How Fitness App Strava’s Data Breach Could’ve Been Prevented
The only question I've heard more about Strava's data leak is, "What is Strava?" As a long-time user, let me explain what it is, and how this all could've been prevented.
Strava is a GPS based fitness app which is geared for cyclists and runners. Thanks to it, I never leave home without my phone, and it's one of the few things which keep me from regressing into flip-phone status. I'm not a data-junkie, but I like to track progress, and routes. Like most other apps, there is a privacy setting. You know the kind. Where the user can shift into private mode, or block out a certain radius so that the general public can't find them in case they're super famous, or maybe they have a location sensitive job. Like, say...the CIA. This is where this story goes off track.
According to the article, Strava, which is based in San Francisco, claims tens of millions of users, in almost every country. The app can be used on Apple and Android phones, and wearable activity trackers like Fitbit devices, the Apple watch, and Garmin and Suunto sports watches. Your privacy is up to the user, but not everyone read the fine print.
At issue is the "heat-map." According to Strava, the map “excludes activities that have been marked as private and user-defined privacy zones,” the company said. “We are committed to helping people better understand our settings to give them control over what they share.”
Moral of the story, beware what you share.