fb-pixel Skip to main content

Loose apps sink ships? Strava flap poses awkward dilemma for military

A portion of the Strava Labs heat map from Kandahar Airfield in Afghanistan, made by tracking activities.Screenshot from https://labs.strava.com/heatmap

“Loose lips might sink ships,” a famous US propaganda poster from World War II declared, warning soldiers and sailors not to talk about their work. And that was well before people routinely carried devices that churn out highly detailed detail about their location.

This past week, military and intelligence planners worldwide were scrambling to assess how much useful information enemy forces might glean from heat maps generated by the fitness app Strava. Via GPS data, Strava and similar apps help endurance athletes track the intensity of their workouts — and identify new routes by showing where others have been running or biking. It’s just that some of those routes happen to lie in Afghanistan (above), or other countries where US forces operate in secret.


Security agencies generally have policies about when fitness trackers are allowed. But the competitive drive of type-A runners and cyclists is hard to tamp down.

The Strava flap shows how successfully tech firms have persuaded users that sharing at all times is no big deal. It also illustrates that turning off GPS tracking can be tricky, and that default “privacy” settings, contrary to the name, often allow the generous collection and disclosure of location data.

Universal transparency has at least one advantage, though: The Strava problem only came to light because a 20-year-old budding security analyst in Australia started talking about it last weekend on Twitter.