US Military Bases & Patrol Routes Compromised By Fitness Tracker Map

When the San Francisco-based startup published its map of more than one billion jogging and cycling routes late last year, it promised that data would be anonymized, and only those who agreed to participate would be included in the project.

However, it also inadvertently showed that despite tight restrictions on the use of electronics at many sensitive sites, military personnel on secret missions around the world are just as bad as civilian users at reading the small print and turning off privacy-destroying settings on the apps on their iPhones and FitBits. It also showed they are avid joggers even in the middle of combat zones.

Cross-referencing @mjranum‘s recent post about using Google Maps to identify CIA “Black” sites in Djibouti, with the #Strava heat-map, appears to offer corroboration https://t.co/PfXDqRIvSS pic.twitter.com/GlxWOoKWcj

— Alec Muffett (@AlecMuffett) 28 January 2018

It is hard to make out individual routes in large cities, but in deserted and impoverished locations like northern Syria and Afghanistan, the heat maps stand out without needing to zoom in – immediately suggesting a foreign presence. Any doubt as to the purpose of the highlighted areas is removed as the joggers often seem to have run neatly around buildings, offering a good clue as to their purpose, the overall size of any outpost, and the number of “joggers” stationed there.

This surveillance implications of the map sailed under the media radar last year, but in the past day, Twitter sleuths have scanned through the entirety of the map, finding circumstantial proof of a suspected CIA “black site” in Djibouti, as well as locations with a declared US presence, such as Niger and the Middle East, where Washington does not publicize exact base coordinates or personnel numbers. Most of the attention has been on the US, but other countries are also likely to have been caught up.

Here are some FOBs in Afghanistan. pic.twitter.com/JoB7hKHwyh

— Nathan Ruser (@Nrg8000) 27 January 2018

Not just US bases. Here is a Turkish patrol N of Manbij pic.twitter.com/1aiJVHSMZp

— Nathan Ruser (@Nrg8000) 27 January 2018

The dynamic nature of Strava’s data map, which records more than three trillion locations, makes it unusually informative.

“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” tweeted Nathan Ruser, founder of think tank Institute for United Conflict Analysts, who was one of the first to spot the map’s potential, together with a picture of an unidentified base. “This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any pattern of life info from this far away.”

If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any Pattern of life info from this far away pic.twitter.com/Rf5mpAKme2

— Nathan Ruser (@Nrg8000) 27 January 2018

Worse than that, several longer lines across warzone maps suggest that Strava has given away more complex logistical data, such as convoy and patrol routes, which could potentially expose forces to ambush.

Strava’s data can also be combined and overlaid with other open sources like Google Maps.

“’Mosaic theory’ describes the process of piecing together confidential information with bits of public information. Once considered part of the dark arts, it’s now just a matter of waiting for PR data dumps from the likes of Strava,” tweeted Chris Anderson, CEO of drone manufacturing and mapping company 3D Robotics.

Neither Strava nor any military authorities have so far responded to the controversy.