About 3 years ago, a former russian submarine commander accused of a missile attack in Ukraine that killed 23 civilians, was shot and killed, apparently after his route was tracked via Strava<p><a href="https://edition.cnn.com/2023/07/11/europe/russian-submarine-commander-killed-krasnador-intl" rel="nofollow">https://edition.cnn.com/2023/07/11/europe/russian-submarine-...</a><p><a href="https://gijn.org/stories/investigations-using-strava-fitness-app/" rel="nofollow">https://gijn.org/stories/investigations-using-strava-fitness...</a>

This is a common problem across militaries. It is difficult to stop soldiers from leaking their location if they have access to mobile phones and the Internet. Individual cases are usually a combination of naïveté, ignorance, and an unwillingness to be inconvenienced.<p>It still happens in Ukraine, where immediate risk to life and limb is much more severe than this case.

Is an aircraft carrier's location supposed to be secret? Pretty hard to hide from a satellite I'd imagine.

IIRC USA had similar issues with soldiers using Strava exposing secret bases[0]. I wonder wat kind of connectivity they had, was it Satellite internet for the carrier or did it sync once they got close to the shore? For the first one maybe they should switch to whitelist and not whitelist Strava.<p>[0] <a href="https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases" rel="nofollow">https://www.theguardian.com/world/2018/jan/28/fitness-tracki...</a>

I'm surprised this has been on front page of HN all day. As others said, its a surface boat, you could just follow it with a plane, ship, or submarine. If someone knows where it is, everyone does. Would be more concerning if it was a submarine that was able to be tracked.

I seriously doubt there is a country on earth which lacks the capability to detect an aircraft carrier's presence in the Mediterranean sea.<p>We are not talking about stealth vehicles.

Cruising speed of Charles de Gaulle is 27knots which would give the runner a pace of around 1:10mins/km depending on direction. That would really screw up your Strava stats

This is always Strava isn’t it? Was it Finnish security services that leaked the exacti location of the president because some of them wanted to share their runs? Why don’t militaries and security services just ban it?

I don't understand, why is it hard to track or find such a large ship?

Sarah Adams (ex-CIA, The Watchfloor podcast) literally discussed this possibility yesterday in a podcast titled "Your Phone Isn't Safe Right Now"<p>Most people here are tech savvy and understand VPNs, location sharing in apps, privacy agreeements, metadata in shared/posted JPEG files, etc but the episode I mentioned is like 20 minutes & provides maybe 100 different things you can do to reduce your footprint & increase your security while traveling abroad.<p>According to her, the biggest threats were fitness apps & dating apps (both of which are mentioned heavily here in the comments)

An aircraft carrier can be seen with the naked eye from 10 meters above the shore for about 28 miles.<p>So the entire Spanish coast, Moroccan coast, Algerian coast, mallorca, sardegna, Sicily, tunesia, the Greek isles, and who knows how many cruise ships, fishing vessels, and commercial aircraft all saw this ship.

How does the smart watch have any service out in the middle of the Med? Must be getting it from the ship, are they not firewalling outbound traffic?

Loose lips sinks ships. So does uncontrolled mobile phone access. It just doesn’t rhyme as well.

A year ago they found where Swedish politicians were through the Strava apps of their bodyguards.<p>Clearly we're not learning from our mistakes...

How hard is it to find an aircraft carrier without resorting to this? Not saying there’s no privacy leak here but aircraft carriers are not exactly stealthy…

This is a repeating phenomenon, and probably worse on land. Fitness and run tracking apps also reveal troop locations and concentrations on land (location clusters reported by apps targeted at non-local-language audiences stick out like a sore thumb).

Tracking an aircraft carrier should not be difficult for any state (satellite images). The fact that civilians can do it too now is interesting.<p>It would be another matter if that was tracking a nuclear submarine...

More than accurate enough to put an ASM in the right ballpark.<p>Modern militaries face some interesting challenges.<p>Possibly mobile apps should be designed to be somewhat secure for military use by defaul, backed by law.<p>Alternately, phones should have a military safe OS with vetted app store. Something like F-droid, or more on toto phone ubuntu, but tailored.<p>Obviously, you still need to be security conscious. But a system that is easy to reason about for mortals would not be a bad idea.<p>Rules like secure by default, and no telemetry or data exfiltration, (and no popups etc), wouldn't be the worst. Add in that you then have a market for people to actually engage with to make more secure apps, and<p>A) Military can then at least have something like a phone on them, sometimes. Which can be good for morale.<p>B) it improves civilian infrastructure reliability and resiliance as well.

The SMB segment in emerging markets is genuinely interesting for SaaS. The unit economics work differently — lower ARPU but massive TAM, and the willingness to pay is often tied more to savings (vs. current solution cost) than to value creation.

[deleted]

Along with the Strava secret base location leak, another interesting one was the ship with a contraband Starlink:<p><pre><code> As the Independence class Littoral Combat Ship USS Manchester plied the waters of the West Pacific in 2023, it had a totally unauthorized Starlink satellite internet antenna secretly installed on top of the ship by its gold crew’s chiefs. That antenna and associated WiFi network were set up without the knowledge of the ship’s captain, according to a fantastic Navy Times story about this absolutely bizarre scheme. It presented such a huge security risk, violating the basic tenets of operational security and cyber hygiene, that it is hard to believe. </code></pre> <a href="https://www.twz.com/sea/the-story-of-sailors-secretly-installing-starlink-on-their-littoral-combat-ship-is-truly-bonkers" rel="nofollow">https://www.twz.com/sea/the-story-of-sailors-secretly-instal...</a>

It's been a problem for nearly 2 decades.<p>Think about it: suddenly, in the middle of the desert in Afghanistan/Iraq/Syria/Niger/Djibouti a bunch of people start using a fitness tracker every morning (and the clusters show up in Strava). Did some village suddenly jump on the "get fit" bandwagon? Or could it be a bunch of US Marines/SpecOps/etc people trying to keep fit.

Tangential but related: Do these workout apps correct for the movement of the ship when tracking your runs? I imagine it's a borderline-common scenario that someone on a cruise ship goes for a jog on deck?

Some people here say an aircraft carrier can be seen from satellites so it's not a big deal. They miss a point (as I did too): this means you can identify individuals present on the carrier, so they become vulnerable to investigation and blackmail. Another country could threaten this individual's family to give some important information or worse (sabotage).

It would be cool if they actually wer just altering the GPS location data before uploading, so the location reported was false. GPX/TCX files are trivial to edit. "All warfare is based on deception"

Same thing happened with hidden Antarctica bases in 2018.

I wonder if there is a way to stop these apps when they enter the vessel.

<a href="https://archive.is/jDMmD" rel="nofollow">https://archive.is/jDMmD</a>

President Xi - my country yearns for freedom.

All through this whole ghost fleet thing I've had this question as to how a large ship in the sea can possibly keep its movements secret. Large media organisations seem to be unable to say where large tankers have been if they turn their transponders off.<p>Don't we have constellations of satellites constantly imaging the entire earth, both with visual and synthetic aperture radar, with many offering their data freely to the public? Wouldn't a large ship on the ocean stick out somewhat? And yet journalists seem lost without vesselfinder. Is this harder than I'm imagining, or are they just not paying the right orgs for the info?

That's the deception plan.

I remember a friend worked on a base where they disallowed cellphones.<p>...until there was an active shooter and they couldn't call for help.<p>so they did away with that and started allowing phones.<p>personally hate there are too many vested interests working against the common sense that people should own and control their devices, which could prevent nonsense.

Those LeMonde guys are pretty sharp, it was on Twitcher only yesterday ... <a href="https://x.com/MyLordBebo/status/2034734061613129740" rel="nofollow">https://x.com/MyLordBebo/status/2034734061613129740</a>

What's funny is I can imagine the sailor not understanding how the code works and properly setting up a "privacy zone" while at port to mask his location and verifying it was working while there<p>then of course while at sea, it's the same ship but different location<p>not like your home or workplace typically relocates itself<p>imagine being a coder at Strava trying to figure out how to deal with that, it's techically not possible<p>However it's a great marketing opportunity for Stryd footpod which can track distance without GPS<p>I wonder what a moving deck at even 10mph would do to a Stryd though<p>The GPS must have added 10mph? But it's all relative to the deck vs the sea, hmm

tragic if not comic.

Merde!

If I were china I would buy strata and offer all features free of charge

That's nothing, we also have this: <a href="https://github.com/BigBodyCobain/Shadowbroker" rel="nofollow">https://github.com/BigBodyCobain/Shadowbroker</a>

Seems we need a new digital category for Darwin Awards.<p>This is the modern way to die of stupidity — use your fitness watch app to log your miles on an online app instead of locally — so reveal your operational location.<p>The US had one of its secret bases in Afghanistan fully mapped for anyone to see by its residents logging their on-base runs.<p>Now, the French aircraft carrier is pinpointed en route to a war zone.<p>Yes OPSEC is hard, and they should be trained to not do this, but it seems to be getting ridiculous. If I were in command of such units, I'd certainly be calling for packet inspection and a large blacklist restriction of apps like that (and the research to back it up).<p>Local first is not just a cute quirk of geeks, it is a serious requirement.

I recall something similar happened on US ships last year because of the Applewatch.

wow amazing

[dead]

[dead]

[dead]

[dead]

[dead]

[dead]

[dead]

[dead]

[flagged]

Many questions:<p>I can assume Strava is GDPR compliant and would not publish this information without the sailors concent?<p>Does the French military not stress in their training the dangers of these data disclosures?<p>Why does the carriers network not have adequate measures against this sort of data exfiltration?<p>Why is Le Monde tracking a french sailors location data?

Maybe it was just an old stupid treason? Someone against the war and… hard to believe there are no rules about location.

What's interesting here isn't that nation-states can track aircraft carriers - they've always been able to. It's that Le Monde did it with what's essentially a consumer API. The 2018 Strava heatmap incident showed this data leaks passively; now we're seeing it used for active, targeted tracking by journalists with a story idea and some scripting. That gap closing is the actual news.