BREAKING NEWS Limestone County sheriff: Woman visits boyfriend in jail, gets arrested Full Story

Fitness app that revealed military bases highlights bigger privacy issues

Fitness tracking app Strava wanted to show how people use its app all over the world.In November, it created a...

Posted: Jan 30, 2018 8:54 AM
Updated: Jan 30, 2018 8:54 AM

Fitness tracking app Strava wanted to show how people use its app all over the world.

In November, it created an interactive heat map that displayed one billion activity data points -- like running and cycling -- made public by users.

But over the weekend, observers noticed that Strava's map may have inadvertently revealed sensitive U.S. military locations and personnel at bases in countries around the world.

The controversy around Strava demonstrates a common issue with the relationship between tech companies and their users: People casually using an app often don't understand what companies do with their data or how to properly protect it.

"Before people can even have a basic level of protection of some kinds of data, they have to wade through these lengthy privacy policies, or find the setting, or even have some awareness that potentially sensitive information is going to get out there," said Michelle De Mooy, director of the Privacy & Data project at the Center for Democracy and Technology.

Strava has three levels of privacy in its app: Users can treat it like Twitter and publicly share their activity data for anyone to see; they can choose to let only certain people see their activity; or they can make their activity completely private. The default option is to share personal activity data publicly.

In a November blog post announcing the heat map, Strava data engineer Drew Robb said the company respected privacy rules when it created the map and only published public data. Strava did not respond to specific questions about user data, but told CNN in a statement earlier Monday it is "committed to helping people better understand our settings to give them control over what they share."

Tech firms revealing user data without anticipating the consequences is not uncommon. Companies assume it may be interesting to reveal user statistics, but receive backlash when people feel uncomfortable with the information exposed.

"What they fail to understand is that data represents people and people's preferences," De Mooy said. "Every tech platform is dealing with this unintended consequences problem, and it's partly because of the misalignment between expectation and intention, and what they're doing."

Related: US military reviewing security practices after fitness app reveals sensitive info

In December, Netflix tweeted a joke about 53 people who watched its holiday film "A Christmas Prince" once a day for 18 days. Some people criticized the tweet as inconsiderate. The tweet also reminded users that the video streaming company has massive amounts of data on people it could access at any time for any reason -- including poking fun at them.

In 2014, Jawbone -- a now-defunct fitness tracker -- published users' sleep data following an earthquake in Northern California. People saw their anonymized personal information become a data point in a major public event, and some felt uncomfortable when data collected in their bedrooms became part of a study looking at sleep data during the natural disaster.

In 2011, Fitbit exposed the self-reported sexual activity data of some users through profiles that were public by default. Fitbit changed its sharing options after the incident to make a private profile the default.

Many apps also sell personal data to third-party companies. This practice is common, though the general public is often unaware of their app's policies regarding data brokering. These types of sales are legal if disclosed, but users might not see the disclosures in lengthy privacy statements.

The U.S. Central Command told CNN on Monday it is looking into refining its smartphone and wearable device policies following the Strava revelations.

White House cybersecurity coordinator Rob Joyce tweeted on Monday that the Strava heat map highlights the risks of big data analytics.

"It goes well beyond fitness trackers. Security and OPSEC need to be considered in our new reality," he said in a tweet. "While policy evolution is needed, it is important to make good security policy balanced by not over reacting too."

People who are concerned about privacy should read apps' privacy policies and check the types of information that apps ask to collect, including permissions regarding a phone or tablet's camera, calendar and contact list. Social apps are often public by default, De Mooy said, and people must manually change their settings to be private.

"If you are a person with sensitive information -- whether that is your immigration status, gender, politics, or sexual orientation -- you may want to consider that once you're using a bunch of different apps, that information is probably getting compiled about you," De Mooy said.

Huntsville
Few Clouds
60° wxIcon
Hi: 69° Lo: 47°
Feels Like: 60°
Florence
Clear
62° wxIcon
Hi: 68° Lo: 51°
Feels Like: 62°
Fayetteville
Clear
60° wxIcon
Hi: 67° Lo: 45°
Feels Like: 60°
Decatur
Clear
60° wxIcon
Hi: 70° Lo: 47°
Feels Like: 60°
Scottsboro
Broken Clouds
61° wxIcon
Hi: 66° Lo: 49°
Feels Like: 61°
WAAY Radar
WAAY WAAY-TV Cam
WAAY Temperatures

Alabama Coronavirus Cases

Confirmed Cases: 136549

Reported Deaths: 2378
CountyConfirmedDeaths
Jefferson19833350
Mobile13471292
Montgomery8865184
Tuscaloosa8744118
Madison797878
Shelby604349
Lee594560
Baldwin558850
Marshall396743
Calhoun354844
Etowah354045
Morgan332728
Houston293521
Elmore269148
DeKalb243521
St. Clair234036
Walker233084
Talladega217729
Limestone213520
Cullman191120
Dallas179326
Franklin179029
Autauga178525
Russell17653
Lauderdale174033
Colbert167526
Blount161815
Escambia161424
Chilton159330
Jackson158911
Covington140327
Dale139944
Coffee13656
Pike120510
Chambers117242
Tallapoosa116685
Clarke110416
Marion97129
Butler91439
Barbour8867
Winston74512
Marengo72620
Pickens66814
Randolph66013
Bibb65710
Lowndes65727
Hale64928
Geneva6384
Lawrence62823
Cherokee61413
Bullock60714
Clay5928
Monroe5908
Washington56113
Crenshaw54232
Perry5426
Conecuh53711
Wilcox53211
Henry5085
Macon48318
Fayette4678
Sumter43819
Cleburne3895
Lamar3772
Choctaw35112
Greene30315
Coosa1723
Out of AL00
Unassigned00

Tennessee Coronavirus Cases

Confirmed Cases: 193732

Reported Deaths: 2389
CountyConfirmedDeaths
Shelby31034460
Davidson26685307
Hamilton956495
Knox955080
Rutherford940890
Williamson534136
Sumner488398
Wilson353845
Putnam335541
Montgomery312344
Unassigned30476
Out of TN299727
Bradley296717
Madison294364
Sevier264715
Blount254824
Maury242024
Washington233736
Robertson223135
Sullivan222033
Hamblen194326
Tipton183619
Gibson171323
Trousdale16687
Hardeman158326
Wayne15025
Dyer140314
Bedford137017
Dickson127715
Coffee125513
Cumberland121718
Weakley121219
Fayette120619
Anderson120213
Obion120011
Henderson119124
Loudon11906
Carter117928
Greene116644
McMinn115025
Jefferson113414
Warren10787
Lawrence107713
Macon106821
Monroe105818
Hardin105216
Lauderdale99516
Haywood99221
Franklin98910
Lake9252
McNairy91818
Roane9096
Carroll90520
Bledsoe8624
Rhea85013
White8499
Hawkins82318
Cheatham81910
Marshall7805
Overton7666
Cocke75310
Smith73411
Johnson7292
Chester64610
Giles63717
Henry6289
Lincoln6281
Hickman5998
DeKalb57214
Crockett54419
Marion5388
Decatur5317
Fentress5273
Campbell4564
Claiborne4425
Polk40610
Grainger3863
Union3712
Benton3399
Jackson3325
Morgan3213
Grundy3126
Cannon2950
Unicoi2881
Humphreys2633
Sequatchie2421
Clay2345
Houston2283
Meigs2283
Stewart2192
Scott2182
Lewis2071
Moore1801
Van Buren1660
Perry1530
Pickett1232
Hancock1073

Community Events