Back to Home

Strava revealed the location of the de Gaulle aircraft carrier: OPSEC risks

French officer via Strava revealed coordinates of the aircraft carrier “Charles de Gaulle”. The incident highlights risks of public GPS tracks for OPSEC. Recommendations include profile privacy and OSINT monitoring.

Run on Strava revealed France's aircraft carrier in the Mediterranean Sea
Advertisement 728x90

# Strava Workout Reveals Location of Aircraft Carrier Charles de Gaulle

A crew member on the French aircraft carrier Charles de Gaulle logged a run in the Strava app with geolocation enabled, allowing the ship's exact position in the Mediterranean Sea to be publicly pinpointed. The incident happened on March 13 northwest of Cyprus, about 100 km from the Turkish coast. The data became available to all users because of the open profile.

How Strava Leaks Military Secrets

Strava aggregates GPS tracking data from smartwatches and smartphones, creating heatmaps of activity. Service members often use the app for fitness, but public logs reveal not just personal routes but also base infrastructure, convoys, and ships.

In this case, a 35-minute run along the aircraft carrier's deck produced a clear track matching the ship's outline. The profile under the pseudonym "Arthur" was public, making the coordinates available for anyone to analyze. Le Monde noted that while the Charles de Gaulle's presence in the region wasn't a secret, the precise coordinates pose risks to escort operations and logistics.

Google AdInline article slot

Risks to OPSEC in the Age of Fitness Trackers

Operational security (OPSEC) for service members is under threat from consumer apps. Strava records not only land-based runs but also at-sea ones—on ship decks or near bases.

  • Base heatmaps: In 2018, Strava analysis exposed secret US facilities in Afghanistan and Syria.
  • Sea tracks: Runs on aircraft carriers outline ship shapes, including hangars and flight decks.
  • Group activities: Crews create activity clusters that reveal group sizes.
  • Timestamps: Syncing with maneuver schedules amplifies vulnerabilities.

The French Ministry of Defense confirmed the violation: a public Strava profile goes against instructions. Command will take action, including disciplinary measures.

Recommendations for Minimizing Risks

Developers and cybersecurity specialists can study these incidents to build monitoring tools.

Google AdInline article slot
  • Profile privacy: Set visibility to "private" or "friends only".
  • Disable geolocation: Block GPS during duty or at facilities.
  • Corporate policies: Integrate with MDM systems to control apps on devices.
  • OSINT analysis: Regularly scan Strava for leaks using API or scraping.
  • Alternatives: Use offline trackers without cloud sync.

In corporate settings, similar risks come from employee fitness data: HR policies should cover rules for BYOD.

Key Takeaways

  • Precise track: A 35-minute run exposed the carrier's coordinates 100 km from Turkey.
  • Public profile: Open access on Strava made the data publicly available.
  • OPSEC violation: France's Ministry of Defense acknowledged the incident and promises measures.
  • Broader context: Strava leaks have previously compromised US and NATO bases.

— Editorial Team

Advertisement 728x90

Read Next