US military base locations exposed by fitness app’s data visualisation
Image credit: Strava
The company behind a popular fitness tracking app has accidentally revealed the day-to-day routines of some personnel in secret US intelligence and military bases with the release of a global “heat map”.
The Strava fitness tracking app is used by runners, cyclists and other athletes to record their routes via GPS tracking and share them with other users. It describes itself as the “social network for athletes”.
In November 2017, Strava released a new “global heat map” based on years of accumulated user data.
In a blog post preceding the release of this most recent heat map, Drew Robb, a Strava data engineer, said that the heat map would include six times more data than before, with approximately one billion activities and three trillion points: “Our global heatmap is the largest, richest, and most beautiful dataset of its kind. It is a direct visualisation of Strava’s global network of athletes,” he wrote.
The heat map could be innocently utilised by ordinary Strava users to identify popular running or cycling routes nearby.
The unintended exposure of potentially sensitive information in the heat map was noticed by Nathan Ruser, a student and founding member of the Institute for United Conflict Analysts. According to Ruser, Strava’s heat map is “not amazing for Op-Sec”, rendering US bases "identifiable and mappable".
“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any pattern of life info from this far away,” he tweeted, posting a picture of a bright track on an otherwise bare map.
He added that it is not possible to say with certainty what a line on the map meant, other than that somebody using the app had run or cycled there: “please look at the data in context” he said.
The highly detailed map shows areas of intense activity in the most wealthy and densely populated points in the world, mostly representing civilian athletes sharing their activities on the app. More interesting and sensitive are the spots of activity in remote parts of the world and in conflict zones.
Activity in these areas could indicate the positions of military bases abroad, analysts have suggested.
Ruser and other Twitter users have used the heat map to identify suspected US intelligence and military bases in Somalia, Djibouti and Yemen - where active Strava users are likely to be foreign military personnel - as well as Russian and Turkish operations abroad.
According to Major Audricia Harris, Department of Defence spokesperson, the Pentagon is “reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of [Department of Defence] personnel at home and abroad.”
Military personnel are recommended to limit their online profiles, including their social media accounts.
In a statement to CNN, Strava said that the company is committed to helping users understand their privacy settings. The app does allow for data sharing to be turned off.
“Our global heatmap represents an aggregated and anonymised view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones,” it said.