- USDT(TRC-20)
- $0.0
Strava is a hugely popular, and really nicely featured, running and cycling app. Itās my pick for the best running app, despite its flaws. But itās always had serious privacy issues, including the one just reported by French newspaper Le Mondeāit allegedly revealed the locations of world leaders via their bodyguardsā Strava accounts.
The data goes beyond āthe President is in Washington, D.C.ā or āthe President is in the White House.ā Le Monde reports that it found āhotels and meeting places, often undisclosed to the public,ā and noticed Vladimir Putinās bodyguards frequenting the areas around two mansions that Putin has denied are his. The data also pointed to the whereabouts of Melania Trump, Jill Biden, and secret service agents working at the location of Donald Trumpās two recent assassination attempts.
Strava has an extensive set of mapping tools, which are powered by the data in its global heatmap. This is basically a map of the world with peopleās running and cycling routes highlighted. If you, personally, right now, go out for a jog around the block, and track it with Strava (or with an app that syncs to Strava), the roads you jogged on get a little bit brighter on that heatmap.
You can see the global heatmap here, although youāll need a premium Strava subscription to view street-level data. (And, yes, itās little bit fucked up that free users can add to the heatmap but not be able to see how their own data shows up to the world.)
The heatmap (and other location-based data, like Segments) arenāt very intrusive if youāre looking at a popular park or trail. But zoom out to the countryside, or the suburbs, and youāll notice some bright roads on the heatmap in very specific places. A loop around a certain housing development, or a military base.
And how does that reveal the whereabouts of a specific, named person? Well, itās very similar to how I used the weekly version of the heatmap to find the name and home address of a stranger based on semi-public Strava data. In my mini investigationāwhich took mere minutesāI found an unpopular route, looked for Segments along that route, found a person who had run it repeatedly, and looked at that personās other running data. Combine that Strava data with other public information (in my case, county real estate records) and pretty soon I had worked my way from a line on a map to a personās full name and home address.
A creative investigator or stalker could come up with plenty more ways to use this data. Not everybody uses their real names or photos on Strava, but many do. And if a Strava account is always in the same place as the President, you can start to connect a few dots.
Every time Strava privacy issues crop up in the news, there are people wondering why anybody wants to broadcast their location at all, or share their runs or their cycling routes. A big part of the reason is the same impulse that leads us to document our lives on TikTok or Facebook or anything else, the same reason weāll randomly send a photo to a group chat about something cute our pet did. We like to share things with friends or people who might become friends.
In Stravaās case, thereās more. You need to share the location of your runs (or cycling routes) to compete on the leaderboards it calls Segments. A Segment is a bit of road or trail, and you can get a CR (course record) or KOM/QOM (king or queen of the mountain) recognition for being the fastest person to cover that distance. There is also a Local Legend title for the person who has done that Segment the most times in the past 90 days. You have to actually get out into the world and physically go to that location to earn your title, which many people (including myself!) find motivating.
Strava has tons of privacy controlsāmaybe too manyāto allow you to decide how much information you want to keep private. While it may be tempting to lock everything down, that leaves you out of the friendly competitions you may have on Segments, and can keep friends from finding you or following your training. Itās up to you how you feel about any or all of this, so here are the settings to check.
First, to find these, go into the Strava app, select You, and tap the settings gear. Then tap Privacy Controls. Fortunately, each setting has a pretty good explanation of what it does, so read those carefully. If youāre doing this on the web interface, make sure to hit āsaveā after each change.
There are more privacy settings, and we have a rundown of them here.
Full story here:
The data goes beyond āthe President is in Washington, D.C.ā or āthe President is in the White House.ā Le Monde reports that it found āhotels and meeting places, often undisclosed to the public,ā and noticed Vladimir Putinās bodyguards frequenting the areas around two mansions that Putin has denied are his. The data also pointed to the whereabouts of Melania Trump, Jill Biden, and secret service agents working at the location of Donald Trumpās two recent assassination attempts.
How Strava reveals usersā locations
Strava has an extensive set of mapping tools, which are powered by the data in its global heatmap. This is basically a map of the world with peopleās running and cycling routes highlighted. If you, personally, right now, go out for a jog around the block, and track it with Strava (or with an app that syncs to Strava), the roads you jogged on get a little bit brighter on that heatmap.
You can see the global heatmap here, although youāll need a premium Strava subscription to view street-level data. (And, yes, itās little bit fucked up that free users can add to the heatmap but not be able to see how their own data shows up to the world.)
The heatmap (and other location-based data, like Segments) arenāt very intrusive if youāre looking at a popular park or trail. But zoom out to the countryside, or the suburbs, and youāll notice some bright roads on the heatmap in very specific places. A loop around a certain housing development, or a military base.
And how does that reveal the whereabouts of a specific, named person? Well, itās very similar to how I used the weekly version of the heatmap to find the name and home address of a stranger based on semi-public Strava data. In my mini investigationāwhich took mere minutesāI found an unpopular route, looked for Segments along that route, found a person who had run it repeatedly, and looked at that personās other running data. Combine that Strava data with other public information (in my case, county real estate records) and pretty soon I had worked my way from a line on a map to a personās full name and home address.
A creative investigator or stalker could come up with plenty more ways to use this data. Not everybody uses their real names or photos on Strava, but many do. And if a Strava account is always in the same place as the President, you can start to connect a few dots.
Why people use Strava anyway
Every time Strava privacy issues crop up in the news, there are people wondering why anybody wants to broadcast their location at all, or share their runs or their cycling routes. A big part of the reason is the same impulse that leads us to document our lives on TikTok or Facebook or anything else, the same reason weāll randomly send a photo to a group chat about something cute our pet did. We like to share things with friends or people who might become friends.
In Stravaās case, thereās more. You need to share the location of your runs (or cycling routes) to compete on the leaderboards it calls Segments. A Segment is a bit of road or trail, and you can get a CR (course record) or KOM/QOM (king or queen of the mountain) recognition for being the fastest person to cover that distance. There is also a Local Legend title for the person who has done that Segment the most times in the past 90 days. You have to actually get out into the world and physically go to that location to earn your title, which many people (including myself!) find motivating.
What you can do to preserve your privacy while using Strava
Strava has tons of privacy controlsāmaybe too manyāto allow you to decide how much information you want to keep private. While it may be tempting to lock everything down, that leaves you out of the friendly competitions you may have on Segments, and can keep friends from finding you or following your training. Itās up to you how you feel about any or all of this, so here are the settings to check.
First, to find these, go into the Strava app, select You, and tap the settings gear. Then tap Privacy Controls. Fortunately, each setting has a pretty good explanation of what it does, so read those carefully. If youāre doing this on the web interface, make sure to hit āsaveā after each change.
To keep your activities from adding to the global or weekly heatmaps, tap Aggregated Data Usage and turn off the toggle or checkbox that says āContribute your activity data to de-identified, aggregate data sets.ā They may be de-identified in theory, but weāve seen that theyāre not really anonymous.
To keep people from seeing your photos and personal information, restrict Profile Page to Followers. As Strava points out, āParts of your profile page will always be publicly available.ā In my tests, this seems to mean your name and profile pic.
To keep people from seeing where you run or cycle, restrict Activities to Followers or Only You. This also means you wonāt be able to compete on any Segments.
To hide your house (or any other location youād like to keep confidential), tap Map Visibility and select the option that allows you to hide the start and end of activities that occur from a specific address. You can also hide the start and end of activities no matter where they happen.
There are more privacy settings, and we have a rundown of them here.
Full story here:
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
