Strava’s Global Heatmap may be giving away more personal information than the social fitness platform claims or even realizes. A group of researchers recently showed in a new paper that the anonymously aggregated data presented in Heatmaps can be effectively used to uncover individual identities, personal information and activity patterns. This is possible, the researchers say, even if your Strava profile is private.
More disturbingly, they showed how the information gathered from the supposedly anonymous feature could be used by a stalker or other assailant to plan a personal attack.
RELATED: Strava’s Heatmap may reveal the location of secret military bases
De-anonymizing aggregated information: How Global Heatmaps can identify individuals
This new research is interesting because it shows that while Strava is taking steps to protect users’ privacy, those steps are not as effective as users might think. Crucially, the platform’s options for increased privacy don’t actually seem to improve privacy in regard to the Heatmap function.
“While the data on the Strava Heatmap is not tied to specific users, the data can be combined with other data sources within the Strava platform to de-anonymize the heat,” the researchers explain. “This de-anonymized heat can then be used to identify the home address of Strava users. This contradicts Strava’s … privacy claims.”
The paper goes into more detail about the exact ways they were able to use the aggregated data to pull out specific personal information, like their home address, and what can be done with that information.
RELATED: Should you make your Strava account private?
“In addition to contradicting the privacy claims made on registration for the Heatmap, the matching of a Strava user to a home address can build a complete profile of an individual, including their workout habits and the paths they frequently travel on. This information can be used for stalking or other invasions of the privacy of individuals.”
Some Strava users have reported the app being used in bike thefts, though Strava denies that claim.
RELATED: Thieves allegedly use Strava to identify and steal cyclist’s $21,000 bike collection
Privacy settings can cause confusion about…
Click Here to Read the Full Original Article at Canadian Cycling Magazine…