Who’s watching you track your fitness?

Everyone in my office wears a fitness tracking device of some kind. I personally wear an Apple Watch as it’s the most secure. Unfortunately that’s a real concern ever since Strava had issues showing troop movements overseas. By looking at this data anyone can follow staff, students, patients or executives right to their front doors.

Now Bellingcat and De Correspondent have discovered that Polar’s Flow social platform can reveal the homes of soldiers and intelligence officials with little effort. As it shows all of a given person’s published workouts on one map, you only have to find a sensitive installation (such as a military base or spy agency), pick someone who uses a Polar fitness tracker and then see if they have any workouts that end at a residence. Many of these people use their real names and tend to end workouts in front of their homes or hotels, making it easy to correlate their fitness info with social network profiles and other telltale data. The same holds true for your staff.

The researchers said they compiled a list of roughly 6,500 users, including soldiers in volatile areas (such as Baghdad or the Korean DMZ), NSA workers and the CEO of a manufacturing firm. It’s easy to understand the security risks based on that list — terrorists could use this to attack or kidnap high-profile targets at their most vulnerable.

The findings suggest that the fitness tracking industry has yet to fully address the privacy concerns surrounding their devices. Companies like Polar and Strava have tended to focus on making fitness info widely accessible to foster their communities and drive sales, not on ensuring that people only reveal info to those they trust. Until there’s a broader shift in attitudes, exercise mavens may want to double-check what they’re sharing with social platforms and hold off if they’re uncomfortable.