Buzz
Strava’s primary purpose is to share your jogging and biking paths—letting you determine if you’re the quickest in your area at tackling that steep incline or challenging a friend’s preferred trail to measure your performance. However, analyst Nathan Ruser recently highlighted that the app’s heatmap of frequented routes inadvertently exposes sensitive information, including details about military bases and their personnel.
This issue extends beyond the military. Many users prefer not to have strangers track their jogging paths, particularly when they start or end near their residences. Last year, Quartz reporter Rosie Spinks shared her struggles with securing her Strava account. Despite adjusting her settings to restrict her activity visibility to friends only, she discovered that several obscure privacy options left her traceable through various app functionalities.
After Spinks reached out to Strava, the company published this blog post, outlining all the methods to safeguard your privacy within the app. (We’ve reached out to Strava to confirm if these details remain up-to-date and comprehensive. While we await a response, the app appears to function as described.)
Strava’s Privacy Settings Offer Detailed Customization, But They Come with Compromises
The key takeaway is that achieving privacy requires adjusting multiple settings, some of which involve trade-offs, such as losing access to features like comparing your performance on specific segments with top runners. When signing up for Strava via the iPhone app, no privacy settings are presented during the initial setup. You simply create an account, allow location access (essential for tracking), and are then prompted to begin a run or ride.
To locate the privacy settings, navigate to either the Profile or More screen, then to Settings, and finally to Privacy. Here, you’ll encounter five switches that let you control various privacy aspects. One option, “Private by Default,” requires you to manually share each run instead of automatically doing so. Another, “Enhanced Privacy,” restricts access to your photos, last name, and profile activities to only those you follow. However, as Spinks discovered, your name may still appear elsewhere in the app. She provides an updated guide to Strava’s privacy settings here.
Concealing Your Home Location
Strava’s primary privacy suggestion is to establish “privacy zones” around your home, workplace, or any area you wish to keep private. (Interestingly, mountain bikers use these zones to conceal their activities on unauthorized trails.) However, these zones are an imperfect solution and don’t fully obscure your location.
To set up a privacy zone, you must visit the Strava website, accessible via a link in the app’s privacy settings (found at the bottom of the screen). Once there, you input an address and select the zone’s size, ranging from a 200-meter radius up to one kilometer (0.62 miles).
While these distances might work well in urban areas, they’re less effective in rural settings where only a few homes might fall within your privacy zone. Strava conceals the segments of a run or ride that begin or end within a privacy zone, but this can result in your profile displaying numerous short activities orbiting a two-kilometer restricted area. For instance, try to deduce where I placed the center of my privacy zone in this example:
For additional hints, Strava also displays photos I captured during the run, such as the North Park Boat House sign, which marks the center of my restricted zone. A stranger could easily calculate the approximate location of your home by analyzing the distance from one of these routes. This particular route, clearly labeled with mileage, is an out-and-back course:
As it turns out, privacy zones aren’t as private as they seem.
