
Strava Global Heat Maps has been found to show potentially sensitive information related to soldiers and military bases, leading to concerns about the platform's safety.
The running and cycling app uses GPS information from the likes of smartwatches and smartphones to show off the locations and routes of subscribers by lighting up areas on a map, with information gathered between 2015 and September 2017 first becoming public in November last year.
Read this: Essential Strava tips and tricks
However, despite the insights it provides to users looking to spot popular routes, as well as city councils looking to use the information for public safety, Twitter user Nathan Ruser has uncovered that the data also displays the activity patterns of military personnel and the locations of bases.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
And while the locations of some of these bases are well known in war zones such as Syria and Iraq, many are also unknown. One user responding to the tweet pointed out that he had located a Patriot missile system site in Yemen, while another pointed out a hub of activity on a beach near a suspected CIA base in Mogadishu, Somalia. Plenty more were revealed by Ruser himself, such as a Russian and Turkish patrols near Khmeimim.
We reached out to Strava for comment regarding the discovery, who responded: "Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones."
Naturally, that can be interpreted as shifting the responsibility to users who don't fully understand just where their data is going once they finish their activity, though there are still questions about the steps taken to ensure the safety of military personnel and the security of bases.
And the fallout of this remains to be seen. One option for the future is Strava giving users the choice to opt-out of the Heat Maps platform, and Strava CEO James Quarles indicated in a statement that the company is committed to working with military and government officials to address the sensitive data.
The company will now also be reviewing features to ensure they can't be compromised by people with bad intent, as well as simplifying its privacy features to help users control things more easily.
We'd also bet that there'll be plenty of military briefings over the next few days regarding the use of the platform in and around sensitive areas.
How we test