Polar's social platform is revealing sensitive location data worldwide
Back in January, popular fitness app Strava released what it called a "Global Heat Map" — a visualization of two years of location and exercise data from Strava's users. Unfortunately, in doing this, the company made it incredibly easy to map out and identify sensitive militaristic locations, from U.S. bases to Turkish patrol areas. Now, according to Foeke Postma of Bellingcat, it seems that Polar — fellow fitness company and maker of the first wireless heart rate monitor for athletes — is revealing similarly sensitive data an an even more dangerous and accessible way.
While Strava simply highlighted where its users exercised without revealing any names (meaning that anyone looking to track an individual's movements would also have to do some cross-referencing work), Postma reports that Polar's social platform, Polar Flow, gives all of a user's personal information in one place. That, scarily enough, may even include things like the location of an individual's home, a profile photo, and more. All one has to do to get a user's full movement history and information is navigate to a site on Polar Flow's map and select a profile there.
Postma goes on to give a few very unsettling examples of how easily traceable sensitive locations, operations, and individuals are, down to their daily exercising habits and how often they vary from them. The program even shows where an individual has traveled since 2014 if they've tracked their exercise there, which, in some cases, can lead to finding out what hotels and local businesses they favor.
Overall, Potsma and Bellingcat (along with Dutch journalism platform De Correspondent) were able to compile a list of approximately 6,500 unique users from Polar's site, with their exercise logs openly displaying the places they "work, live, and go on vacation." The users in question run the gamut from employees at nuclear weapons bases to Russian soldiers troops stationed near the North Korean border. It doesn't take a genius strategist to consider how this information could pose a huge threat to security worldwide. And, just as importantly, the pretty terrifying implications of this data being available publicly extend to civilians who use Polar devices as well: with Polar's technology, anyone could trace an individual's daily movement patterns, where they live, how long they're away from home each day at certain times, and if they're away on vacation. As Postma states, in some case, even with Polar's privacy settings cranked up, some data will still be "easily retrievable," such as profile locations and user IDs.
Now, this isn't all to say "FITNESS TRACKERS ARE TERRIFYING, NEVER USE THEM AGAIN!" I mean, you can do that if you like, that's completely your prerogative. However, it's more to make you aware of what data these sorts of devices and services collect and may share publicly if you're not very vigilant about you use them. Like with every other app that has one hand in your personal data and the other in the internet, you should always err on the side of caution when doing things like creating a profile or sharing your location. Postma does mention that since Bellingcat's investigation into the matter, Polar has temporarily suspended its Explore feature and is currently problem-solving to come up with ways to combat these security issues. However, if in the meantime you'd like to batten down the hatches just in case, he advises doing things like creating a profile that doesn't reflect your actual identity and monitoring your app permissions. I also suggest not connecting your fitness tracker to any of your social media accounts on sites like Facebook and Twitter — as we know, those can also already collect a whole mess of data on their own.
For more information on this issue and how to combat it, check out Bellingcat's article here.
Do you use fitness trackers? If so, how do you protect your personal data? Share in the comments below.
Get the best of iMore in your inbox, every day!
Tory Foulk is a writer at Mobile Nations. She lives at the intersection of technology and sorcery and enjoys radio, bees, and houses in small towns. When she isn't working on articles, you'll likely find her listening to her favorite podcasts in a carefully curated blanket nest. You can follow her on Twitter at @tsfoulk.