Apps Like Strava Can Help You Run Better, but Could Put Your Privacy at Risk

    Of all the weird things to come out of COVID-19, I never expected to become a runner. Forget Couch to 5K: In about a year, I went from my couch to my first half marathon and then I ran a couple more.

    Too much pandemic sourdough had me feeling a little sluggish. Years living in New York had turned me into a champion walker, but it didn’t do much for my fitness. So I did Couch to 5K, then eventually sucked it up and joined a neighborhood running group. 

    Not to be cliche, but that was a game-changer for me. I’ve grown to love my running family. They’ve been there for me from the start with oodles of practical advice and encouragement, and they’ve pushed me to do more than I ever thought I could.

    I also signed up for the popular fitness app Strava. As I got more into running — and racing — I increasingly used Strava to track everything from the location, mileage and elevation of my routes to the data generated by my body, including my heart rate, running pace and a Strava-generated score for overall fitness.

    Then there’s the social aspect of the app. At first glance, it looks a lot like Facebook. Strava users have profile pages and their run maps and other workouts are posted to a feed. Fellow athletes can see this information and then cheer each other on with “kudos,” the same way they’d “like” something on Facebook.

    But experts say those similarities to Facebook should give runners pause before handing over their personal information. In addition to subscription fees, users of Strava and other fitness-tracking apps are paying with some of their most personal data.

    And that could have some potentially scary effects on both their digital and physical security, especially if they don’t take important steps to protect their data. Keep reading for CNET’s guide to running safely, online and on the streets.

    Who’s following you?

    As a woman who regularly runs alone on the streets of New York, this is something I think about a lot. Runners, and not just women in big cities, continue to be attacked, assaulted and worse. The thought of my favorite apps and other tech making things easier for the bad guys is alarming.

    What’s worse is a lot of athletes probably don’t even know that their data is out there for others to see and that it’s potentially putting them in danger, says Jeff Sizemore, chief governance office for the data security company Egnyte. 

    “I hate to say this in the grimmest of ways, but how many pretty girls have been killed running in the mornings?” he asked.

    While Sizemore emphasized that he’s not blaming those deaths on the use of tracking apps, he says that when you consider the amount of data, especially location data, that the apps collect and share, “the fact remains this is really dangerous stuff we’re dealing with.”

    Sadly, it’s up to consumers to look critically at an app’s data protection and sharing practices before they start using it, he says. That means being critical of what those apps have done in the past, rather than taking their current promises as guarantees.

    Much like the kudos and social focus of Strava, Sizemore says Strava’s handling of data security and privacy issues reminds him of Facebook, which he notes has long preferred to pay fines for data privacy violations instead of protecting its users from the start.

    “The transparency isn’t there and I just don’t feel that it’s a company that I can trust,” he says. “(Like Facebook) they don’t proactively protect, they react when people are mad enough.”

    Strava’s security and privacy problems have been well documented for years. It came under fire in 2018 after it released a global heatmap showing the activities tracked by its users and researchers were able to use it to locate secret US military bases.

    On a more consumer level, a Strava feature known as “Flybys” has drawn criticism from privacy experts for potentially endangering runners. The feature, which was originally turned on by default, allows Strava users to replay their runs and identify people they passed along the way, as well as where they encountered them. They could even use this feature to identify complete strangers. Strava changed the feature to be off by default in 2020, but you can still opt into it.

    On top of that, Strava makes it clear in its privacy policy that, like a lot of other apps do, that it sells user information to third parties in an aggregated form, meaning that a specific user’s data is combined with others in an attempt to anonymize it. This is on top of the fact that Strava subscribers pay $12 a month or $80 a year to use the app. 

    Strava, which didn’t respond to multiple CNET requests for comment submitted through the company’s website, does give users some ways to at least hide their data from both other users and the company.

    For instance, the app’s privacy settings let you mask the starts and ends of your runs, or hide your maps completely. There’s also a toggle switch that when thrown will keep the company from sharing your data with outside third parties.  

    Sizemore, a veteran of the Air Force and still a fitness enthusiast, doesn’t use Strava, but does use other fitness apps that also collect and share personal information. The trick, he says, is signing up for those apps knowing that your data is going to be collected, sold and probably stolen in a breach, too.

    He protects his privacy by not using his real name, or other personal details that could tie the collected data to his identity, as well as opting out of any social parts of the apps that he can. Apple users can also use an iOS feature that lets them hide their email address.

    You don’t always need tech to be a great runner

    Other runners with backgrounds in security go for a more offline approach. Gene Fay, CEO of the cybersecurity company ThreatX has managed to run 59 marathons, and plans to run more, largely without the help of apps or fitness tech hardware.

    He always carries a phone with him for safety reasons, but his Garmin smartwatch, used for help with his golf game instead of runs, is relegated to just letting him know what time it is.

    Like many experienced runners, Fay choses to “run by feel,” listening to how his body is handling a given run, whether it be around his neighborhood or part of a competitive race. He does acknowledge that smartwatches can be helpful for beginners looking to make sure they don’t overdo it.

    An early riser, Fay says he wakes up with a “noisy mind.” Running helps him plan his day and figure out exactly what he needs to get done. There’s no music or audio books, he says. It’s almost like a form of meditation.

    “That’s why I don’t have any technology,” Fay says. “I’m not an elitist or a purist. My personal enjoyment of running is about going out running.”

    Read the full article here

    Recent Articles

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox