I watched a 35‑minute run appear on my screen and realized the tracker was tracing a warship’s path. You feel that quiet, wrong electric moment when a routine workout becomes an intelligence feed. The moment hit me like a living map.
A sailor ran 35 minutes and posted that run while at sea.
On the morning of March 13 a French navy sailor uploaded a seven‑kilometer, 35‑minute route to Strava. The route didn’t hug a shore — it showed loops in the middle of the Mediterranean, northwest of Cyprus, where France’s nuclear carrier and its escort squadron were operating.
President Emmanuel Macron had ordered the carrier to move from the Baltic to the Mediterranean on March 3 to protect allied assets amid rising U.S. military activity in the Middle East. What might have been an administrative redeployment turned into a real‑time breadcrumb trail when Le Monde cross‑checked the Strava file against satellite imagery taken about an hour later: the carrier sat roughly six kilometres from where the run was geolocated, as if someone had flipped on a lighthouse.
Can fitness apps reveal military locations?
Yes. Publicly shared, geotagged activities create precise time‑stamped traces that anyone with a Strava account and basic OSINT tools can follow. Strava has privacy controls that let you hide activities or create safe‑zones, but many users keep profiles public by default. The platform counts nearly 200 million users worldwide, and that volume makes accidental disclosures routine.
Le Monde tracked the same sailor across months and theaters.
The reporter didn’t stop at one run. Le Monde matched the profile to activities in February — first off France’s Cotentin Peninsula, then on land in Copenhagen — and found other public profiles posting geolocated workouts that revealed their ship’s position.
This is part of a pattern Le Monde calls “StravaLeaks.” The outlet previously linked location data from fitness trackers to protection details for heads of state, including a case where a security team’s activity helped identify a hotel used by former U.S. President Joe Biden in San Francisco. Public photos from crew profiles — decks, personnel, equipment — added context to the raw geodata and made triangulation faster.
How did Strava pinpoint the French carrier?
It’s simple OSINT: a public Strava activity gives a timestamped GPS track. Combine that with satellite imagery taken nearby and you get a very small search area. Le Monde matched the run’s coordinates and time to images captured an hour later, narrowing the carrier’s position to within a few kilometres. Add other public traces — photos, port calls, follower patterns — and the picture clarifies quickly.
The armed forces warned about geolocation risks years ago.
This isn’t new. In 2018 the Pentagon banned deployed personnel from using geolocation features on government and personal devices in operational areas after similar leaks. The French Armed Forces General Staff told Le Monde that sharing a run on Strava “does not comply with current guidelines” and said digital hygiene is a prerequisite before any deployment.
Strava’s support pages explain privacy options, and commanders can mandate settings or restrict device use. Still, policy and practice often drift apart: sailors bring smartphones aboard, trainers encourage tracking, and the internet rewards sharing. The tension between personal fitness culture and operational security is real.
Small habits create big intelligence gaps.
A single public workout can become a query string for researchers and adversaries alike. I’ve seen amateur analysts use nothing more than Strava exports, satellite viewers and a handful of public images to assemble a movement log that would make an operations officer nervous.
If you manage people with access to ships or sensitive sites, the hygiene checklist is short: enforce privacy settings, limit camera use in sensitive zones, and audit public profiles before deployment. If you use the app yourself, switch to private activity or set a privacy zone for home and work. The tools are there; the will to use them often isn’t.
Le Monde, Strava, the French Ministry of Armed Forces and satellite imagery providers are now part of the same accidental feedback loop: civilian apps feeding military intelligence, newspapers turning data into maps, and authorities promising corrective action. The practice is as human as it is avoidable — and it keeps happening.
If a single jog can betray a carrier’s position, what else are we casually broadcasting to anyone who knows where to look?