Strava

Tweets:

I was looking through some old Twitter bookmarks and found this interesting thread on the running app Strava.

Note: Strava have apparently drastically improved their privacy options and default settings since this discussion. There are options to hide your home and work place using a buffer zone where it won’t track you.

“It’s a feature” 🤦‍♂️ https://t.co/rbV2VSU4oL

— Troy Hunt (@troyhunt) September 17, 2020

“Out running this morning on a new route and a lady runs past me. Despite only passing, when I get home Strava automatically tags her in my run. If I click on her face it shows her full name, picture and a map of her running route (which effectively shows where she lives). This is despite the fact that I don’t follow her and she doesn’t share her activity publicly. So basically if someone sees a woman running alone there’s an app they can go to see her name, picture and address”

Andrew Seward

Other people pointed out that all visibility settings default to “Everyone” and this feature was called “Flyby” but was not clear that people will be able to see your running route and similar.

Discussion:

When a feature is designed by someone without bad intentions, an idea can sound great on paper but with more thought, can potentially have negative implications. In this case, the feature sounds like a great social aspect, and maybe runners can learn better running routes and compete for the best times. However, it can be used for nefarious purposes: 

• A stalker can learn where you will be and at what time, and can even determine where the most secluded area will be. 
• A thief will know when your house could be vacated and how long for.

This doesn’t just apply to running apps, and caution should be used when using all apps. The classic example is not posting on social media about how excited you are for your holiday, and instead: posting about it when you come back. Exposing when you will leave your house is useful for burglars.

Of course, features could have more nefarious purposes. People often accuse Google of collecting data to use for its primary business which basically makes money off your data with its advertising business. These features can often be framed for your own benefit with claims of “personalised experience”.

Often features can be enabled by default which takes advantage of people’s laziness to read the options and turn them off. However, even if you do check the settings, you might not understand what the feature actually is, just like people didn’t fully understand Strava’s  “Flyby” feature.