Terrorists Could Plan Attacks Using Strava


This post is also available in: עברית (Hebrew)

Strava is a fitness tracking app that is now very widespread among runners and cyclists. It lets you record your activity using the GPS on your smartphone, watch or bicycle GPS, and then compares you to other athletes that have trained on the same segments.

Recently, the San Francisco-based startup published its worldwide heatmap of more than one billion running and cycling routes, and it promised that data would be anonymized, and only those who agreed to participate would be included in the project.

However, it also inadvertently showed that despite tight restrictions on the use of electronics at many sensitive sites, military personnel on secret missions around the world are just as bad as civilian users at reading the small print and turning off privacy-destroying settings on the apps on their phones and watches. It also showed they are avid runners even in the middle of combat zones.

Many times the watches are set on auto-start and auto-sync to Strava, and thus some activities made by soldiers (IDF’s Soldiers as well), such as ground patrols on the Gazan border or the Lebanon border are included in the app’s database and are presented on the heatmap.



Now, according to rt.com, terrorists, militants and other irregular forces may have a tactical advantage after Strava’s heatmap exposed the possible locations of hi-tech force deployments.

Although it is hard to make out individual routes in large cities, but in deserted and impoverished locations like northern Syria and Afghanistan, the heat maps stand out without needing to zoom in – immediately suggesting a foreign presence. Any doubt as to the purpose of the highlighted areas is removed as the joggers often seem to have run neatly around buildings, offering a good clue as to their purpose, the overall size of any outpost, and the number of “runners” stationed there.

This surveillance implications of the map sailed under the media radar last year, but in the past day, Twitter sleuths have scanned through the entirety of the map, finding circumstantial proof of a suspected CIA “black site” (a Black Site is a base where secret, normally illegal considered activities occur) in Djibouti, as well as locations with a declared US presence, such as Niger and the Middle East, where Washington does not publicize exact base coordinates or personnel numbers. Most of the attention has been on the US, but other countries are also likely to have been caught up.

The dynamic nature of Strava’s data map, which records more than three trillion locations, makes it unusually informative.



“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” tweeted Nathan Ruser, founder of think tank Institute for United Conflict Analysts, who was one of the first to spot the map’s potential, together with a picture of an unidentified base. “This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any pattern of life info from this far away.”

Worse than that, several longer lines across warzone maps suggest that Strava has given away more complex logistical data, such as convoy and patrol routes, which could potentially expose forces to ambush.

Strava’s data can also be combined and overlaid with other open sources like Google Maps.