Fitness app reveals dangerous data on soldiers on U.S. military bases: 7 things to know

This browser does not support the video element.

The Strava fitness tracker is raising high security and privacy concerns after a recently publicized heat map posted online was found to possibly reveal U.S. military personnel activity.

Twenty-year-old Australian student Nathan Ruser, who is currently studying international security and the Middle East and is a member of the Institute for United Conflict Analysts, stumbled upon the map from November 2017 on a mapping blog.

When his father joked that the map revealed “where rich white people are” in the world, Ruser wondered if the heat map could actually map U.S. soldiers, and he zoomed in on Syria to find out.

"It sort of lit up like a Christmas tree," he told the Washington Post.

Once Ruser revealed his discovery online, data analysts, security and military experts and others chimed in.

"I thought the best way to deal with it is to make the vulnerabilities known so they can be fixed. Someone would have noticed it at some point. I just happened to be the person who made the connection," Ruser told the BBC.

TRENDING NOW:

Here’s what you need to know about Strava:

What is Strava?

Strava calls itself "the social network for athletes." It's a GPS tracker that allows users to record their fitness activity, share it on their Strava feeds and "give kudos" to fellow performers.

The tracking technology can be linked with data from Fitbits, phones and other devices.

What is the Strava global heat map?

In November, Strava launched an updated global heat map visualizing all of its users location data to reveal the most popular running spots around the world. It includes data aggregated between 2015 and September 2017.

The interactive "global heatmap of athletic activity" revealed logged activities covering nearly 17 billion miles. It allows viewers the option to explore areas all over the world. The brighter the region, the more activity.

From Strava’s blog:

Our global heatmap is the largest, richest, and most beautiful dataset of its kind. It is a direct visualization of Strava’s global network of athletes. To give a sense of scale, the new heatmap consists of:

  • 1 billion activities
  • 3 trillion latitude/longitude points
  • 13 trillion pixels rasterized
  • 10 terabytes of raw input data
  • A total distance of 17 billion miles
  • A total recorded activity duration of 200 thousand years
  • 5 percent of all land on Earth covered by tiles

What information did the map expose about U.S. military?

Ruser, the Australian student who uncovered the map, found it could be cross-referenced to identify known military installations or even identify potential installations based on user data.

On Twitter, shared screenshots from the heat map that he believed were regular jogging routes, locations of operating bases or patrols.

And it didn’t just offer insight into U.S. military bases.

Why is this so dangerous?

While Google Maps and other public satellite cameras already reveal where the world's military installations are located, Strava brings people and soldiers into the picture.

Strava shows how they move and how often they move. This poses a potential security threat to military personnel.

The Verge pointed out that you can easily cross-reference the Strava heat map visualization below of Fort Benning with Google Maps to see which roads people frequent:

The company released a brief statement Sunday and asked users to check the Strava website to better understand privacy settings.

"Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones," the company said. "We are committed to helping people better understand our settings to give them control over what they share. For more information about Strava privacy, please visit blog.strava.com."