The Pentagon said Monday it was reviewing soldiers’ contributions to a “Global Heat Map” posted by Strava Labs, a San Francisco-based firm that collects data worldwide from joggers, cyclists and other athletes out exercising.
On Sunday, the Washington Post reported that the map – combining satellite position (GPS) fixings plus fitness and route data from 27 million subscribers around the world had recently been switch active.
The news agencies Associated Press and France’s AFP observed that the Strava map showed exercise routes, presumably those of soldiers, in otherwise largely dark regions – providing sensitive details that potential attackers could interpret.
More dangerously, stretches of road were highlighted, indicating that Strava users had kept their data-delivering devises switched on while travelling or on patrol.
Screenshot of a Strava map segment showing a location in Iraq
“A lot of people are going to have to sit thru lectures come Monday morning,” Schneider wrote, referring to soldiers about to be briefed on the overlooked risks.
Lesser-known installations and convoy routes were also decipherable when athletes’ movement data was aggregated and visualized, he said.
Via Strava, Bagram Airfield in Afghanistan was a hive of activity. So was Qamishli in northwestern Syria, a stronghold of US-allied Kurdish forces.
Also visualized were Taji, north of Iraq’s capital Baghdad, Qayyarah south of previously embattled Mosul, and al-Asad in Iraq’s Anbar province. So too was the Madama base used by French forces in Niger.
Reviewing ‘situational awareness’
Pentagon spokeswoman Major Audricia Harris told AFP that the US military took the “situational awareness” issue very seriously.
Safety policy was being reviewed to “determine if any additional training or guidance is required,” Harris said.
Strava’s map is not live, but it shows a pattern of accumulated activity between 2015 and September 2017. It was reportedly posted online in November 2017. According to its data privacy statement says while aggregating members’ information it regards the private sphere of each subscribed as “extremely important.”
In response to the concerns, Strava said that the issue raised by a group, including security analyst Tobias Schneider, could have been averted if athletes opted out of the mapping project using their privacy settings.