Strava is a handy app for recording your rides and keeping up-to-date with rides your mates have completed, and it’s also an impressive training tool for tracking and analysing your performance, but a new report suggests that the Global Heatmap feature – which anonymously aggregates all activities onto a single map – could lead to the identification of users’ home addresses in certain circumstances.
Strava has many features designed to help users connect with each other, the aim being to help athletes find places to ride, run and walk.
A few years ago Strava unveiled its Global Heatmap feature which lets you explore where other people are riding and running around the world. The Strava Heatmap takes the last 13 months of GPS data from participating users and aggregates it onto a single map that highlights the most active routes.
The default setting is that your GPS data will be included on the Heatmap, but you can opt-out. Assuming you don’t object, the idea is that your rides are anonymous on the Heatmap.
> Check out our review of Strava’s Premium subscription
Strava denied that the Global Heatmap posed a security risk but went on to tweak this feature in response to military security concerns.
> How to make the most of Strava’s exploring features for your next adventure
Now computer scientists at North Carolina State University have expressed new privacy concerns with this Heatmap function, claiming that Strava users are susceptible to other people finding their personal information, including home addresses, in certain circumstances.
“[The heatmap feature] allows users to find hot spots and active trails while simultaneously opening up the platform to deanonymization attacks like inferring users’ home addresses,” say Kevin Childs, Daniel Nolting and Anupam Das in a report called Heat Marks the Spot: De-Anonymizing Users’ Geographical Data on the Strava Heatmap.
“By crawling the publicly available heatmap and through manual validation, we have demonstrated that the home address of highly active users in remote areas can be identified, violating Strava’s privacy claims and posing as a threat to user privacy.”
Strava says that the crawling or scraping of data violates its Terms of Service. Additionally, it says, there are many toggles you can enable to: prevent timestamps from appearing to non-followers, hide photos on activities and profile, and hide additional information.
“In areas with many highly active Strava users, the Strava heatmap data is difficult to tie to a specific user due to the fact that potentially hundreds of athletes are contributing to the heat in that area. No name or account information is tied to the heat generated,” says the report.
All good, then? Not quite.
The researchers go on to say, “However, in areas with only a few active Strava users, the heat generated by one individual can be clearly visible… In some situations, these areas of high heat can be used in conjunction with user metadata to reveal the home addresses of Strava users.”
> Strava adds privacy features for editing map visibility and hiding data including heart rate
> How to use Strava to make you fitter
According to Strava, several users must have been active in a given area for data to be shared on the heatmap, but the researchers describe a possible mode of attacking user privacy and say that “an automated approach using crawling and public voter records was developed”.
The automated approach is described as “a four-step pipeline, including screen capture, image analysis, user crawling, and inference analysis”. It’s fairly complex but you can read about it in the paper.
The researchers say, “The ability to identify the home address of Strava users is a violation of user privacy. It demonstrates that seemingly anonymous data is not truly private and can leak information about users. In addition to contradicting the privacy claims made on registration for the heatmap, the matching of a Strava user to a home address can build a complete profile of an individual, including their workout habits and the paths they frequently travel on. This information can be used for stalking or other invasions of the privacy of individuals.”
Strava says that this statement is misleading and the premise is only accurate if someone does not use any privacy settings, and this is not true for many users.
The researchers go on to say, “Additionally, on a wider scale, instead of ‘John Doe’ being just a name tied to an address, ‘John Doe’ can be categorised as an active individual living with certain workout behaviour. This information can be utilised for targeted advertising and individual profiling and is potentially being collected without consent.”
The researchers add that their methods of attack rely heavily on identifying houses that are clearly the starting point of a large amount of heat, and offer solutions to avoid identification in future. They say that one of these methods would be to apply Strava’s existing hidden zone feature, which is intended to allow users to hide the start and end points of their activities before sharing them publicly, to Heatmap data.
Strava points out that areas around addresses can be hidden using Edit Map Visibility controls and are also hidden from the Global Heatmap. If you’d rather not have your data included on Strava’s Global Heatmap, you can go into your Strava settings, clicking on Privacy Controls and then opt out of Aggregated Data Usage.
Addendum
Strava has now responded with the following statement:
“The safety and privacy of our community is our highest priority. We’ve long had a suite of privacy controls (including Map Visibility Controls) that give users control over what they share and who it’s shared with.
“Strava does not track users or share data without their permission. When users share their aggregated, de-identified data with the Heatmap and Strava Metro, they contribute to a one-of-a-kind data set that helps urban planners as they develop better infrastructure for people on foot and bikes, and makes it easy to plan routes with the knowledge of the community.
“The Global Heatmap displays aggregated data from a subset of Strava activities and will not show ‘heat’ unless multiple people have completed an activity in a given area. Any Strava user who does not wish to contribute to the Heatmap can toggle off the Aggregated Data Usage control to exclude all activities or default their Activity Visibility to be only to themselves (`Only You`) for any given activity.
“We are consistently strengthening privacy tools and offering more feature education to give users control over their experience on Strava. This includes simplifying our Privacy Policy with our Privacy Label at the top.”
29 thoughts on “Updated: Strava Heatmap could allow identification of user addresses, say researchers”
User data placed on the
User data placed on the internet can be used to de- anonymize users: not a huge surprise.
Corporations have a fabulous
Corporations have a fabulous track record of good moral behaviour, especially Big Tech.
It’s not like Google, Amazon, etc. have worked with governments across the world (especially China) to share private user’s information and otherwise censor information and specifically target citizens.
Anyway corporations are immune from hacking, so there’s no chance Strava would let all our data be scraped and sold on Pirate Bay any minute.
It may be worse than you
It may be worse than you think.
Well duh.
Well duh.
Put GPS data on the internet and someone is gonna find a use for it.
Though why they would bother when you just have to lurk down an East End cycle path to rob a mamil I dont know….
‘someone’ ?
‘someone’ ?
Try The Met.
You think that’s just silly? I mean, I’m sure it’ll all be fine. It’s the government and the police, we can trust them…
Big accusations require big
Big accusations require big evidence. Care to elaborate? Why should either group give a flying fudge?
I think the they are implying
I think the they are implying the Met are stealing bikes from Mamils in the East End by checking Strava data…
So The Met doesn’t use online
So The Met doesn’t use online information to prosecute people, like for their idea of ‘hate speech’?
Didn’t French police use
Didn’t French police use Strava to enforce those stupid lockdown radius rules? Sounds like you’re happy to line up and take your red pill.
Quote below from back in 2019
Quote below from back in 2019 from The New Scientist, it all comes down to who defines a ‘hate crime’ (ie. an unelected person at a University?) and which flavour of government is in power driving that. It sounds like you’re happy with that, but maybe wouldn’t be so happy if say someone like Trump was in charge.
“THE UK police are monitoring hundreds of thousands of Twitter posts related to Brexit every day. It is part of a pilot project to predict spikes in hate crimes in the run up to 31 October, when the UK is due to leave the European Union.
The Online Hate Speech Dashboard is being used by analysts at the National Police Chiefs’ Council’s online hate crime hub, which was established by the Home Office in 2017 to “tackle the emerging threat of online hate crime”.
It gathers Twitter posts from across the UK and uses artificially intelligent algorithms to detect speech that is, for example, Islamophobic, anti-Semitic or directed against people from certain countries or with disabilities or from LGBT+ groups.
Matthew Williams at Cardiff University, UK, and his colleagues created the dashboard so that government organisations could monitor hate speech.
The dashboard flags between 500,000 and 800,000 tweets per day related to Brexit, of which between 0.2 per cent and 0.5 per cent are classified as hateful. About 0.2 per cent of these are from users tagged with city locations within the UK, which the dashboard presents as a map of hate hotspots. If there is a spike, the information can be passed by analysts to the relevant local police forces, says Williams. Previously, such monitoring had to be done manually.
The main aim of the project is to identify patterns of hate speech in the lead up to 31 October to warn police and support organisations of any potential issues.
The team recently established for the first time that an increase in hate speech on Twitter leads to a corresponding increase in crimes against minorities on London streets (British Journal of Criminology, doi.org/c9qh). The pattern is similar to what happens with domestic violence, which often escalates from verbal to physical abuse, says Williams.”
I love how you believe it is
I love how you believe it is the an unelected Univeristy fellow defining the hate crime when they have developed the dashboard on behalf of the government who set the laws and the police who charge based on the law. I expect the definitions to look for would be defined by them, not the university.
I’m also surprised that you are even posting online as surely you can be tracked and shutdown for posting the truth to everyone. One of the first to be taken out by Big Tech or the Leftist governments. I wouldn’t trust those VPN companies to keep you safe, surely they are just a shill to make people believe they are safe from tracking.
Cool story bro.
Cool story bro.
Nice deflection too. Sad that you’re actually joking about reasonable concerns, and supporting Big Tech and Government in this way.
The nerd at the ‘Univeristy’ builds the agorithm with wording from the statute does he? Strava and other Big Techs stop and wait to check everything they’re doing is absolutely legal too I suppose.
Hampshire Police arrested a man last year telling him “someone has been caused anxiety based on your social media post, and that’s why you’re being arrested”. He posted a meme of a Trans flag. This is where it has gone to.
Except it was a bit more
Except it was a bit more complicated than that and involved a swastika and laurence fox playing a part.
Do you actually have a bike ?
Not sure what story you think
Not sure what story you think is cool. You post a link which explained the University was tasked by the Governement and a national police task force to monitor social media for hate crimes. If you have ever been in app development*, the requestors put in the requirements. They algorithim would then check and break down 800,000 tweets a day and report the 4000 or so it that was flagged. f any action was taken on those, then I’m sure they would be manually reviewed first. No difference then an officer reviewing the videos sent in from cycle cams to review if an offence occurred.
Also not sure why you are linking the one to from Hampshire being as it was manually reported and had nothing to do with Twitter or any algo developed from your first story.
You still haven’t mentioned why you are warnng people about big tech and being spied on from the Internet….. by browsing the internet and posting on sites you have to register on?
Of course you could be mentioning my warnings on VPN’s. It might or not be true. I mean you repeatedly call out Big-Tech but all these VPN sites all springing up around the same time are still companies. And companies (well the ones you mention are bad and not to be trusted), so why should they be?
* As you decided to call the Developer a “nerd”, I doubt you have been in App dev.
I just feel sorry for
I just feel sorry for Hastings. It’s not that bad!
So if you don’t hide the
So if you don’t hide the start and end of your activity people can see where you live? No shit sherlock.
If he’d used the privacy
If he’d used the privacy settings correctly, there’d have been people wandering between Marble Arch and Regent’s Park trying to find somewhere to get their mysteries solved.
As I understand it, even if
As I understand it, even if you have hidden the start/end of your activity, the full activity is used to generate the global heatmap. So you might have hidden the start/end from your activities and think that protects you, but it is possible to circumvent that by looking at the global heatmap.
Indeed one of the suggestions to resolve the issue is simply to omit hidden starts/ends of activities from the data used to generate the global heatmap.
I read it that keeping the
I read it that keeping the start and end hidden was a way to avoid it?
ChasP wrote:
I don’t think so. The aggregated dataset does seem to include start/end points, irrespective of the user privacy zones…
https://support.strava.com/hc/en-us/articles/360015677851-Metro-and-Heatmap-Privacy-Controls
It doesn’t mention that is
It doesn’t mention that is irrespective of the geofencing privacy settings, just that it might be shown. If I turn on global heat maps for route planning, I do not see any to my house in any obvious mode which is privacy protected. I do see faint fuzzy lines to my brothers which I don’t set behind privacy, plus one or two other houses (and businesses) other people use which are nearby which again are not set to privacy. I don’t really see any at my companies premises which I commute to regulalry which is set behind privacy.
And the researchers through all their more complex methods do state that using the geo fenced privacy settings do stop this.
That sounds sensible. I do
That sounds sensible. I do hope it respects privacy zones and leaves that data out of the aggregated set. It could be made clearer on the Strava website though.
I re-read the bit you posted,
I re-read the bit you posted, and I actually think the Start/End points mentioned are the ones I see on the maps listed by Parkrun or cycle clubs as they mention it as “community-powered features” similar to the POI ones also listed
Metro is the private one they sell to businesses / councils and heatmap is the one seen on the routes map.
I love a rigorous scientific
I love a rigorous scientific paper which claims all privacy is broken after having used weasel phrases and caveats like “inferring users’ home addresses”, “manual validation” and “highly active users in remote areas”. So yes, if you’re the only cyclist in the village, I think I could infer which village, and then wait to see which door you cycle to (manual validation). The only fix for being the only Strava user is a 5 mile radius is don’t use Strava – but its not Strava’s fault.
sizbut wrote:
No, the global heatmap might be even more specific as it will show lots of use along the road stopping outside a particular house. You wouldn’t know who it was, but it would be obvious that a cyclist was making daily trips from one of a very small number of houses (if they start stop on the road) or a specific house if they start/stop on the driveway.
What they are suggesting is that data fed into the global heatmap should respect the same privacy zones as individual ride data. After there is no benefit to a global heat map of the last half mile of someones ride, it doesn’t indicate that this road is good for cycling, it’s just where someone lives.
Am I the only one on here who
I wonder if I am the only one on here who waits a mile or so after leaving home before switching on my Garmin.
Yes. You are.
Yes. You are.
Just looked at the global
Just looked at the global heatmap for my house.
Shows what looks to be a single visitaton ever. This strongly suggests to me that the standard privacy policy of hiding start and finishes of rides is perfectly adequate.
I’m sure it’ll all be fine,
I’m sure it’ll all be fine, ooohooo scarey big tech…
Oh wait…
https://nypost.com/2023/06/15/amazon-shuts-down-customers-smart-home-devices-over-false-racist-claim/