Privacy Historical

Strava Heatmap Reveals Secret Military Base Locations and Soldier Patrol Routes

The Guardian 28 January 2018 Indexed 16 Mar 2026

What happened

Strava released a global heatmap of GPS activity data aggregated from its fitness tracking app. Analysts discovered that in remote regions of Syria, Niger, and Afghanistan, the heatmap revealed the locations of previously undisclosed military bases and detailed patrol routes of soldiers using the app.[1]

Strava global fitness heatmap showing bright activity trails over a dark map — Strava's fitness heatmap inadvertently outlined secret military bases and patrol routes by aggregating soldiers' GPS workout data.Image: Bad.Technology archive

What went wrong

Strava enabled activity data sharing by default, including for users at sensitive locations. Military and intelligence agencies had not prohibited fitness tracker use or configured devices to disable location sharing. The aggregated data product revealed individual behaviour through collective analysis.[1]

Lesson learned

Aggregated, anonymised data can reveal sensitive individual behaviour when correlated with geographic context. Organisations with location-sensitive operations must assess all internet-connected devices carried by personnel. Fitness apps must make privacy implications of global data aggregation clear to users.

Est. value burned ~$50M Military base security reclassification costs + SCP: operational security reviews across ~100 exposed installations

Sources

[1]

The Guardian Wikipedia
Strava Heatmap Reveals Secret Military Base Locations and Soldier Patrol Routes Wayback Machine snapshot

External links can go dark — pages move, paywalls appear, domains expire. Every source above includes a Wayback Machine snapshot link as a fallback. All citations are best-effort research; if a source contradicts our summary, the primary source takes precedence.

What happened

What went wrong

Lesson learned

Sources

More in Privacy