Strava makes it easy to show not just friends and family your exercise routes, but the entire Strava community. While this feature is supposed to be entirely anonymous, researchers have discovered a way to link your heatmap data to your home address. Strava has a serious privacy problem on its hands.
How Strava inadvertently reveals your home address
As reported by Bleeping Computer, researchers at the North Carolina State University Raleigh unveiled an issue with Strava’s popular heatmap feature that could enable interested parties to discover your home address.
Strava’s heatmap is supposed to help you find new trails or routes you might want to try in your next workout. Users upload their exercise paths anonymously, so their personal heatmap melds into the public one without any identifying information. In theory, it should be a private and fun way to connect to the greater Strava community. But researchers were able to crack the code.
Researchers started their investigation by collecting publicly available data from users in Arkansas, Ohio, and North Carolina. They were then able to identify start and stop areas on maps, which allowed them to associate particular locations as homes. They then overlayed stills from OpenStreetMaps on top of the heatmap data gathered from those original three states, giving them a map of individual addresses.
Researchers took advantage of a Strava search feature to find users who linked themselves to a specific city when using the app, scraping their public data such as time stamps, distances, names, and even profile pictures. They cross-referenced that data with the address map they created, finding that they were able to correctly locate a user’s home address with an accuracy of roughly 37.5%. That number increases the more activate a user happens to be.
While the majority of Strava users would not have their home address discovered with this tactic, a large percentage would.
This isn’t the first time this has happened, either. Back in 2018, analyst Nathan Ruser warned Strava’s heatmaps were revealing the locations of US military bases and the people stationed there. Even before, Strava users were frustrated by the app’s complicated security settings and had trouble figuring out how to share exercise data with friends and family while hiding it from strangers.
How to hide your home address on Strava
Fortunately, it’s not too difficult to stop the app from sharing your home address. As Tom’s Guide highlights, the best thing to do is hide your start and stop points for any given workout. That way, you aren’t feeding the heatmap with data that can be linked to a particular address. To do it, open the settings section of the Strava app, tap the settings cog, then choose “Privacy Controls.” Tap “Edit map visibility,” where you can choose the radius to hide the start and stops to your exercises (up to one mile). You can also choose to hide these points from a specific address--helpful for hiding your home address, while still sharing start and stop points when exercising away from home.