Strava Responds to Privacy Concerns – But the Episode Shows How Difficult It Is to Opt Out of Strava Heatmap
Reports and a flood of tweets over the weekend revealed that Strava fitness tracking app has been unintentionally highlighting sensitive military and humanitarian relief sites around the world. The issue comes from a heatmap that the company had launched in November last year, showing a global map of activity based on over trillions of GPS points. Strava CEO has now responded to these concerns, saying that the company is "taking this matter seriously" and understands its responsibility.
James Quarles, the CEO of fitness tracking app, wrote in a blog post that the company is "committed to working with military and government officials" to address these concerns. While the issue affects sensitive sites around the world, it isn't clear if Strava will only be working with the US government or others, as well. However, steps taken from this collaboration and these revealing reports would likely help others too as military personnel will be trained to stop apps and devices from tracking them.
"I’d like to take a moment to address the recent attention focused on Strava and our global heatmap," Quarles wrote (emphasis is ours). "Our heatmap provides a visualization of activities around the world, and many of you use it to find places to be active in your hometown or when you travel."
In building it, we respected activity and profile privacy selections, including the ability to opt out of heatmaps altogether. However, we learned over the weekend that Strava members in the military, humanitarian workers and others living abroad may have shared their location in areas without other activity density and, in doing so, inadvertently increased awareness of sensitive locations.
Quarles added that he had family members in the military and understands the severity of the issue. He also said Strava would work with "military and government officials to address potentially sensitive data," and that the company is "reviewing features that were originally designed for athlete motivation and inspiration to ensure they cannot be compromised by people with bad intent."
Putting privacy settings front and center - when tech companies compromise user privacy for the sake of more data
In his blog post, Quarles also promised that Strava will continue to increase awareness of its privacy and safety tools, and those tools will be further simplified to ensure users know how to control their data.
As mentioned in our earlier post, the app does offer an option to opt out of this heatmap - something that military personnel should be trained to use regardless of the app or the device they are using. However, they aren't the easiest to locate. Quarles also linked to a post detailing privacy features - another long privacy post that often tires users and they end up leaving the settings as it.
If you are concerned about your privacy, here is how to opt out of Strava heatmap:
- On the website, you can go to settings from the drop down menu on your avatar
- Click on privacy
- Enable Enhanced Privacy Mode
- Opt out of heatmap by unchecking the box under Strava Metro & Heatmap
Unfortunately, the company doesn't make it easier for users to opt out of this map from their mobile phones - likely the reason why so many users have it enabled.
- On iOS, go settings > privacy controls > and click on the link at the bottom of the page that will take you to the web version of settings.
- On Android, under privacy controls, click on Learn More > another learn more > and then click on personal settings page link to go to the web version and opt out of the heatmap.
While Quarles is arguing that users can opt out of the heatmap, the company does need to redesign its privacy tools - and should have actually done that before this massive outcry. Without a straightforward box under the privacy settings right in the app, it isn't surprising to see that not many even know about these tools and settings. Following these reports, those who did try to opt out of heatmap might have stopped their hunt for such an option after not finding anything under the settings or the privacy tabs of their mobile apps.
"Users are unlikely to fully understand what data is being stored, and this leads to an almost predictable cycle of outrage over privacy concerns," George Avetisov, CEO of HYPR, said in an email to Wccftech. "The average user knows they must click 'Allow location data to be shared' for the app to function - but they are not cognizant of just how much information they are revealing."
While Strava isn't the only app being inconsiderate about privacy of the collected data or giving a thought about how to proactively put privacy features front and center, this episode does show yet again that privacy has indeed become a myth.