Here's a question for philosophers: If someone goes for a run without logging it in a fitness app, did they exercise? The number of fitness trackers on the market, from Strava and Runkeeper to many others, suggests that the answer is no. But a fitness app called Polar has inadvertently revealed more than the answer to that philosophical question; it's also leaked the locations of military bases and other secret areas.
Polar, like many other fitness apps, lets users log a map of their run. You can also make the maps publicly available so other people can see where you're hitting the pavement. The problem, as De Correspondent and Bellingcat discovered this week, is that someone can use these maps to learn more about your life than you may have wanted.
De Correspondent and Bellingcat were able to track 6,460 people across 69 nationalities through Polar's activity map. Using the map, the publications also found 200 sensitive locations: 125 military bases, 48 nuclear weapon storage facilities, 18 intelligence agencies, a smattering of drone bases, embassies, nuclear power plants and royal residencies and a police academy.
Worse still is people could use Polar to learn individuals' exact addresses with little more than Google Maps' Street View feature. All you need is Polar's activity map and access to a computer. "Anyone with a basic understanding of computers and some common sense," De Correspondent summarized, "can find this information."
Polar told De Correspondent that less than two percent of its users have publicly available logs. The company also released a statement (opens in new tab) on its website:
"It is important to understand that Polar has not leaked any data, and there has been no breach of private data. Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings and are not affected in any way by this case. While the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API."
"Loose lips sink ships." - some lessons have to be relearned constantly.
- Who's there? - asks Polar CEO
- CIA, NSA, MP,...
The general location (outer parameters) of mentioned facilities should more often than not be public knowledge and easy to find for anybody interested.
Exact details of the facility are not revealed unless the "target" is the individual doing the exercise.
2nd its not just about location of these places, if some guard or person patrolling the location has this app running (knowingly or not) a person viewing past "runs" can identify patrol routes, often outside locations and look for blind spots in security