STREAMING NOW: Watch Now

Fitness app that revealed military bases highlights bigger privacy issues

Fitness tracking app Strava wanted to show how people use its app all over the world.In November, it created a...

Posted: Jan 30, 2018 8:54 AM
Updated: Jan 30, 2018 8:54 AM

Fitness tracking app Strava wanted to show how people use its app all over the world.

In November, it created an interactive heat map that displayed one billion activity data points -- like running and cycling -- made public by users.

But over the weekend, observers noticed that Strava's map may have inadvertently revealed sensitive U.S. military locations and personnel at bases in countries around the world.

The controversy around Strava demonstrates a common issue with the relationship between tech companies and their users: People casually using an app often don't understand what companies do with their data or how to properly protect it.

"Before people can even have a basic level of protection of some kinds of data, they have to wade through these lengthy privacy policies, or find the setting, or even have some awareness that potentially sensitive information is going to get out there," said Michelle De Mooy, director of the Privacy & Data project at the Center for Democracy and Technology.

Strava has three levels of privacy in its app: Users can treat it like Twitter and publicly share their activity data for anyone to see; they can choose to let only certain people see their activity; or they can make their activity completely private. The default option is to share personal activity data publicly.

In a November blog post announcing the heat map, Strava data engineer Drew Robb said the company respected privacy rules when it created the map and only published public data. Strava did not respond to specific questions about user data, but told CNN in a statement earlier Monday it is "committed to helping people better understand our settings to give them control over what they share."

Tech firms revealing user data without anticipating the consequences is not uncommon. Companies assume it may be interesting to reveal user statistics, but receive backlash when people feel uncomfortable with the information exposed.

"What they fail to understand is that data represents people and people's preferences," De Mooy said. "Every tech platform is dealing with this unintended consequences problem, and it's partly because of the misalignment between expectation and intention, and what they're doing."

Related: US military reviewing security practices after fitness app reveals sensitive info

In December, Netflix tweeted a joke about 53 people who watched its holiday film "A Christmas Prince" once a day for 18 days. Some people criticized the tweet as inconsiderate. The tweet also reminded users that the video streaming company has massive amounts of data on people it could access at any time for any reason -- including poking fun at them.

In 2014, Jawbone -- a now-defunct fitness tracker -- published users' sleep data following an earthquake in Northern California. People saw their anonymized personal information become a data point in a major public event, and some felt uncomfortable when data collected in their bedrooms became part of a study looking at sleep data during the natural disaster.

In 2011, Fitbit exposed the self-reported sexual activity data of some users through profiles that were public by default. Fitbit changed its sharing options after the incident to make a private profile the default.

Many apps also sell personal data to third-party companies. This practice is common, though the general public is often unaware of their app's policies regarding data brokering. These types of sales are legal if disclosed, but users might not see the disclosures in lengthy privacy statements.

The U.S. Central Command told CNN on Monday it is looking into refining its smartphone and wearable device policies following the Strava revelations.

White House cybersecurity coordinator Rob Joyce tweeted on Monday that the Strava heat map highlights the risks of big data analytics.

"It goes well beyond fitness trackers. Security and OPSEC need to be considered in our new reality," he said in a tweet. "While policy evolution is needed, it is important to make good security policy balanced by not over reacting too."

People who are concerned about privacy should read apps' privacy policies and check the types of information that apps ask to collect, including permissions regarding a phone or tablet's camera, calendar and contact list. Social apps are often public by default, De Mooy said, and people must manually change their settings to be private.

"If you are a person with sensitive information -- whether that is your immigration status, gender, politics, or sexual orientation -- you may want to consider that once you're using a bunch of different apps, that information is probably getting compiled about you," De Mooy said.

Mississippi Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 62199

Reported Deaths: 1753
CountyConfirmedDeaths
Hinds5329110
DeSoto338727
Madison232460
Harrison222833
Rankin216830
Jackson206338
Jones180457
Forrest165353
Washington152433
Lauderdale135488
Lee127430
Neshoba123288
Lamar114613
Oktibbeha106036
Lowndes99932
Bolivar98732
Warren97630
Scott96219
Panola93611
Sunflower92623
Copiah92426
Lafayette88512
Leflore86660
Holmes85148
Pike84632
Grenada81621
Yazoo79311
Leake77125
Lincoln75641
Pontotoc7527
Wayne73621
Simpson72328
Monroe71650
Coahoma67710
Tate66524
Marion62519
Covington60112
Adams58725
Marshall5858
Winston58415
George5495
Union53814
Newton52611
Attala50224
Pearl River49637
Tallahatchie49610
Walthall46318
Chickasaw44319
Noxubee42611
Claiborne40113
Jasper3859
Smith38513
Calhoun3819
Clay37413
Alcorn3634
Prentiss3516
Hancock34414
Tishomingo3394
Itawamba31710
Tippah31612
Lawrence3155
Yalobusha31310
Clarke31025
Montgomery2973
Tunica2926
Humphreys27411
Carroll24811
Quitman2331
Greene23211
Kemper22715
Perry2267
Jefferson Davis2146
Amite2116
Webster20112
Jefferson1936
Wilkinson18813
Sharkey1831
Stone1593
Benton1300
Choctaw1294
Franklin1172
Issaquena211
Unassigned00

Alabama Coronavirus Cases

Confirmed Cases: 90890

Reported Deaths: 1611
CountyConfirmedDeaths
Jefferson12039228
Mobile9170197
Montgomery6305147
Madison508227
Tuscaloosa398466
Baldwin326323
Shelby307532
Marshall298433
Unassigned281255
Lee251940
Morgan224315
Etowah195728
DeKalb171813
Elmore162637
Calhoun159012
Walker147464
Houston132712
Dallas129423
Russell12471
St. Clair123612
Limestone120813
Franklin120620
Cullman115711
Colbert110712
Lauderdale109512
Autauga103020
Escambia97915
Talladega92713
Jackson8704
Chambers82838
Tallapoosa82278
Dale78722
Butler75135
Blount7413
Chilton7226
Coffee7165
Covington71520
Pike6607
Barbour5635
Lowndes55824
Marion54724
Marengo52614
Clarke4879
Hale45726
Bullock44111
Winston43211
Perry4314
Wilcox4089
Monroe3954
Randolph39110
Bibb3813
Conecuh37210
Pickens3719
Sumter35918
Lawrence3240
Washington31412
Macon31113
Crenshaw2973
Choctaw27612
Cherokee2477
Henry2463
Greene24511
Geneva2420
Clay2235
Lamar2032
Fayette1765
Cleburne1211
Coosa922
Out of AL00
Tupelo
Clear
68° wxIcon
Hi: 88° Lo: 67°
Feels Like: 68°
Columbus
Clear
69° wxIcon
Hi: 88° Lo: 68°
Feels Like: 69°
Oxford
Overcast
64° wxIcon
Hi: 85° Lo: 63°
Feels Like: 64°
Starkville
Clear
64° wxIcon
Hi: 85° Lo: 64°
Feels Like: 64°
WTVA Radar
WTVA Temperatures
WTVA Severe Weather