Fitness app that revealed military bases highlights bigger privacy issues

Fitness tracking app Strava wanted to show how people use its app all over the world.In November, it created a...

Posted: Jan 30, 2018 9:54 AM
Updated: Jan 30, 2018 9:54 AM

Fitness tracking app Strava wanted to show how people use its app all over the world.

In November, it created an interactive heat map that displayed one billion activity data points -- like running and cycling -- made public by users.

But over the weekend, observers noticed that Strava's map may have inadvertently revealed sensitive U.S. military locations and personnel at bases in countries around the world.

The controversy around Strava demonstrates a common issue with the relationship between tech companies and their users: People casually using an app often don't understand what companies do with their data or how to properly protect it.

"Before people can even have a basic level of protection of some kinds of data, they have to wade through these lengthy privacy policies, or find the setting, or even have some awareness that potentially sensitive information is going to get out there," said Michelle De Mooy, director of the Privacy & Data project at the Center for Democracy and Technology.

Strava has three levels of privacy in its app: Users can treat it like Twitter and publicly share their activity data for anyone to see; they can choose to let only certain people see their activity; or they can make their activity completely private. The default option is to share personal activity data publicly.

In a November blog post announcing the heat map, Strava data engineer Drew Robb said the company respected privacy rules when it created the map and only published public data. Strava did not respond to specific questions about user data, but told CNN in a statement earlier Monday it is "committed to helping people better understand our settings to give them control over what they share."

Tech firms revealing user data without anticipating the consequences is not uncommon. Companies assume it may be interesting to reveal user statistics, but receive backlash when people feel uncomfortable with the information exposed.

"What they fail to understand is that data represents people and people's preferences," De Mooy said. "Every tech platform is dealing with this unintended consequences problem, and it's partly because of the misalignment between expectation and intention, and what they're doing."

Related: US military reviewing security practices after fitness app reveals sensitive info

In December, Netflix tweeted a joke about 53 people who watched its holiday film "A Christmas Prince" once a day for 18 days. Some people criticized the tweet as inconsiderate. The tweet also reminded users that the video streaming company has massive amounts of data on people it could access at any time for any reason -- including poking fun at them.

In 2014, Jawbone -- a now-defunct fitness tracker -- published users' sleep data following an earthquake in Northern California. People saw their anonymized personal information become a data point in a major public event, and some felt uncomfortable when data collected in their bedrooms became part of a study looking at sleep data during the natural disaster.

In 2011, Fitbit exposed the self-reported sexual activity data of some users through profiles that were public by default. Fitbit changed its sharing options after the incident to make a private profile the default.

Many apps also sell personal data to third-party companies. This practice is common, though the general public is often unaware of their app's policies regarding data brokering. These types of sales are legal if disclosed, but users might not see the disclosures in lengthy privacy statements.

The U.S. Central Command told CNN on Monday it is looking into refining its smartphone and wearable device policies following the Strava revelations.

White House cybersecurity coordinator Rob Joyce tweeted on Monday that the Strava heat map highlights the risks of big data analytics.

"It goes well beyond fitness trackers. Security and OPSEC need to be considered in our new reality," he said in a tweet. "While policy evolution is needed, it is important to make good security policy balanced by not over reacting too."

People who are concerned about privacy should read apps' privacy policies and check the types of information that apps ask to collect, including permissions regarding a phone or tablet's camera, calendar and contact list. Social apps are often public by default, De Mooy said, and people must manually change their settings to be private.

"If you are a person with sensitive information -- whether that is your immigration status, gender, politics, or sexual orientation -- you may want to consider that once you're using a bunch of different apps, that information is probably getting compiled about you," De Mooy said.

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 36578

Reported Deaths: 2258
CountyConfirmedDeaths
Marion10188604
Lake3876207
Allen181071
Cass15919
Elkhart158528
St. Joseph135838
Hendricks120478
Hamilton119194
Johnson1125113
Madison60061
Porter56233
Clark53942
Bartholomew53139
LaPorte44824
Howard44236
Tippecanoe4344
Jackson4012
Delaware39741
Shelby39722
Hancock35427
Boone32436
Floyd31941
Vanderburgh2913
Morgan28626
Noble27821
Montgomery24917
Clinton2471
White2399
Decatur23132
Grant22923
Dubois2113
Kosciusko2052
Harrison19622
Marshall1872
Henry18512
Vigo1828
Greene17226
Dearborn17122
Monroe17113
Lawrence17124
Warrick16729
Miami1461
Putnam1427
Jennings1324
Orange13122
LaGrange1282
Scott1263
Franklin1168
Ripley1086
Daviess10416
Carroll952
Wayne906
Steuben902
Wabash812
Newton8010
Fayette797
Jasper741
Jay580
Clay533
Randolph523
Rush513
Fulton511
Washington501
Pulaski500
Jefferson491
Whitley453
DeKalb451
Starke423
Perry390
Huntington382
Sullivan371
Wells350
Owen341
Brown331
Benton320
Knox310
Blackford272
Tipton261
Crawford250
Adams231
Switzerland220
Spencer221
Fountain222
Gibson202
Parke180
Posey160
Martin140
Warren131
Ohio130
Vermillion100
Union100
Pike60
Unassigned0180
West Lafayette
Clear
66° wxIcon
Hi: 87° Lo: 63°
Feels Like: 66°
Kokomo
Clear
58° wxIcon
Hi: 82° Lo: 60°
Feels Like: 58°
Rensselaer
Clear
57° wxIcon
Hi: 83° Lo: 55°
Feels Like: 57°
Fowler
Clear
57° wxIcon
Hi: 84° Lo: 61°
Feels Like: 57°
Williamsport
Clear
68° wxIcon
Hi: 87° Lo: 63°
Feels Like: 68°
Crawfordsville
Clear
60° wxIcon
Hi: 86° Lo: 63°
Feels Like: 60°
Frankfort
Broken Clouds
64° wxIcon
Hi: 84° Lo: 62°
Feels Like: 64°
Delphi
Clear
54° wxIcon
Hi: 84° Lo: 61°
Feels Like: 54°
Monticello
Clear
54° wxIcon
Hi: 83° Lo: 60°
Feels Like: 54°
Logansport
Clear
57° wxIcon
Hi: 83° Lo: 60°
Feels Like: 57°
Clear Skies Continue
WLFI Radar
WLFI Temps
WLFI Planner

COVID-19 Important links and resources

As the spread of COVID-19, or as it's more commonly known as the coronavirus continues, this page will serve as your one-stop for the resources you need to stay informed and to keep you and your family safe. CLICK HERE

Closings related to the prevention of the COVID-19 can be found on our Closings page.

Community Events