The locations and layouts of U.S. military bases in countries like Syria and Afghanistan have been revealed by Strava heatmaps …

Strava allows users to capture maps of the routes followed while carrying out exercise like jogging, which are publicly visible if set to Public rather than Private. The most popular routes in any given area then form heatmaps, which effectively reveal not only the locations of military bases, but effectively create digital maps of their layouts.

The Washington Post says that while heatmaps are harmless in urban areas, they can be a major security risk in war zones.

In war zones and deserts in countries such as Iraq and Syria, the heat map becomes almost entirely dark — except for scattered pinpricks of activity. Zooming in on those areas brings into focus the locations and outlines of known U.S. military bases, as well as of other unknown and potentially sensitive sites — presumably because American soldiers and other personnel are using fitness trackers as they move around […]

“Big OPSEC [operations security] and PERSEC [personal security] fail,” tweeted Nick Waters, a former British army officer who pinpointed the location of his former base in Afghanistan using the map. “Patrol routes, isolated patrol bases, lots of stuff that could be turned into actionable intelligence.”

Much of the data is likely to have been uploaded from Fitbit devices, which military personnel are encouraged to use as part of a fitness regime.

The security risk was first identified by Nathan Ruser.

Nathan Ruser, who is studying international security and the Middle East, found out about the map from a mapping blog […]

“I wondered, does it show U.S. soldiers?” Ruser said, and he immediately zoomed in on Syria. “It sort of lit up like a Christmas tree.”

Both the U.S. military and Strava say they are addressing the problem.

The U.S.-led coalition against the Islamic State said on Monday it is revising its guidelines on the use of all wireless and technological devices on military facilities as a result of the revelations […]

Strava issued a statement overnight saying that it is “committed to working with military and government officials to address sensitive areas that might appear.” An earlier company statement had urged its subscribers to check their privacy settings and provided a link to a site that explained how to do that.

While the specific risk of Strava heatmaps is more easily recognized with the benefit of hindsight, I agree with my colleague Michael Potuck who observed that it’s surprising soldiers on postings in sensitive areas are allowed to keep location services switched on on their personal devices. There are many apps that automatically include location data in their uploads.

Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear