Strava App and security flaw?

The Strava App on Fitbits and other health tech (and can be used on your smartphone) has allowed people to find secret Military bases in the World. A big potential risk some say.


IMO not Strava’s fault, people in sensitive areas should make their activities private, rather than public. Perhaps our government thinks Pine Gap is secret, but I’m sure the Russians know about it :wink:

The heat map was released last year, and I can clearly see plenty of my tracks on the heat map, where no one else rides.


I wasn’t blaming Strava at all, the users are the suppliers of the data.

It is the way the data is stored, and if you want the play back of your activity it is the way the app works. When the map was released no personal data was linked, but the mapping is still of some concern to military use and why I said some are concerned. Unintended consequences, and of course the US military made the fitbits available to their personnel to help them maintain fitness :slight_smile: A double edged sword perhaps.


I was referring to the article suggesting that Strava is revealing the data :wink:

As a daily user of Strava myself, I know that anyone can look up ‘segments’ in a particular area to find out where the users listed go, how fast they are etc, but only if the activity is made public. Private individuals’ activities don’t show up, except to the individual who created the data, but it appears they do show on the heatmap, anonymously. However, the heatmap doesn’t reveal if they are fitness activities, vehicle movements, or something else.

I find it hard to believe that military people were not already aware of this, as clearly there are a lot of military personnel using Strava, and they would see their locations lighting up on the heatmap, the link being sent to all Strava users last year, not to mention their daily activities being visible to all, if made public .


Posted on Strava:

A Letter to the Strava Community

An update on the global heatmap from James Quarles, Strava CEO.


A new message regarding heatmaps on Strava has recently appeared:

The Global Heatmap

Athletes from around the world come here to discover new places to be active. Here’s what you should know about the heatmap and the data it reflects:

The heatmap shows 'heat' made by aggregated, public activities over the last two years.
The heatmap is updated monthly.
Activity that athletes mark as private is not visible.
Athletes may opt out by updating their privacy settings.
Areas with very little activity may not show any 'heat.'

Looking at places where I know people, including myself, have ridden publicly hundreds of times in the past 2 years, and other areas that dont get ridden very often, it seems the heatmap is a bit hit and miss.


Maybe users are starting to change privacy settings? I know it isn’t a great answer but just maybe??

1 Like

At least ‘some users’ are being told to change privacy settings :wink:


I’m pretty sure it isn’t that, as all my rides are public, and I’ve ridden along my road in both directions many hundreds of times in the past 2 years, yet the heat map shows no activity along much of the road