In late January, fitness tracking app Strava released their heat map for 2017 – publishing their users’ activities from all around the world. However, the information released also included the locations of various supposedly secret military bases.
As a running and cycling tracking mobile app, Strava lets its users “track their running and riding with GPS, join Challenges, share photos from your activities, and follow friends.”
With the release of their heat map, Strava showed their users’ runs, rides, swims, and other activities collected by their smart devices.
Since the app is designed to track its users’ routes and locations, it also unintentionally mapped out the locations and activities of some military forces around the world.
The fitness tracking app boasts of billions of logged fitness activities globally, a huge cache of information from its global users.
This can be used to establish a pattern in a victim’s routine, making it easier to anticipate their actions.
Strava’s heat maps have been publicly available since November 2017, but security experts have noticed routes of soldiers and agents all over the world. These include US military outposts in Afghanistan and Syria, an alleged CIA base in Somalia, and Area 51 in the US.
In addition to these American military locations, crucial outposts belonging to the United Kingdom and Russia were also uncovered.
Online security professionals also tweeted about discovering other sensitive US outposts in Somalia, Afghanistan, and Syria; Russian bases in Ukraine; a missile base in Taiwan; and an NSA base in Hawaii.
Strava’s heat map allows anyone to potentially track unsuspecting victims when they exercise. This information can be used to establish a pattern in a victim’s routine, making it easier to anticipate their actions.
Being able to remotely track these kinds of activities can result in a huge breach in privacy and security – especially for military personnel.
But should Strava be blamed for this? The company’s heat map is solely based on publicly available information and they do offer a private mode option that does not share their users’ information outside of the app.
Based on this information, Strava users from the military could have been sharing the information unwittingly or were not thinking of the consequences of publishing their location data.
Moreover, security experts proposed that Strava could potentially be used by the enemy or terrorist forces to plan their attacks or ambushes on the exposed bases or troops.
To compound the situation, some experts were able to “de-anonymise” the heatmap, meaning they could identify specific persons and their locations and routines.
For their part, Strava reminded the public that their apps location settings could be turned off and that their map does not show private activities or areas specified as such.
Their statement read, “Our global heat map represents an aggregated and anonymised view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones. We are committed to helping people better understand our settings to give them control over what they share.”
This is just another reminder to the public to be wary of sharing their locations, especially if they work in supposedly restricted areas in the world.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.