ROYAL Navy officers at Faslane Naval Base have been inadvertently leaking their personal details and could even be revealing when they are on board nuclear submarines.
The fitness app Strava, which has 95 million users across the globe, allows people to track and publicly record their runs, bike rides and swims.
In 2018, a new feature was introduced which showed the most popular running routes were found to be revealing US army based in the Middle East where soldiers had been recording runs.
Now, defence military personnel at Faslane, northwest of Glasgow – where Britain’s Trident nuclear deterrent is based – are still uploading public data, revealing their names, addresses and the dates when they are at the base, according to a report in The Times.
READ MORE: Liz Truss commits to keeping Trident nuclear weapons on the Clyde
A cybersecurity expert said it was “jaw-dropping” that Strava data was still available and that it should be considered as “the canary in the coalmine” for the amount of location data collected about soldiers.
In many cases, it is unclear whether or not users actually meant to reveal their names or runs at the base.
A user could have a private profile but still appear in public speed rankings for specific locations, potentially meaning some might not realise their identity is being made public.
Strava lets its users create “segments”, which are short public routes tagged to geographical co-ordinates.
Once someone runs a segment, their time appears in competitive rankings.
In June, fake segments were found to have been planted by unknown operatives at Israeli military bases.
This then enabled the person who created the segments to see who ran along them – and even track them to other countries.
There are several segments at Faslane, which appear to have been created by those who have access to the base.
They included one titled “Race to the home of the UK submarine service” as well as another titled “RM BFT”, an abbreviation for Royal Marines basic fitness test.
Senior researcher at the University of Toronto’s Citizen Lab John Scott-Railton has coined the term “fitleaking” for the way in which fitness apps reveal the whereabouts or patterns of movement of their users.
He said: “Most institutions still haven’t come to terms with the volume of mineable, interesting data that their employees emit.
“This kind of data presents obvious opportunities for exploitation, and in some cases bypassed decades or more of practices designed to balance the security risks of private data.”
He added that Strava allows us to “peel back the window into a much broader problem”.
Railton continued: “Lots of companies have pushed consumers into bringing, effectively, trackers with them everywhere.
“Those trackers contain all sorts of sensitive information which you could use to spy on another government. This is the canary in the coalmine.”
The navy has previously warned its officers about posting location data online.
Its advice page on social media reads: “Whether you are serving personnel, their friends or family, it’s important that you avoid posting any information online that might compromise an operation or put personnel in danger, including photos or videos.”
READ MORE: Scottish independence: Hundreds turn out for All Under One Banner Faslane protest
As data is uploaded to Strava immediately, checking the Faslane segments over the course of several days made it possible to obtain names for people stationed in the base and where they had been posted or been staying before.
Two Strava users who ran at Faslane also posted GPS logs of what appeared to be runs on board ships themselves.
The navy said: “We take the security of our team very seriously, which is why we regularly advise our personnel on the use of apps and social media websites.
“This includes turning off geo-tagging on devices to prevent their location from being revealed whilst exercising.”
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel