Strava Map Can Expose Homes of its Users: Here’s How
If you’re a Strava user, you may want to take a pause before sharing your location. According to recent findings by researchers, Strava’s global heatmap feature could pose serious privacy and safety risks to users. Strava, a popular fitness tracking app, is not only helping users find their way around their running or jogging routes; it is also inadvertently exposing their home locations. As we explore these risks, we will look at how companies and users can enhance their privacy and safety measures.
What is Strava’s global heatmap feature?
The heatmap feature in Strava is a visual map showing user-generated location-based data gathered from GPS-enabled devices. The app gathers historical data of all users to show popular activity routes users have taken, either on foot or wheels, and highlights activity-rich areas with bright yellow or white lines. It is updated every month, aggregating data from the last two years from 100 million registered users in over 125 countries.
What privacy and safety risks does Strava’s heatmap feature pose to its users?
One of Strava’s core features is sharing workout routines and running routes publicly, putting its users at risk by exposing their home addresses. In 2018, after realizing its heatmap was posing a potential privacy and security risk for its users, Strava provided an opt-out option. However, this only helped to a certain extent.
Stalkers and predators could use it to track users to their home addresses and commit felonies
The fact that Strava’s heatmap data is accessible to the public poses risks to its users, allowing stalkers and criminals to track users to their home locations and carry out various felonies. In a study addressing the privacy risks that this feature poses, a team of North Carolina State University Raleigh researchers explained that “Strava users expect their personal information to be protected, and our work shows that this is not always the case.”
Any Strava account can easily be looked up, even if they mark it private.
A densely populated area may have a large number of users and routes, making it almost impossible to track an individual. However, in areas with few users or routes, stalking becomes easy and a simple process of elimination, especially if the target user is an active Strava user. “Marking an account private doesn’t necessarily provide additional protection against this tracking technique,” warns Anupam Das, senior author of the study paper.
How has Strava’s heatmap feature affected military personnel and US Secret Service agents?
While privacy risks apply to Strava’s regular users, there is an enhanced danger for the US military, whose personnel’s locations can be pinpointed with greater ease. In 2018, when Strava’s heatmap feature was released, military analysts noticed that it revealed sensitive and confidential information about active military service personnel.
Strava’s heatmap feature reveals confidential information about military bases and spy outposts worldwide
Strava’s heatmap public data visualization map shows all the activity tracked by users of its app. The map compiles data from over 3 trillion individual GPS data points and shows users’ locations in all parts of the world. Military bases, spy outposts, personnel locations and routes across the globe, even those that are secretive and highly classified, can easily be pinpointed.
Chinese analysts track and identify Taiwanese soldier using Strava heatmaps
The Strava heatmap feature has also posed challenges to military and intelligence communities worldwide. Jeffrey Lewis, director of the East Asia Nonproliferation Program in the Middlebury Institute of International Studies at Monterey, California, explains in a Daily Beast article that Strava’s activity data could be used to follow individuals of interest as they rotated among military bases or intelligence community locations. In the article, Lewis laid out a scenario in which Chinese analysts track a Taiwanese soldier based on his activities at a known missile base and expose other previously unknown missile bases as the soldier’s duties require him to rotate through those locations.
What measures can companies and users adopt to enhance their privacy and safety while using Strava?
Companies and users can adopt the following measures to enhance their privacy and safety while using Strava:
Companies need to reassess their privacy policies to minimize potential risks
The United States military’s Central Command has already begun reassessing its privacy policies for the troops after the Strava revelations. Current US military service policies allow for the use of fitness trackers and other wearables with the caveat that local commanders have the discretion to tighten security, implying that there can be ‘no-go areas’ or ‘leave-at-home policies’ for personal phones and wearables. Companies can minimize similar privacy and security risks by reviewing and tightening their privacy policies and monitoring updated privacy regulations.
Strava users should limit their profile’s public visibility.
Strava users can enhance their privacy and safety while using the app by limiting their account details’ public visibility. Users should also take advantage of the app’s privacy settings and limit their routes’ public visibility to specific followers or none at all.
Don’t add or share personal information on public platforms.
Users should not add or share personal information on public platforms. Strava clients should desist from sharing their home addresses on the app, and individuals who work at sensitive locations such as military bases or covert intelligence community locations should limit tracking their activities on Strava.
Companies and users need to be informed and updated on cyber threats and privacy regulations
Companies and users should keep themselves informed and updated about privacy regulations and cyber threats. Companies should conduct regular employee privacy and security awareness training to ensure best security practices. Users should also stay informed about the latest privacy regulations and possible online areas where criminals and stalkers can exploit their privacy and security.
Encrypt your personal data and use a Virtual Private Network (VPN).
Encrypting your personal data adds a layer of security that makes it difficult for hackers and unauthorized personnel to access your information. Users should also use a VPN when using public networks such as public Wifi to enhance their privacy and safety.
The Strava heatmap feature is a useful tool for fitness enthusiasts who want to explore new running routes and enjoy their exercises. However, its public feature is exposing users’ personal information, posing safety and privacy risks to users. Companies and users can enhance their privacy and safety by limiting their profile’s public visibility, updating privacy policies and regulations, avoiding sharing personal information on public platforms, and encrypting their personal data.
How do I change my Strava profile’s public visibility?
To change public visibility on your Strava profile, open the app, go to Settings, tap Privacy Controls, and slide the visibility button right to limit it to specific followers or left to keep it visible to everyone.
Can a VPN enhance my Strava privacy and safety?
Yes, using a VPN while using Strava on public networks such as wifi enhances your app privacy and safety. It protects your data from cybercriminals, unauthorized personnel, and prying eyes.
Can Strava heatmap data affect my home safety?
Yes, Strava heatmap data poses safety risks to users’ homes, especially to Strava users who mark their accounts public. Based on their exercise patterns and routines, criminals and stalkers can track users’ home locations and commit various felonies.
How often should I update my privacy settings?
You should update your privacy settings regularly, especially after every new update or version of the app, to ensure maximum privacy and safety.
Can I sue Strava if my privacy rights are violated?
If Strava violates your privacy rights, you can sue them by hiring an experienced lawyer or seeking help from a data protection officer. However, the best approach is to enhance your privacy and safety by updating your privacy settings and reviewing privacy policies and regulations regularly.