For users of the fitness app Strava, part of the appeal of the platform comes in the form of how easy exercise is when it's athletic training folded into a social network. Unfortunately, the marriage of our online and offline worlds has resulted in one unexpected (yet massive) pitfall: on Jan. 29, it was revealed that Strava has exposed highly sensitive military location info to the entire world.
According to The Washington Post, the app's Global Heatmap — a visualization of Strava's "1+ billion activities" submitted by users — has logged worldwide location information of the app's 27 million users, even those who are in remote and often secret government locations, and made them publicly visible to all. This discovery was made by Australian international security student Nathan Ruser, who intended to find "where rich white people are" using the Global Heatmap. Unfortunately, he discovered that the app maps where international soldiers may be hiding out. "If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous," Ruser tweeted. "I shouldn't be able to establish any pattern of life info from this far away."
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq— Nathan Ruser (@Nrg8000) January 27, 2018
In response to the commotion, Strava is seemingly looking away, pointing to its guidelines, and shrugging the problem off as a high-profile user error. "Our Global Heatmap represents an aggregated and anonymised view of over a billion activities uploaded to our platform," Strava said in a statement. "It excludes activities that have been marked as private and user-defined privacy zones." The app noted it would work with military and government personnel to ensure locations and private information remained as it should be: off-limits.
Though it's the most public outing of a company we've seen thus far, Strava isn't the only platform grappling with the privacy issues that arise from location tracking. From Grindr to Foursquare to Facebook to Google, the problem boils down to companies having highly specific and often private and personal information regarding your whereabouts, data that can be hacked into or accidentally exposed to the world outside your phone.
Unless you have opted out of location tracking for an app like Google Maps, your activities, your whereabouts, and all other aspects of daily live have been logged and could, potentially, be tossed out into the open, revealing everything from your morning commutes to your exercise routes. As Strava said in its response to this fiasco, give your location preferences a peek to secure your privacy and, while you're at it, take the time to secure your data online in general. A situation like this may seem like a major problem for the military, but if all your friends found out where you really were when you flaked on them, you too would be living a nightmare in the style of Black Mirror.