Personal Tech

US Pentagon scrambles after Strava base leaks. Here's a summary of the new rules: 'Secure that s***, Hudson!'

What a Strava-palava

By Iain Thomson in San Francisco

34 SHARE

The American military has ordered a review of its grunts' personal electronics – after the Strava fitness app used by soldiers revealed base locations and other operational security gaffes.

In November, the exercise-tracking software maker released a "heatmap" to show where in the world people were using the application to monitor their daily workouts.

Unfortunately, because not all users marked their training information private, the map revealed military bases and the jogging routes of personnel. It also highlighted dangerously stupid explorers, and the data allowed viewers to drill down into an individual's fitness stats.

In response, the Pentagon has urged servicemen and women to lock down the privacy settings on their apps – which, er, they should really have done in the first place. Meanwhile, top brass will come up with new rules, if necessary.

"We take these matters seriously, and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of Department of Defense personnel at home and abroad," Army Colonel Robert Manning III said at a Pentagon news conference on Monday.

"DoD personnel are advised to place strict privacy settings on wireless technologies and applications. The heat map incident re-emphasizes the need for service members to be cautious about what data to share via wearable electronic devices."

You'd have thought the Green Machine would be up on this already, given how America's enemies have blundered into this sort of opesec gotcha in the past. In 2015, a Daesh-bag fighter published a picture of his fellow terror bastards on social media with location data included in the snap – and 22 hours later, Uncle Sam showed him the real meaning of photobombing with three very large explosives sending him to the next world.

Russian military authorities also got caught out the year before. In 2014, with Russia denying its troops were invading Ukraine, its soldiers posted several selfies that location data showing were within the, er, Ukrainian borders.

As always, check the privacy settings of your apps – and not just Strava's. ®

Updated to add

Strava is having a rethink about how it shares people's data – and urged folks to check their applications settings while it works "with military and government officials to address potentially sensitive data."

"Many team members at Strava and in our community, including me, have family members in the armed forces," said CEO James Quarles. "Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us."

Sign up to our NewsletterGet IT in your inbox daily

34 Comments

More from The Register

Cloud-slingers get 3-week extension to pitch for Pentagon's JEDI contract

Hate leads to... a single vendor

US congress-critters question prime directive of Pentagon's $10bn JEDI cloud contract

These are not the vendors you're looking for, republicans suggest in demand for probe

Oracle trying hard to make sure Pentagon knows Amazon ain't the only cloud around

Big Red files additional protest over JEDI contract

Pentagon's JEDI mind tricks at odds with our 'values' says Google: Ad giant evaporates from $10bn cloud contract bid

'Compliance' is a corporate value isn't it?

New Pentagon CIO's JEDI mind-change trick: Controversial cloud deal paused

Former JPMorgan man wants to procure 'true enterprise cloud'

JEDI mind tricks: Brakes slammed on Pentagon's multibillion cloud deal

This may not be the vendor you're looking for – explain yourself to get your funding

I find your lack of faith disturbing, IBM: Big Blue fires photon torpedo at Pentagon JEDI cloud contract

But Oracle shot first

This is the contract you've been looking for: Pentagon releases JEDI bids

Single-award contract could run for up to a decade, worth a possible $10bn

Pentagon on military data-nomming JEDI cloud mind trick: There can be only one (vendor)

Unless offerings 'become... seamlessly integrated'

Pentagon 'do not buy' list says нет to Russia, 不要 to Chinese code

Protect and survive, or old-fashioned protectionism – we'll let you decide