Very interesting mainstream article from the UK’s TheGuardian. Discussing the prevalence of wearable fitness technology and it’s disclosure of secretive bases. I’ve also included a recent video from SecureTeam 10 discussing the recent news.
Fitness-tracking company suggests secret army base locations were made public by users, while militaries around world weigh up ban.
Fitness-tracking company Strava has defended its publication of heatmaps that accidentally reveal sensitive military positions, arguing that the information was already made public by the users who uploaded it.
Following the revelations, militaries around the world are contemplating bans on fitness trackers to prevent future breaches. As well as the location of military bases, the identities of individual service members can also be uncovered, if they are using the service with the default privacy settings.
The “global heatmap” shows, in aggregate form, every public activity uploaded to the app over its history. In major cities, it lights up popular running routes, but in less trafficked locales it can highlight areas with an unusually high concentration of connected, exercise-focused individuals – such as active military personnel serving overseas.
In a statement, Strava said: “Our global heatmap represents an aggregated and anonymised view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones.
“We are committed to helping people better understand our settings to give them control over what they share,” the company said, sharing a blogpost from 2017which detailed eight things users can do to lock down their privacy on the service, including specifically opting out of the global heatmap by unchecking a box in the settings page.
Strava added: “We take the safety of our community seriously and are committed to working with military and government officials to address sensitive areas that might appear.”
While the heatmap only shows information in aggregate, Strava’s own website allows users to drill down into the tracked runs to find the names of individuals, as well as the dates they set their personal best times on particular runs.
When applied to military bases, that information can be extremely sensitive. The leaderboard for one 600m stretch outside an airbase in Afghanistan, for instance, reveals the full names of more than 50 service members who were stationed there, and the date they ran that stretch. One of the runners set his personal best on 20 January this year, meaning he is almost certainly still stationed there.
In Djibouti’s Chabelley Airport, used as a staging ground for US Air Force drones, three runners have completed a 7km loop of the runway – two in December 2014, and one two years later in August 2016. At least one of them is no longer based there: their running profile shows they were transferred to an air base in Germany in 2016…