• March 3: President Macron announces the Charles de Gaulle is deploying toward the Middle East amid the Iran conflict
• March 13 at 10:35 AM: A young officer (pseudonym “Arthur”) goes for a 35-minute jog on the carrier’s flight deck
• His smartwatch records the GPS coordinates and auto-syncs them to his public Strava profile
• Le Monde journalists spot the activity data and cross-reference it with satellite imagery
• The satellite photos clearly show the carrier and its escort ships northwest of Cyprus
• French Armed Forces confirm the behavior “does not comply with current guidelines”

• French Armed Forces spokesperson: The officer’s behavior “does not comply with current regulations” and “sailors are regularly made aware” of digital hygiene rules. Disciplinary measures expected.
• Le Monde (broke the story): Published satellite imagery confirming the carrier’s position almost immediately after the Strava activity was spotted
• Security researchers: Pointed out this is nearly identical to the 2018 Strava heat map fiasco that exposed CIA black sites in Somalia and Patriot missile batteries in Yemen
• Reddit/HN consensus: “We learned nothing from 2018. Absolutely nothing.”

Honestly, Strava has been a military intelligence goldmine for almost a decade:

• 2018: Australian researcher Nathan Ruser noticed jogging paths glowing in the Syrian desert on Strava’s global heat map. Those were U.S. military bases. Also exposed: a CIA base in Somalia, supply routes in Afghanistan, and patrol paths in Iraq.
• 2018: Pentagon issues a ban on fitness tracking apps and wearable devices for deployed personnel
• 2020-2024: Multiple smaller incidents involving soldiers at various NATO bases posting public activities
• 2026: A French officer runs laps on a nuclear carrier heading into a conflict zone… on a public profile

The pattern is always the same: someone forgets (or doesn’t know) their profile is public, GPS data gets uploaded, and suddenly a classified location is on the internet for anyone with a browser.

Okay but seriously — this isn’t some base that’s already semi-public knowledge. This is a moving nuclear-powered aircraft carrier in active deployment toward a live conflict zone. The ship was transitioning from Baltic NATO exercises to the Middle East during the Iran crisis.

Knowing a carrier’s real-time position lets adversaries:

• Track movement patterns and predict arrival times
• Position submarines or anti-ship missiles along the route
• Monitor escort fleet composition from satellite imagery tagged to the location

The carrier group includes destroyers, frigates, and a nuclear submarine. One dude’s Garmin just told everyone where all of them were.

Most companies and organizations have zero idea what their employees are leaking through fitness apps, social media check-ins, and photo metadata. You can build a consultancy around auditing digital footprints and showing clients exactly what their staff is broadcasting.

Example: A freelance security consultant in Estonia ran OPSEC audits for three Nordic defense contractors. Used OSINT (open-source intelligence) tools to map employee Strava profiles, LinkedIn locations, and photo EXIF data. Charged €2,500 per audit. Got a retainer contract within two months.

Timeline: 2-3 weeks to build methodology + sample report → pitch defense/gov contractors → first paying client within a month

Honestly, the number of people who don’t know their Strava/Garmin/Apple Watch profiles are public is staggering. There’s a massive content opportunity in creating step-by-step privacy lockdown guides for every major fitness and social platform. YouTube, TikTok, blog — pick your format.

Example: A cybersecurity blogger in Portugal started a “Lock It Down” YouTube series showing how to audit privacy settings on 20+ apps. One Strava video hit 340K views after a military leak news cycle. Monetized through affiliate links to privacy-focused alternatives and a $15 Gumroad checklist pack. Pulls ~$1,800/month.

Timeline: Film first 5 videos in a weekend → publish during the news cycle → monetize with digital products within 2 weeks

Open-source intelligence is a real skill that journalists, researchers, and security teams pay to learn. If you can teach people how to find public Strava activities, cross-reference satellite imagery, and verify locations — that’s a course people will buy.

Example: A former military intelligence analyst in the Netherlands built a 6-module OSINT course on Teachable. Covers Strava recon, Google Earth temporal analysis, social media geolocation. Priced at €199. Sold 420 copies in the first quarter after launching during a similar news event. Revenue: ~€83K first year.

Timeline: 4-6 weeks to build course content → launch during next OPSEC news cycle → first sales within days of launch

Every company with sensitive operations (energy, defense, biotech, finance) should be training employees on what NOT to share publicly. This is a B2B training product waiting to happen — slide decks, workshops, and recurring compliance check-ins.

Example: A two-person security firm in Poland pivoted from penetration testing to digital hygiene workshops for EU defense subcontractors. They run half-day sessions covering fitness apps, metadata, social engineering vectors. Charge €3,000 per workshop. Book 3-4 per month. The Strava carrier story is now slide 2 of their deck.

Timeline: 1-2 weeks to build workshop materials → cold-email procurement departments at defense/energy firms → first booking within a month