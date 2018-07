© Suhaib Salem / Reuters



which they chose to provide publicly on the Polar app.

Fitness company Polar was forced to suspend its activity map after it was used to unmask some 6,500 military and intelligence officers, including those at nuclear sites, in combat in Syria and stationed at the North Korean border.The vulnerability that allowed virtually anyone to identify individuals working at top-secret locations, such as military bases overseas, by sifting through exercise regimens of people in that area, has been jointly reported by Bellingcat and the Netherlands' De Correspondent. The revelation was made possible thanks to the Finnish company's Polar Flow feature that shows workout activity of the users of its appPolar, unlike some other apps, tracks and publishes exercise information in full, includingof the exercise. By analyzing the start and end points of workouts, it is reportedly possible to locate the homes of users. From there,The task was relatively easy, as the app has trackedand has collected a vast pool of data for each of its users, the investigators say. As a result, some 6,500 unique users have been identified. Among them are, those deployed to the demilitarized zone separatingMaking your data really private on Polar Flow used to require a number of non-obvious steps, which most users apparently either didn't know about or didn't bother with. Even if all hoops had been jumped, data like names, locations and photos remain publicly available, and it is still possible to retrieve a user's ID and establish that different exercise sessions belonged to the same user.The practice was in effect for over three years and only ended in August last year when the company made the most private option its default setting.After apparently being notified about the report on its flaws,, used in Flow. In a statement, the company said that it has "recently learned that public location data shared by customers via the Explore feature in Flow could provide insight into potentially sensitive locations."Falling short of acknowledging its responsibility for the potentially disastrous data leak, Polar instead pinned the blame on the users themselves, noting that "the decision to opt-in and share training sessions and GPS location data is a choice and responsibility of the customer."It also stressed thatThe case of the Finland-based company bears many similarities with that of fitness tracking app Strava, which involuntarily exposed the possible locations of many sensitive sites and military personnel on secret missions in combat zones. In the wake of the scandal, Strava updated its all-too-revealing global heat map, tightening user privacy.