Now, before you start to become curious about a possible security breach, there is none associated with the fitness tracking app Strava which promotes itself as the social network of athletes.
The heatmap of almost 1 billion logged fitness activities was made with over 10 terabytes of raw input data. The heatmap includes around 3 trillion GPS data points sourced from users’ device. The smartphone app is compatible with wearables like Fitbit.
What went unnoticed until the last weekend was the fact that the app might have been used by the people working in the US army, with their jogging routes getting uploaded to Strava’s servers.
According to a report by The Guardian, military analysts noticed that the data visualization map was potentially revealing sensitive data about military personnel on service.
The US bases are clearly identifiable and mappable,” wrote the analyst Nathan Ruser who works with the Institute of United Conflict Analysts.
“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous.”
Apart from overseas military bases such as in Afghanistan, Syria, Djibouti, etc., the Strava map also shows larger known military bases. Even the ones that are are not visible in the satellite imagery of services like Google Maps and Apple Maps. For instance, the US Air Force base called Area 51 or Homey Airport, Nevada. The image shows the route of a cyclist (thin red line) moving from the base to the left of Groom Lake.
However, it’s just not the US military bases, the analysts posted images of others including Turkey, Russia, France, etc. In Afghanistan, the details go a level up and hint towards possible petrol and supply routes.
“Somebody forgot to turn off their Fitbit. Markers trace known military outposts, suppl, and patrol routes,” wrote another analyst Tobias Schneider in his tweet.
Schneider said his focus is on Syria, but the trick “obviously works all over.” He won’t provide any links or other information as people even in remote locations can be identified without much effort.
In a statement, Strava said that the information in the heat map is aggregated and anonymized. The activities marked private aren’t included on the map. They said they’re committed to working with military and government officials if a sensitive area appears on the map.
On the other hand, various military bodies across the globe have started to think about banning fitness trackers.
The level of detail provided by Strava’s heatmap could run chills down the spine of many. Giving away your data to a service can have its implications, especially when there is an open-for-all platform where anyone can have a look at the information.
But something can be done. Among various practices suggested by Strava, turning off the data sharing in the app can the first step towards privacy protection.