LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How can aggregated fitness-tracking data become a serious security risk?

When many individuals' "harmless" location traces are aggregated and published, they can reveal sensitive patterns — like the layout of secret military bases — that no single data point would expose.

Individually trivial fitness traces aggregate into the Strava heatmap, revealing secret military base layouts

* The mosaic effect — trivial individual traces become a sensitive whole once aggregated. *

This is the famous Strava heatmap lesson. Strava (a fitness app) published a global heatmap aggregating where its users run and cycle. In 2018, analysts noticed bright activity tracks in remote, otherwise-dark regions — soldiers exercising inside forward operating bases with their fitness trackers on had effectively drawn the perimeters and internal paths of classified facilities.

Why aggregation is the danger:

  • One person's jog is meaningless.
  • Thousands of jogs, layered together, become a map.
  • Data that is individually trivial becomes collectively sensitive — a property called the mosaic effect.

Real-world fallout: the incident prompted militaries to change device policies, and it's now a textbook example of unintended intelligence exposure through opt-out-by-default sharing.

Tip: The defensive lesson — privacy settings default to "share," and "anonymous, aggregated" data is rarely as harmless as it sounds. Explore the heatmap yourself at strava.com/heatmap.

Go deeper:

From Quiz: PRIVACY / Social Media Intelligence (SOCMINT) | Updated: Jul 05, 2026