A recent study has raised concerns about the privacy implications of Strava’s popular heatmap feature, suggesting that it could potentially be used to reveal the home addresses of users.
Strava, a widely used fitness app, introduced a heatmap feature in 2015 that aggregates data from its vast community of runners, cyclists, and hikers. The feature allows users to discover popular trails, connect with friends, and locate safer, well-trafficked workout areas. However, researchers from North Carolina State University have warned that the heatmap could unintentionally act as a tool for tracking and de-anonymizing users when combined with specific user metadata.
In their study, the researchers collected data from Strava’s heatmaps in Arkansas, Ohio, and North Carolina over a month. They then analyzed the heatmap images and overlaid them with images from OpenStreetMaps, a free geographic database. After pulling available user location data, they found that it is possible to identify users’ home addresses using the heatmap, especially as many users provide their full names and profile images on the app. Their location predictions, correlated with voter registration data, proved to be roughly 37.5% accurate. The researchers also noted that more active users, who produce more ‘heat’ on the Strava heatmap, were easier to identify. However, tracking users living in densely populated or unpopulated areas proved to be more challenging.
The researchers suggested that Strava could enhance the privacy of the heatmap feature by allowing users to set privacy zones near their homes. For concerned users, they recommended not starting the Strava app until well away from home or disabling the heatmap feature entirely in the app settings. Additional steps include making the account private and refraining from including the location in the profile to further improve security.
