New Times,
New Thinking.

  1. Science & Tech
31 January 2018updated 30 Jun 2021 8:53am

Fitness app Strava breached US security – it’s time to consider the dangers of data

In Strava’s global heatmap, shared online this week, US soldiers can seemingly be seen jogging around secret military facilities in Syria and Afghanistan.

By Amelia Tait

In Swedish, sträva means “strive”. To fitness enthusiasts, Strava means an app, through which you can monitor your progress and socialise with other athletes. To the rest of the world, Strava meant nothing – until the end of January 2018.

Strava is a start-up, a San Francisco-based fitness app that allows joggers and cyclists to track their routes using the GPS on their phones or fitness trackers (such as the wearable activity monitor Fitbit).

In November 2017, Strava posted online a global heatmap – a searchable database that reveals popular exercise routes. Someone, it shows, has been cycling in Antarctica. In North Korea, the map is lit up with tourists exercising around their hotels. But by far the most intriguing sight on Strava’s map are the red and yellow squiggles in the middle of Afghanistan and Syria. United States soldiers jogging around the parameters of their bases are quite literally highlighting the locations of possible secret military facilities.

Strava was designed to track athletic activity – not military secrets. Founded in 2009, the app was estimated to have over a million users in 2015, with the heatmap documenting more than one billion athletic activities covering 5 per cent of all land on earth. Yet the headlines now surrounding this map showcase the unintended and unplanned consequences of modern technology. An Australian student called Nathan Ruser first tweeted about US army bases being “identifiable and mappable” via Strava, and global security experts are now issuing warnings about the app.

If you’ve never heard of Strava until now, it simply makes the story all the more troubling. If a small start-up has this much data, and can cause this much danger, what of Google, Facebook and Apple?

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

The Strava furore is about a security threat in the most high-level sense. But the app threatens the security and privacy of its individual users, as well as their nations. Just because there isn’t a secret army base along your jogging route, it doesn’t mean you have nothing to worry about. Freely handing over your location, health information and private details to a company is inherently troubling. When you use Strava, you assume you’re tracking yourself – in fact, you’re allowing advertisers, and potentially stalkers or hackers, to monitor your every move.

Humans are inherently tactile creatures, and as data is intangible it is hard to visualise the amount we hand over every day. Strava has finally allowed the world to see the amount of information new tech companies have about their users. The app isn’t unique because it’s collecting masses of data about you or the military – it’s unique because it’s letting you see what it has collected.

In response to complaints it has compromised military secrecy, Strava pointed out that the app allows users to opt out of publicly sharing their exercise routes. “We are committed to helping people better understand our settings to give them control over what they share,” Strava said, placing the onus on the exercising soldiers, rather than on its own technology.

Although the privacy implications of Strava’s heatmap are troubling, we can’t blame an app for the army’s mistakes. In the past, Russian soldiers taking selfies have revealed military secrets, and in 2016 Israeli personnel were banned from playing the mobile game Pokémon Go over similar fears.

The US army obviously needs to be educated about the dangers of location-tracking tech in top-secret locations. But this is a much-needed education for us all. When it comes to warnings about privacy, the Strava story is a fire bell in the night.

Headline-grabbing security stories tend to be the most salacious and sexy, such as when it emerged in October 2017 that Apple’s artificial intelligence could identify and label pictures on iPhones featuring people wearing bras and bikinis (the technology worked offline within individual devices, so photos remained private).

When secret military bases and intimate pictures are on the line, it’s easy to be concerned about our privacy. Yet most people aren’t aware that Google Maps is recording you wherever you go, that Facebook’s facial recognition is actively looking for photos of you across the site, and that Instagram has licence to use your photos however it likes.

There is an added irony: our appetite for extreme stories about privacy has further threatened US army bases. The headlines generated by the Strava incident mean that anyone and everyone is now aware of the app’s security flaws; aid compounds and refugee camps are already mistakenly being labelled as army bases. This could arguably be avoided if everyone – not just Strava and the army – were better informed about digital privacy.

When we download an app, we are voluntarily handing over our data. And most of us still tick “I agree to the terms and conditions” without reading them. But if we can’t trust companies to simplify their privacy policies for us, we will have to start exercising far greater caution online. 

Content from our partners
An innovative approach to regional equity
ADHD in the criminal justice system: a case for change – with Takeda
The power of place in tackling climate change

This article appears in the 31 Jan 2018 issue of the New Statesman, The Great Migration