The Strava fitness tracker is raising high security and privacy concerns after a recently publicized heat map posted online was found to possibly reveal U.S. military personnel activity.
Twenty-year-old Australian student Nathan Ruser, who is currently studying international security and the Middle East and is a member of the Institute for United Conflict Analysts, stumbled upon the map from November 2017 on a mapping blog.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq— Nathan Ruser (@Nrg8000) January 27, 2018
When his father joked that the map revealed “where rich white people are” in the world, Ruser wondered if the heat map could actually map U.S. soldiers, and he zoomed in on Syria to find out.
"It sort of lit up like a Christmas tree," he told the Washington Post.
Once Ruser revealed his discovery online, data analysts, security and military experts and others chimed in.
"I thought the best way to deal with it is to make the vulnerabilities known so they can be fixed. Someone would have noticed it at some point. I just happened to be the person who made the connection," Ruser told the BBC.
Here’s what you need to know about Strava:
What is Strava?
Strava calls itself "the social network for athletes." It's a GPS tracker that allows users to record their fitness activity, share it on their Strava feeds and "give kudos" to fellow performers.
The tracking technology can be linked with data from Fitbits, phones and other
What is the Strava global heat map?
In November, Strava launched an updated global heat map visualizing all of its users location data to reveal the most popular running spots around the world. It includes data aggregated between 2015 and September 2017.
The interactive "global heatmap of athletic activity" revealed logged activities covering nearly 17 billion miles. It allows viewers the option to explore areas all over the world. The brighter the region, the more activity.
Our global heatmap is the largest, richest, and most beautiful dataset of its kind. It is a direct visualization of Strava’s global network of athletes. To give a sense of scale, the new heatmap consists of:
- 1 billion activities
- 3 trillion latitude/longitude points
- 13 trillion pixels rasterized
- 10 terabytes of raw input data
- A total distance of 17 billion miles
- A total recorded activity duration of 200 thousand years
- 5 percent of all land on Earth covered by tiles
What information did the map expose about U.S. military?
Ruser, the Australian student who uncovered the map, found it could be cross-referenced to identify known military installations or even identify potential installations based on user data.
On Twitter, shared screenshots from the heat map that he believed were regular jogging routes, locations of operating bases or patrols.
If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away pic.twitter.com/Rf5mpAKme2— Nathan Ruser (@Nrg8000) January 27, 2018
And it didn’t just offer insight into U.S. military bases.
Not just US bases. Here is a Turkish patrol N of Manbij pic.twitter.com/1aiJVHSMZp— Nathan Ruser (@Nrg8000) January 27, 2018
Why is this so dangerous?
While Google Maps and other public satellite cameras already reveal where the world's military installations are located, Strava brings people and soldiers into the picture.
Strava shows how they move and how often they move. This poses a potential security threat to military personnel.
The Verge pointed out that you can easily cross-reference the Strava heat map visualization below of Fort Benning with Google Maps to see which roads people frequent:
The company released a brief statement Sunday and asked users to check the Strava website to better understand privacy settings.
"Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones," the company said. "We are committed to helping people better understand our settings to give them control over what they share. For more information about Strava privacy, please visit blog.strava.com."
About the Author