Personal Tech

US Pentagon scrambles after Strava base leaks. Here's a summary of the new rules: 'Secure that s***, Hudson!'

What a Strava-palava

By Iain Thomson in San Francisco


The American military has ordered a review of its grunts' personal electronics – after the Strava fitness app used by soldiers revealed base locations and other operational security gaffes.

In November, the exercise-tracking software maker released a "heatmap" to show where in the world people were using the application to monitor their daily workouts.

Unfortunately, because not all users marked their training information private, the map revealed military bases and the jogging routes of personnel. It also highlighted dangerously stupid explorers, and the data allowed viewers to drill down into an individual's fitness stats.

In response, the Pentagon has urged servicemen and women to lock down the privacy settings on their apps – which, er, they should really have done in the first place. Meanwhile, top brass will come up with new rules, if necessary.

"We take these matters seriously, and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of Department of Defense personnel at home and abroad," Army Colonel Robert Manning III said at a Pentagon news conference on Monday.

"DoD personnel are advised to place strict privacy settings on wireless technologies and applications. The heat map incident re-emphasizes the need for service members to be cautious about what data to share via wearable electronic devices."

You'd have thought the Green Machine would be up on this already, given how America's enemies have blundered into this sort of opesec gotcha in the past. In 2015, a Daesh-bag fighter published a picture of his fellow terror bastards on social media with location data included in the snap – and 22 hours later, Uncle Sam showed him the real meaning of photobombing with three very large explosives sending him to the next world.

Russian military authorities also got caught out the year before. In 2014, with Russia denying its troops were invading Ukraine, its soldiers posted several selfies that location data showing were within the, er, Ukrainian borders.

As always, check the privacy settings of your apps – and not just Strava's. ®

Updated to add

Strava is having a rethink about how it shares people's data – and urged folks to check their applications settings while it works "with military and government officials to address potentially sensitive data."

"Many team members at Strava and in our community, including me, have family members in the armed forces," said CEO James Quarles. "Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us."

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

New Pentagon CIO's JEDI mind-change trick: Controversial cloud deal paused

Former JPMorgan man wants to procure 'true enterprise cloud'

JEDI mind tricks: Brakes slammed on Pentagon's multibillion cloud deal

This may not be the vendor you're looking for – explain yourself to get your funding

This is the contract you've been looking for: Pentagon releases JEDI bids

Single-award contract could run for up to a decade, worth a possible $10bn

Pentagon on military data-nomming JEDI cloud mind trick: There can be only one (vendor)

Unless offerings 'become... seamlessly integrated'

Pentagon 'do not buy' list says нет to Russia, 不要 to Chinese code

Protect and survive, or old-fashioned protectionism – we'll let you decide

Pentagon: JEDI bids on hold again, but it's still not the cloud contract you're looking for

US Department of Defense insistent on single vendor

Pentagon in uproar: 'China's lasers' make US pilots shake in Djibouti

Begun, the laser wars have, it is claimed

US techies: We want to see Pentagon's defence of winner-takes-all cloud contract

Industry calls on DoD to publish procurement report on single vendor award

Pentagon sticks to its guns: Yep, we're going with a single cloud services provider

Oracle's Catz: I chatted to Trump about plan, it 'makes no sense'

Oracle's JEDI mine trick: IT giant sticks a bomb under Pentagon's $10bn single-vendor cloud plan

Biz files official complaint to auditors over prices, configs