Personal Tech

US Pentagon scrambles after Strava base leaks. Here's a summary of the new rules: 'Secure that s***, Hudson!'

What a Strava-palava

By Iain Thomson in San Francisco


The American military has ordered a review of its grunts' personal electronics – after the Strava fitness app used by soldiers revealed base locations and other operational security gaffes.

In November, the exercise-tracking software maker released a "heatmap" to show where in the world people were using the application to monitor their daily workouts.

Unfortunately, because not all users marked their training information private, the map revealed military bases and the jogging routes of personnel. It also highlighted dangerously stupid explorers, and the data allowed viewers to drill down into an individual's fitness stats.

In response, the Pentagon has urged servicemen and women to lock down the privacy settings on their apps – which, er, they should really have done in the first place. Meanwhile, top brass will come up with new rules, if necessary.

"We take these matters seriously, and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of Department of Defense personnel at home and abroad," Army Colonel Robert Manning III said at a Pentagon news conference on Monday.

"DoD personnel are advised to place strict privacy settings on wireless technologies and applications. The heat map incident re-emphasizes the need for service members to be cautious about what data to share via wearable electronic devices."

You'd have thought the Green Machine would be up on this already, given how America's enemies have blundered into this sort of opesec gotcha in the past. In 2015, a Daesh-bag fighter published a picture of his fellow terror bastards on social media with location data included in the snap – and 22 hours later, Uncle Sam showed him the real meaning of photobombing with three very large explosives sending him to the next world.

Russian military authorities also got caught out the year before. In 2014, with Russia denying its troops were invading Ukraine, its soldiers posted several selfies that location data showing were within the, er, Ukrainian borders.

As always, check the privacy settings of your apps – and not just Strava's. ®

Updated to add

Strava is having a rethink about how it shares people's data – and urged folks to check their applications settings while it works "with military and government officials to address potentially sensitive data."

"Many team members at Strava and in our community, including me, have family members in the armed forces," said CEO James Quarles. "Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us."

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Cloud-slingers get 3-week extension to pitch for Pentagon's JEDI contract

Hate leads to... a single vendor

US congress-critters question prime directive of Pentagon's $10bn JEDI cloud contract

These are not the vendors you're looking for, republicans suggest in demand for probe

Oracle trying hard to make sure Pentagon knows Amazon ain't the only cloud around

Big Red files additional protest over JEDI contract

Fed up with Oracle's Sith, AWS wades into Big Red's lawsuit over Pentagon JEDI contract

Long-standing cloud enemies to do battle in the courts

Pentagon cloud contract sueball: Oh no, Oracle doesn't need those docs, AWS tells court

Urges it to chuck Big Red's request to depose former Pentagon staffers, too

New Pentagon CIO's JEDI mind-change trick: Controversial cloud deal paused

Former JPMorgan man wants to procure 'true enterprise cloud'

Pentagon's JEDI mind tricks at odds with our 'values' says Google: Ad giant evaporates from $10bn cloud contract bid

'Compliance' is a corporate value isn't it?

JEDI mind tricks: Brakes slammed on Pentagon's multibillion cloud deal

This may not be the vendor you're looking for – explain yourself to get your funding

Oracle takes its gripes about Pentagon's JEDI contract to federal court

Great way to make friends during procurement for a $10bn contract, eh Larry?

Pentagon admits it's now probing conflicts of interest at AWS over $10bn JEDI cloud deal

Earlier investigation would've been 'premature'