Military location data has been leaked in a new way via fitness app Strava

An unknown party has been tracking Israeli soldiers on secret military bases by uploading segments to Strava. Details of people who have partially shielded their Strava profile were also visible.

Segments in Strava can be added if users have been to that location themselves, but also by uploading a GPS route recorded in a different way. Such routes can be created with software at any place without physical presence being required. Anyone who is subsequently active on such a segment with Strava will be placed on a ranking.

In this way, an unknown party has added segments in locations where secret Israeli bases are located. Details of soldiers who have run there, for example, can then be seen, even if they have shielded their profile via the privacy settings. In that case, the profile picture, first name and initials are still visible in the rankings. Only if users completely shield each activity individually will that information be completely hidden in the segment rankings.

Israeli investigators from FakeReporter discovered that Israeli soldiers were followed in this way. The Guardian has seen an example where a Strava user linked to Israel’s military program would be visible on a secret military base, on other bases, and in another country.

The method does not allow tracking users everywhere. The person performing the espionage has to upload the locations of the segments themselves and can then use that to see if the user has been there, provided that person has used Strava there.

FakeReporter notified the Israeli military and also notified Strava. The maker of the fitness app is said to have set up a team to ‘solve the problem’. It is not yet known how Strava will do this. The service could limit the upload of segments or implement better privacy protections for displaying participant data in segments.

Strava hit the headlines in 2018 when it emerged that a heatmap the company published revealed where secret military bases were located. As a result, the Pentagon restricted the use of GPS fitness trackers by defense personnel in certain areas.

Strava heatmap of a military base