Fitness-Tracking App Reveals Locations of Secret Army Bases

Coisiche shared this story from the Guardian: Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company. The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava -- more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.

However, over the weekend military analysts noticed that the map is also detailed enough that it potentially gives away extremely sensitive information about a subset of Strava users: military personnel on active service... In locations like Afghanistan, Djibouti and Syria, the users of Strava seem to be almost exclusively foreign military personnel, meaning that bases stand out brightly. In Helmand province, Afghanistan, for instance, the locations of forward operating bases can be clearly seen, glowing white against the black map.
One analyst analyst predicted that after this discovery, "A lot of people are going to have to sit through lectures come Monday morning."

Another military analyst told the Guardian "U.S bases are clearly identifiable" -- though he added that the map "looks very pretty."

Why?

[fluffernutter]

Why would anyone in a military base in a sensitive location be allowed to have an app that tracks your location? Why would they turn it on?

Re:Why?

[geekmux]

Because the location isn't sensitive. These bases aren't hidden, they are fortified forward operating positions.

What is inside the base is sensitive, what information there is sensitive, what force composition is there is sensitive.

Yes, which you can start to discern the sensitive information once you start getting more pieces of the puzzle. How many people work there, day/night movements, shift change times, supply routes, etc.

Long ago, the military used to be concerned about these things we called Essential Elements of Friendly Information (EEFIs). Gather enough of them together, and you can start to figure out very sensitive or classified information. EEFI was later called "Critical Information". I guess now that includes "anonymized" data that comes from a fitness app. I sure as shit hope the innocence gets lost real quick around data mining like this.

Re:BWA-HA-HA-HA-HA-HA-HA!!!!

[bigwheel]

This can be a problem for anyone -- if you allow it.

If you leave from home for runs/rides, someone can easily see where you live, and learn the patterns of when you are won't be home. For that reason, even the freeware version of strava provides some privacy options:
1) Allows to make your records private, or available only by request
2) Provides a way to hide certain areas (such as start/stop location) from followers.
3) Plus the normal stuff, such as hiding real name and not allowing followers.

But then again, even a photo taken from your phone contains GPS information and timestamp if you don't specifically disable it.