# Beer drinking = OpSec threat



## dapaterson (18 May 2020)

How a seemingly innocuous app threatens security.

https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/


----------



## Journeyman (18 May 2020)

dapaterson said:
			
		

> How a seemingly innocuous app threatens security.
> 
> https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/


The key example they used certainly travelled in some interesting circles.....  8)


----------



## lenaitch (18 May 2020)

I suppose it is little different than many other social media-type apps.  This one strikes me as a little higher on the pointless scale.  Right up there with people posting their food. I can't recall a time when I needed technology to help me have a beer.


----------



## BeyondTheNow (18 May 2020)

lenaitch said:
			
		

> I suppose it is little different than many other social media-type apps.  This one strikes me as a little higher on the pointless scale.  Right up there with people posting their food. I can't recall a time when I needed technology to help me have a beer.



But when so much work has gone into preparing something that makes one’s mouth water, or when showing off a new place to grab a bite, food photos are a must! ;D

...I also take photos of new beers I try. 

Come to think of it, I take photos of almost everything. Yup, I’m one of those. 8)


----------



## Navy_Pete (18 May 2020)

lenaitch said:
			
		

> I suppose it is little different than many other social media-type apps.  This one strikes me as a little higher on the pointless scale.  Right up there with people posting their food. I can't recall a time when I needed technology to help me have a beer.



I hate going out to eat with people that post photos of their meals. Sure, grab a group shot, but no one cares what your food looks like.  It's a useful darwinian kind of self sorting feature though for social media.


----------



## lenaitch (18 May 2020)

I find that many people, particularly the current younger generation who are touted as being oh-so tech savvy, have little clue or regard for the digital trail they leave.  I have seen personal FB pages of professional people who really should know better with no privacy filters posting phone numbers, etc.  There are proven linkages between posts and crime ('hey, be away on vacation for a week.  C U when we get back'.  Returns to a break-in).  I have also read on these pages how social media can (or used to) have a security impact on deployments.




			
				Navy_Pete said:
			
		

> I hate going out to eat with people that post photos of their meals. Sure, grab a group shot, but no one cares what your food looks like.  It's a useful darwinian kind of self sorting feature though for social media.



I have as much interest in looking at some random person's or even acquaintance's upcoming meal as I have in what it looks like after their body is done with it.


----------



## brihard (18 May 2020)

lenaitch said:
			
		

> I find that many people, particularly the current younger generation who are touted as being oh-so tech savvy, have little clue or regard for the digital trail they leave.  I have seen personal FB pages of professional people who really should know better with no privacy filters posting phone numbers, etc.  There are proven linkages between posts and crime ('hey, be away on vacation for a week.  C U when we get back'.  Returns to a break-in).  I have also read on these pages how social media can (or used to) have a security impact on deployments.
> 
> 
> I have as much interest in looking at some random person's or even acquaintance's upcoming meal as I have in what it looks like after their body is done with it.



I remember some years back some kid on one of the CAF facebook groups who was going through BMQ and talking about how as a Comms Researcher he'd be getting top secret clearance. So I took about 20 minutes, then randomly messaged him photos of the front of his house, and his parents and sister's names and places of employment. It was amusing seeing how rattled he was by that. Good little lesson learned. A little bit of benevolent red-teaming never hurt anyone.


----------



## BeyondTheNow (19 May 2020)

Navy_Pete said:
			
		

> I hate going out to eat with people that post photos of their meals. Sure, grab a group shot, but no one cares some don’t care what your food looks like.  It's a useful darwinian kind of self sorting feature though for social media.



I can see it being annoying in certain situations. Discretion is important. There’s a time and a place. Casual/with friends, like you said. Business lunch with the boss? Not so much.

There’s a large following for food porn. Some people really enjoy it. I think it’s genuinely interesting that the practice doesn’t lend itself to only a select group. I know those of any age (I’m middle-aged myself), rank, position/experience, etc who take photos of a dish they’d like to share. It’s just one of those things. For instance, another phenomenon is constant captures of video-game playing and screen-grabs. That hobby doesn’t garner interest for some, but there’s a large following for those types of profiles. Again, just one of those things. Social media is a strange beast at times.

There are users here familiar with my social media habits, so I’m comfortable discussing them. I was poking a bit of fun at myself above. (I’ve been a hobbyist, as well as professional-gig photographer on various occasions for years. I’ve been tasked with some local military events also. I find inspiration in the every-day and I always have some sort of camera with me...and can always find something to take a photo of. On occasion, it’s food )




> I find that many people, particularly the current younger generation who are touted as being oh-so tech savvy, have little clue or regard for the digital trail they leave.  I have seen personal FB pages of professional people who really should know better with no privacy filters posting phone numbers, etc.  There are proven linkages between posts and crime ('hey, be away on vacation for a week.  C U when we get back'.  Returns to a break-in).  I have also read on these pages how social media can (or used to) have a security impact on deployments.





> I remember some years back some kid on one of the CAF facebook groups who was going through BMQ and talking about how as a Comms Researcher he'd be getting top secret clearance. So I took about 20 minutes, then randomly messaged him photos of the front of his house, and his parents and sister's names and places of employment. It was amusing seeing how rattled he was by that. Good little lesson learned. A little bit of benevolent red-teaming never hurt anyone.



This is true, and very troubling. And it can’t always be attributed to some of them not knowing, because some of them do. They just don’t see it as being a genuine concern. However, it’s important to give adequate weight to the fact that it’s not always a younger generation thing. There are those of older age who don’t recognize the risks for whatever reason; whether it be an overall understanding of technology, a navigation issue with certain platforms, etc.

Before the outbreak started, my 50+yr old colleague went on vacation. While he and his family were away, there was an incident involving a credit card, and a package delivered and picked up from his house. He had a doorbell camera, so footage was captured. Thankfully, everything got sorted out. But in discussion when he returned we were talking about the situation, and I had to explain to him that all his FB posts were public. ‘That anyone, anywhere, could see everything he posted. ‘Had to explain what the little ‘earth’ icon indicated. He legitimately didn’t know, and he wasn’t new to the platform either.


----------



## Journeyman (19 May 2020)

You don't have to post the pics, but there may be some utility in taking pictures of your beers and the pubs serving them

…. to 'refresh' your memory the next morning.   


(Or so a friend tells me)


----------



## Jarnhamar (19 May 2020)

When I read stories about people getting outted by phone apps who are working in the pentagon or running around cia blacksites I wonder if they're clueless and no one noticed or they just don't care.


----------



## Lumber (19 May 2020)

lenaitch said:
			
		

> I suppose it is little different than many other social media-type apps.  This one strikes me as a little higher on the pointless scale.  Right up there with people posting their food. I can't recall a time when I needed technology to help me have a beer.



I have the app. 

It doesn't "help me have a beer".

I drink a lot of craft beer; that is, I like to try many _different_ craft beer. As many as I can, actually, and in Nova Scotia alone, that means a LOT of different beers. I'm a nostalgic person. I like to reminisce about all of the things I've tried and experienced in my life, including all the craft beer I've enjoyed.

By logging all the beer I try in untappd, I can keep track of all the beer I've tried, avoid those I didn't like, recall those I really did like, find a particular taste based on my mood, and just remember some good times.

Also, it's fun getting "badges" for various achievements, like logging 10 different beers before noon and being told you might have a drinking problem.  ;D


----------



## dapaterson (19 May 2020)

Lumber said:
			
		

> Also, it's fun getting "badges" for various achievements, like logging 10 different beers before noon and being told you might have a drinking problem.  ;D



Again.


----------



## PuckChaser (19 May 2020)

Jarnhamar said:
			
		

> When I read stories about people getting outted by phone apps who are working in the pentagon or running around cia blacksites I wonder if they're clueless and no one noticed or they just don't care.



Having had the pleasure to both brief and enforce digital OPSEC regulations, I can tell you people will follow them only up until the point that they can't do something they want to do/it inconveniences them. There's also a big problem with the Cyber/Sigs community where any briefings are done by someone with the social skills of a pencil, and there's never any demonstration. When you can show people how easy it is and the "why" its important with practical examples, I've found there's a lot more buy-in from the end-user. It doesn't help that in our military culture most of our senior folks are Afghanistan veterans where the near-peer cyber threat was minimal at best. That environment has changed but we're slow to change with it.


----------



## dimsum (19 May 2020)

PuckChaser said:
			
		

> There's also a big problem with the Cyber/Sigs community where any briefings are done by someone with the social skills of a pencil, and there's never any demonstration.



Now that would be a funny brief:

"ok, so for example, let's look up MCpl XYZ's social media trail."

"NOOOOOOOOOO!!!!!!"


----------



## PuckChaser (19 May 2020)

Dimsum said:
			
		

> Now that would be a funny brief:
> 
> "ok, so for example, let's look up MCpl XYZ's social media trail."
> 
> "NOOOOOOOOOO!!!!!!"



I've seen it done for a volunteer. Although hilarious for the group, it hits home real quick for everyone how with some simple tools and knowledge you can get a lot of access to a person's life.


----------



## Jarnhamar (19 May 2020)

PuckChaser said:
			
		

> I've seen it done for a volunteer. Although hilarious for the group, it hits home real quick for everyone how with some simple tools and knowledge you can get a lot of access to a person's life.



Seen some of those, pretty good shows. People don't realize that even if they scramble to delete information about themselves a lot of places cache info (if that's the right term) so even if you delete something a google search still brings up the thumbnail or link.


----------



## PuckChaser (19 May 2020)

Jarnhamar said:
			
		

> Seen some of those, pretty good shows. People don't realize that even if they scramble to delete information about themselves a lot of places cache info (if that's the right term) so even if you delete something a google search still brings up the thumbnail or link.



We have that problem here, folks ask us to delete posts (especially after a username change that may have previously had their actual name in it) and even if we scrub the forum someone that knows when the scrub was done can just find a cache on a previous date and the info/post is still there.


----------

