Weekly output: Falcon Heavy (x2), family-plan wireless math, Strava privacy, Web-site defacements, Tech Night Owl

This week was more exciting than most: I returned to the Kennedy Space Center for the first time since 2011 to see the liftoff of the most powerful rocket to leave American soil since 1973. I still can’t quite believe that I pulled that off… but I have the photos I took around Launch Complex 39A and the audio of the launch I recorded from the KSC press site to remind me that I did.

2/6/2018: SpaceX successfully launches the world’s most powerful rocket, Yahoo Finance

Two posts about the Falcon Heavy appeared at this Web address. The first was a curtain-raiser I filed late Monday explaining the significance of the Falcon Heavy. The second was a launch story–written in advance so I only had to add descriptions of the liftoff and the subsequent landing of the outer first-stage boosters–that my editors subbed in Tuesday afternoon. I also had a third post mostly ready that you didn’t read: a just-in-case piece about an unsuccessful launch that became irrelevant minutes after 3:45 p.m. Tuesday.

If you didn’t get a chance to see the pre-launch story at Yahoo, you can still read it at the Internet Archive, as shown in the screengrab above.

2/7/2018: The family cell-phone bill: How to find savings on shared wireless plans, USA Today

A reader complained that last week’s USAT column on cheaper alternatives to unlimited data for a smartphone didn’t offer any insight about saving money on shared-use family plans. Dear reader: story assignment accepted.

2/7/2018: The Strava social exercise app can reveal your home address, Yahoo Finance

I was grateful for this chance to redeem my prior Strava coverage: a study by a mobile-security firm that revealed how that exercise-tracking app’s geofenced privacy options can pinpoint a Strava user’s home address instead of obscuring it.

2/10/2018: Kuwait interior-ministry site hacked, Al-Jazeera

The Arabic-language news channel had me on to talk (overdubbed live into Arabic) about a recent episode of a hacker in Saudi Arabia defacing the site of Kuwait’s Interior Ministry. There’s a long history of this kind of digital vandalism, and fortunately the host mainly asked me about that instead of Gulf politics.

2/10/2018: February 10, 2018 — Kirk McElhearn and Rob Pegoraro, Tech Night Owl

I talked with host Gene Steinberg about the Falcon Heavy launch, Strava’s privacy issues and Apple’s new HomePod speaker. Gene’s other guest was Kirk McElhearn, who’s long been among my favorite Apple reporters.

Advertisements

How I screwed up a Strava story

A story I wrote weeks ago started to go bad last Saturday, before it had even been published and posted.

That’s when an Australian student named Nathan Ruser tweeted out an interesting discovery: The Global Heatmap provided by the activity-tracking social network Strava revealed the locations of both documented and secret foreign military bases, as outlined by the running and walking paths of service members that Strava’s apps had recorded.

The feature I had filed for the U.S. Geospatial Intelligence Foundation’s Trajectory Magazine–posted Wednesday and landing in print subscribers’ mailboxes this week–also covered Strava, but in a different light.

As part of an overview of interesting applications of “geoint,” I wrote about Strava Metro, the database of activities over time available to local governments and cyclist-advocacy organizations (but not commercial buyers). In that part of the story, I quoted Strava executive Brian Devaney explaining the company’s efforts to keep its users anonymous in both Metro and the heatmap.

Looking at Strava from the perspective of “will this show where people live?”, I didn’t even think about how Strava users might unwittingly map temporary workplaces abroad. I had my chance to clue in on Strava’s military user base from looking around D.C.–that’s Joint Base Andrews precisely outlined southeast of the District in the screengrab above–but I failed to draw any conclusions from that.

Apparently, so did everybody else in the months after the Nov. 1 debut of the heatmap, heralded in a post by Strava engineer Drew Robb that touted how “our platform has numerous privacy rules that must be respected.”

You can blame Strava for making it difficult to set a geofence around a sensitive area. But it’s less fair to hound a privately-run service built to share workout data–remember, it calls itself “the social network for athletes”–for not maintaining a database of classified military locations to be blacked out on its heatmap.

After Ruser’s first tweets, however, developer Steve Loughran poked around Strava’s system and found that he could correlate the heatmap with the records of individual people by uploading a fabricated GPS file of a workout to spoof the site into thinking he’d jogged along the same path. That’s a deeper problem, and one that appears to be Strava’s fault.

After I asked Strava to explain these new findings, spokesman Andrew Vontz pointed me to a Jan. 29 post by CEO James Quarles pledging action to make privacy a simpler choice in its system.

I hope that they do so forthwith. Meanwhile, a fourth of a magazine feature with my name on it (at least it’s the last fourth!) looks dumb. It’s true that every other journalist to write about Strava between November and last week also missed these angles–but I may be unique in having a positive piece about Strava land this week. That’s not a great feeling.