Apologizing to the military sounds like an attempt to frame the problem as narrowly as they can, to a specific problematic instance. Tactical spin or genuine disregard for privacy?
I really don't understand how this is Strava's fault.
If you're stupid enough to actively record and upload your GPS data from geographically sensitive locations, then maybe you shouldn't be allowed to work at those locations, or allowed to have devices that are capable of doing so.
Would you blame instagram/facebook if people were posting photos from inside Area 51?
It seems pretty evident that people thought this was private, and Strava did a bad job of communicating that it wasn't. There is also the issue of people in rural areas where they are potentially identifiable.
If the user was not aware its location was being uploaded, then yes, it is Strava's fault. They should not be using your data, on the assumption that it is not sensitive, without explicit consent (preferably opt-in).
They are only following the "industry standard" though. I bet the military would be surprised on how much location data leaks to Google location history, the only difference being it is not publicly available (yet).
