Strava isn’t the only fitness tech company grappling with the security implications of its fitness tracking. Bellingcat and De Correspondent have discovered that Polar’s Flow social platform can reveal the homes of soldiers and intelligence officials with little effort. As it shows all of a given person’s published workouts on one map, you only have to find a sensitive installation (such as a military base or spy agency), pick someone who uses a Polar fitness tracker and then see if they have any workouts that end at a residence. Many of these people use their real names and tend to end workouts in front of their homes or hotels, making it easy to correlate their fitness info with social network profiles and other telltale data.
The researchers said they compiled a list of roughly 6,500 users, including soldiers in volatile areas (such as Baghdad or the Korean DMZ), NSA workers and the CEO of a manufacturing firm. It’s easy to understand the security risks based on that list — terrorists could use this to attack or kidnap high-profile targets at their most vulnerable.
To its credit, Polar has already responded to the concerns. It temporarily suspended Flow’s “explore” functionality and has been developing methods for keeping privacy under control, such as an option to clear your entire workout history at once.