It appears that government and intelligence agencies throughout the world did little or nothing to change their policies for personal fitness app and tracker usage as for the second time this year a massive data breach has exposed sensitive locations and the daily routines of government personnel, all accessible to the public.
And like with Strava’s interactive online fitness tracking map that made headlines last January, which we detailed revealed clandestine sites in places like Syria, Iraq, and Africa, including for example a CIA “black site” in Djibouti, the new breach allows easy access to view the daily habits of millions of users going back years.
Yet now in some instances even the names and addresses of intelligence and military personnel are able to be known.
Image via ZDNet/Boston Mail
This time it’s the fitness app Polar Flow, created by a Finnish-based company with offices in New York, at the center of controversy after an investigation by Dutch news site De Correspondent confirmed that the app “lets anyone find names and addresses for thousands of soldiers and secret agents.”
This can even include profile pictures and often actual names of users shared via the publicly available “Explore” feature; but as researchers also found this data can potentially be accessed through a design flaw in the privacy setting.
De Correspondent actually demonstrates just what can be known by examining one particular Polar fitness tracker near Erbil’s international airport in Iraq. The results, found through quick open source searches, are startling:
The man – let’s call him Tom – is a Dutch soldier, part of the Netherlands’ Capacity Building Mission in Iraq. The CBM is encamped near the Erbil airport. Since 2015, this base has been one of the key locations from which the war against the terrorist group Islamic State is being waged.
We are absolutely not supposed to know who Tom is and where he’s stationed. And we most definitely shouldn’t know where Tom lives.
Yet the activity tracking map in Polar’s fitness app lets us see that many of Tom’s runs start and end near a cluster of homes in a small town in the northern Netherlands. A little Googling gives us his exact address. We also find the names of his wife and children, and photos.
Though as the Dutch journalists note, exposing identities of intelligence agents is illegal in the US and many European countries, “we still …read more