This week, it was reported that fitness app Strava had published data that allowed ordinary citizens to determine the locations of secret military installations around the world. Strava publishes heatmaps showing the most popular running and cycling routes used by professional and amateur athletes who use their platform. A uni student looked at the heat maps in several conflict zones and was able to ascertain the locations of military bases from his observations. But the blame isn’t with Strava – the personnel involved are the problem.
News of the correlations Nathan Ruser found was revealed yesterday following the publication of an a tweet by Ruser.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
Having followed the military situation in Syria, Ruser looked at the heatmap data published by Strava and said “the whole thing lit up like a Christmas tree”.
Further investigations found evidence of military activity in Somalia, Afghanistan and other conflict zones.
You can see how easy it is to use Strava’s data here.
At the moment, much of the focus has been on Strava’s publication of the data, rather than the laxness of security protocols by the personnel.
While Strava has been getting a lot of attention for making this data public, the real responsibility lies with the soldiers and other personnel. I’m a Strava user and I fully understand that my run data is collated against that of other runners and cyclists. Otherwise, how would they be able to compare my performance in segments against others or suggest new routes when I travel?
The issue Ruser put into the spotlight is symptomatic of a broader social change. We are far less protective of our personal privacy than ever before. Aside from sharing our breakfast choices on Twitter, or bitching about the decay of society on Facebook, we also share our locations through image metadata, exercise apps and, even via our smartphone’s background services.
For example, one of my friends, the former editor of the ABC’s tech and games section, Nick, published this look at location tracking from his Google account. That’s a scary look at what sort of data is being collected with scant thought by many of us. And while fitness apps, like Strava, MapMyRun, RunKeeper and others are great for tracking personal progress, it’s important to note that the data they produce is extremely valuable. That’s why so many offer their services for free.
Remember, if the product is free, chances are you are really the product.
Many people think that their personal information is of little value. And, in a sense, that’s true. Unless you’re a high profile person its unlikely anyone would care where you ride your bike. But a collection of low profile people in one area – like servicemen or civilian staff at a military base – is useful data. It’s not the individuals that are of value – it’s the trends that are created by the collation of large amounts of data that creates useful information.
Aside from the location data, even exercise frequency can be useful. If someone looking along a timeline could work out that personnel have fewer exercise sessions in the weeks or days leading up to some sort of military operation, then this could be used by their enemies to predict when an exercise or incursion was to take place.
Now that Ruser has let the cat out of the bag, it can be assumed that personnel at those bases and others will be counselled into not uploading or sharing their exercise data.
Strava’s heatmap provides a fascinating guide in to where athletes compete and train. But it also represents what can happen when seemingly inconsequential data is collated and harvested.
Sharing your running and cycling routes is the whole point of using Strava - you can see whether you're the fastest in your neighbourhood at climbing that big hill, or take on a friend's favourite running route to see how you compare. But this weekend, Australian analyst Nathan Ruser pointed out that the app's heatmap of popular routes reveals, oops, data about military bases and the people who are stationed there.Read more