It's Just Data wrote:
Doomsday wrote:If a tool like this falls into the wrong hands it could be devastating sites like Strava or mapmyrun. No one could be believed.
Please don't open source it and release it to the wild.
Eh, I disagree. No one should be believed right now, because Strava and similar systems aren't proof of anything. When a computer system is this insecure, the best thing to do is advertise that fact far and wide. Then everyone will realize that a posted Strava result is no more "believable" than a Facebook post. And maybe we'll see some progress towards more secure run logging systems, if there's demand for it.
By keeping this tool secret, it just plays into the hands of the few people who've already created similar tools, by making their fake results look believable in the public's eyes. With all due respect to Scam_Watcheroo, building a tool like this isn't that hard. Any programmer with some web services experience could probably do it in a couple of days. There's some lingering misunderstanding that it involves a hack or an exploit of a Strava flaw, but it's far simpler than that. There's no security in the first place.