NoWhammies

I do believe Garmin Connect is free. But Garmin products aren't And you use the Garmin product to its fullest, one must use Garmin Connect. If I'm paying money for a product, I don't expect that company to pull a fast one on me and offer me a free service, only to benefit by using my data.

I can understand google combing through my email and search stuff to build up a profile because I'm not paying for the service. So they have to make money somehow. But I paid for the Garmin product. So to me there is a difference there.

Now if you'll excuse me, there are some kids playing on my lawn and I have to go yell at them.

drewguy

Agree the data is pretty low value. Probably should separate what stalkers could pick up from what you make public and what a hacker could get if they breached Strava/Garmin/etc data. The former is easier to control by not making your rides public or, with Strava at least, creating a privacy zone near your house. (After someone showed it was easy to triangulate a precise location Strava changed the tool to mask it better, BTW). That can help limit opportunistic criminals who might track you on one of the apps to boost your ride, or even opportunistic "criminals" who might like to see your heart rate to increase your life insurance rates.

The latter is trickier, because even your private data is with the company in the cloud, including the hidden parts of your ride. But, as noted, a hacker probably isn't looking for your heart rate or even the exact location of your house so he can steal your sweet ride. They want credit card numbers and real personal info, like SSNs.

So, I don't worry a huge amount. I'm private except on Strava, where I mask my start/end, and I don't use my full name. Someone would really have to want to track me down - probably easier to do what the criminals did last time - just look in everyone's backyard/garage on the street and break in for bikes.

rms13

The new story today is about how the Chinese government installed rice size chips on Supermicro server boards sold to Apple and Amazon and have been able to hack into both companies and steal information without detection. I'm sure most of us use Apple and/or Amazon products or have accounts with them with our sensitive data. Not to mention that all of our personal computers, phones, tablets, bike computers etc are made in China. So unless you are living completely off the grid and not using any technology (and obviously we all are using technology if we post here) then you're data is up for grabs and will always be. Even if someone every company stopped using China to manufacture everything, do you really think our own government wouldn't or isn't doing the same thing? I'll stick with my theory that nothing I am doing in my life is interesting enough to hackers. My credit card has been compromised 4 times in the past 2 years and I'm 100% sure it's not from anything I have done. Each time my credit card company discovered it before I could and issued a new card and I'm not responsible for any charges. Minor annoyances for me but it's the cost of doing business in the world today.

FlashBazbo

About a year ago, a Chinese delegation came to our offices in anticipation of buying our company. We exchanged business cards.

Our security consultant warned us not to have sensitive conversations in the presence of their business cards. The cards record a couple hours of voice. Then, when a reader comes within range of the business card (a few hundred feet), it uploads the recorded conversations to the reader. The cards look very high quality -- high quality card stock -- but otherwise like normal business cards.

We were tempted to script "conversations" just to play with the listeners' minds. But we decided to run them through our industrial recycling equipment instead. After our equipment got through with them, they were utterly unrecognizable as having ever been a business card. I'm assuming the sounds they recorded were less than helpful.

If they want it, they will get it. There's more than one way to get your data. I don't worry about Strava or Garmin Connect.

drewguy

Did the cards reveal electronics inside of them when shredded?

CliffordK

If a company asks for my birthday, I evaluate whether they really need it. If not, they get another date close, but not my birthday.

I can't say what all could be assembled from a complete hack of my Strava account. Maybe my name. Maybe my e-mail. Wrong birthday.

I think the biggest risk is home privacy. Post photos and descriptions of all of your bikes, as well as a map to your house.

And, if you're uploading while on tour, then you are also advertising that you aren't home.

I have some of the privacy settings enabled, but made a mistake of starting a couple of segments within 1/4 mile of my house that I don't want to lose.

Knowing where I ride, and my house, I can definitely see my own personal impact on the Strava Heat maps. But, I'm still hoping that random strangers can't identify me solely on the heat map.

Clyde1820

Sure. Sort of.

But then, there's a lot of comfort in single-use email addresses, single-use userid/passwd credentials, use of a VPN/proxy connection method. Even if a breach were to occur, it's hard for much to be tied to a given individual. A bit more of a pain to use, but then not all that bad if accepting that an initial look-up is part of accessing systems "out there."

Above and beyond that, I've put precious little detail out there on forums and the like. Beyond first name and city/metro area where I've lived or frequented, nothing personal. Certainly, no "personal" data that would sink me (ie, ccard numbers, phone/address data, "real" names/places of people I know or places I've worked, and so forth).

Can't see myself ever using Facebook, Twitter or other such media. Can't see the point of identifying myself (as me) on things like Strava and other useful tools.

As for the "keys" (SSN, bdate, addresses, detailed histories): so very few situations call for divulging certain pieces. Only the state really needs most of the key data, with the bank being a distant second place. Can't think of a single organization outside of those two entities that have gotten many "key" data elements from me.

In that sense, anonymity's a pretty good thing. As far as one can take it.

JMO

FlashBazbo

I don't know. Our recycling equipment is SERIOUS recycling equipment. At the end of the process, nothing is recognizable as what it formerly was. Any metals/wiring would have been removed and sent to the non-ferrous metals container. The card stock would have come out looking like blown-in home insulation.

But I doubt it. They didn't show up on an electronics scan -- no signal or magnetic field.

rms13

Do you think people buying the new Apple watch are worried now that their EKG data can be stolen by the Chinese and sold to their insurance companies?

Ritalalala

Then you can stop using this app, so my life doesn't need to be recorded.

znomit

Don't worry. Nobody is going to steal your data. It's not your data anymore because you gave it away to Strava/Garmin/etc.

Bicyclist008

It's terrible really people going to such lengths to steal data. I remember seeing a story on the news about strava or one such app, that had been mapping US army bases due to soldiers having the app on their phone.

Clyde1820

THAT is the one thing I'd like to see legislatively done: to declare, once and for all, that a person's data IS personal and theirs and not to be swiped or used in any manner without express prior written consent, defaulting to opt-out, re-obtained annually, with exceptionally severe penalties involving fines and incarceration for all company officers and individuals involved or knowingly violating this.

Until the degree to which it stings is severe, it's not going to change.

Trouble is, so much is already out there, already gathered, it might well end up being a "horse has left the barn" situation. (Equifax data breach alone, for example.)

700

I get many "Happy Birthdays" on New Years day. Just sayin'.

CliffordK

Probably not a bad idea. One of my fears is that if I ever have to use my birthday as account verification for anything other than a bank, I'll have no idea what the proper answer will be.