Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label location tracking. Show all posts

Strava's Privacy Flaws: Exposing Sensitive Locations of Leaders and Users Alike

 



Strava, a popular app for runners and cyclists, is once again in the spotlight due to privacy concerns. Known for its extensive mapping tools, Strava’s heatmap feature can inadvertently expose sensitive locations, as recently highlighted by a report from French newspaper Le Monde. The report claims Strava data revealed the whereabouts of high-profile individuals, including world leaders, through activity tracking by their bodyguards.

Unlike a vague location like “the White House” or “Washington, D.C.,” Le Monde discovered Strava's data might pinpoint undisclosed meeting places and hotels used by these leaders. In one example, activity by Vladimir Putin’s bodyguards near properties he allegedly owns could reveal his movements. Additionally, the location history of bodyguards connected to Melania Trump, Jill Biden, and secret service agents from two recent assassination attempts on Donald Trump was reportedly exposed.

Strava's global heatmap, built from user-contributed data, tracks common running and cycling paths worldwide. Premium users can view detailed street-level data, showing where routes are popular, even in rural or isolated areas. If used carefully, the heatmap and location-based features like Segments are mostly safe. However, in low-traffic areas, routes can reveal too much.

Determining someone’s identity from Strava data isn’t difficult. By analyzing heatmaps and repeated routes, investigators—or even stalkers—can identify users and match their profiles to real-world identities. If an account continually shows up in a particular area where a leader is known to be, patterns can be drawn.

Despite privacy concerns, Strava remains popular because of its social features. Users enjoy sharing achievements and compete on Segments—specific road or trail sections where the fastest earn titles like CR (Course Record) or KOM/QOM (King or Queen of the Mountain).

For those concerned about privacy, Strava offers several settings to limit data exposure. In Privacy Controls, users can opt out of adding data to heatmaps, restrict their profile to followers, and hide activity start and end points.

Ways Automobile Companies Collect Customer Data

Automobiles collect data on a variety of aspects, including your identity, travel history, driving style, and more. The utilization of this information, according to automakers, will improve driving efficiency and driver and vehicle safety. However, without rules or regulations regulating consumer privacy in cars and what automakers do with your data, users are left to conjecture.

Rent-a-car firms may undoubtedly take advantage of every chance to increase their revenue and have better control over their fleet. Technology for surveillance is already in use. They can easily track their customers as a result. This function was first created to avoid high insurance costs, reduce the likelihood of automobiles being stolen, and add new levies.  

Companies that rent cars can keep records of the whereabouts and activities of their customers. They can quickly pick up on the client's behavior. Leading businesses disclosed the installation of cameras and microphones in their vehicles. Top firms have disclosed placing cameras and microphones in their vehicles. Customers can feel assured since they don't turn them on arbitrarily. 

How Automakers Gather User Data:
  • Camera: Dashboard and reverse cameras can record an accident for insurance officials to view. However, in addition to providing date, time, and road position information, they can also show the route taken by the vehicle.
  • Key fob: The VIN, the total number of keys that have been associated with a certain vehicle, and the most recent times the car was locked and unlocked are some of the data that are recorded in a fob.
  • Informational system: It was previously possible to listen to music while driving on a simple cassette or CD player. But over time, Bluetooth, wifi, and USB gadgets that can be controlled by touch screens or dashboard displays replaced these systems.
  • Black boxes: They are gadgets that track a driver's performance while operating a car. A driver's premium can be reduced if the black box data shows they are performing effectively while driving.
Tracking devices aid in preventing thefts, recovering vehicles that have already been taken, and saving people in an accident. However, since all of this data is transmitted over an Internet connection, it is susceptible to interception. Additionally, the servers on which this data is housed are vulnerable to hacking. You continue to be in the dark regarding the collection and sharing of your personal data by automakers. It can be challenging, but in the future, one might have to find a workable solution to this dilemma. Always examine the security of your data, and from the outset, become familiar with the potential of the vehicles you rent or purchase.  






















The Russian Expert Listed the Main Signs of Smartphone Surveillance

 

Along with the unconditional benefits, the smart devices around us also carry a number of dangers. Thus, with the help of a smartphone, attackers can gain access to the personal data of its owner. According to Evgeny Kashkin, associate professor of the Department of Intelligent Information Security Systems at RTU MIREA, there are several signs that may indirectly indicate that your smartphone has become a spy. 

"An important point, in this case, is the requirement for applications to use a camera, microphone, as well as access to data (images and videos) on the phone during installation. Of course, you can disagree with this point during the installation, but most likely, then the application will not work at all or will work incorrectly," the expert explains. 

According to him, for a number of applications, these access rights are mandatory for work, but there are applications where "such rights for normal operation are simply absurd." For example, a home internet account status application. 

Another important factor, in his opinion, is the use of geolocation in applications. At the same time, it`s not only about GPS, but also the use of cellular data, as well as connections to various web resources. Such an approach, on the one hand, can greatly facilitate the search for the right companies within walking distance in a number of search engines, but, on the other hand, the cell phone conducts a "total" tracking of your movements. The key question, in this case, is how the data will be used by those who collect it. 

A number of companies have gone even further in this context. They started tracking the email messages of the users. Thus, with the banal purchase of an electronic plane ticket, the system will notify you in advance of the departure date, and on the day of departure, it will build you a route to the airport, taking into account traffic jams. 

He also advises paying attention to the sudden and uneven loss of battery power. This may indicate that a malicious program is running in the background that can use the phone to carry out a DDOS attack. 

Another alarming symptom is the sudden freezing of the phone or even turning it off for no objective reason. And finally, the occurrence of noises and extraneous sounds during a conversation may also indicate that your phone is being monitored. 

The DLBI Expert Called the Cost of Information about the Location of any Person

Ashot Oganesyan, the founder of the DLBI data leak intelligence and monitoring service, said that the exact location of any Russian on the black market can be found for about 130 dollars. 

According to him, this service in the illegal market is called a one-time determination of the subscriber's location. Identification of all phones of the client linked to the card/account using passport data costs from 15 thousand rubles ($200). 

"The details of the subscriber's calls and SMS for a month cost from 5 thousand ($66) to 30 thousand rubles ($400), depending on the operator. Receiving subscriber data by his mobile phone number cost from 1 thousand rubles ($13)", he added. 

Mr. Oganesyan said that fixing movement on planes, trains, buses, ferries, costs from 1.5 thousand ($20) to 3 thousand rubles ($40) per record. Data on all issued domestic and foreign passports will cost from 900 ($12) to 1.5 thousand rubles ($20) per request. Information about crossing the Russian border anywhere and on any transport costs from 3 thousand rubles ($40) per request, Ashot Oganesyan clarified, relying on the latest data on leaks. 

According to him, both law enforcement agencies and security services of companies are struggling with leaks, but only banks have managed to achieve some success. The staff of mobile network operators, selling data of calls and SMS of subscribers, are almost weekly convicted, however, the number of those wishing to earn money is not decreasing. 

The expert noted that under the pressure of the Central Bank of Russia and the constant public scandals, banks began to implement DLP systems not on paper, but in practice, and now it has become almost impossible to download a large amount of data unnoticed. As a result, today it is extremely rare to find a database with information about clients of private banks for sale. 

However, another problem of leakage from the marketing systems of financial organizations has emerged. The outsourcing of the customer acquisition process and the growth of marketplaces have led to information being stored and processed with a minimal level of protection and, naturally, leaking and getting into sales.

Alert for Smart Phone Users, How Their Data is Extracted by Apps Via Location Tracking

 

With more mobile apps entering the new world of smartphone users, only a few know about the dangers of the gizmo. A recent report demonstrated that enabling apps with required permissions and accessing these apps could contribute to the leakage of personal data via the phone tracking feature. The privacy impacts of some of the permissions provided to apps and services are not known by mobile users and researchers were able to classify what kind of data is being obtained from apps with tracking feature. 

Two researchers from the University of Bologna, Italy, and Benjamin Baron from University College London, UK, are indeed studying how the processing of these data could constitute an invasion of consumer privacy. To this end, the investigators have built a smartphone app – TrackingAdvisor – which captures user location simultaneously. The app may collect personal information from the same data and request users to provide input about the validity of information in terms of data sensitivity and to rate its importance. 

“Users are largely unaware of the privacy implications of some permissions they grant to apps and services, in particular when it comes to location-tracking information”, said Mirco Musolesi from the University of Bologna. 

These data contain confidential information, including the user's place of residence, preferences, desires, demographics, and personality information. Published in the ACM Proceedings for Interactive, Mobile, Wearable, and Ubiquitous Devices, via the TrackingAdvisor application used in the report, researchers were able to identify what personal information the software gathered and how vulnerable it is to privacy. 

The TrackingAdvisor app monitored more than 2,00,000 locations, found nearly 2,500, and collected over 5,000 pieces of personality and demographic data. Researchers discovered, among the data obtained, that confidential information was also collected on fitness, socio-economic status, race, and religion. 

“We think it is important to show users the amount and quality of information that apps can collect through location tracking”, Musolesi added. “Equally important for us is to understand whether users think that sharing information with app managers or marketing firms is acceptable or deem it a violation of their privacy”. 

According to the researchers, analyses like this pave the way for the advancement of tailored advertisement schemes, in particular, the data they consider is more sensitive for the consumers. Thanks to the previously established privacy settings, this could also lead to systems which, could automatically prevent the collection of sensitive data from third parties.