Interesting article (to me, anyway) regarding privacy with FIT files, Garmin, Strava etc. from a running site, but equally pertinent here.
~Privacy article~
~Privacy article~
Privacy, and what we put out there on Garmin, Strava etc.
Page may contain affiliate links. Please see terms for details.
DCLane
Found in the Yorkshire hills ...
- Location
- Dewsbury, West Yorkshire
We're giving out huge amounts of data, even for those who try to restrict it. My Strava 'home' location is the pub 1/4 of a mile away and rides are masked but on the next street I know where someone keeps their bike [in their shed], and that it's a Pinerello Dogma F10.
IanSmithCSE
Guru
- Location
- Worcester, Worcestershire
Good morning,
I am beginning to suspect that most people have now given away more information than is useful already and any new information will confuse the picture as much as help.
I once worked with a legal and ethical email marketing company back before GDPR and we could tell that someone opened an email with an iPhone 4 i% of the time, Outlook o% of the time and an Android phone a% of the time.
Going back to a client and saying that you need to optimise you marketing material for the screen resolution of an iPhone 4,8,10 etc was simply too much effort for them. I don't mean something that would display correctly but something that would maximize the use screen space. All that really mattered is that m% of all emails are opened on a mobile device.
If you are a bike thief who lives near "Found in the Yorkshire hills ..." then there is a lot of information in this thread, but there is not much market for it. By the time I have worked out where you live and found someone who is a bike thief but trustworthy for me to sell the information to there is no profit.
Taking the information in the FIT file, yes it is very personal but who is it useful to? That you are a cyclist of a certain type is almost certainly already known to the people who want to sell to you as they already have your details as someone has already legally collected it and sold it on.
The type of data in the FIT file is very likely to be annoymised, aggregated and sold; 50% of cyclists have a heart rate of.... Controlling how this data is used is a lot harder because the aggregated data is not personal, and hard to trace back to source but doesn't actually affect the life of the individual who provided the FIT file.
It is relatively easy to automate social media account creation, scraping and collecting a view of an individual, but again the people who have the resources to do this will still not find much of a market because Facebook will be able to supply higher quality data.
Back before GDPR and still in the case now of dodgy or ill informed business, you could by a list of email addresses of contacts in most UK businesses for a couple of hundred quid, that a few million email addresses, or you could pay up to 10p per address for a single use.
The cheap list was created by scraping web sites, it was out of date, had no consent to contact or market to, only covered websites where there was an email address which could have been Info@.
Importantly most big email providers such Microsoft (Hotmail) or Google would create dummy websites with email addresses that only existed on these websites, if you were contacting that email address you were a spammer and all of your emails sent via their services, and many others would simply be discarded instead of delivery.
Companies that used this type of list rarely did so again.
The point of this is that making collected information useful is a difficult and expensive job, so will only be done by GCHQ or someone who thinks he knows a market for it that is not already supplied.
The credit card companies have a very good view off a lot of the population and some already sell aggregated data, and have enough information to construct a very detailed view if they ever lost or sold their entire database.
Bye
Ian
I am beginning to suspect that most people have now given away more information than is useful already and any new information will confuse the picture as much as help.
I once worked with a legal and ethical email marketing company back before GDPR and we could tell that someone opened an email with an iPhone 4 i% of the time, Outlook o% of the time and an Android phone a% of the time.
Going back to a client and saying that you need to optimise you marketing material for the screen resolution of an iPhone 4,8,10 etc was simply too much effort for them. I don't mean something that would display correctly but something that would maximize the use screen space. All that really mattered is that m% of all emails are opened on a mobile device.
If you are a bike thief who lives near "Found in the Yorkshire hills ..." then there is a lot of information in this thread, but there is not much market for it. By the time I have worked out where you live and found someone who is a bike thief but trustworthy for me to sell the information to there is no profit.
Taking the information in the FIT file, yes it is very personal but who is it useful to? That you are a cyclist of a certain type is almost certainly already known to the people who want to sell to you as they already have your details as someone has already legally collected it and sold it on.
The type of data in the FIT file is very likely to be annoymised, aggregated and sold; 50% of cyclists have a heart rate of.... Controlling how this data is used is a lot harder because the aggregated data is not personal, and hard to trace back to source but doesn't actually affect the life of the individual who provided the FIT file.
It is relatively easy to automate social media account creation, scraping and collecting a view of an individual, but again the people who have the resources to do this will still not find much of a market because Facebook will be able to supply higher quality data.
Back before GDPR and still in the case now of dodgy or ill informed business, you could by a list of email addresses of contacts in most UK businesses for a couple of hundred quid, that a few million email addresses, or you could pay up to 10p per address for a single use.
The cheap list was created by scraping web sites, it was out of date, had no consent to contact or market to, only covered websites where there was an email address which could have been Info@.
Importantly most big email providers such Microsoft (Hotmail) or Google would create dummy websites with email addresses that only existed on these websites, if you were contacting that email address you were a spammer and all of your emails sent via their services, and many others would simply be discarded instead of delivery.
Companies that used this type of list rarely did so again.
The point of this is that making collected information useful is a difficult and expensive job, so will only be done by GCHQ or someone who thinks he knows a market for it that is not already supplied.
The credit card companies have a very good view off a lot of the population and some already sell aggregated data, and have enough information to construct a very detailed view if they ever lost or sold their entire database.
Bye
Ian
Drago
Legendary Member
- Location
- Suburban Poshshire
I always fib with my Garmin. The details I use are...
Accy Shagger
Age 72
5'1"
69 Janet Porter Street, Accrington.
Accy Shagger
Age 72
5'1"
69 Janet Porter Street, Accrington.
Ming the Merciless
There is no mercy
- Location
- Inside my skull
No you mean you fib with your toaster. The new toaster 2020 with built in GPS. Make your breakfast on those early morning rides, or use as a hand warmer in the winter months...
Which was quite frankly nonsense, the locals know more about the bases than the US military and access to satellite imagery is very easy and cheap.
Specialeyes
Guru
- Location
- Essex
As an exercise in cyber-stalkery and to see if I was similarly vulnerable, I worked out where a colleague of mine lives from his Strava activities and some bike porn and eBay photos online. He has the 500m privacy perimiter set in Strava, starts his Garmin (or Wahoo now) from home and sets off into whichever direction the wind is blowing from. While the 500m seems a little fuzzy, his rides are sufficiently varied that it didn't take much triangulation and Google Earth/Streetviewing to work it out.
He also has a nice collection of bikes, both modern and vintage - but you'd have to know that to make it worthwhile cyber-stalking him at such an individual level. Pros like Alex Dowsett, who generously share their info on social media and Strava are also at risk - Alex's house was broken into last year.
He also has a nice collection of bikes, both modern and vintage - but you'd have to know that to make it worthwhile cyber-stalking him at such an individual level. Pros like Alex Dowsett, who generously share their info on social media and Strava are also at risk - Alex's house was broken into last year.
Drago
Legendary Member
- Location
- Suburban Poshshire
Lots of unsubstantiated speculation presented as gospel in that report.
It's fairly straightforward to figure out an individual's routine if they habitually post rides/runs on Strava. This could make them vulnerable to abduction or attack by hostile parties.
This isn't the sort of information that could be gleaned from satellite imagery.
It also negates the risky business of physical reconnaissance to a large extent.
Last edited:
Mr Celine
Discordian
- Location
- Waxing my moustache
A while back I was looking at my place on the leaderboard of a local segment and noticed that another athlete with the same time as me had the same name as my MP.
Just clicking on his name showed it was in fact him. He's more of a runner than a cyclist but it only took a couple of mouse clicks to see his regular running circuit from the house of commons and across Westminster bridge. Considering Jo Cox and all the other hassle MPs have been getting I was amazed that one of them is stupid enough not to keep his Strava account private. Then again, he is a tory.......
Just clicking on his name showed it was in fact him. He's more of a runner than a cyclist but it only took a couple of mouse clicks to see his regular running circuit from the house of commons and across Westminster bridge. Considering Jo Cox and all the other hassle MPs have been getting I was amazed that one of them is stupid enough not to keep his Strava account private. Then again, he is a tory.......
Drago
Legendary Member
- Location
- Suburban Poshshire
By chance I found my orthapaedic surgeon km Strava when he pimped one of my newly won KoMs.
Similar threads
