By Mike Zusman
After a sip of whiskey, an aging Pistol Pete wrapped up elk camp orientation at his remote Idaho cabin.
“…and if anyone leaks our location on social media, we will shoot you.” Pete’s eyes darted to the Colt Woodsman 22 on his hip before circling the kitchen table and making contact with each of us.
Seems reasonable, I thought. This beautiful place is worth killing for.
Pete’s concern about social media is valid, but leaking the camp’s location on Instagram, Facebook, or even Strava is preventable—if you’re not a dumbass. Don’t post any GPS tagged images, pics with discernible landmarks, or log any backcountry death marches to social fitness app Strava from your Garmin watch.
Don’t be too connected like recently assassinated Russian submarine commander Stanislav Rzhitsky.
Whether ignorant of threats to his personal safety after killing Ukrainian villagers in a cruise-missile attack, or just ignorant of the value of his data, Captain Rzhitsky was targeted by Ukrainian agents using the running data he shared on Strava. While enjoying what would be his final morning run, a bike riding assassin fired seven shots from a Makarov pistol, abruptly ending the accused war criminal’s workout, and his life.
Aware of my own threat of a bullet for data security improprieties, and also intimately familiar with the dark art of data theft, my hacker/nerd brain zeroed in on the most likely way I might electronically spoil Pete’s secret spot: my GPS hunting app.
If any such hunting app is ever hacked and everyone’s scouting data leaked to the public, some well-intentioned developer will quickly construct a website enabling anyone to view the stolen info on a map of North America. Imagine an app experience similar to your preferred GPS hunting app, except you don’t just see your data—you can see everyone’s data.
Areas of increased hunting pressure will be lit up with tracks and waypoints, while areas of less pressure will be visibly barren of data. This nationwide hunting heatmap would let you explore where people are hunting according to their own devices, and depending on the severity of the breach, could potentially include names and emails of hunters.
Any waypoints and tracks I might log from Pete’s camp would be visible too. A waypoint labeled “Big Ass Bull” with Pete’s coordinates and my name attached would be a death sentence.
Every Fudd-tastic hunting influencer from Silicon Valley to Missoula would find their way to the public trailheads surrounding his camp, hopped-up on pre-workout, bugling for big bulls. With his guiding business ruined, Pete would have plenty of time to hunt me down like Captain Rzhitsky.
Probably on his ebike, too, just like the Ukrainians.
I trust my hunting app with my personal scouting data at home, but I wouldn’t bet my life or Pete’s livelihood on its cybersecurity posture. When I’m hunting at Pete’s, my phone can stay in my pack, with the app uninstalled for the time being. Paper map, compass, and orienteering skills are always there if we need them.
The following September I went back to Pete’s camp, still adhering to my strict no-GPS app policy to avoid a bullet to the face.
At last light on day three, I killed a nice bull. After a short track followed by hours of butchering and skinning, my guide Ricky and I packed out what we could, planning to recover the rest in the morning.
I was up bright and early, still fueled by adrenaline and excitement from the evening’s nailbiter. Ricky was more excited to slow roll the morning and enjoy his coffee.
“Do you know where we hung that quarter?” Ricky asked.
“Yes – I think so.” I answered, shouldering my pack and preparing to leave.
Without a shred of confidence in my answer, Ricky replied, “Hold on, do you use onX? Let me drop you a pin.”
“Nah, man. I can kill animals without an app. Does Pete know you use onX?”
Editor’s note: We reached out to one of our sponsors, Spartan Forge, and asked them to comment on their efforts to address security concerns like those expressed in the above article. Here is the response from their CEO, Bill Thompson:
Spartan Forge has its foundations in national security; that’s not to say that the government excels at security—in fact, the government sucks at most endeavors it undertakes. We’d argue that its ineffectiveness isn’t from a lack of knowledge but from the layers of bureaucracy with which it saddles itself. The only good government is a shrinking one. However, our experience working in the realm of state-sponsored hacking has granted us a keen understanding of how malicious actors operate online and how reckless businesses handle your data. We implement similar standards and techniques to safeguard our user data as those used to protect the nation’s most vital secrets. The key difference is our flexibility, swift responsiveness to threats, and that we actually care about what we do.
The more significant issue lies in how apps and companies within our industry, and others, monetize your data by selling it to other companies—including your emails, locations, habits, and preferences. We refrain from participating in any such practices and are committed to upholding this stance as long as I am at the helm of the company. Unlike these companies, which profit from dealing in your data, our developers work within isolated environments and lack access to public data. Only the founders within Spartan Forge have the privilege of accessing your data, and we do not abuse this privilege.
Data security is upheld through meticulous access control and industry-standard security protocols. Drawing from personal experience, I can assert that our competitors and the broader industry do not handle and protect your data in the same manner.