With the mild weather and days finally getting longer, a timely reminder from Humberside Police not to give away the location of your precious bike – or bikes – on ride-tracking apps such as Strava and Map My Ride or via social media.
The Hull Daily Mail's Kevin Shoesmith reports http://www.hulldailymail.co.uk/Burglars-using-cycling-8216-fitness-route-planner/story-25921158-detail/story.html that police and bike shop owners believe thieves are using information from the apps to guide them to valuable bikes.
It's vital that privacy settings on the apps are switched on, warned Sergeant Rob Danby, of the Riverside neighbourhood policing team, which covers Hull city centre.
He said: "Members of the public should take care when using apps such as Strava to ensure they do not inadvertently give away private information and locations.
"Such apps can give criminals a clue to where valuable items may be stored."
Bike shop owners report that customers increasingly suspect ride-tracking apps have guided thieves to their bikes.
Wayne Preston, of Cliff Pratt Cycles said: "People who have had bikes stolen come into the shop and we get into the conversation of what happened.
"In some cases, people have not activated the privacy settings on Strava."
Information posted on social media can provide a clue for thieves, and ride-tracking apps can leave them to bikes, Mr Preston believes.
"I don't have any pictures of my bikes on Facebook, but I know people do," he said.
"People happily put photos of their shining £3,000 bike up for everyone to see."
A Strava search for the owner's name can then reveal where rides start and finish, leading the thief to a valuable bike.
Mr Preston said: "The best advice I can give is if you are going to use apps make sure you switch it off a good distance from your house.
"Personally, I would much rather lose a mile off my Strava record than have my house or garage burgled and my bikes stolen."
You can also protect your home location by setting a privacy zone, which masks a location on your rides, or restricting who can follow you.
Luke Anderson of Freetown Sports also believes thieves are using Strava to find bikes and urged people to use the service's privacy features.
"It is definitely happening," he said. "There is the option to block your start point and people need to use it."
Proper bike security is paramount, Sgt Danby said.
"A lot of people keep bikes in sheds with minimal security," he said. "People need to be wary about where and how they store their bikes.
"We've known people to use a £2 lock to secure a bike worth £4,000. They won't spend £50 on a decent lock."
-1024x680.jpg "“Clear anti-cyclist bias”: Lawsuit filed against Toronto police after cop doored cyclist… before ticketing rider over incident")
37 thoughts on “Lock up your apps, say police — thieves use ride-tracking sites to target bikes”
A few changes to
A few changes to consider:
Switch on Strava’s Enhanced Privacy mode
Strava allows you to ad multiple addresses each with a privacy zone, so by selecting a number of locations around your home you can effective boost you 1 miles radius to about 6 miles.
Under ‘My Profile > Location’, you can change it from your city to more general (e.g. England)
Do you really need to specify which bike you used? Stating a brand and model or including the name in your ride title (e.g. ‘first ride on new Dogma’) is searchable
Garmin Connect has few controls, but you can at least keep your rides private.
All good. Naming bikes
All good. Naming bikes especially: you’ll know what MuddyFox87 is, even if looks retro to most. Stick up photos of your first MTB if you really want discretion.
Some more
* Don’t use your real name. Strava lets you use “!” as a surname, hence, “Contender !”, “Thighmeister !”, or “Faceplant !” or any other nickname you want.
* keep any joined up instagram account anonymous too.
* get some distance from your house before starting/stopping recording. If you go via a friends house, start after you leave it. Else correlating “rode with” routes can find the second house on the road.
* If you end up having to return home, stop and restart, or make it private.
* be selective about which Strava clubs you join. They leak information.
As an example, take this leader board from bristol. Too many names are real; in a smaller town easier to track down. Then there’s facebook, linkedin… What’s worse, you can click on any of the rides that placed and get the full ride, including start/finish points even if they start or stop in a privacy zone. Real name + nearby/actual starting points is too much data to publish.
Be paranoid: you know it makes sense.
contender wrote:All good.
And wear a tin foil hat as well so they can’t read your mind as well?
I for one have my real name on Strava.
My Instagram account is joined to it and not anonymous.
I start Strava on my doorstep, and regulary ride with mates, resulting in a lot of ‘rode with’ rides.
I’ve never had anyone come and try nick my bike, because people just don’t use strava for it.
You may as well just not ride outdoors if you’re going to be so paranoid.
Do you ride a different route every day?
After all someone could easily see you ride past one day and then just wait around.
glynr36 wrote:And wear a tin
That’s like saying “I’ve never had a car stolen, therefore people don’t nick cars”.
Out of interest, if you have never had a car stolen, or a house burgled, do you leave your car/house unlocked?
Surely if the police think that it might be a tool that criminals are using, it is worth taking a few sensible precautions.
PaulBox wrote:glynr36
That’s like saying “I’ve never had a car stolen, therefore people don’t nick cars”.
Out of interest, if you have never had a car stolen, or a house burgled, do you leave your car/house unlocked?
Surely if the police think that it might be a tool that criminals are using, it is worth taking a few sensible precautions.— glynr36
Leaving a car/house open is not analogous to Strava though.
Bikes always have and always will get stolen.
I just don’t think Strava is a factor in bike theft at all.
People could just watch you come in and out your house and decide they’ll break in for your bike/ambush you on the bike.
What ‘sensible’ precautions do you take against that then?
Ride the first 5k with a blanket over your bike?
glynr36 wrote:Leaving a
I was using an analogy. You said that you use Strava, you haven’t had your bike stolen, therefore bike thieves don’t use Strava to target bikes.
I said therefore, if you had never had a car stolen would you leave your car unlocked, or do you believe that to do so would make your car more susceptible to being stolen?
Absolutely.
But just because you think something, doesn’t mean it is correct. If I was going to nick bikes, I think I might use the Strava to help me. So why wouldn’t an actual bike thief? (And I do agree, that I might be wrong).
You seem to be struggling with with the meaning of the word sensible.
Sensible is to turn on your privacy zone, not list details of your bikes, just name them Road Bike 1 or MTB 1 / 2 etc.
And wear a tin foil hat as
I wouldn’t wear a tin foil hat as they show up well on CCTVs and that would mark you down as suspicious to The Man.
I actually work in “google-scale” datamining infrastructure, which is why I get to go to google for coffee, LinkedIn for lunch and Facebook for an early evening tequila. I’m not being over-paranoid, simply planning ahead.
If you look at the coverage of the issue in Bristol Traffic you can see that (a) I know what is possible, and (b) I pre-empted some of the Snowden revelations, not because I was involved in that work, but because I know what people like Facebook get up to.
I am happy that the usual bike-thieves around Bristol aren’t up to using this data —yet. I’m making recommendations about what information security policy (fancy work: INFOSEC) you’d need to stop someone like me doing it. Because I do know about things like “Deanonymization”, data aggregation etc. The main reason there isn’t a Bristol Traffic article naming and shaming the top 5 sprinters on the railway path the topic is that I don’t want the basic tactics to become known.
What you have to consider though is how secure that data is two years from now, once someone does work out how to do bulk grabs of the rides (notice how even “private” rides have a URL which you can share?), how you can automate getting the entire list of people who have completed some black-run MTB trail then look for their names on linked in? Once your data is out there, it’s not going to go back.
This was an article on INFOSEC, so that’s what I covered.
Like you noted, operational security, OPSEC, matters more today. Which, in Bristol, means making sure nobody follows you from the Ashton Court MTB trails, the Suspension Bridge after a road ride or back from Wales with your MTBs on the roof.
The only time I’ve had a bike stolen so far was when some kids grabbed it while loading it in my driveway, pushing over my son in the process, while my wife was just inside the front door. I wasn’t paranoid enough then.
More recently
-someone hit the shed of a friend, a friend whose BMW in the driveway had a visible roof rack.
-someone grabbed two bikes from a friend’s garage. The police were called by a neighbour, but not the owners. It’s now believed the thieves were still in the garage at the time, something the owners could have checked better than the police.
-A school-parent on a good road bike got tracked home by some teenagers, and even though he went past his house when he noticed them, he was still robbed within the week.
Most worrying recently was someone got mugged in Leigh Woods Bristol, at knife point, at the same time of I day I’d to a mid-morning ride. I don’t see a good defence there except ride a busier periods or with friends. A helmet cam could get some photos of the thieves, but wouldn’t stop it happening.
At least Strava lets you hide
At least Strava lets you hide your location. As far as I can see this isn’t possible in Garmin Connect except by keeping the ride private. I like to share my routes, just not where my house is – poor show Garmin
I wonder if there is an
I wonder if there is an element of urban myth to this one, in that most bike thieves are simply nasty little scrotes who will hop over a fence to see what they can find (I myself lost my commuting bike from a shed in the back garden in this way… I now use a Shed Shackle). However there are a whole load of other reasons to be careful about your privacy, so even if I was not so worried about being targetted by smart bike theives in particular, I very much want to avoid exposing where I live.
Unfortunately – and I really can’t believe that nobody really discusses this – Strava privacy zones are badly broken in some circumstances. Specifically, if you have multiple overlapping zones, you may well find that after a while Strava starts to ignore all but one of them. It will show the zones on your profile and your rides when you select ‘show privacy zones’, but if you take a look at your account as a third party, you will see that only one zone actually works (usually the most recently defined one). I noticed this when I started showing up on a segment that I was not expecting to. I submitted a test case to strava, and they came back and said that there was a known issue with overlapping zones, and (astonishingly) they were not going to fix it any time soon.
Using multiple zones is common advice, and I know many people do it. If you do, you should check that they actually do work. If they don’t, complain to Strava! I used to use multiple zones because I wanted protection (with my house off-centre) while keeping the end of some key segments out of it. I’ve spent a loooong time trying different neighbouring postcodes and marvelling at the random radius of circle produced. In the end, I’ve given up now and have a single not entirely satisfactory but just about OK zone near my home. I also avoid stop/starting my GPS right by my door.
I’d love to see Strava enhance privacy zones in 3 ways:
I’d settle for #3 first 🙂
deja vu
deja vu
I think a lot of these are
I think a lot of these are people being followed, or they are driving past as people are washing their bikes.
Most criminals are opportunistic.
On the night one of my bikes
On the night one of my bikes was stolen there were two similar thefts within 1/4 mile of my house. In each case there were other valuable bikes but they stole only the most expensive from each. The common factor was the use of Strava. So, yes, it does happen, even with privacy functions on it’s not especially difficult to work out where the bikes are kept. Like many of I have a routine to my riding – same days/times – and there is little effort involved in making sure you’re around at the right time in order to earn what must have been about £9000 on that particular night.
Personally, Strava was fun but certainly not essential to my riding. I now don’t use any apps at all and I still love getting out on my (new) bike.
harragan wrote:On the night
The common factor was a number of serious cyslists using strava?
or that the thieves had seen people riding them around, coming in and out and clocked on to where they were? Bike thieves of expensive kit aren’t stupid, they know whats worth the most so only target that if they’re in a rush.
glynr36 wrote:
The common
Whichever. It could be either. Using Strava to take the leg work out of theft seems likely, though. Like you say, they’re not stupid. Unfortunately, I’ll take all reasonable precautions now but I won’t stop riding so being seen is a chance I’m prepared to take. But Strava isn’t that important to me so I opt not to use it.
glynr36 wrote:harragan
The common factor was a number of serious cyslists using strava?
or that the thieves had seen people riding them around, coming in and out and clocked on to where they were? Bike thieves of expensive kit aren’t stupid, they know whats worth the most so only target that if they’re in a rush.— harragan
You could argue whether cycle thieves are stupid or not, but that would miss the point. The fact is, you’re making it easier for them if you don’t use the privacy functions on Strava and if you use your real name. It’s also possible you’ll be at far greater risk of identity theft. Perhaps you live in a low crime area, but many of us don’t. A few simple steps can reduce the risk of being a victim significantly. Feel free to carry on as you wish but don’t criticise anyone else for taking that bit more care. Having been broken into and having bikes stolen taught me to take a bit of care.
I think dotdash has a point,
I think dotdash has a point, and not just when they’re riding. I was recently driving behind a car that had bike mount roof rails and a British Cycling sticker in the back window. Well duh, what do you think is in his shed?!
I really haven’t seen any
I really haven’t seen any convincing proof that thieves are using Strava etc – all of the mentioned opinions/examples are based on circumstantial evidence. For example, the fact that all three thefts mentioned in one area, mentioned above, have Strava use as a common factor doesn’t really prove anything because so many keen cyclists use Strava. If all three bikes had Shimano groupsets you wouldn’t say that having a Shimano groupset made your bike at risk of being stolen, would you?
However, that said, it is sensible to take precautions, and would encourage people to do so. I guess I’m just saying don’t get in a massive panic yet, just be sensible.
It’s pretty poor that Strava have known issues that they aren’t fixing. Strava ought also really to exclude bits of rides from people who “rode with” you that are within your exclusion zones, or at least ask them if they are happy to do so.
Also, Strava need to improve the definition of privacy zones so that you can define a polygon not just a circle. This eliminates the “centre” being obvious and allows you to include segments that you want to.
I can understand why a
I can understand why a polygon would be harder for Strava, both from an application logic and server resources point of view – much easier to determine if a given point is within a radius of another than if it falls inside a polygon. I would just be happy with a customisable zone radius (that actually works).
Vote and comment here to try
Vote and comment here to try to get Strava’s attention:
https://strava.zendesk.com/entries/26000160-Choose-custom-radius-for-the-Privacy-Zone
The way to see if thieves use
The way to see if thieves use Strava or not is to make sure you start/stop your rides outside someone else’s house, and then see if they get burgled…
‘mild weather’ ???
1 degree
‘mild weather’ ???
1 degree here today…
I stop my rides away from my
I stop my rides away from my road and generally the same location. Garmin is rubbish with privacy If i’m on my trainer and forget to turn off the GPS it will show my location unless i change the privacy settings. Strava is a little better by telling it you are using a stationary trainer it strips the gps so at least they are trying.
pablo wrote: Garmin is
Pablo, did you read your post before you posted it?
Correct me if I’m wrong but you seem to be saying that if you forget to turn your GPS off then its Garmin’s fault, but if your using Strava then it turns the GPS off if you remember to tell it that you don’t need GPS!?!?!?
Have I missed something? 😕
What is wrong,with people.
What is wrong,with people. Do you actually think complete strangers need or want to look at rides of other complete strangers.
DeanF316 wrote:What is
Um, yes! Clearly Strava do and they seem to have made a successful worldwide business out of it…
Just be careful how you use it, that’s all.
What is wrong,with people.
What is wrong,with people. Do you actually think complete strangers need or want to look at rides of other complete strangers.
+1 for starting/stopping your
+1 for starting/stopping your GPS away from your house… sometimes the simplest solutions are the best. Just have a junction or somewhere where you always stop.
Naive Strava queries coming
Naive Strava queries coming up…
Although the privacy settings sound very useful I live in a block of flats off the street and my bike stays indoors. I’ve looked at the tracks and you would have trouble telling which building it was. Am I right that it would block me off the list on some segments that go past on the main road around the corner and within a zone if I set one; as these are some of the segment that I would most like to make progress on.
I don’t post what bike I ride on Strava, but I have here!
I understand some people might live out in the sticks and keep their bikes in shed, should I be that paranoid?
I quite like having real names on Strava, after all its not a game is it?
bikeboy76 wrote:
I quite like
That is exactly what it is.
I’m less concerned about
I’m less concerned about someone somewhere trawling social media & Strava or someone spotting me riding and then trying to dig though Strava to find me than I am local scrotes.
It would be fairly easy for them to see me regularly and then nick the bike to flog for a few quid to raise drug money etc. Even to the point of mugging me whilst out.
As for Strava, I have setup a ring of additional privacy zones around the central one. This masks more of the last sections. Yea, if you have any segments in those it won’t register, but that’s not a concern for me.
Strava could make privacy zones a bit more flexible. A definable radius for example.
I’ve not been quite clear how
I’ve not been quite clear how the Strava privacy feature works- from my reading it randomises the distance each time to be from 500m to 1km?
I use Runtastic Road Bike
I use Runtastic Road Bike Pro. It doesn’t have a privacy radius like Strava, so I requested one.
So I make all my activities private. I make routes public, but make them all start/finish on the main road, not near my house.
Inside my house, upstairs,
Inside my house, upstairs, locked to the fireplace in my study, with two level 15 locks.
That should do it
This isn’t a new thing. A
This isn’t a new thing. A friend had his bike nicked from a very secure garage 3 years ago, very deliberately targeted. The police told him at the time that they suspected thieves were using garmin connect to scope out targets.
It’s easy to use the flyby feature on Strava to track people you pass or who are even in the vicinity. For instance I’ve got a pretty good idea where the bloke who passed me on the fancy Wilier this lunchtime lives.
I think the same technology
I think the same technology (as Strava) could be used as a deterrent. Bike manufacturers should be embedding an inaccessible GPS/SIM based device deep inside the bike tubes that links to a Strava-like app to detect the bike movement. This would link to an app on the user’s device (phone/tablet) which would allow them to define ‘curfews’. If the bike is moved outside of the curfew, the user’s mobile would sound an alert detecting movement and Strava or similar, begins tracking the bike. Top end bikes using electronic shifting already have a power source which the device could presumably tap into. It might cost a user the price a tenner or so a month, but that’s a fraction of the price of a bike, and presumably would reduce insurance fees.
Just meet at your mates house
Just meet at your mates house and start it from there…that’ll throw ’em off the scent 😉
I have created a new privacy
I have created a new privacy zone with a postcode *near* my own using this: https://www.streetcheck.co.uk/postcode/allroots
Lets you find postcodes close to yours.