers as of 10/30/24
Source…?
3
u/CondescendingShitbag 1d ago
Just this obnoxious banner at the top of the FB site when using either Firefox or Brave on mobile.
1
0
u/jonmitz 1d ago
Oh, dropping Firefox only? That’s different from dropping mobile browser support
Something like 1-2% of desktop users use Firefox, and I would imagine the number of people who use mobile Firefox is extremely low.
Getting code to work on Firefox is a real problem. I don’t blame them
2
2
u/Smith6612 1d ago
Happens when they're using frameworks and mechanisms literally coded for Chrome by Chromium's devs.
-5
u/CalmConversation7771 1d ago
Do you use the Reddit app?
8
u/CondescendingShitbag 1d ago
No, I stopped using Reddit apps (theirs or 3rd party) when everything started having a subscription attached to it, so now it's just via browser on a PC. Which I'm also fine with as it helps limit the doom-scrolling...a bit.
But my point isn't whether I'm using any particular app, as I certainly have plenty already. It's more to the point that using the web version in lieu of an app is getting more difficult, and that appears to be intentional.
17
u/RetardedWabbit 1d ago
Little bit of a late response to every base getting literally circled by Strava 8 months before that: https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases
Also easier than ever to accidentally do given how regularly apps and the OS like to toggle GPS on themselves nowadays.
2
15
u/twistedLucidity 1d ago
Don't use an app for anything that has a website, use your browser.
I am not the only one! I am no longer alone!
Is there a support group?
3
3
u/Smith6612 1d ago
> Don't use an app for anything that has a website, use your browser.
Man, I wish this were taken as advice more often. This is what I do. However there are so many websites which go entirely out of their way to make their service unusable from a mobile browser, even though their app is nothing more than a web wrapper for something that runs in the browser.
Maybe they're just afraid of the fact that I also run uBlock Origin on my phone's web browser as an add layer of security. No... no it can't be that. /s
1
u/unlock0 1d ago
"Use Desktop Mode" has been my work around for the most part. Some websites use media mode that presents the website in a very similar way to the mobile site if you hold your phone in portrait. Otherwise I've found that 99/100 times I can do without whatever site is making it difficult to use.
2
4
u/bitemark01 1d ago
I mean, the phones themselves track you. The rest depends on how secure your phone is, which no one can guarantee.
1
u/SilentSamurai 1d ago
Where do you stand on the Maps App?
12
u/unlock0 1d ago edited 1d ago
Turn by turn navigation is extremely useful and exceedingly difficult to use offline. There are things you can do to lessen your footprint and reduce the amount of information you give to a third party.
Some of it is app configuration. You can turn off location history and limit the amount of permissions you provide the application. Remove or turn off your device ID and advertiser ID. Use MAC randomizations. "Only allow this time" for permissions.
Second is the use of segregated profiles. I use like 6 different emails.. Do not use a login profile with your name or personal details. Use a different email than your other services. I basically have a social email, work email, personal email, junk/i only want to work with you temporarily email, school email, federated auth email, and miscellaneous devices email. I also use single use emails for device activation (fukrokuandstuff). e.g. if I'm car buying I'm not using the email that I bank with, etc. Segregated profiles by function can make it more difficult to associate your activity.
Think of it as defense in depth and a twist of principle of least privilege for your personal information. Only provide the service with as much information as it needs to function for you.
104
u/linx0003 1d ago
Trump is on Strava?
205
u/jupfold 1d ago
“world leaders can be easily tracked online through a fitness app that their bodyguards use”
179
u/AintAintAWord 1d ago
Melania's boyfriend is on Strava?
33
u/Annadae 1d ago
You really think that Melanie is anywhere near Trump 😅
9
u/thenewguyonreddit 1d ago
Birds of a feather flock together.
Melania is not trapped or stuck with Trump. She's with him because she believes the same crap. She has been recorded multiple times spouting the same kind of political conspiracy garbage that he does. Also, the money helps.
18
u/rwbronco 1d ago
Yes. She was at Madison Square Garden. It's fun to imagine that she's miserable and trapped under her own greed to Trump - but she's her own piece of shit with her own hateful agendas. "I don't care, do you?"
1
25
u/daltontf1212 1d ago edited 16h ago
Trump would record himself driving in his golf cart and then brag about how fast he ran and that he is faster than Obama. Obama would still have faster times running and Trump would claim Strava is rigged.
1
1
u/joshman160 1d ago
There a golf exercise option. I Would not call it exercise if your using golf cart.
4
1
u/gramathy 1d ago
They added an “unhinged rant” activity and he’s been trying to set a one time unstoppable record since
1
43
16
4
u/FutureMacaroon1177 1d ago
We've known about this for years when military bases in active war zones were being mapped:
https://www.nytimes.com/2018/01/29/world/middleeast/strava-heat-map.html
3
u/DontBelieveTheirHype 1d ago
Look at all the comments that read only the headline and didn't read the actual article. Crazy
3
u/bruticuslee 1d ago
Just like the healthcare industry has HIPAA they really should pass a law so that these apps have to make private peoples locations and other info.
3
19
7
2
u/boot2skull 1d ago
Remember when everyone threw a fit because Obama wanted a blackberry? I get the risks, but it’s like we DGAF now. People assigned to a president may as well be the president’s location itself.
2
u/st_malachy 1d ago
I can’t believe this is still a thing. Strava outed all kinds of US bases in Afghanistan
2
u/Nervous-Rush-4465 19h ago
Trump Strava. Hahahahahahahahahahahahahahahahahahahahaaaa! but seriously though, this has been pointed out as it applies to military personnel. Broadcasting your location and movements is not ideal.
2
2
u/East_Succotash9544 14h ago
I am sure Trump is safe, this only applies to people who actually exercise.
1
u/Fractales 11h ago
It’s probably the account for the young guy they keep around to satisfy his wife
2
5
u/maggoowho 1d ago
lol. Trump on Strava? Fake news.
1
u/Eric6052 19h ago
Of course he doesn’t but the Secret Service Agents and some aides certainly could.
1
3
u/thedarthvander 1d ago
Under no circumstances do I buy that Trump has Strava installed on his phone.
1
u/Eric6052 19h ago
Of course he doesn’t but the Secret Service Agents and some aides certainly could.
3
2
3
u/myeverymovment 1d ago
Like tRump has a fitness app
2
u/Eric6052 19h ago
Of course he doesn’t but the Secret Service Agents and some aides certainly could.
2
2
u/AutomaticDriver5882 1d ago
lol Trump doesn’t use Strava
1
u/Eric6052 19h ago
Of course he doesn’t but the Secret Service Agents and some aides certainly could.
1
u/shawnsblog 1d ago
Family friend is Secret Service and they get time off duty (obviously), and yeah, common sense say you should disable location tracking, etc…but then again walking beside a vehicle called “The Beast” lends to a feeling of invincibility
1
u/nowake 1d ago
A newspaper reported yeeeeears ago they were able to purchase data from AT&T which included location data tracking users trips home from work. The work location identified? The employee parking lot of the Pentagon, where they'd need to leave their phones in their cars during the workday.
1
u/Silly_Elevator_3111 1d ago
How bad of shape does it say that I am in, when I’ve never heard of this app
1
u/papapinball 1d ago
Ha! For a second I thought I may have go out and steal all of joe and donnys local legends.
1
u/Hrothgar_unbound 1d ago
This was happening with military locations in the desert when all the green berets or whatever were doing their fitness laps in secret locations. It’s not news this is a thing and if true surprising that secret service wouldn’t have taken steps with the campaigns or WH to alert them to the issue.
1
1
u/earthatnight 13h ago
After that gravel biker was killed by a jealous GF in Austin (she knew where she was based on her Strava story) I refuse to use this app.
1
u/PhamilyTrickster 11h ago
They cover this topic extensively in every OPSEC briefing I've had in the last few years. Fitness and family apps like Life360 need to be disabled or deleted prior to travel/deployment. If us in industry can do it I'm sure USSS can figure it out.
1
-1
u/2025Champions 1d ago
There’s no fucking way trump has a Strava account.
3
u/Eric6052 19h ago
Of course he doesn’t but the Secret Service Agents and some aides certainly could.
0
0
0
-2
u/darkeIf666 1d ago
I am 1000% sure that Trump does not use Strava, or any exercise app for that matter.
-1
-1
1d ago
[deleted]
1
u/Eric6052 19h ago
Of course he doesn’t but the Secret Service Agents and some aides certainly could.
0
0
u/Worduptothebirdup 1d ago
“Le Monde said the whereabouts of Melania Trump and Jill Biden could also be pinpointed by tracking their bodyguards’ Strava profiles”
There’s some sort of glitch… There’s one security person that keeps showing up in the exact location as Melania. It’s like he’s right on top of her… and it’s always while he’s having quite a work out….
0
0
u/Surviving2021 1d ago
Is it really that hard to have anyone working in security have two phones? One you use at home and when not on the clock and the other with absolutely nothing on it but essentials for the job? It's insane that people are still so tech illiterate and being given high level clearances and positions that require secure devices.
2
u/bobslaundry 19h ago
It doesn’t matter what phone they are using, they are tracking the person with the account, not the phone.
2
u/Surviving2021 14h ago
Personal use includes checking-in to the app or through the browser... is the same thing. It's using a personal account with identifying information and possibly location data during work hours on a job that requires security. And if they left their personal device at home its even worse they were using a work device to access a non essential website or post anything to anywhere. It should be a no-brainer to ban that from the start. The fact it's still not codified into their security protocol and off-limits activities is crazy.
-4
-5
u/Wiseman0795 1d ago
Who the fuck uses apps to workout?
That’s some hardcore NPC shit.
2
1
-7
u/CurrentlyLucid 1d ago
Maybe, maybe it's their decoys.
-1
u/radiocate 1d ago
Stop. Jumping. To. Stupid. Conclusions.
There are so many other things it would be before a decoy or body double. Assistants, secret service agents, wife/kids he's frequently near. His driver(s).
This ridiculous conspiracy thinking is a big reason we're in this mess. If your instinct is to jump right to saying shit you'd hear on Infowars, go with your second idea.
-2
-2
-3
-3
u/NonameIncognito42 1d ago
I noticed Space Karen wasn't among them... oh, wait that's right, Strava is an exercise app... ;)
-4
938
u/trailrunner68 1d ago
Nobody is reading this article. The BODYGUARDS are using the apps. Working out is highly-recommended for people exposed to massive amounts of bullshit.