I was talking about this last night with a guy who used to be in the army. It’s a BFD.
In March 2017, a member of the Royal Navy ran around HMNB Clyde, the high-security military base that’s home to Trident, the UK’s nuclear deterrent. His pace wasn’t exceptional, but it wasn’t leisurely either.
His run, like millions of others around the world, was recorded through the Strava app. A heatmap of more than one billion activities – comprising of 13 billion GPS data points – has been criticised for showing the locations of supposedly secretive military bases. It was thought that, at the very least, the data was totally anonymised. It isn’t.
The fitness app – which can record a person’s GPS location and also host data from devices such as Fitbits and Garmin watches – allows users to create segments and leaderboards. These are areas where a run, swim, or bike ride can be timed and compared. Segments can be seen on the Strava website, rather than on the heatmap.
Computer scientist and developer Steve Loughran detailed how to create a GPS segment and upload it to Strava as an activity. Once uploaded, a segment shows the top times of people running in an area. Which is how it’s possible to see the running routes of people inside the high-security walls of HMNB Clyde.
Of course, this is an operational security issue. The military personnel shouldn’t really be using Strava while they’re living/working on bases.
“The underlying problem is that the devices we wear, carry and drive are now continually reporting information about where and how they are used ‘somewhere’,” Loughran said. “In comparison to the datasets which the largest web companies have, Strava’s is a small set of files, voluntarily uploaded by active users.”