By David Ingram

Fitness-tracking app Strava said starting on Tuesday it will restrict access to an online map that shows where people run, cycle and swim and remove some data after researchers found it inadvertently revealed military posts and other sensitive sites

Strava’s heat map shows exercise routes in colors such as white, orange and purple that signify their popularity. The map drew worldwide attention in January when academics, journalists and private security experts used it to deduce where military personnel were deployed, by looking on the app for workout locations in war zones.

Strava is launching a new version of the heat map, a tool that displays data in map form, that will bar access to street-level details to anyone but registered Strava users, Strava Chief Executive James Quarles told Reuters.


The logo of Strava Inc covers a wall at the fitness app company’s headquarters in San Francisco
The logo of Strava Inc covers a wall at the fitness app company’s headquarters in San Francisco, California, U.S., March 7, 2018. Picture taken on March 7, 2018. REUTERS/David Ingram


Roads and trails with little activity will not show up on the revised map until several different users upload workouts in that area, the company said. The map will also be refreshed monthly to remove data people have made private.

Security experts previously spotted on Strava’s map what they believed to be the movements of U.S. soldiers in Africa and of people who work at a suspected Taiwanese missile command, all of whom had shared workouts apparently without realizing the implications.


In some spots, such as Afghanistan, researchers speculated that most or all of Strava’s users were soldiers or related personnel, making it easier to spot their bases

Quarles said that the company did not anticipate that people would find sensitive information on the map because fitness data is shared voluntarily. The company does not track people without their knowledge, he said.

“Our use is really explicit,” Quarles said in an interview, his first on the subject. “You’re recording your activity in its location for the express purpose of analyzing it or sharing it and to do so publicly.”



Strava customers have the option of keeping their workouts private, and the map included no names. But the episode underscored how big data sets held by Silicon Valley companies can be used for unintended purposes.

Strava’s initial response, in which it pledged to help people better understand the app’s privacy settings, was not enough for U.S. lawmakers, who demanded to know what steps the company was taking to protect privacy.

The privately held San Francisco company has 150 employees and bills itself as the “social network for athletes.” It has 28 million users, 82 percent of whom are outside the United States.


Keep reading …