Author: Michael S. Dorsi
Recent revelations indicate that U.S. military or intelligence personnel (and maybe Russians too) using the popular run-tracking app, Strava, may have unintentionally divulged sensitive location information. While these runners may have turned on security features that anonymize their data, their anonymized data became part of Strava’s heat maps, which show popular running routes. A running route around what appears to be an abandoned airfield in the desert can give away that the airfield isn’t so abandoned.
Perhaps adding to the confusion is the fact that Strava works even when a phone is on Airplane Mode, sending no outbound data. The app uses your phone or other GPS-enabled devices to track your run via inbound GPS signals, and then uploads your run the next time you connect to the Internet. Yes, I have tested this, it works.
Probably not a secret CIA location, but you never know . . .
There is a lesson here for anyone who works in a sensitive location: Be careful with your data. Location data can reveal the location of an Alcoholics Anonymous meeting in a church basement, an appointment with a whistleblower representation law firm, or a marijuana grow operation hidden in a forest.
Even non-public data can be subject to subpoenas and government searches without a warrant. See, e.g. Stored Communications Act, 18 U.S.C. § 2701 et seq. If you are engaged in a sensitive activity, regularly review your privacy settings and think twice about any online sharing of your data.
Whatever you say — spoken, written, or by your data — can be used against you.