Geofence warrants are now in something of a grey area: the Fourth Circuit upheld geofence warrants’ legality, at least under certain circumstances, only last month. The two cases may not be an apples-to-apples comparison, but even so the constitutionality of location data searches may take a while (and the Supreme Court, eventually) to sort out.

“All of this is fantastic news for users, and we are cautiously optimistic that this will effectively mean the end of geofence warrants,” says the EFF. “However, we are not yet prepared to declare total victory. Google’s collection of users’ location data isn’t limited to just the ‘Location History’ data searched in response to geofence warrants; Google collects additional location information as well. It remains to be seen whether law enforcement will find a way to access these other stores of location data on a mass basis in the future.”

Via Daring Fireball (where Gruber notes that Apple has never collected location data, i.e. there’s a reason it’s “almost always Google”).

Previously: New York Times: How Location Data Is Gathered, Shared and Sold.

The Electronic Freedom Foundation’s Atlas of Surveillance is an interactive map and searchable database of surveillance technologies used by law enforcement across the United States. “We specifically focused on the most pervasive technologies, including drones, body-worn cameras, face recognition, cell-site simulators, automated license plate readers, predictive policing, camera registries, and gunshot detection. Although we have amassed more than 5,000 datapoints in 3,000 jurisdictions, our research only reveals the tip of the iceberg and underlines the need for journalists and members of the public to continue demanding transparency from criminal justice agencies.” [Maps Mania]

Meanwhile, Strange Maps looks at the curious lack of Google Street View in Germany and Austria, where privacy concerns are paramount.

Previously: Strava Heat Map Reveals Soldiers’ Locations; Non-Anonymized Strava User Data Is Accessible; Strava, Responding to Security Concerns, Disables Features; Polar Flow User Data Can Be Used to Identify Military and Intelligence Personnel.

Polar, the Finnish company behind the app and service, announced that they were suspending the Explore feature that made the data accessible. They also note, and it’s worth remembering, that Polar data is private by default. If you’re military or intelligence and using a fitness app, what the hell are you doing exposing your location data—especially if you’re in a sensitive location?

The report also contains one hell of a buried lede. They tested other apps, namely Strava, Endomondo and Runkeeper, and, well: “Though it’s harder to identify people and find their home addresses than it is through Polar, we were ultimately able to do so using these apps. In contrast to Polar’s app, there is no indication that people whose profiles are set to private can also be identified in these apps. We informed them of our findings last week.” In other words, this is an industry-wide problem, not just a problem with one or two services. [The Verge]

Previously: Strava Heat Map Reveals Soldiers’ Locations; Non-Anonymized Strava User Data Is Accessible.

By uploading an altered GPS file, it’s possible to de-anonymise the company’s data and show exactly who was exercising inside the walls of some of the world’s most top-secret facilities. Once someone makes a data request for a specific geographic location—a nuclear weapons facility, for example—it’s possible to view the names, running speeds, running routes and heart rates of anyone who shared their fitness data within that area.

The leaderboard for an area, the Guardian reports, can be extremely revealing. “The leaderboard for one 600m stretch outside an airbase in Afghanistan, for instance, reveals the full names of more than 50 service members who were stationed there, and the date they ran that stretch. One of the runners set his personal best on 20 January this year, meaning he is almost certainly still stationed there.”

Which makes the security issue regarding military personnel using fitness trackers even worse than simply the anonymous aggregate of the routes they take. Yes, this is very much an unintended and unforseen consequence of relatively innocuous social sharing bumping up against operational and personal security protocols; and it’s as much on military personnel to, you know, not use GPS-enabled devices that upload your location to a third-party server as it is on companies to have clear and effective privacy controls. This is very much the result of a whole lot of people not thinking things through.

Previously: Strava Heat Map Reveals Soldiers’ Locations.

Strava is a mobile fitness tracking app that uses GPS data from phones and watches. It has access to a lot of data, and has been using that data to create a global heat map showing the paths taken by its cycling and running customers. The map’s most recent update, last November, aggregates user data through September 2017. But analyst Nathan Ruser noticed a problem: in places where local Strava use is low, the map can reveal the paths of people from wealthy western countries—for example, soldiers at U.S. military bases overseas, whether they’re patrolling or simply exercising. (U.S. troops are encouraged to use fitness trackers.) Which is to say, suddenly Strava is a security problem. Details at BBC News and the Washington Post.

https://twitter.com/D_Shariatmadari/status/775488250223947776

See the BBC’s coverage. Some context from Slate.