Strava, the popular fitness app with over 100 million users, continues to face privacy concerns surrounding its location data. Recent research reveals alarming possibilities of doxxing users through Strava's publicly available heatmap feature, despite previous incidents in 2018. This article delves into the potential risks and calls for necessary actions to protect user privacy.
Privacy concerns with Strava's location data collection resurfaced when the app's heatmaps unintentionally exposed secret army bases in 2018. While Strava anonymizes data, a research paper by North Carolina State University's Department of Computer Science suggests that de-anonymization is possible, with up to 37.5% accuracy. This means Strava users' locations, frequently used routes, and even their identities could be revealed. Shockingly, both public and private profiles are susceptible to this doxxing risk.
The researchers utilized Strava's publicly available heatmap data as a source to identify the start and end locations of activities, potentially disclosing the user's residence. By combining this information with data from OpenStreetMaps and public records like voter registrations, an attacker could easily obtain the user's name and home address. Furthermore, this process can be automated, amplifying the scale of such an attack.
Despite the 2018 incident, Strava has not taken significant action to address these privacy concerns. Governments have prohibited the use of fitness apps at military installations, but Strava has not implemented substantial changes. However, researchers from North Carolina suggest potential solutions, including expanding hidden zones to the heatmap and creating exclusion areas that safeguard user privacy.
Strava's persistence in addressing user privacy issues related to location data raises concerns. The study reveals the danger of exposing Strava users' identity and emphasizes the urgency to safeguard personal information. With health data entrusted to fitness apps, privacy must be a top priority for companies like Strava to ensure user safety and data protection.
