Strava is a GPS-enabled mobile app for runners interested in seeing where and how far they ran. It also has a publically-accessible global map, which accidentally disclosed the whereabouts of secret military bases, and even the exercise activity and identities of individual soldiers.
From The Guardian:
While the heatmap only shows information in aggregate, Strava’s own website allows users to drill down into the tracked runs to find the names of individuals, as well as the dates they set their personal best times on particular runs.
When applied to military bases, that information can be extremely sensitive. The leaderboard for one 600m stretch outside an airbase in Afghanistan, for instance, reveals the full names of more than 50 service members who were stationed there, and the date they ran that stretch. One of the runners set his personal best on 20 January this year, meaning he is almost certainly still stationed there.
In Djibouti’s Chabelley Airport, used as a staging ground for US Air Force drones, three runners have completed a 7km loop of the runway – two in December 2014, and one two years later in August 2016. At least one of them is no longer based there: their running profile shows they were transferred to an air base in Germany in 2016.
The Pentagon said on Monday it was reviewing whether it needed to bolster its security protocols. “The Department of Defense takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required,” the Pentagon said in a statement, without directly confirming that U.S. troops had used the fitness trackers.
— Paul D (@Paulmd199) January 28, 2018
Strava is now suggesting that soldiers consider opting out of being added to the heat map.
Image: Strava heat map