Strava is a social networking app geared toward athletes, where users can upload their fitness data, and it uses GPS tracking data for a variety of website applications. One of the projects of Strava Labs is a “Global Heatmap,” an easily accessible visualization of the network data, that shows popular running and cycling routes. The heatmap boasts data from more than one billion activities all around the globe.
However, military analysts told The Guardian that the level of detail in the maps can also reveal the location of secret military facilities, some of them in conflict areas.
Fitness and social media company Strava releases activity heat map. Excellent for locating military bases (h/t to @Nrg8000). https://t.co/n5RWcI7BJF pic.twitter.com/7zzNcYV42e
— Tobias Schneider (@tobiaschneider) January 27, 2018
“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” said analyst Nathan Ruser. “U.S. bases are clearly identifiable and mappable.”
Forward operating bases in Afghanistan, for example, can easily be mapped by their jogging trails, even though those military installations don’t appear on services like Google Maps.
An Afghanistan veteran on the hacker site ycombinator noted, “A well-established military base, even in a combat zone, has access to Wi-Fi and cellphone network. We are constantly training physically, and we like to keep track of ourselves. We were early adopters of fitness trackers, and I used a couple of them myself also.”
In remote locations, Strava users seem to be mostly U.S. military personnel, making them easily identifiable. “In Syria, known coalition (i.e., U.S.) bases light up the night. Some light markers over known Russian positions, no notable coloring for Iranian bases,” observed analyst Tobias Schneider. “A lot of people are going to have to sit through lectures come Monday morning.”
Strava has responded to these reports, defending the use of its products, and stating that users had the ability to shut off the public sharing of their activity. In a statement to The Guardian, Strava said: “Our global heatmap represents an aggregated and anonymised view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones. We are committed to helping people better understand our settings to give them control over what they share.” The company also shared a blog post from 2017, which detailed the ways that users could keep their activities secret.
However, it may be too little, too late. As The National points out, users of social media have already been posting military base locations and possibly exposing ongoing covert operations in places like Mali and the South China Sea. Following this debacle, it’s extremely likely that highly placed individuals in armies all around the world are looking at banning activity trackers.
