News Releases Photo Credit: Laurine Bailly. Despite attempts to anonymize user data, the fitness app Strava allows anyone to find personal information – including home addresses – about some users. The finding, which is detailed in a new study, raises significant privacy concerns.
“Strava users expect their personal information to be protected, and our work shows that this is not always the case,” says Anupam Das, senior author of a paper on the work and an assistant professor of computer science at North Carolina State University. “This could be particularly problematic for users who are concerned about stalkers or have other reasons to desire that their location data be kept from the public.”
Strava is a mobile fitness-tracking app that allows users to track their exercise activities, but also includes features designed to help users connect with each other. These features can be used to organize clubs around shared interests, such as hiking or cycling. For example, the app includes a “heatmap” feature that aggregates user data. While all of the user data is anonymized, the heatmap feature allows users to see how many other Strava users go hiking, running or cycling in a given area.
“Strava stresses that the heatmap feature uses only aggregate data, which should make it impossible for anyone to capture private information about any specific user,” Das says. “However, we found a loophole.”
Specifically, the researchers found it is possible for anyone to look up all of the Strava users in a given area. It is also possible […]