Advert

Strava Reveals Locations Of Military Bases Through Updated 'Heat Map' Feature

Published 
| Last updated 

Strava Reveals Locations Of Military Bases Through Updated 'Heat Map' Feature

When location-based fitness app Strava introduced its updated global heatmap back in November, everyone thought it looked pretty cool. The feature mapped the data broadcast by users and laid it out for all to see, giving everyone a visual of the places around the world where the app was being used the most.

Sounds like a pretty neat idea, right? Well, yeah, until you realise that quite a large chunk of Strava's users are military personnel working at sensitive locations.

The potential problem was exposed by researchers and journalists who cross-referenced areas of high activity on the heatmap with the locations of known US military bases and guess what. They matched up.

Credit: Strava
Credit: Strava
Advert

The seemingly innocuous app was sharing the locations and even names of military personnel - something that could have some pretty scary implications in the wrong hands.

The danger comes from potential enemies figuring out users' 'patterns of life', by tracking and even identifying military personnel as they go about their duties.

On Saturday afternoon, Nathan Ruser, a student studying international security at the Australian National University, began posting his findings to social media.

"Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option)," he wrote on Twitter. It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable."

Advert
Credit: Strava
Credit: Strava

In a series of images, Ruser pointed out Strava user activities potentially related to US military forward operating bases in Afghanistan, Turkish military patrols in Syria, and a possible guard patrol in the Russian operating area of Syria.

It was no time at all before other researchers followed suit, managing to identify a French military base in Niger, an Italian military base in Djibouti, and even CIA 'black' sites, using the data put out by Strava.

While it is true that many of the bases identified by journalists and researchers had already been revealed through publicly available sources, the real worry is that the information could be used to track 'interesting individuals' and follow them to potentially sensitive locations.

Advert

For example, Paul Dietrich, a researcher and activist, claimed to have used public data scraped from Strava's website to track a French soldier from overseas deployment all the way back home.

"It just keeps getting deeper. You can also trivially scrape segments, to get a list of people who travelled a route, and trivially obtain a list of users," he wrote.

Credit: Strava
Credit: Strava

"This is the part that is perhaps most worrisome, that an individual's identity might be pullable from the data, either by combining with other information online or by hacking Strava - which just put a major bullseye on itself," says Peter Singer, strategist and senior fellow at New America, a think tank based in Washington, DC.

Advert

"Knowing the person, their patterns of life, etc., again would compromise not just privacy but maybe security for individuals in US military, especially if in the Special Operations community."

Strava have acknowledged the problem and CEO James Quarles issued a statement saying that they were working hard now to raise awareness of how privacy and safety features work.

Loading…

"I'd like to take a moment to address the recent attention focused on Strava and our global heatmap," he said.

Advert

"We learned over the weekend that Strava members in the military, humanitarian workers and others living abroad may have shared their location in areas without other activity density and, in doing so, inadvertently increased awareness of sensitive locations.

"Many team members at Strava and in our community, including me, have family members in the armed forces. Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us.

"We are committed to working with military and government officials to address potentially sensitive data. We are reviewing features that were originally designed for athlete motivation and inspiration to ensure they cannot be compromised by people with bad intent.

"We continue to increase awareness of our privacy and safety tools and our engineering and user-experience teams are simplifying our privacy and safety features to ensure you know how to control your own data."

Featured Image Credit: PA

Topics: military, US News

Paddy Maddison
More like this
Advert
Advert
Advert

Chosen for YouChosen for You

Entertainment

Richard Madeley Leaves I'm A Celebrity After Being Admitted To Hospital

2 days ago

Most Read StoriesMost Read

Community

Dad's 'Cruel' Method For Making Kids Behave At Christmas Sparks Outrage

2 hours ago