Like this site? Help us to make it better.


Strava accused of giving away military secrets through its Global Heatmaps

Data uploaded by users working in intelligence and military highlight layout of bases, including in war zones

Security agencies and defence chiefs worldwide will today be assessing what action to take following the revelation that details of military bases, including what are believed to be secret sites, are being made public through Strava Global Heatmaps.

Exercise activity, whether running, cycling or swimming, uploaded by users of the social network allows Strava to create its Heat Maps, relaunched late last year with unprecedented levels of detail.

The collective data has applications in areas such as urban planning since they allow local transport authorities to see, for example, exactly which roads are most popular among cycle commuters so could benefit from improved infrastructure.

But as the Guardian reports, the popularity of the app among military personnel, who through their training are fitter than the average person with many also taking part in sport in their free time, has raised security concerns.

In terms of UK military and intelligence bases, both domestic sites such as the Government Communications Headquarters(GCHQ) in Cheltenham, Gloucestershire and overseas ones, for example, RAF Mount Pleasant on the Falkland Islands, can clearly be seen.

Strava Heatmap RAF Mount Pleasant.PNG

RAF Mount Pleasant (source Strava Global Heatmaps)

Zooming in further on the latter map, individual buildings can be clearly identified, as well as the most popular routes that personnel who happen to be users of Strava take out of it, and where they are likely to go.

The availability of data relating to military bases was initially noticed by Nathan Ruser, who is an analyst at the Institute for United Conflict Analysts.

He said that while Strava’s presentation of the data “looks very pretty” it was “not amazing for Op-Sec” [operational security].

“US bases are clearly identifiable and mappable,” he continued.

“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” for example when they run the same route daily.

It is in bases where personnel are on active duty, or that are located in combat zones – such as Camp Bastion in Afghanistan’s Helmand Province, that the availability of Strava Global Heatmap data can be most compromising to security and safety.

Strava Heatmap Camp Bastion.PNG

Camp Bastion (source Strava Global Heatmaps)

The example below shows the United States Naval Expeditionary Base Camp Lemonnier, south of Djibouti City in the Horn of Africa and from where drone strikes are launched into Somalia and Yemen.

Strava Heatmap Camp Lemonnier.PNG

Camp Lemonnier (source Strava Global Heatmaps)

But the Guardian points out the appearance of another, smaller base that appears in the bottom left of the picture but is not marked on maps.

It is believed to be a CIA ‘black site’, that is an unofficial location used to detain and interrogate prisoners, which was identified a week before Strava published its latest Heat Map by analyst Markus Ranum.

Strava Heatmap Djibouti site.PNG

Site southwest of Camp Lemmonier (source Strava Global Heatmaps)

Strava said: "Our Global Heatmap represents an aggregated and anonymised view of over a billion activities uploaded to our platform.

“It excludes activities that have been marked as private and user-defined privacy zones.

“We are committed to helping people better understand our settings to give them control over what they share.”

The company added that further information regarding privacy could be found on this blog post on its website, where users can find out for example how to opt out of having their data collected for Strava Global Heatmaps.

The fact that sensitive military installations can be identified and analysed through Strava is likely in the short term to lead to restrictions in the range of devices military personnel are able to use to track their fitness, and what they permitted to do with the data.

Existing restrictions, such as those imposed by the US Marine Corps, which allows some Bluetooth- and GPS-enabled devices on base, are likely to be tightened up further.

In the longer term, it’s not inconceivable that individual countries may introduce legislation looking to limit the use of Strava in some way, or regulate the data it captures and restrict how it is used.

As analyst Tobias Schneider, noted: “In Syria, known coalition bases up the night.

“Some light markers over known Russian positions, no notable colouring for Iranian bases,” he added.

“A lot of people are going to have to sit through lectures come Monday morning.”

Simon joined as news editor in 2009 and is now the site’s community editor, acting as a link between the team producing the content and our readers. A law and languages graduate, published translator and former retail analyst, he has reported on issues as diverse as cycling-related court cases, anti-doping investigations, the latest developments in the bike industry and the sport’s biggest races. Now back in London full-time after 15 years living in Oxford and Cambridge, he loves cycling along the Thames but misses having his former riding buddy, Elodie the miniature schnauzer, in the basket in front of him.

Latest Comments