Strava’s data could even be used to follow individuals of interest as they rotated among military bases or intelligence community locations, according to Jeffrey Lewis, director of the East Asia Nonproliferation Program in the Middlebury Institute of International Studies at Monterey, California. In a sobering Daily Beast article, Lewis laid out a scenario by which Chinese analysts could track a Taiwanese soldier based on his activities at a known missile base and thereby discover other previously unknown missile bases as the soldier’s duties required him to rotate through those bases.

Taking Steps to Fix the Problem

The United States is clearly far from alone in dealing with such security challenges. Back in 2015, the People’s Liberation Army Daily issued a stern warning to members of the Chinese military about the security risks posed by smart watches, fitness bands, and smart glasses, according to Quartz. But the Strava example shows that the United States may be at greater risk, with its relatively large footprint involving troops, intelligence personnel, diplomats, and contractors deployed overseas in sensitive areas or conflict zones.

The US military’s Central Command has already begun reassessing its privacy policies for the troops after the Strava revelations, according to reporting by The Washington Post and others. Current US military service policies seem to allow for use of fitness trackers and other wearables with the caveat that local commanders have the discretion to tighten security. In fact, the US Army has previously promoted use of Fitbit trackers as part of a pilot fitness program.

Some of the security tightening may involve certain “no-go areas” or “leave-at-home policies” for personal smartphones and wearables, similar to what already exists in sensitive offices of the Pentagon and other installations, Singer says.

'People on their third or fourth deployment are going to lose their minds or their marriages if they can't use tech to simulate normalcy.' Lynette Nusbacher, Military Historian

Certain military or intelligence facilities may also need upgrades to their security as a result of the Strava data reveal, says Lynette Nusbacher, a strategist and military historian based in the UK. She adds that militaries and other organizations will require constant, up-to-date training for both their leadership and the rank-and-file, to ensure they’re aware of the threat from modern geolocation technology.

The idea of banning wearable technologies outright may potentially make sense in certain cases: “A small minority of tier one special forces operators can go without toilet paper or soap or mobile phones for weeks,” Nusbacher says. But she warns that imposing extreme restrictions more broadly could reduce the number of people willing to sign up for military or intelligence stints overseas.

“When I was deployed on operations in 1999 we expected one phone call a week and dial-up internet,” Nusbacher says. “People on their third or fourth deployment are going to lose their minds or their marriages if they can't use tech to simulate normalcy.”

Many analysts place the burden of responsibility on the US military and other organizations for the lapse, rather than on Strava. The latter does, after all, allow users to choose whether they share their data. “Strava offered a service,” Nusbacher says. “It's not their fault that soldiers who needed better training and briefing turned that service into a vulnerability.”

But Paul Scharre, senior fellow and director of the Technology and National Security Program at the Center for a New American Security, argues that technology companies do have certain responsibilities, especially after a problem of this magnitude has been identified.

“Military service members, particularly in the special operations community, take operational security seriously: They would not have shared this data if they understood the consequences,” Scharre says. “If Strava was serious about the negative consequences of this data being public, they would temporarily take the maps offline and work with the government to scrub sensitive data. I do not think it is acceptable for a company to release data that might imperil the lives of US service members.”

In a statement, James Quarles, CEO of Strava, acknowledged that "members in the military, humanitarian workers and others living abroad may have shared their location in areas without other activity density and, in doing so, inadvertently increased awareness of sensitive locations. Many team members at Strava and in our community, including me, have family members in the armed forces. Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us."