Strava has revealed details about a proposed fix for a problem noted in January which resulted in the company inadvertently giving away positions and activity surrounding key military installations. The issue arose out of the company's use of a map that allows people to see anonymized activity captured via the Strava Running and Cycling GPS fitness application. Since many stationed on various countries' military bases had neglected to turn on privacy settings, those locations showed a high enough level of activity that the map could possibly have been used to work out patrol and personnel running routes. Worse still, some of those locations were intended to remain undiscovered by the general public for security reasons. Strava, at the time, took it upon itself to remind users how to access and use privacy settings but that was not deemed to be enough by governing bodies. Now, the company is making new adjustments to how the map itself works, in addition to that proposal.
For starters, data that is intended to be kept private will be removed from its databases on a more regular basis, as will data associated with the previous map – since the maps themselves will be refreshed on a monthly basis. Meanwhile, areas that are now known to have military sites will no longer be included in the data and access to the maps will be restricted entirely to users without a valid login with Strava. It goes without saying that data will continue to be anonymized as usual, with no names, dates, or other similar information shared alongside what is posted to the map. The app will also continue to function as normal, connecting to a smartwatch or other wearable to provide fitness metrics and other health information. Finally, the underlying algorithm has been reworked to only include activity in areas with a higher number of active users than is normally found at a military base. That should help to prevent further mishaps, even if the other new measures happen to fail.
In the meantime, the U.S. Defense Department is also reviewing security protocols so that military personnel can limit behavior that exposes a base to inadvertent, technology-based threats and security breaches. Taken in combination, these adjustments should work fairly well at preventing what could have been a disastrous leak of secure military information.