https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/
--
Andrew Muzi
am@yellowjersey.org
Open every day since 1 April, 1971

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 7/13/2025 5:29 PM, Jeff Liebermann wrote:

On Sun, 13 Jul 2025 16:48:44 -0500, AMuzi <am@yellowjersey.org> wrote:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This might be useful:

"Activity Privacy Controls" <https://support.strava.com/hc/en-us/articles/216919377-Activity-Privacy-Controls>

I my case I am in trouble other than block my home base within 1 mile I
pretty well allow anyone to follow. I have had few weird followers I
deleted. OVer time as things go on I might change my settings. But
basically if you are following me for anything your life was be pretty
boring.

--
Deacon Mark

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 13 Jul 2025 17:36:49 -0500, Mark J cleary
<mcleary08@comcast.net> wrote:

On 7/13/2025 5:29 PM, Jeff Liebermann wrote:

On Sun, 13 Jul 2025 16:48:44 -0500, AMuzi <am@yellowjersey.org> wrote:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This might be useful:

"Activity Privacy Controls"
<https://support.strava.com/hc/en-us/articles/216919377-Activity-Privacy-Controls>

I my case I am in trouble other than block my home base within 1 mile I >pretty well allow anyone to follow. I have had few weird followers I
deleted. OVer time as things go on I might change my settings. But
basically if you are following me for anything your life was be pretty >boring.

Thanks. I've also had a few random "friends" following me. When I
look at their page, it's usually blank. I just removed "Christie
Christie Christie". To manage your friends and followers: <https://www.strava.com/athletes/your-id-number/follows?type=followers>

Also check the "beacon" setting: <https://support.strava.com/hc/en-us/articles/224357527-Strava-Beacon>
It's probably safe because it only allows three designated family or
friends to monitor your location. Still, someone evil could change
the setting and add themselves to your family and friends list. Trust
but verify. For mobile:
You -> Activities -> Settings (gear icon) -> Beacon
When I get back to walking (and hopefully riding) I plan to try the
beacon feature to see how it works.


--
Jeff Liebermann jeffl@cruzio.com
PO Box 272 http://www.LearnByDestroying.com
Ben Lomond CA 95005-0272
Skype: JeffLiebermann AE6KS 831-336-2558

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 13 Jul 2025 16:48:44 -0500, AMuzi <am@yellowjersey.org> wrote:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This might be useful:

"Activity Privacy Controls" <https://support.strava.com/hc/en-us/articles/216919377-Activity-Privacy-Controls>

--
Jeff Liebermann jeffl@cruzio.com
PO Box 272 http://www.LearnByDestroying.com
Ben Lomond CA 95005-0272
Skype: JeffLiebermann AE6KS 831-336-2558

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 7/13/2025 6:13 PM, Jeff Liebermann wrote:

On Sun, 13 Jul 2025 17:36:49 -0500, Mark J cleary
<mcleary08@comcast.net> wrote:

On 7/13/2025 5:29 PM, Jeff Liebermann wrote:

On Sun, 13 Jul 2025 16:48:44 -0500, AMuzi <am@yellowjersey.org> wrote:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This might be useful:

"Activity Privacy Controls"
<https://support.strava.com/hc/en-us/articles/216919377-Activity-Privacy-Controls>

I my case I am in trouble other than block my home base within 1 mile I
pretty well allow anyone to follow. I have had few weird followers I
deleted. OVer time as things go on I might change my settings. But
basically if you are following me for anything your life was be pretty
boring.

Thanks. I've also had a few random "friends" following me. When I
look at their page, it's usually blank. I just removed "Christie
Christie Christie". To manage your friends and followers: <https://www.strava.com/athletes/your-id-number/follows?type=followers>

Also check the "beacon" setting: <https://support.strava.com/hc/en-us/articles/224357527-Strava-Beacon>
It's probably safe because it only allows three designated family or
friends to monitor your location. Still, someone evil could change
the setting and add themselves to your family and friends list. Trust
but verify. For mobile:
You -> Activities -> Settings (gear icon) -> Beacon
When I get back to walking (and hopefully riding) I plan to try the
beacon feature to see how it works.

I don't use the beacon setting as I am a widower with really no one who probably cares. I don't want alarm my 88 year old mother or someone
else. Hopefully I can call on my cell phone if able. otherwise in the
worst case the county Corner has to determine what happened.

--
Deacon Mark

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Sun, 13 Jul 2025 16:48:44 -0500 schrieb AMuzi
<am@yellowjersey.org>:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This isn't a vulnerability, but incompetent security personnel
and incompetent reporting.



--
Thank you for observing all safety precautions

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 7/14/2025 5:36 AM, zen cycle wrote:

On 7/13/2025 5:48 PM, AMuzi wrote:

https://www.euractiv.com/section/politics/news/swedish-pms-security-
jeopardised-by-bodyguards-fitness-app-data/

Some on the security detail. It's isn't like this hasn't alreadu been in
the news. In 2017:

https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app- gives-away-location-of-secret-us-army-bases

ugh...should have been "shame" on the security detail.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 7/13/2025 5:48 PM, AMuzi wrote:

https://www.euractiv.com/section/politics/news/swedish-pms-security- jeopardised-by-bodyguards-fitness-app-data/

Some on the security detail. It's isn't like this hasn't alreadu been in
the news. In 2017:

https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

zen cycle <funkmasterxx@hotmail.com> wrote:

On 7/14/2025 5:36 AM, zen cycle wrote:

On 7/13/2025 5:48 PM, AMuzi wrote:

https://www.euractiv.com/section/politics/news/swedish-pms-security-
jeopardised-by-bodyguards-fitness-app-data/

Some on the security detail. It's isn't like this hasn't alreadu been in
the news. In 2017:

https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-
gives-away-location-of-secret-us-army-bases

ugh...should have been "shame" on the security detail.

That was the one that came to mind! Really in that sort of job folks should
be doing better!

Roger Merriman

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 14 Jul 2025 09:10:15 +0200, Wolfgang Strobl
<news51@mystrobl.de> wrote:

Am Sun, 13 Jul 2025 16:48:44 -0500 schrieb AMuzi
<am@yellowjersey.org>:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This isn't a vulnerability, but incompetent security personnel
and incompetent reporting.

Well, if you're going to blame someone, I might as well join the fun.
I think the blame is with Strava.

"Share your real-time location with others in Google Maps" <https://support.google.com/maps/answer/15437054>

"Location Sharing"
<https://myaccount.google.com/locationsharing>
"People you share your location with can see your name, photo, and
real-time location across Google services, even when you’re not using
Maps. They can also add Location Sharing notifications to know when
you arrive at or leave specific locations.
Shared information may include where you’ve recently been, how you’re traveling, and your device info."

I have a friend tracking me with Google maps. It's much like Strava
tracking except I don't need to run the Strava app in the background.

An important difference is that Google sends me an email every month
listing the people who are following me around and asking me if I want
to discontinue tracking. Unless I missed something, Strava does not
do this. Strava likely understands the potential security risk, but
doesn't seem interested in informing their users that they are being
tracked and are using insecure configurations.

--
Jeff Liebermann jeffl@cruzio.com
PO Box 272 http://www.LearnByDestroying.com
Ben Lomond CA 95005-0272
Skype: JeffLiebermann AE6KS 831-336-2558

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 14 Jul 2025 10:47:20 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:

On Mon, 14 Jul 2025 09:10:15 +0200, Wolfgang Strobl
<news51@mystrobl.de> wrote:

Am Sun, 13 Jul 2025 16:48:44 -0500 schrieb AMuzi
<am@yellowjersey.org>:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This isn't a vulnerability, but incompetent security personnel
and incompetent reporting.

Well, if you're going to blame someone, I might as well join the fun.
I think the blame is with Strava.

"Share your real-time location with others in Google Maps" ><https://support.google.com/maps/answer/15437054>

"Location Sharing"
<https://myaccount.google.com/locationsharing>
"People you share your location with can see your name, photo, and
real-time location across Google services, even when you’re not using
Maps. They can also add Location Sharing notifications to know when
you arrive at or leave specific locations.
Shared information may include where you’ve recently been, how you’re >traveling, and your device info."

I have a friend tracking me with Google maps. It's much like Strava
tracking except I don't need to run the Strava app in the background.

An important difference is that Google sends me an email every month
listing the people who are following me around and asking me if I want
to discontinue tracking. Unless I missed something, Strava does not
do this. Strava likely understands the potential security risk, but
doesn't seem interested in informing their users that they are being
tracked and are using insecure configurations.

Anyone I'd want to know where I live already knows where I live.
Anyone I'd want to know my name already knows my name.

--
C'est bon
Soloman

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jeff Liebermann <jeffl@cruzio.com> wrote:

On Mon, 14 Jul 2025 09:10:15 +0200, Wolfgang Strobl
<news51@mystrobl.de> wrote:

Am Sun, 13 Jul 2025 16:48:44 -0500 schrieb AMuzi
<am@yellowjersey.org>:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This isn't a vulnerability, but incompetent security personnel
and incompetent reporting.

Well, if you're going to blame someone, I might as well join the fun.
I think the blame is with Strava.

"Share your real-time location with others in Google Maps" <https://support.google.com/maps/answer/15437054>

"Location Sharing"
<https://myaccount.google.com/locationsharing>
"People you share your location with can see your name, photo, and
real-time location across Google services, even when youÂ’re not using
Maps. They can also add Location Sharing notifications to know when
you arrive at or leave specific locations.
Shared information may include where youÂ’ve recently been, how youÂ’re traveling, and your device info."

I have a friend tracking me with Google maps. It's much like Strava
tracking except I don't need to run the Strava app in the background.

An important difference is that Google sends me an email every month
listing the people who are following me around and asking me if I want
to discontinue tracking. Unless I missed something, Strava does not
do this. Strava likely understands the potential security risk, but
doesn't seem interested in informing their users that they are being
tracked and are using insecure configurations.

Mine is fairly well locked down, with start/end location hidden I don’t
hide the start times, but one has to request to follow and so on.

And clearly I can adjust something when I upload.

Roger Merriman

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Mon, 14 Jul 2025 10:47:20 -0700 schrieb Jeff Liebermann
<jeffl@cruzio.com>:

On Mon, 14 Jul 2025 09:10:15 +0200, Wolfgang Strobl
<news51@mystrobl.de> wrote:

Am Sun, 13 Jul 2025 16:48:44 -0500 schrieb AMuzi
<am@yellowjersey.org>:

https://www.euractiv.com/section/politics/news/swedish-pms-security-jeopardised-by-bodyguards-fitness-app-data/

This isn't a vulnerability, but incompetent security personnel
and incompetent reporting.

Well, if you're going to blame someone, I might as well join the fun.
I think the blame is with Strava.

[...]

Yes, there are settings, some of these with questionable
defaults. Not knowing these or not using them in a professional
context is incompetence.

I have a friend tracking me with Google maps. It's much like Strava
tracking except I don't need to run the Strava app in the background.

An important difference is that Google sends me an email every month
listing the people who are following me around and asking me if I want
to discontinue tracking.

Google is tracking you and likes to know more about you and your
sozial graph. A simple list on your account page showing all your
connections would be more timely and informative. AFAIK, Strava
_does_ have such a page. <https://support.strava.com/hc/en-us/articles/216918327-Manage-Followers-and-Block-Athletes>
I do have an unpaid Strava account, but don't use it for anything
other than looking around, occasionally, so I don't know how well
this works in practice.

IMO, somebody not knowning about that shouldn't collect
followers.

Unless I missed something, Strava does not
do this. Strava likely understands the potential security risk, but
doesn't seem interested in informing their users that they are being
tracked and are using insecure configurations.

Okay, I'll change my statement. In the case of security
personnel, such mistakes are not just incompetence, but
inexcusable incompetence.

I share some of my rides and with a few family members, only.
Even then, I use a setting to hide the parts of my tracks that
are close to home. If I want to hide where I'm riding, I just
don't let the track leave the device I'm using for routing and
tracking. It's as simple as that. In a serious security
context, I would even turn off tracking (collecting and storing
track points) altogether.

You never know who has access to the data collected by Garmin,
Strave or Google without you knowing it.

--
Thank you for observing all safety precautions

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 16 Jul 2025 00:17:16 GMT, cyclintom <cyclintom@yahoo.com>
wrote:

On Sun Jul 13 16:13:58 2025 Jeff Liebermann wrote:

Thanks. I've also had a few random "friends" following me. When I
look at their page, it's usually blank. I just removed "Christie
Christie Christie". To manage your friends and followers:
<https://www.strava.com/athletes/your-id-number/follows?type=followers>

Also check the "beacon" setting:
<https://support.strava.com/hc/en-us/articles/224357527-Strava-Beacon>
It's probably safe because it only allows three designated family or
friends to monitor your location. Still, someone evil could change
the setting and add themselves to your family and friends list. Trust
but verify. For mobile:
You -> Activities -> Settings (gear icon) -> Beacon
When I get back to walking (and hopefully riding) I plan to try the
beacon feature to see how it works.

Jeff exactly why are you following anyone on Strava?

Are you still angry with me for removing my following your about 10
seconds after I accidentally added your name? That was several years
ago. Are you still trying to attract my attention?

If read what I wrote, I'm following 1 person. Why is none of your
business. There are 2 people following me. One is that same person
who I'm following. The other is a former customer who is into
cycling. The follower I deleted was an obvious spammer. Please try
to read what I actually write, instead of what you imagined I had
written.

--
Jeff Liebermann jeffl@cruzio.com
PO Box 272 http://www.LearnByDestroying.com
Ben Lomond CA 95005-0272
Skype: JeffLiebermann AE6KS 831-336-2558

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)