Support road.cc

Like this site? Help us to make it better.

Manchester IT manager says bike thieves used Strava cycling app to target him

Warns users to check their security settings

An IT manager from Failsworth is warning Strava users to review their privacy settings after having two bikes stolen from his garage. Mark Leigh’s home location and bike model were public as he said he had not been aware of the website’s privacy settings.

The Manchester Evening News reports that Leigh had two bikes stolen – one worth £500, the other worth £1,000. He had earlier secured them in his garage having been for a ride that day.

Yorkshire cyclist creates giant bike on Strava

“I’d come back from a ride around the Saddleworth hills, which I tracked on Strava. I locked my bike in the garage next to another one. The following morning my garage had been cleverly broken into and they were gone.

“My garage is not highly visible. I live on a narrow cul-de-sac - the only explanation I can think of is Strava, as my route ended at my home address. They broke the garage door. They took the bikes and nothing else. There was lots of other stuff they could have taken too – tools, valuables – but they left them. This was not random.”

As part of Strava’s ‘enhanced privacy mode’ users can enter a location and any activity within a 500m-1km radius of that address will be hidden from other users. Mark is warning other cyclists to make use of the settings, adding: “The other option is to start your route a couple of hundred yards from your house so you aren’t advertising where you are.”

Mark reported the thefts to the police, but the bikes have not been recovered and he has now bought a new one.

Nick Hubble, of Greater Manchester Cycling Campaign, said that Leigh’s was a common problem. “I’ve heard and read about a lot of thefts which people believe are as a result of advertising your whereabouts. These tools are incredibly useful for logging performance but you do have to be incredibly careful, set privacy zones, because criminals are becoming very tech-savvy.”

Following a spate of thefts in Carmarthenshire last year, police advised cyclists to treat online security as seriously as locking their bikes up. We produced a Strava security guide at the time.

Simon Klima, UK manager at Strava, commented:

“We believe it is important that our members have the tools to protect themselves and control the detail of information they share. While we have not been able to confirm any cases of theft related to Strava activity uploads, we do offer a rich set of easy-to-use privacy controls for all our members.

“As a leading social network for athletes, Strava gives members the tools to manage the information they share with friends and followers. They can set privacy zones around any address such as home or office addresses, so that start and end locations of their activities aren’t shared publicly.”

Alex has written for more cricket publications than the rest of the road.cc team combined. Despite the apparent evidence of this picture, he doesn't especially like cake.

Add new comment

20 comments

Avatar
bikeblah2 | 8 years ago
0 likes

One note about 'Privacy Zone':

If you have phone listed, your address is public (at least in the US). So follow the advice of others, just use 'Bike 1', 'Bike 2',...

Just saying.

Avatar
Carton replied to bikeblah2 | 8 years ago
0 likes

bikeblah2 wrote:

One note about 'Privacy Zone':

If you have phone listed, your address is public (at least in the US). So follow the advice of others, just use 'Bike 1', 'Bike 2',...

Just saying.

I think even "crit bike, commuter, sportive bike" is fine. 

"'16 S-Works Venge ViAS,  '05 Moots Psychlo-X , '10 Pegoretti Responsorium" might not be ideal.

Avatar
StuInNorway | 8 years ago
0 likes

Also when setting your privacy zone, don't pick you own adress. Use the end of the street, or a neighbouring street.  I set mine about 200m from hom, but still covering all possible routes in and out to varying degrees.  If someone wants to try the houses near the centre, they all have large dogs either in them, or their neighbours garden.....

Avatar
Cyclespeed Tours | 8 years ago
0 likes

You simply cannot leave expensive bicycles in garages. 

It's asking for trouble, whether you use Strava or not.

Bring them inside people!

Avatar
willythepimp | 8 years ago
0 likes

And that's why my bikes live in the house with two very licky cocker spaniels in the room

Avatar
mike the bike | 8 years ago
0 likes

Strava.  I'm glad I don't understand it.

Avatar
joemmo | 8 years ago
0 likes

The article doesn't even mention the flyby feature which allows you to identify and stalk anyone on strava that you pass near while out for a ride. As far as I can see there is no way to opt out of it.

Avatar
STATO replied to joemmo | 8 years ago
0 likes

joemmo wrote:

The article doesn't even mention the flyby feature which allows you to identify and stalk anyone on strava that you pass near while out for a ride. As far as I can see there is no way to opt out of it.

 

As above, the flyby is just an extension of the fact you can click on anyones ride where they have place in a segment, just makes it easier.  This is not a flaw or security failure, its a feature of a social site. 

If you dont want to share, make all your rides private  or use a different social ride tool.

Avatar
crazy-legs replied to STATO | 8 years ago
0 likes

STATO wrote:

joemmo wrote:

The article doesn't even mention the flyby feature which allows you to identify and stalk anyone on strava that you pass near while out for a ride. As far as I can see there is no way to opt out of it.

 

As above, the flyby is just an extension of the fact you can click on anyones ride where they have place in a segment, just makes it easier.  This is not a flaw or security failure, its a feature of a social site. 

If you dont want to share, make all your rides private  or use a different social ride tool.

Settings > Privacy > "Who can see my activities on Strava Labs Flyby?"

Options of "everyone" or "no-one". I'd prefer it to be "people I follow" or "people who follow me" but whatever. There's an option there as well to make ALL your activites private and then selectively publicise certain rides afterwards.

Avatar
joemmo replied to crazy-legs | 8 years ago
0 likes

crazy-legs wrote:

STATO wrote:

joemmo wrote:

The article doesn't even mention the flyby feature which allows you to identify and stalk anyone on strava that you pass near while out for a ride. As far as I can see there is no way to opt out of it.

 

As above, the flyby is just an extension of the fact you can click on anyones ride where they have place in a segment, just makes it easier.  This is not a flaw or security failure, its a feature of a social site. 

If you dont want to share, make all your rides private  or use a different social ride tool.

Settings > Privacy > "Who can see my activities on Strava Labs Flyby?"

Options of "everyone" or "no-one". I'd prefer it to be "people I follow" or "people who follow me" but whatever. There's an option there as well to make ALL your activites private and then selectively publicise certain rides afterwards.

 

thanks, just checked settings again and saw that - and changed it.

STATO - I didn't say it was a security failure but it is different to the leaderboard in that it enables you to identify people you have encountered and thus see what they were riding. I think it should be opted out by default, not the reverse.

Avatar
STATO replied to joemmo | 8 years ago
0 likes

crazy-legs wrote:

Settings > Privacy > "Who can see my activities on Strava Labs Flyby?"

Options of "everyone" or "no-one". I'd prefer it to be "people I follow" or "people who follow me" but whatever. There's an option there as well to make ALL your activites private and then selectively publicise certain rides afterwards.

 

joemmo wrote:

STATO - I didn't say it was a security failure but it is different to the leaderboard in that it enables you to identify people you have encountered and thus see what they were riding. I think it should be opted out by default, not the reverse.

 

You can see people rides by checking a segment on that road though. Before flyby I used to check segments near to where i met other riders, just filter by date, to see where they have been (to find out what routes are popular).  

Point being this ability is still there, opting out of flyby is giving you (and anyone you tell) a false sense of security.

Avatar
Must be Mad | 8 years ago
1 like

Allways, allways, allways start and finish your ride outside the house of someone you don't like....

Avatar
philippe459 | 8 years ago
0 likes

I always start my Strava ride from a public place instead of my house. Yes I lose 100/200m every time... but who cares.

Avatar
Zebulebu | 8 years ago
1 like

Bloke lives in Failsworth. He's lucky he managed to keep anything in his shed - locked or not - for more than a week

Avatar
bontana | 8 years ago
0 likes

Unfortunately Strava has a few security flaws.

1. By all means make your location private but if you put in your post code then it creates a secure zone....with your postcode right in the epicentre so pick a postcode nearby but not your house.

2. The minute you get a top 10 then your whole route can be viewed by anybody no matter what your security settings are. This is probably the biggest issue i have with strava. Say you come 3rd in a segment, i can click on your ride and see your whole route rather than your effort over that individual segment even if i dont follow you. I suspect you may be able to do the same even if you are blocked by somebody.

 

The only way to 100% protect your location and rides is by making your profile totally private. Downside to this is that any achievements will not be displayed on leader boards.

Avatar
STATO replied to bontana | 8 years ago
0 likes

bontana wrote:

Unfortunately Strava has a few security flaws is misunderstood by many people who fail to pay attention to what they are signing up to.

2. The minute you get a top 10 complete a segment then your whole route can be viewed by anybody no matter what your security settings are. This is probably the biggest issue i have with strava. Say you come 3rd  place aywhere in a segment, i can click on your ride and see your whole route rather than your effort over that individual segment even if i dont follow you. I suspect you may be able to do the same even if you are blocked by somebody. TRUE

The only way to 100% protect your location and rides is by making your profile totally private by making your rides private. Downside to this is that any achievements will not be displayed on leader boards.

Editied bontana's post, as its not just the fast people at risk.

Additional things to do;

  1. Give your bikes names, like 'Bob', rather than 'Pinarello with Campy Super Record'.
  2. Add multiple hidden zones, for friends houses, work etc. (and get your mates to do the same.
  3. Dont stop at your house mid ride, strava only hides the start/end parts of a ride in hidden zones.
  4. Keep your bike somewhere secure, rather than behind a flimsy garage door.

 

 

Avatar
number9dream replied to STATO | 8 years ago
1 like

STATO wrote:

bontana wrote:

Unfortunately Strava has a few security flaws is misunderstood by many people who fail to pay attention to what they are signing up to.

2. The minute you get a top 10 complete a segment then your whole route can be viewed by anybody no matter what your security settings are. This is probably the biggest issue i have with strava. Say you come 3rd  place aywhere in a segment, i can click on your ride and see your whole route rather than your effort over that individual segment even if i dont follow you. I suspect you may be able to do the same even if you are blocked by somebody. TRUE

The only way to 100% protect your location and rides is by making your profile totally private by making your rides private. Downside to this is that any achievements will not be displayed on leader boards.

 

While your route might be visible to anyone who clicks on you name following a segment your home isn't as it's covered by the privacy zones - this applies for anyone, whether they follow you or not - so make sure these are set. 

Lots of people use strava, lots of people have bikes stolen from houses - there is probably little evidence to suggest that these two facts are linked, much less by thieves checking strava for posh bikes. It stands to reason a proportion of cyclists who have bikes stolen will have recently uploaded to strava. There may be a correlation but this is not the same as causation.

Leaving bikes in a shed or a garage is never going to be very secure. 

   

 

Avatar
wycombewheeler replied to bontana | 8 years ago
0 likes

bontana wrote:

Unfortunately Strava has a few security flaws.

 

2. The minute you get a top 10 then your whole route can be viewed by anybody no matter what your security settings are. This is probably the biggest issue i have with strava. Say you come 3rd in a segment, i can click on your ride and see your whole route rather than your effort over that individual segment even if i dont follow you. I suspect you may be able to do the same even if you are blocked by somebody.

 

 

the whole route except what happens in the privacy zone, as long as ypou dont pop home mid ride, you can't identify the house from this.

 

Also privacy zone seems randomly sized, so if it isn't very big, you can delete and recreate until you get something like 1km from your house. this will stop you appearing in segments that start the zone, unless you ride away from your house andf then come back to pick so the segment start is not in the first xm of your ride.

Avatar
tomascjenkins | 8 years ago
0 likes

Just checked my privacy.

If you move house you'll need to update your privacy zone.

Avatar
STATO | 8 years ago
0 likes

Feel for the guy but...

Quote:

An IT manager from Failsworth...   ...he had not been aware of the website’s privacy settings.

Many ironys.

 

As an aside, surely his mates / followers must have seen he didnt have his privacy set?  Tell your friends folks, dont just sit back and watch someone you know be a victim of crime.

 

Latest Comments