Security concerns with Garmin Connect

OK this might be me being paranoid but I started playing with Garmin Connect last night and noticed a real issue with privacy and security with the service.

To start with, when you upload your ride data by default Garmin Connect shares your data with the world unless you specifically change the privacy settings. So all things being equal the average user wont give this a second thought and will leave the settings on public access. Furthermore even if you do change the default settings it wont change the settings for any rides you have already uploaded, you’ll have to go back and manually change the setting for each ride.

So what’s the problem I hear you say with sharing my ride data. In a word “profiling”. As an anonymous user I can go the Garmin Connect site, search on my area of interest and find riders in that area. All the following screen shots were taken without logging on to the service. Here are a couple of riders I have picked at random. As you can see it’s not going to be to hard to figure out where they live

 imageimage 

From here I can zoom in on their activities and see when they are out riding, walking etc. From here I can quickly look for patterns as to when the user will be out of the house and for how long. As a thief this is wonderful news and I’m going to guess that if you have a Garmin your a reasonably keen cyclist and as such you’re probably going to have a couple of bikes (btw I can also find out what type of Garmin you have). So I know where you live, what time you go out and how long you will be out for, thank you the bike shop is open. As you can see from this user I just need to go around to their place on a Saturday or Sunday morning and I will have about an hour to do what I like.

image image image

I don’t mean to pick on Garmin Connect as I’m sure other services probably have the same issue but if you are going to use these services this is probably something you want to keep in mind.

  
        
          

Comments

  1. Graham says:

    Rubbish – all the GPS gives you is a start point. You have no way of knowing which premises the owner came out from.

    “and see when they are out riding, walking etc.” – no, all you can see is where they were in the past – anything else is assumption on your part and you are also assuming that properties are empty.

    “btw I can also find out what type of Garmin you have” – yes by reading the type on the page. But so what ? I have two devices – so what ? What conclusions can you draw ? None.

    “what time you go out and how long you will be out for” – No, thats all assumption on your part and again, you’re making the assumption that somehow
    this causes a problem.

    Most houses have TV aerials which is a fair indicator of a TV set, so should we hide our aerials as well ?

  2. me me says:

    mark – you’re not wearing a tin-foil hat by any chance are you?

    1. Mark Croonen says:

      No but my garmin 500 now wears one, helps block out all those nasty GPS signals, much more secure 🙂

  3. Brian says:

    What Graham is forgetting is that in rural and even suburban areas, houses are often separated by enough distance to make pinpointing a location very easy. Not everyone lives in apartment buildings.

    When the time of rides is posted, it’s very easy to see if there is a pattern. Someone could simply sit outside around the typical departure time and wait for the occupant to leave. Has anyone done this? I don’t know, but I also don’t see any point in providing this information. Really, why would anyone other than the owner of the ride data have any need to see date and time information? That data should always be kept private.

    More generally, it’s just prudent to limit the amount of personal information one posts on the Web. For example, I frequently see people discussing their vacation plans online, including the dates they’ll be traveling. I know of someone who was actually robbed while he was away by someone who got his vacation info from a forum he frequented.

    It’s funny that many people won’t even post under their actual names our of some vague fear, but they’ll put all kinds of personal information online. Doh!

  4. JerryW says:

    I just saw your blog on this issue mention over at RoadBikeRider.com. The same thing dawned on me about rides and runs leaving from my home a couple of months ago. I went back and manually locked out those leaving from home. Paranoid? Maybe. Too paranoid? Maybe not.

  5. Heya – thanks for bringing this up. I posted this concern in the Garmin forum, and got little attention.

    There’s a number of ways they could resolve this, easily.

    One thing they ought to have is an editor…even if you could ‘erase’ the last XX seconds off the beginning and end of any ride, this could be quickly resolved….and a fundamental feature..

  6. JasonT says:

    The arrogance of the average American never ceases to amaze me. Do you honestly believe that other people are that interested in YOUR habits? Much less that your gps locale would somehow lead someone to target you?

    Live your life or, better yet, get one. Quite falling prey to the ever profitable engine of fear.

  7. Tom says:

    This does not bother me one bit because if the only valuable thing in your house is not your bike than you need to seriously consider an upgrade. If you are concerned about your chances of being burgled while out riding compared to being hit by a car you should not get out of bed. Agree with JasonT, get a life dudes or take up chess.

Leave a Reply to JasonT Cancel reply

Your email address will not be published. Required fields are marked *

*
*