Strava is a widely used social fitness tracking platform known primarily for popularizing terms like KOM and QOM. And for turning casual exercise into a competitive sport, for better or worse, via its leaderboards feature. But, like all social platforms, Strava also has its share of privacy concerns and Snafus. From poorly thought-out features to accidentally revealing the location of secret military bases, there’s a history of the app sharing more than intended. All that makes asking how to stay safe, and avoid revealing too much personal information on Strava a very legitimate question.
Is all of this a little over the top or borderline paranoid? Maybe. But, on the other hand, maybe our community of active people has normalized regularly sharing an entirely unreasonable amount of personal information. Often with little awareness of who can see it and how it could be used by others.
It’s not just hypothetical anymore either. While Strava still denies that its platform was ever used as a tool for targeted bike thefts, there are two recent cases of the social training platform crossing over to the real world. A cyclist vandalizing a Trump sign was identified partially by his Strava activities. More disturbingly Strava is featuring in a high-profile murder case, though its role in that case is yet to be proven.
There are easy ways to stay safe, though. While no social platform makes it easy to avoid sharing data, Strava’s privacy settings are now easier than some of the other platforms to navigate. Many of these options were created in response to public demand. There are also simple ways to change how you use the platform.
1 ) Don’t use Stava
Why do you need to share detailed GPS coordinates and physiological data (HR, power, etc) of every activity with the world? The easiest way to avoid sharing too much information on Strava is to not use it at all. Unplug and just enjoy the ride.
2 ) Make your account private
If you’re going to use Strava, the first step to control who sees your data is to make your account private. Then only people who you approve can see your activities.
This isn’t the only step, though, as some other features can reveal personal data even if your account is set to private.
3 ) Don’t start/end rides at your house
The beauty of cycling (and running) is that you can often start your ride right from the front door. That doesn’t mean you should track your ride right from your front door. There are all kinds of reasons not to share your home address, not the least of which is letting everyone know exactly where that brand-new Pinarello stays when you go to work.
This applies, in different ways, to starting rides at friends’ houses, hotels or even the trailhead. If you start your weekly group ride at the same parking lot at the same time every Thursday, you’re effectively sharing your weekly routine with the world. Again, there are many reasons why you might not want to share this. But, basically, predictably establishing your location is useful information for potential thieves, stalkers and surely some other scenarios we haven’t thought of.
Note, even if you’ve set privacy zones (see #4), some features like Heatmaps can still show your location if you press “start” before you leave your garage. Just wait a few blocks before starting your activity. You can use the
4 ) Add a safety zone to hide start/endpoints
You can hide the start and end of rides from appearing publicly via the Map Visibility feature. This can be set by distance, either as a range around a certain address or several addresses or as a distance from the start of every activity. You can also hide your maps completely, though that might affect what segments you see.
5 ) Make rides visible to “only you”
If you want to keep your profile and activities public but still would like to hide certain rides, you can change the visibility of individual activities. You can set this as a default for every ride, as shown above, or on in each activity.
One note: as with some other privacy settings, even private rides may still be included in your global heat map profile.
Zoom out and Heatmaps looks innocuous, even cool.
Zoom in a little and they provide some useful general information about where people ride.
Zoom in a lot and you can start to de-annonymize the data down to individual houses. You can pick out about four houses of regular users in this photo.
Switch to satellite maps and the Heatmaps looks much less abstract.
Here's where to opt-out of Heatmaps entirely.
6 ) Opt out of Heatmaps
Heatmaps look innocuous, even cool on a global scale. But the feature shows a surprising amount of detail. A really surprising amount, in the hands of someone who knows how to use it right. It’s even caused the occasional international controversy. Strava also claims it does some public good, functioning as a tool to show the popularity of urban cycling routes and activities in public spaces.
Strava argues that Heatmaps will not show “heat” unless there are multiple users in the area. But that can apply to even small urban centers. There is the option to turn off the Aggregated Data Usage control to exclude activities. There was some recent confusion, but it also appears that users who set default activity visibility to “only you” will also not have their data shared with Heatmaps, though users with Private profiles still might.
If you’re interested, here’s a more detailed breakdown of the different ways Heatmap can be used and how to use that feature safely if you don’t want to opt-out entirely.
7 ) Don’t use your real name/profile photo
Use something close to your name or take on a fun pseudonym. Your friends will know who you are but everyone else will be left guessing. This is what several pros do when they can’t resist the allure of KOM hunting but don’t want to put too much data out publicly. So you can make yourself feel a little more pro while maintaining privacy, or just pick a fun name. Same goes for your profile photo. You don’t need to put a headshot of yourself in there, or anything else that will help a stranger confirm your identity.
You can also hide photos you add to an activity from appearing publicly. Your friends and followers will see them if they look at that activity. But some random stranger looking up your ride based on a segment leaderboard won’t.
8 ) Don’t track everything
You don’t need to track every ride. You also don’t need to Strava your dog walk or grocery shopping. Posting regular or routine activities makes your habits visible, so a stranger will better be able to predict your behaviour. To know where you might be, or when your home might be empty.
You can also set your Training Log to private. This makes it harder to see all your activities at once if someone is looking to establish your habits or routines.
9 ) Don’t reveal too much personal information in titles/captions
Titling your ride or jog “Commute from home to work” reveals a lot of personal information very quickly. If your commute crosses any segments, it is, I believe, still possible for others to find the activity on a leaderboard even if your account is private, unless you’ve set visibility on that activity to “only you.”
10 ) Make sure Flyby is off
Strava changed the Flyby feature to be off by default after some outcry about the potential for abuse. But it is worth checking if it is still off, in case you turned it on for some reason.
If you want to take that a step further, you can also change your privacy settings so that your activity will not appear as part of group rides. Just because someone was 10 feet away from you in a shop ride or fondo doesn’t necessarily mean you want to share your information with them.
More and new features
Strava is constantly changing and adding features as well as new privacy options, so there is always more to know. One recent addition is the ability to opt out of being used in e-mails and push notifications by Strava. Ever wonder why Strava’s e-mailing you to tell you a random friend posted their first activity in a while? Well, you can make sure your friends aren’t getting that same e-mail.
There is also a whole different set of privacy settings for your Training Log on Strava.