Polar Fitness suspends its global activity map after privacy concerns

First it was Fitbit giving away secret military locations  Now it’s Finnish competitor Polar with security issues…


Andrew Liptak – The Verge – Monday, 9 July 2018

Finnish fitness company Polar has temporarily suspended Explore, its global activity map after a pair of reports from De Correspondent and Bellingcat (via ZDNet) pointed out flaws in the app’s privacy settings that made it easy for someone to locate the location data of users, echoing a similar privacy incident with another fitness app earlier this year. It’s a worrying discovery, as one report was able to use the information to locate the names and addresses of thousands of users who appeared to work for military and intelligence services.
Polar is a Finish company that produces a variety of smart devices, including the Polar Balance smart scale, the M600 smartwatch, and M430 running watch, all of which are connect to the company’s fitness app, Polar Flow. The company’s devices work together to record one’s weight and activity, which can appear on a user’s online profile. Users can have their information included in Explore, but can also opt to have their profiles marked private, which Polar says will prevent the service with sharing that information to third party apps like Facebook.
The joint investigation found that someone could use the data from Polar’s map to locate sensitive military sites, as well as enough information to locate a user’s name and address. User activity was plotted on Explore, including the activities of personnel fighting ISIS in Iraq. But unlike Strava, which was found to simply revealed potentially sensitive location data earlier this year, the reporters were able to dig deeper and locate the names and addresses of Polar users, including military personnel from various military and intelligence agencies around the world.
De Correspondent explains that it found that Polar’s Explore map keeps track of every user’s activity since 2014, and that by using that information, it was able to locate 6,460 users who used the service near sensitive facilities. Because each user was identified with the activity, the reporters were able to use their name and city to cross-reference the information to figure out a user’s home address.
More worrying, De Correspondent notes that Polar Flow had a flaw that allowed them to get information from users who had marked their profiles private and that API didn’t put a cap on the number of requests that someone could make, allowing them to pull up a user’s entire workout history, which they say “made it much easier to determine their home address, where people’s workouts often begin and end.” Bellingcat noted that it was able to scrape Polar’s website for information about specific locations, and gathered up a considerable amount of data.


Martin Harris

I have a lovely partner and 3 very active youngsters. We live in the earthquake ravaged Eastern Suburbs of Christchurch, New Zealand. I began commenting/posting on Uncensored back in early 2012 looking for discussion and answers on the cause and agendas relating to our quakes. I have always maintained an interest in ancient mysteries, UFOs, hidden agendas, geoengineering and secret societies and keep a close eye on current world events. Since 2013 I have been an active member of theCONTrail.com community, being granted admin status and publishing many blogs and discussion threads. At this time I'm now helping out with admin and moderation duties here at Uncensored where my online "life" began.

Next Post

Samoa recalls vaccines after child deaths: "Those Responsible Will Be Made To Answer"

Wed Jul 11 , 2018
The head of the Ministry of Health in Samoa has ordered the immediate recall of all measles, mumps and rubella (MMR) vaccines after the deaths of two one-year-olds.  By Michael Morrah, Newshub Staff, 10 July 2018 The children were given the MMR vaccine on Friday at Safotu Hospital on the […]
deaths CDC

You May Like