After GPS company Strava Labs revealed sensitive data U.S. military operations through a fitness tracking tool eralier this year, another exercise app has been found describing the patterns of soldiers and government agents. This time it's the activity tracker Polar, through which a Dutch newspaper was able to find the exact movements and locations of U.S Secret Service officers, NSA agents, the British MI6 and a host of international secretive agencies.
De Correspondent, working with online journalism collective , were able to use Polar's "Polar Flow" site to find the secret information. Polar's online maps allowed users to post public records of their exercise. Polar offered more information, and in greater detail, than other activity monitors, including the option to show an individual's workout routine since 2014.
From there, Foeke Postma at Bellingcat, it was relatively easy.
Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises carried out by individuals at military sites, but also revealing the same information from what are likely their homes as well. Tracing all of this information is very simple through the site: find a military base, select an exercise published there to identify the attached profile, and see where else this person has exercised. As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map. Users often use their full names in their profiles, accompanied by a profile picture — even if they did not connect their Facebook profile to their Polar account.
Researchers were able to come across military officials of all varieties, including those responsible for nuclear weapons. Examining two hundred sensitive locations, the investigative efforts found "6,460 individuals across 69 nationalities" sharing their information on Polar Flow.
Polar, which pulled its map feature in response to the article, has accepted partial responsibility for the situation. The Finnish app in a statement that while "the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API."