French Aircraft Carrier's Location Leaked on Strava: An Eight-Year-Old Problem That Won't Die

A single morning run on the flight deck of France’s only nuclear-powered aircraft carrier just broadcast its precise coordinates to the entire internet. But the real story isn’t one sailor’s mistake; it’s that every military in the world has known about this vulnerability since 2018 and still hasn’t figured out how to stop it. The Core Story: What Happened on the Deck? On the morning of Friday, March 13, 2026, a French naval officer identified only as “Arthur” strapped on a smartwatch and went for a jog on the flight deck of the FS Charles de Gaulle, France’s flagship aircraft carrier and the only nuclear-powered carrier outside the U.S. Navy. He ran 7.23 kilometers in just over 35 minutes, a respectable pace for a 300-meter-long floating runway. The problem: Arthur’s Strava profile was set to public. The fitness app recorded his GPS coordinates in near-real time and published them as a map showing a distinctive back-and-forth jogging route, barely 300 meters wide, tracing the unmistakable outline of a carrier flight deck. The route placed the Charles de Gaulle in the eastern Mediterranean, south of Cyprus and north of Egypt, roughly 100 kilometers from the Turkish coast. Le Monde , the French newspaper that broke the story, verified the breach using commercial satellite imagery taken shortly after the jog, which clearly showed the distinctive 262-meter silhouette of the carrier exactly where Strava said it was. The Charles de Gaulle had been redeployed to the eastern Mediterranean on March 3 after President Emmanuel Macron ordered the carrier strike group to move from the Baltic Sea to the Middle East following Iranian-linked drone strikes on Cyprus, a European Union member state and French ally. The carrier’s location was classified operational information. Context & Global Impact: An Eight-Year-Old Problem That Won’t Die This is not an isolated incident. It is the latest, and arguably most embarrassing, chapter in a recurring security failure that has plagued every major military in the world since fitness tracking apps went mainstream. 2018: The original Strava heatmap disaster. Australian researcher Nathan Ruser discovered that Strava’s Global Heatmap was glowing in the middle of the Syrian desert, outlining perimeters, supply routes, and patrol paths of U.S. and allied military bases in Iraq, Afghanistan, and Syria. The Pentagon subsequently banned fitness trackers in deployed environments. 2022: Israeli military bases exposed. The Israeli NGO FakeReporter revealed that an anonymous user had uploaded fake Strava segments at six top-secret Israeli military installations, including facilities linked to Israel’s nuclear program, to identify real soldiers exercising at those locations. 2024: The “Kevin D” operation. A Strava profile called “Kevin D” uploaded 60 fake runs across 30 Israeli military bases in rapid succession, using the app’s social features to unmask the identities and exercise patterns of military personnel. 2026: The Charles de Gaulle. Despite all previous incidents, a French naval officer’s public Strava profile broadcast the real-time position of a nuclear aircraft carrier during an active military deployment in a conflict zone. Why Bans Don’t Work The core problem is behavioral, not technological. Militaries can issue orders prohibiting fitness apps. But service members are young, health-conscious, and deeply habituated to tracking their workouts. A 22-year-old sailor who has used Strava every day since age 16 does not instinctively think of a morning jog as a security operation. The cognitive gap between “I’m going for a run” and “I’m broadcasting classified coordinates” is enormous. Le Monde’s investigation found that Arthur was not alone. Several other sailors aboard the Charles de Gaulle also had public Strava profiles, and at least one had posted photos revealing the ship’s location alongside images of the deck, crew members, and onboard sports equipment. The Adversary Advantage What makes fitness app leaks uniquely dangerous is that they require zero sophisticated intelligence capability to exploit. Any person with internet access can search Strava’s public activity feed, identify military personnel by their exercise patterns, and geolocate sensitive assets. State intelligence services, particularly Russian and Chinese cyber units, are known to systematically scrape fitness app data as part of open-source intelligence (OSINT) collection. What’s Next: The Unsolvable Problem France’s Ministry of Armed Forces has not yet issued a public statement on the breach, though Le Monde reports that internal disciplinary proceedings are expected. The larger question remains: can any military actually enforce a fitness app ban across hundreds of thousands of service members who carry internet-connected devices everywhere they go? The honest answer, after eight years of trying, appears to be no. The more realistic solution may be technological, requiring device-level GPS blocking in sensitive areas or working with app companies to create military geofencing zones. Until then, the world’s most powerful warships will continue to be trackable by anyone with a Strava account and five minutes of curiosity. Frequently Asked Questions How was the French aircraft carrier’s location leaked? A sailor named “Arthur” jogged 7.23 km on the flight deck of the FS Charles de Gaulle with his Strava fitness app set to public. The GPS data traced the carrier’s exact position in the eastern Mediterranean, verified by Le Monde with satellite imagery. Has this happened before with military bases? Yes. In 2018, Strava’s Global Heatmap exposed U.S. and allied bases in Syria, Iraq, and Afghanistan. In 2022 and 2024, fake Strava profiles were used to identify Israeli military personnel at secret installations. Why can’t militaries just ban fitness apps? They have tried repeatedly. The problem is behavioral. Young service members are habituated to fitness tracking and often don’t recognize a morning jog as a security risk. Policy bans have proven difficult to enforce. Tags: Strava