Stravaleaks: Le Monde Tracks France's Aircraft Carrier in Real Time via Fitness App Data

When Your Morning Run Becomes a National Security Issue

Le Monde has demonstrated that France's flagship nuclear aircraft carrier, the Charles de Gaulle, can be tracked in real time using data from crew members' fitness apps — a stunning illustration of how seemingly innocuous consumer technology can compromise military operations.

The investigation, dubbed "Stravaleaks" by the French media, reveals a persistent and unresolved tension between the convenience of fitness tracking and the operational security of military forces.

How It Works

The methodology is straightforward:

1. Crew members use fitness apps — Sailors aboard the carrier use apps like Strava to track their runs, walks, and workouts
2. GPS coordinates are shared publicly — Many users default to sharing their activity maps publicly
3. Ship's position is revealed — When multiple crew members upload activities from the same location, the carrier's position becomes clear
4. Real-time tracking is possible — By monitoring new uploads, the ship's movements can be followed in near real time

History Repeating

This is not a new problem. In January 2018, a global Strava heatmap revealed the locations and layouts of:

• Secret U.S. military bases in Syria and Afghanistan
• CIA black sites
• Patrol routes in sensitive areas
• The perimeter of Area 51

The 2018 incident prompted widespread policy changes, but clearly not comprehensive ones. The fact that Le Monde could replicate this tracking in 2026 on France's most important naval asset shows that the lessons haven't been fully internalized.

Why It Matters

The Charles de Gaulle is France's only nuclear-powered aircraft carrier and a critical component of French power projection. Real-time location data could enable:

• Adversary surveillance — Hostile nations could monitor deployment patterns
• Mission prediction — Tracking movements could reveal operational intentions
• Timed attacks — Knowing a carrier's position reduces the element of surprise
• Crew analysis — Activity patterns could reveal crew size, rotation schedules, and morale

The Broader Problem

This is symptomatic of a wider issue in military operational security (OPSEC):

• Consumer tech adoption outpaces policy — Wearables, smartwatches, and fitness apps are ubiquitous, but military policies often lag
• Default settings are dangerous — Most fitness apps default to public sharing, requiring users to actively opt for privacy
• The data is aggregated — Even if individual users set their activities to private, aggregated data from public profiles can reveal patterns
• Enforcement is difficult — Banning fitness apps on ships is impractical; personal devices are essential for crew morale

Solutions

Possible mitigations include:

1. Geofencing — Fitness apps could implement military zone geofencing that automatically restricts data sharing in certain areas
2. Mandatory private settings — Military organizations could require proof of private settings for personal devices
3. Device policies — Some navies already restrict smartphone use on sensitive vessels
4. Education campaigns — Making personnel aware of the risks of oversharing

Implications for the AI Era

As AI-powered analysis tools become more sophisticated, the threat from publicly available data increases. What required manual investigation in 2018 can increasingly be automated with machine learning models that detect patterns in fitness data, social media posts, and other digital footprints.

The Stravaleaks investigation is a reminder that in the age of ubiquitous tracking, operational security must evolve from perimeter-based thinking to data-first thinking.