Why Strava Is a Privacy Risk for the President (and You, Too)

Strava is an extremely popular and very beautiful app for running and cycling. I chose this best running app despite its shortcomings . But it has always had serious privacy problems, including one just reported by French newspaper Le Monde for allegedly revealing the whereabouts of world leaders through their bodyguards’ Strava accounts.

The data goes beyond “The President is in Washington, D.C.” or “The President is in the White House.” Le Monde reports that it discovered “hotels and meeting places often not disclosed to the public” and also noticed that Vladimir Putin’s bodyguards frequent the areas around two mansions, which Putin denies belong to . The data also points to the locations of Melania Trump, Jill Biden and Secret Service agents working the scene of two recent assassination attempts on Donald Trump.

How Strava reveals users’ location

Strava has an extensive set of mapping tools that are based on global heat map data. It’s essentially a map of the world highlighting people’s running and cycling routes. If you personally go for a run around the block right now and track it using Strava (or using an app that syncs with Strava), the roads you ran on will appear a little brighter on that heat map.

You can see the global heat map here , although you’ll need a Strava premium subscription to view the street-level data. (And yes, it’s a little strange that free users can add data to a heat map, but can’t see how their own data is displayed in the world.)

The heat map (and other location data such as segments) isn’t very intrusive if you’re looking at a popular park or trail. But zoom out to a rural or suburban area and you’ll notice a few bright roads on the heat map in very specific locations. Loop around a specific residential complex or military base.

And how will this help to find out the location of a specific person? Well, it’s a lot like how I used a weekly heat map to find a stranger’s name and home address based on semi-public Strava data. In my mini-investigation, which took only a few minutes, I found an unpopular route, searched for segments on that route, found a person who had ridden it repeatedly, and looked at other data about that person’s running. Combined this Strava data with other publicly available information (in my case, county property records), and pretty soon I went from a line on a map to a person’s full name and home address.

A creative investigator or stalker could come up with many other ways to use this data. Not everyone uses their real names or photos on Strava, but many do. And if the Strava account is always in the same place as the president, you can start connecting a few dots.

Why people still use Strava

Every time Strava privacy issues come up in the news, people wonder why anyone would even want to broadcast their location or share their runs or bike routes. Much of the reason is the same impulse that drives us to document our lives on TikTok, Facebook, or wherever else, the same reason we randomly post photos in a group chat about something cute our pet did. We like to share things with friends or people who might become friends.

In the case of Strava, that’s not all. You need to share the location of your runs (or bike routes) to compete on leaderboards called segments. A segment is a section of a road or trail, and you can earn CR (course record) or KOM/QOM (king or queen of the mountain) recognition for being the fastest person to complete that distance. There is also the title of “Local Legend” for the person who has completed the segment the most times in the last 90 days. You really have to go out into the world and physically go to that place to earn your title, and that motivates a lot of people ( including me! )

What you can do to maintain privacy when using Strava

Strava has plenty of privacy controls—perhaps too many—to help you decide how much information you want to keep private. While it may be tempting to block everything , this will prevent you from participating in any friendly competitions you may have in segments and may prevent friends from finding you or following your workouts. It’s up to you how you feel about any or all of this, so here are the settings to check out.

First, to find them, go to the Strava app, select “You” and tap the settings cog. Then click “Privacy Controls.” Luckily, each setting has a pretty good explanation of what it does, so read it carefully. If you do this via the web interface, remember to click “Save” after each change.

  • To prevent your activities from being added to global or weekly heat maps , tap Use Aggregated Data and disable the toggle or checkbox for “Include your activity in anonymized aggregate data sets.” In theory they can be anonymous, but we have seen that they are not actually anonymous.

  • To prevent people from seeing your photos and personal information , limit your profile page to followers only. As Strava notes: “Parts of your profile page will always be publicly visible.” In my tests, this means your name and profile photo.

  • To prevent people from seeing where you run or bike, limit the activity to Followers or Only You. This also means that you will not be able to compete in any segment.

  • To hide your home (or any other place you want to keep private), tap Map Visibility and select an option to hide the start and end of activity from a specific address. You can also hide the start and end of actions wherever they occur.

There are other privacy settings, and we list them here .

More…

Leave a Reply