Strava isn’t the only fitness tech company grappling with the security implications of its fitness tracking. Bellingcat and De Correspondent have discovered that Polar’s Flow social platform can reveal the homes of soldiers and intelligence officials with little effort. As it shows all of a given person’s published workouts on one map, you only have to find a sensitive installation (such as a military base or spy agency), pick someone who uses a Polar fitness tracker and then see if they have any workouts that end at a residence. Many of these people use their real names and tend to end workouts in front of their homes or hotels, making it easy to correlate their fitness info with social network profiles and other telltale data.
The researchers said they compiled a list of roughly 6,500 users, including soldiers in volatile areas (such as Baghdad or the Korean DMZ), NSA workers and the CEO of a manufacturing firm. It’s easy to understand the security risks based on that list — terrorists could use this to attack or kidnap high-profile targets at their most vulnerable.
To its credit, Polar has already responded to the concerns. It temporarily suspended Flow’s “explore” functionality and has been developing methods for keeping privacy under control, such as an option to clear your entire workout history at once.
Still, the findings suggest that the fitness tracking industry has yet to fully address the privacy concerns surrounding their devices. Companies like Polar and Strava have tended to focus on making fitness info widely accessible to foster their communities and drive sales, not on ensuring that people only reveal info to those they trust. Until there’s a broader shift in attitudes, exercise mavens may want to double-check what they’re sharing with social platforms and hold off if they’re uncomfortable.
This article originally appeared on Engadget.