How a Jog on a Flight Deck Gave Away France's Most Powerful Warship

When Your Fitness App Becomes a National Security Incident

There are plenty of ways to compromise the location of a nuclear-powered aircraft carrier. You could intercept encrypted communications, deploy sophisticated satellite surveillance, or recruit a well-placed spy. Or, apparently, you could just check Strava.

A French naval officer, referred to by the pseudonym 'Arthur' in the original Le Monde investigation, managed to broadcast the precise position of the Charles de Gaulle to absolutely anyone with an internet connection. His crime? Going for a jog.

The Run That Rocked the French Navy

On 13 March 2026, at 10:35 a.m., Arthur laced up his trainers and set off on a run around the flight deck of France's flagship aircraft carrier. He covered just over 7 kilometres (one source pins it at 7.23 km) in roughly 35 minutes. Not a bad pace, especially when your running track is 262 metres of steel surrounded by the Mediterranean Sea.

The problem, of course, is that Arthur had his fitness tracker synced to Strava, the social network beloved by runners and cyclists worldwide. His activity was uploaded publicly, complete with GPS coordinates that placed the Charles de Gaulle in the eastern Mediterranean, northwest of Cyprus and approximately 100 kilometres from the Turkish coast.

Le Monde, the French newspaper that broke the story, went the extra mile (pun very much intended) and cross-referenced the Strava data with satellite imagery taken shortly after the run. The coordinates matched perfectly. So much for operational secrecy.

Why This Matters More Than You Might Think

This was not some routine peacetime cruise. President Macron had announced the carrier's deployment on 3 March 2026, just days after the start of US-Israeli strikes on Iran. The Charles de Gaulle, which carries Rafale fighter jets, airborne early warning aircraft, and helicopters, was heading to the region as part of a task force that includes three frigates and a supply ship. It had been pulled from NATO exercises in the Baltic Sea, where it had been scheduled to operate through May.

In other words, this was a high-stakes, strategically sensitive deployment. Knowing the exact location of a carrier strike group is the kind of intelligence that hostile nations would ordinarily invest enormous resources to obtain. Arthur handed it over for free, sandwiched between someone's parkrun PB and a Sunday morning cycling loop.

Arthur Was Not Alone

To make matters worse, Le Monde's investigation found that at least one other crew member aboard the Charles de Gaulle had also been sharing geolocated fitness activity online. That individual reportedly posted not just exercise data but photographs of the ship's deck, images of fellow sailors, and pictures of onboard equipment. It is the kind of digital footprint that any intelligence analyst would consider an absolute gift.

The French Armed Forces General Staff responded with a statement confirming that the activity violated digital security rules, noting that 'appropriate measures will be taken by the command'. One imagines those measures will involve a rather stern conversation and perhaps a newfound appreciation for offline workouts.

A Problem That Keeps Coming Back

Here is the truly baffling part: this is not even close to being the first time Strava has caused a military security headache. The so-called 'StravaLeaks' saga has been rumbling on for nearly a decade now, and the French military has been caught out before.

The watershed moment came in 2018, when Strava published a global heatmap showing the aggregated activity of its users. Researchers quickly spotted that the heatmap lit up like a Christmas tree around military installations in Afghanistan, Iraq, and Syria, effectively revealing the layouts of bases that were supposed to be secret. The US Department of Defense responded by banning fitness-tracking apps in operational areas that same year.

France, evidently, did not follow suit with the same enthusiasm.

In 2020, researchers managed to identify 14 members of the SAS at their top-secret base in Hereford through Strava profiles. In 2022, a separate investigation exposed around 100 individuals connected to six classified Israeli military sites via the app. And in January 2025, barely a year before the Charles de Gaulle incident, French Navy submariners shared patrol information through Strava in what officials diplomatically described as 'personnel negligence'.

As the cybersecurity outlet Cybernews put it in their headline: 'Strava exposes French troops... again'. At this point, it is less a security lapse and more a tradition.

The Tension Between Personal Tech and Institutional Security

There is a genuine lesson here that extends well beyond the military. We live in an age where our devices constantly broadcast our locations, habits, and routines. Most of us accept this trade-off willingly because we want to track our 5K times or share our weekend hikes. But the Charles de Gaulle incident is a sharp reminder that location data, even from something as innocuous as a morning jog, can have consequences far beyond what we intend.

For military personnel, the stakes are obviously extreme. But for ordinary users, it is worth thinking about what your fitness app reveals about your patterns. When you leave home, when you return, your regular routes, the times you are away from your property. Stalkers, burglars, and bad actors of all sorts can piece together a worrying amount from publicly shared activity data.

Strava does offer privacy controls. You can set your profile to private, create privacy zones around sensitive locations, and disable GPS sharing. The trouble is that these settings require active effort, and the default nudge of any social fitness platform is towards sharing. Sharing is what drives engagement, after all.

What Happens Next?

The French military has given no indication of what specific disciplinary action Arthur will face, beyond the ominous promise of 'appropriate measures'. Given the scale of the embarrassment, one suspects this will be taken seriously at the highest levels.

The broader question is whether this latest incident will finally prompt a comprehensive ban on fitness-tracking apps during active deployments across NATO forces. The Americans made that call back in 2018. The British military has tightened its guidance over the years, not least after the SAS Strava revelations. France, despite repeated incidents, appears to have relied on guidelines and good sense rather than an outright prohibition.

Good sense, as Arthur has demonstrated, is not always evenly distributed.

The Verdict

This story would be funny if the implications were not so serious. A single unsecured fitness app broadcast the location of a nuclear-powered aircraft carrier during a sensitive deployment to anyone who cared to look. The technology to prevent this exists. The policies to prevent this exist. What appears to be missing is enforcement and, frankly, basic digital awareness among personnel who really ought to know better.

If there is a silver lining, it is that the leak was spotted by journalists rather than a hostile intelligence service (or at least, we hope it was spotted by journalists first). But relying on luck is not a security strategy. Until militaries treat personal devices as the operational security risk they clearly are, we will keep seeing these stories. And Strava will keep racking up the kind of publicity its marketing team definitely did not ask for.

Read the original article at source.