Here's a question for philosophers: If someone goes for a run without logging it in a fitness app, did they exercise? The number of fitness trackers on the market, from Strava and Runkeeper to many others, suggests that the answer is no. But a fitness app called Polar has inadvertently revealed more than the answer to that philosophical question; it's also leaked the locations of military bases and other secret areas.
Polar, like many other fitness apps, lets users log a map of their run. You can also make the maps publicly available so other people can see where you're hitting the pavement. The problem, as De Correspondent and Bellingcat discovered this week, is that someone can use these maps to learn more about your life than you may have wanted.
De Correspondent and Bellingcat were able to track 6,460 people across 69 nationalities through Polar's activity map. Using the map, the publications also found 200 sensitive locations: 125 military bases, 48 nuclear weapon storage facilities, 18 intelligence agencies, a smattering of drone bases, embassies, nuclear power plants and royal residencies and a police academy.
Worse still is people could use Polar to learn individuals' exact addresses with little more than Google Maps' Street View feature. All you need is Polar's activity map and access to a computer. "Anyone with a basic understanding of computers and some common sense," De Correspondent summarized, "can find this information."
Polar told De Correspondent that less than two percent of its users have publicly available logs. The company also released a statement on its website:
"It is important to understand that Polar has not leaked any data, and there has been no breach of private data. Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings and are not affected in any way by this case. While the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API."
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.
This story was out months ago. The data did publicly reveal for the first time the location of a US military base in Syria. Because unthinking staff thought it was more important to brag about their fitness program and lost perspective about what they are actually doing.Reply
"Loose lips sink ships." - some lessons have to be relearned constantly.
Fitness App follow for us !Reply
Translation: "Yeah, hardly anyone uses the public logging to show their runs... but it's out there for anyone with a computer and common sense to find and that's not our fault at all. Oh, and it's totally cool that we know where these places are even if they weren't public."Reply
- *knock knock*Reply
- Who's there? - asks Polar CEO
- CIA, NSA, MP,...
why would the polar ceo be in trouble? these features are turned off by default. these morons turned them on and shared their locations to the world. if anything the users should all be thrown in prison for negligence.Reply
Seems very much like a non issue to me.Reply
The general location (outer parameters) of mentioned facilities should more often than not be public knowledge and easy to find for anybody interested.
Exact details of the facility are not revealed unless the "target" is the individual doing the exercise.
1st of all, shame on TOM, again, for reposting a "news" story from several months ago.Reply
2nd its not just about location of these places, if some guard or person patrolling the location has this app running (knowingly or not) a person viewing past "runs" can identify patrol routes, often outside locations and look for blind spots in security