An Australian student has found that a 'heat map' created by a fitness tracking company has compromised secret military bases all over the world.

By Joe McDonough

Posted on January 29, 2018

Strava, a fitness-tracking app, has unwittingly revealed the locations of a number of US military bases all over the world.

The company produced a ‘global heat map’ after tracking the movements of its 27 million users — including people who own fitness devices such as Fitbit, Jawbone and Vitofit — over a two-year period using satellite information.

The data visualisation map was released in November 2017, and it was largely seen as a novelty illustration of jogging or cycling habits until a curious 20-year-old Australian applied it to his area of study.

Nathan Ruser, who’s studying international security and the Middle East at the Australian National University, decided to take a zoomed-in look at the heat map in those war-torn regions to see if it would show US soldiers. To his surprise, Syria “lit up like a Christmas tree”.

While places like Sydney are illuminated heavily in gold and there is plenty of “noise” from civilians getting out and about with their fitness devices, the Middle East is devoid of all that extra activity.

That means the glow from the running routes of military personnel is extremely conspicuous against the all-black background of the rest of the region.

“In countries where that is not so much a thing, that noise gets filtered out,” Ruser said.

“The only people using the apps would be foreign military personnel.”

Through the heat map you can also see which buildings are likely to be bases because of the level of activity.

Ruser, who has been following the situation in Syria for the past several years, said an even greater concern was the fact he could make out the movement of US patrols.

“You can see the main supply highway for US forces in Syria, and I just remember thinking ‘f***, that’s not good’,” he added.

After sharing his discovery on Twitter, military experts and reporters then started looking for other sites.

A suspected CIA base in Mogadishu presented evidence of jogging, a Twitter user claimed to have located a Patriot site in Yemen, and Ben Taub of The New Yorker, zeroed in on special operations bases in the Sahel.

Ex-British Army officer Nick Waters, who previously pinpointed his former base using the heat map, lashed the security oversight.

Jeffrey Lewis, founding publisher of the Arms Control Wonk blog, wrote at the Daily Beast that “the underlying data that Strava is collecting is a security nightmare”.

In response to Strava directing everyone to a media release it published in July 2017 on its privacy options, Lewis tweeted: “This is where I politely remind @Strava that it is sitting on a ton of data that most intelligence entities would literally kill to acquire.”

“[Strava] probably should have had the foresight to look at the map before they released it, but the app has a policy where you can opt out of data sharing, and that hasn’t been done by the soldiers,” Ruser added.

According to the Washington Post, the US military is currently looking into the situation.