Tech

A global heat map for joggers is exposing sensitive US military information

Key Points
  • An online map that shows where some people exercise could have revealed sensitive information about the U.S. military, The Washington Post reported.
  • Strava, the company behind the map, said the map was created using one billion recorded activities through September 2017.
  • A spokesman for U.S. Central Command said Sunday that the U.S. military is looking into the implications of the map, according to the Post.
A global heat map for joggers is exposing sensitive US military information
VIDEO1:0601:06
A global heat map for joggers is exposing sensitive US military information

An online heat map that shows where some people exercise could have revealed sensitive information about the locations and activities of soldiers at U.S. military bases, The Washington Post reported.

A screenshot of the Strava heat map, which the company said comprised one billion recorded activities on its platform.
Source: Strava

Strava, the company behind the heat map, calls itself a "social network for athletes." Users connect a GPS device to its service that allows them to upload their workout logs online. Those without a device can directly record their activities on Strava's mobile app.

The firm said the map was created using one billion recorded activities through September 2017 across 3 trillion latitude and longitude points. Data reflected on the map was not live, according to the Post.

Most parts of the United States and Western Europe lit up on the map with plenty of recorded activities. But parts of Africa and the Middle East were entirely dark except for scattered dots of light in those areas.

The Post reported that by zooming in on war zones and deserts in countries like Iraq and Syria, locations and outlines of known U.S. military bases could be seen — along with other unknown and potentially sensitive sites.

A spokesman for U.S. Central Command said Sunday that the U.S. military is looking into the implications of the map, according to the Post. But the military, the news outlet reported, did not respond to a question about existing regulations for using fitness-tracking apps.

To be clear, Google maps and public satellite images have previously showed the presence of military installations to the world, tech news outlet The Verge reported. It added that Strava's map provided additional context such as how people were moving about in those areas and how frequently they were doing so.

Multiple news outlets reported that the map, which was posted online late last year, received widespread attention after a Twitter user pointed out it could contain potentially sensitive information. The user theorized that some of the tracks could be regular jogging routes for soldiers.

Nathan Ruser tweet: Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI ... It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable.

Nathan Ruser tweet 2: If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away.

The Post added that other journalists on Twitter were also weighing in on what they identified to be U.S. military bases.

Ben Taub tweet: Especially effective (as in dangerous?) in the Sahel. In Niger, you can instantly spot the French base in Madama, the U.S. base in Agadez ... I even found a base I didn't know about, just outside of Arlit—and Nigerian troops aren't jogging around with Fitbits.

Strava urged users in a statement to check the firm's website to understand the privacy settings. "Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform," a spokesman for the firm told CNBC, adding the map excluded activities that have been "marked as private and user-defined privacy zones."

Click here to read the full report from The Washington Post.

Click here to read the full report from The Verge.