Strava heat map exposes secret military locations, sparks security fears
In June 2014, Strava, which offers cycling and running tracking apps for multiple fitness platforms, claimed to be tracking over 1 million activities per week across the globe. In the next couple of years, the GPS tracking startup managed to capture 1 billion activities, 3 trillion lat-long points, and 5% of all land on Earth covered by tiles. Strava naturally wanted to showcase the reach of its huge user community. And that it did by populating its interactive global heat map with a total recorded activity duration of 200,000 years — a sample of which you can see below:
But the activity, which was only meant to visualize Strava’s global network of athletes, turned into a headache for security agencies around the world last weekend when a sharp-eyed Twitter user pointed out that the map gave out locations and activities of soldiers at military bases throughout the world.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
To be clear, the map, which was published online in November 2017, doesn’t give out any live data. While a total of 3 trillion GPS points had been uploaded to Strava till September 2017, the global heat map only shows the aggregate of all publically-shared logs for running speeds that are not higher than reasonable (bike rides, cars, and planes are filtered out).
If a soldier wanted to keep his/her activities private, Strava provides an enhanced privacy mode for that. The tracker also has options that let people hide the places where they live or work; a user can set up a privacy zone between 200m-1km around chosen addresses.
With a single click, users can also opt-out of contributing anonymized public activity data that the heat map is made up of — though that single click would need to be made on the Web version of the service because the privacy controls on the mobile app are not all-inclusive. But the thing is, that option is not checked by default, and most people don’t seem to be aware of the privacy options available to them, either on the Web or on the mobile.
Related: Strava’s visualization maps speed of thousands rides and runs
The result is that the fitness routes of soldiers in sensitive locations are now discoverable with a few zoom-ins. Even secret military bases and installations in combat zones can be picked out from this data.
This is because while the map is lit up with activity in the United States and Europe, forward operating bases stand out as isolated hotspots in countries like Afghanistan, Syria, and Yemen, where the fitness tracker does not have too many users.
If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any Pattern of life info from this far away pic.twitter.com/Rf5mpAKme2
— Nathan Ruser (@Nrg8000) January 27, 2018
As this discovery became viral, US Army’s Central Command press office in Kuwait released a statement to the Washington Post, detailing how the military is refining the privacy rules that apply to fitness trackers and pushing for enforcement of the current regulations governing such devices.
“The rapid development of new and innovative information technologies enhances the quality of our lives but also poses potential challenges to operational security and force protection,” the statement said. “The Coalition is in the process of implementing refined guidance on privacy settings for wireless technologies and applications, and such technologies are forbidden at certain Coalition sites and during certain activities.”
While we are all for open data and its numerous valuable implications, this incident is just a reminder that users need to be mindful of what kind of information they are sharing with the world.
HERE eyes the great indoors, acquires Micello
Mapping company HERE, which has been concentrating on developing HD maps for self-driving cars and connected vehicles ever since it was acquired by Audi, BMW, and Daimler, is now looking at the great indoors. The mapmaker has scooped up one of the leading players of the indoor mapping ecosystem – Micello.
Founded in 2007, Micello was an early entrant to the indoor mapping scene, starting years before the likes of Apple, Google, and TomTom decided to take their mapping gear inside buildings, malls, airports, and museums. HERE joins the bandwagon only now, acknowledging that indoor mapping has become a key differentiator for digital mapping providers and the industry has huge growth potential.
This is because indoor mapping isn’t simply limited to providing navigation services indoors. The technology can be used for a number of applications like virtual and augmented reality solutions. Catering to businesses across North America, Europe, Australia, and Asia, Micello already provides indoor mapping solutions for various markets, such as, the Internet of Things (IoT), analytics, public safety, building management, automation applications, etc.
At HERE, this geospatial startup will become a part of the IoT division, working on applications like real-time tracking of goods, giving first and last mile guidance to connected vehicles, and more. For Leon van de Pas, Senior VP, Internet of Things at HERE, “The acquisition of Micello is an important strategic investment to rapidly grow our ecosystem of partners and accelerate our growth in indoor mapping.”
Related: Apple releases indoor maps for 34 airports to help travelers
Micello CEO Ankit Agarwal is positive that “HERE’s investment in indoor maps will significantly benefit our customers and Marketplace partners.” He has also assured that on the ground, it is going to be business as usual for Micello’s existing and future customers and partners. All the Micello platform APIs will continue to be supported, and the website will function normally. But over time, the platform will be transitioned over to a new customer portal on HERE.com.