SoylentNews is people
SoylentNews
Strava, a smartphone app that tracks "athletic activity" using GPS, published an interactive heatmap of user activity around the world. That heatmap included some U.S. military bases:
Military personnel around the world have been publicly sharing their exercise routes online - including those inside or near military bases.
Online fitness tracker Strava has published a "heatmap" showing the paths its users log as they run or cycle. It appears to show the structure of foreign military bases in countries like Syria and Afghanistan, as soldiers move around inside.
The US military is examining the heatmap, a spokesman said. Air Force Colonel John Thomas, a spokesman for US Central Command, told the Washington Post that the US military was reviewing the implications.
Strava said it had excluded activities marked as private from the map. Users who record their exercise data on Strava have the option of making their movements public or private. Private data, the company said, has never been included.
The "private" option is for people who like to track their step count during sexual activity, not protecting the operational security of the military base you're stationed at.
Also at The Guardian, which contains more examples than the BBC for those who don't want to enable JavaScript to view the interactive one linked to above.
(Score: 0) by Anonymous Coward on Monday January 29 2018, @05:39PM (7 children)
One major data point for IDing you is MAC addresses. Spoof them, browser imprint info, etc., and you'll fuzz up the databases.
(Score: 2) by DannyB on Monday January 29 2018, @06:13PM (6 children)
Unless there is some monkey business I am not aware of, the MAC address shouldn't leave the local network you are on. It is lost at the first router.
There are way better things to I-Ding you such as browser cookies, and various forms of stealth cookies. Even combinations of "harmless" info such as your exact user agent string, OS, type of processor, screen resolution, time zone. If JavaScript is enabled, then it is probably possible to identify which JS engine is in use. If JS engine conflicts with your user agent string, this provides a significantly more unique part of the overall identifier of who you are.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by VLM on Monday January 29 2018, @06:46PM (1 child)
Feature not a bug.
Its a remake of the old Hollywood movie plot about RF-ID passports where all you need is a sniffer to smell if someone's worth kidnapping, don't even need a decode/decrypt.
The modern hyper over complicated solution is you get a wifi or bluetooth sniffer on base or coffee house or whatever and sniff up a long list of american soldier's addresses, then the IED triggers when a known american soldier address walks within five feet. As with most hyper over complicated Hollywood movie plots its a hell of a lot simpler and faster to have a lookout attach a wire to a battery or at most do some foolishness with a modified RC car toy.
In Hollywood they'd IED blow them up, but in the real world its probably more logistically useful to have a live real time map of where "they" are vs where your caches of stuff and VIPs are located, and then use the live map data to keep your good stuff away from "them". Might not be able to fly a paper airplane without ADA radar detecting (and launching?) on it, but it would be pretty easy to sniff the hell out of soldiers phones or other electronics. US owns the air technical monitoring, opfor owns the ground technical monitoring.
(Score: 3, Interesting) by DannyB on Monday January 29 2018, @07:00PM
You seem to assume an enemy who already knows where the base is. Where it's coffee house is. Etc.
The point of TFA was that a secret, formerly unknown base, becomes discovered because of clusters of fitness tracking devices with unusually good scores.
I was speculating about other ways to discover such bases. Such as a number of known IDs that seem to move from the vicinity of military bases (known locations) to foreign locations in tight clusters in unknown, unpublished, and possibly behind enemy lines locations.
I was also speculating about possible measures to prevent discovery of secret unknown bases. If the enemy doesn't know where the base is, they can't plant an IED. If the base is a small secret base, its security might be largely based on its secrecy. It may not be heavily defended. Once the enemy discovers the location of a secret rebel base from fitness trackers, the imperial stormtroopers can storm right in.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Monday January 29 2018, @06:49PM (3 children)
On first guess, is there's a DOM call in the browser to exfiltrate your MAC addresses?
(Score: 2) by DannyB on Monday January 29 2018, @07:05PM (2 children)
Why would a browser offer the MAC address to JavaScript? I can't think of any good reason. The MAC is only useful for the first network hop to your local router. After that, it's gone.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Monday January 29 2018, @08:22PM (1 child)
It is useful as an identifier.
(Score: 2) by DannyB on Tuesday January 30 2018, @03:31PM
It's not useful to ME, the browser owner. The browser is supposed to be the User Agent. I already know my MAC address. Or can determine all of my MAC addresses (from all of my multiple net interface cards, transceivers and usb dongles) by other means than the web browser.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.