An interactive online fitness tracking map published in November of 2017 which compiles a running history of the location and routes of 27 million fitness-device users has unwittingly revealed the location, staffing, patrol routes and layout of U.S. and foreign military bases around the world.
San Francisco based fitness company Strava posted their "global heatmap" to their website, containing two years worth of fitness data across several fitness devices such as Jawbone and Fitbit. The map is not live, rather, it is a composite of overlapping routes.
In most urban areas such as major cities such as New York, Strava's map appears as solid neon lights following just about every road on which one might exercise.
Remote locations, however, such as deserts in places like Syria and Iraq are almost entirely dark - aside from clandestine locations where military personnel using fitness trackers are stationed. Personnel in some of the US government's most sensitive facilities have been unwittingly been broadcasting sensitive information up to and including underground tunnels.
You can literally spend less than a minute on Stravas new data service and find sensitive sites. Nice patriot position you have there pic.twitter.com/eYS8TOuT0F— Lost Weapons (@LostWeapons) January 27, 2018
At a site in northern Syria near a dam, where analysts have suspected the U.S. military is building a base, the map shows a small blob of activity accompanied by an intense line along the nearby dam, suggesting that the personnel at the site jog regularly along the dam, Schneider said.
“This is a clear security threat,” he said. “You can see a pattern of life. You can see where a person who lives on a compound runs down a street to exercise. In one of the U.S. bases at Tanf, you can see people running round in circles.” -WaPo
Air Force Col. John Thomas, a spokesman for U.S. Central Command, said Sunday that the U.S. military is looking into the issue.
Cross-referencing @mjranum's recent post about using Google Maps to identify CIA "Black" sites in Djibouti, with the #Strava heat-map, appears to offer corroboration https://t.co/PfXDqRIvSS pic.twitter.com/GlxWOoKWcj— Alec Muffett (@AlecMuffett) January 28, 2018
(more on that one here)
The man who discovered the phenomenon is Nathan Ruser, who is studying international security and the Middle East.
“I wondered, does it show U.S. soldiers?” Ruser said, before zooming in on Syria. “It sort of lit up like a Christmas tree.”
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq— Nathan Ruser (@Nrg8000) January 27, 2018
Since Nathan's discovery, dozens of other internet sleuths have taken to Twitter to post their findings. Be sure to click the tweets and check out the replies to see even more;
Somebody forgot to turn off their Fitbit. Markers trace known military outposts, supply and patrol routes. pic.twitter.com/7YTzoqKgDl— Tobias Schneider (@tobiaschneider) January 27, 2018
Worth browsing a bit. Three positions around the US outpost at Tanf: pic.twitter.com/jS7S4LR2QS— Tobias Schneider (@tobiaschneider) January 27, 2018
So much cool stuff to be done. Outposts around Mosul (or locals who enjoy running in close circles around their houses): pic.twitter.com/wHItJwYUUI— Tobias Schneider (@tobiaschneider) January 27, 2018
hmmm i wonder whats at this random heavy route in what looks like a mountainous and remote area of libya. Oh look some bunkers that were targeted in 2011 pic.twitter.com/gg5VFIPVQZ— Lost Weapons (@LostWeapons) January 27, 2018
Pentagon tunnels pic.twitter.com/4p3tIdNIRQ— Ryan McGregor 🎄 (@JUSTSHEKEL) January 28, 2018
More Strava maps:
Strava issued a statement effectively telling users to mark their activities private if they don't want to broadcast locations:
“Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform,” the statement said. “It excludes activities that have been marked as private and user-defined privacy zones. We are committed to helping people better understand our settings to give them control over what they share.”
Talk about first world problems...