EMAILED ON January 30, 2018 BY Zachary Crockett

Strava’s heat map is a huge security screw-up

Back in November, fitness tracking app Strava published the Global Heatmap — a seemingly cool interactive that used 13 trillion GPS points to show where people were the most active between 2015 and 2017.

But the feature came with a “major security oversight:” turns out, soldiers use fitness trackers too — and their movements, which show up on the map, were used to pinpoint the location of US military bases.

How’s that?

On the map, populated areas are illuminated with the activity of millions of users. But in sparser areas (i.e. “war zones”), the map is pitch black — and upon closer examination, one can make out faint outlines of activity in or around US military bases.

The revelation was first pointed out on Twitter, and within hours, many users had used the map to identify secret CIA sites in Somalia, missile systems in Yemen, and US Special Operations bases in Africa.

The data, said one analyst, offers “a mine of information to anyone who wants to attack or ambush US troops in or around the bases.”

Whose fault is this?

Strava does offer users an enhanced privacy mode that allows them to opt out of data sharing — though the app’s privacy settings have come under heat in the past for not being very straightforward.

Still, soldiers probably shouldn’t be publicly tracking their locations — or even using these devices at all.

And the blame for that falls partly on our government: the Pentagon has openly endorsed the usage of Fitbits among military members as far back as 2013.