Pentagon Restricts Use of Location-Logging Fitness Trackers

In the beginning of the year, Strava released a data visualization map that showed all the activity tracked by users of its app. The map was detailed enough to potentially give away extremely sensitive information about military personnel on active service in locations across the world. After reviewing their GPS policies, the Pentagon is banning soldiers and other personnel at sensitive bases and warzone areas from using location features on fitness trackers and other devices. Engadget reports: The Department of Defense is not issuing an outright ban on GPS devices and apps, but declared that the location features must be turned off in certain areas. "These geolocation capabilities can expose personal information, locations, routines, and numbers of DOD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission," a memo obtained by the Associated Press said. It's up to ranking officers in less-sensitive areas to decide whether their charges can use GPS functions, based on the threat level in that location. The Defense Department will also provide training on the risks that fitness trackers bring.

Slashdot does not restrict use of dupes

dupe alert

dupe alert

Re: Slashdot does not restrict use of dupes

Why mod this down?

https://m.slashdot.org/story/344292

FAKE NEWS

Re:Slashdot does not restrict use of dupes

[JackieBrown]

https://yro.slashdot.org/story...

Re: Slashdot does not restrict use of dupes

Yeah, between msmash repost nirvana and BeauHD ignoring all the sumbitted stories, you are on to something. Notice how many AJ censorship stories were posted yesterday and were ignored by the fake news editors who refuse to post real news.

North Korean wellness outreach program

[olsmeister]

As a gesture of goodwill, the Trump administration is sending 40,000,000 wearable fitness trackers to North Korea to help improve the health of their civilian and military population.

Re:North Korean wellness outreach program

[bobbied]

As a gesture of goodwill, the Trump administration is sending 40,000,000 wearable fitness trackers to North Korea to help improve the health of their civilian and military population.

With a *really* nice one for Kim... Gold plated, comfort band and a calorie counter that halves the input and doubles the expended numbers.

Re:LOL

[Narcocide]

I really find that upsetting they didn't foresee this would be a problem, too. What's next, the shocking revelation that cellphone apps may reveal their location, too?

Deja vu

[EvilSS]

It almost feels like we've been here before....https://yro.slashdot.org/story/18/08/06/1623218/pentagon-restricts-use-of-fitness-trackers-other-devices

Re:Deja vu

[Alypius]

Yeah, it's been known for a while but didn't get a lot of attention until Strava realized that idiots were sharing their workouts publicly. There was talk and action then; I teach the new kids how to develop their personal sense of paranoia along with other opsec topics. This doesn't really do anything other than provide a bullet for some O-6 trying to make flag.

Re:Deja vu

[EvilSS]

wooosh!

GPS is read-only ; Cloud is not

[DrYak]

The GPS network is one-way only. You can get your position, but it's difficult to guess your position for somebody else.
There used to be a lot of out-door GPS tracker that only saved the trail locally (e.g.: on a SD Card).

The problem is that most modern sport trackers (even the offline ones) come with - e.g. - an app on the smartphone that links to the tracker (e.g.: over BLE) and that app will automatically slurp everything onto the cloud, unless you're very careful, pay attention to all the small print, and take some time to configure everything.

I think the hierarchy either underestimated the problem of those apps, or though that the people will pay attention and only use in-device tracking and disable any upload.

And now comes the Big Surpsie!!~~~ :
Most peoples are clueless and don't pay attention on the small details, even those doing their jogging or daily-step-counting on restricted/secret grounds (did they get no training about security ?!?), and they'll pay no attention to the built-in "always on by default" cloud features of their gizmo.

Re:GPS is read-only ; Cloud is not

[JackieBrown]

But wouldn't the phone itself give away the same information

in the army the DI has to remind you 5 times a day

[Joe_Dragon]

in the army the DI has to remind you 5 times a day to do something.

well golly sarge I did not know that!

[Joe_Dragon]

well golly sarge I did not know that!

Re:LOL

[laurencetux]

and the way they are "fixing" it just makes it WORSE

example
S'hogan from Whackistan breaks into say FITBITs datacenter and taps into Steve Rogers account. He then starts logging the activity. One day the activity STOPS if he is doing his job then he will be on the phone to his commander to report that "Rogers has gone dark" (this means some nasty folks are going to be ducking a shield very soon).

what they should do is have any DOTMIL fitbits link to a server in the Pentagon/Cheyenne Mountain/[LOCATION REDACTED]

Secret bases identified

[bugs2squash]

Look for the places where there are apparently never any soldiers...

Re:What about...

[AHuxley]

The contractors and staff get unhappy when all their tech is removed.
They walk off site and start talking to random local people about their shift work on base.
The random people around a US/UK base/ports are all spies who know who to listen and talk.
The friendships turn the contractor into a spy.
The contractor is told to become a spy for cash, faith, lifestyle..
The US and UK contractors start to really like their new friends and talk more about all kinds of working conditions and what is not allowed.
When they return to the USA, UK the contractors stop wanting to work under such difficult conditions and get to enjoy spying.

To keep staff happy and to counter such easy spying, wages are good and working conditions are improved.
Lax enforcement then allows tracking device back on base and "conditions' improve. While been collected on.

Keep the devices and everyone is collected on.
Remove all devices and staff get unhappy and start talking to spies again.
Low pay, no devices and lots of new court martial rules just make staff more unhappy.
Spies around a base/port/Cooperative Security Location really like unhappy staff ho want to talk about who get a court martial and that their pay is so low.

Phone spy

[DrYak]

By default, out-of-the box, most Android phone will only leak location information to the proprietary Google Service used for maps and fused location (i.e.: your phone uploads a list of all cell tower and wifi point that you see within range and their respective signal strengh, Google's cloud would do some triangulation and give you back a somewhat good location approximation, faster than it would take to get a lock on GPS sattelites - or even if you can't lock them, e.g.: because you're indoor)..
And Google are smart enough to not release a "heat-map" detailled enough.
(You would need to manually go and disable all the potential leak points)

Then, depending on which app you're installing, there are tons of potential snoop that could slurp your data.
(All this "get automatic sale alerts and coupons when you approach a shop" type of app could potentially leverage this)

Some like Uber will keep their data secret, and only admin could have "god mode" interfaces to display it.
Other like the sport tracker are stupid enough to publish maps that will publicly reveal their slurping tendencies, while also risk to make public classified information such as military bases layouts.