Strava’s New Weekly Heatmap Has a Privacy Problem

Strava’s New Weekly Heatmap Has a Privacy Problem


Running and cycling app Strava has a ton of features that help you find new running routes, including segments, the route builder, and the global heatmap. Earlier this summer, Strava began offering a weekly heatmap. It’s great for finding trails and routes that are popular at a given time—but it may reveal information that is more private than what you thought Strava users could see.

Using the weekly heatmap, I was able to browse the map, select a neighborhood that looked like it had one active runner, and find that person’s name and where they lived. To be clear, this person is a stranger to me, and I chose the neighborhood randomly; it took a matter of minutes to find this information. If you live in a big city, you may not have to worry about this, but if you’re in a rural or suburban area, you might want to check your privacy settings. More about those settings below, but first I want to explain what’s going on with the new map.

What is Strava’s weekly heatmap? 

Strava offers a number of mapping tools that help you to find places to run or ride. Only paid subscribers can zoom down to street-level views.

As Strava explains here, the weekly heatmap is updated each week, combining data from activities (like runs and bike rides) whose visibility is set to “Everyone.” There has long been a global heatmap as well, but that only tells you what routes are popular in general. The weekly heatmap gives you a real-time view of where people are going now. For example, I could see using this in icy or muddy seasons to see which trails in the county park are still navigable despite the weather. 

The problem is that if you browse to less-populated areas, like many rural and suburban areas, there’s a pretty serious privacy issue: if you’re the only person who has been running in your neighborhood lately, your tracks will be the only ones that show up on the weekly map. (On the global map, by contrast, they would blend in with everyone who runs those roads throughout the year.) 

How the weekly heatmap can make your lonely running routes stand out

Here’s what I mean. Lately I’ve been running almost daily, and most of my runs occur in the neighborhood around my house. When I saw the weekly heatmap feature, I immediately zoomed in on a nearby park to check out popular trails. But when I panned back to the area where my house is, my own personal running routes stood out in cloudy blue lines. 

This is very different from what the global heatmap shows. My running slightly darkens the lines on the global heatmap, but another person wouldn’t be able to pick out my personal running habit just from looking at them.

The weekly heatmap is another story, though. It looks like I and probably one other person share a favorite couple of roads in my neighborhood. Sometimes I run laps up and down a certain road; that road glows brighter than the rest. 

Zooming out, I can see other neighborhoods where there’s pretty clearly one person with a favorite route. I can even toggle between the global heatmap and the weekly one, and make observations like “the person who runs [route A] has been running it a lot lately, but their neighbor who seems to start and end at [place B] hasn’t been active.” Do I know these people? Not at all. But I think I know at least one of their names. 

Heatmaps + Local Legends may reveal more than you intended

The weekly heatmap gets particularly invasive when combined with another of Strava’s main social features: Segments. A segment is a bit of a route that has a title and a leaderboard. Say there’s a challenging hill in your area; maybe someone decided it deserved a leaderboard, so they create a segment named Neighborhood Hill that goes up that hill. 

With Strava’s map tool, you can click on a segment and see who has the fastest time, and also who is the Local Legend—the person who has run it the most often in the past 90 days. 

So, as an experiment, I panned around the map and picked a neighborhood far from mine with what looked like a route run frequently by one or at most a few people: a thin, cloudy blue line over just a few roads, without any activity on other nearby roads. 

I then asked the map to show me segments in that same area, and sure enough the route included a named segment. I clicked the segment, and it turns out only three people have run that segment in the past 90 days. Two of them ran it once; the other has run it repeatedly.

That last person—the Local Legend—is likely to be the one who ran that blue cloudy route (or collection of routes) over the past week. I looked at the endpoints of that cloudy line, and figured there was a good chance that the LL (as I’ll call them) lives in one of the houses nearest one of those endpoints. To satisfy my curiosity, I looked at the county’s real estate records for houses on that street. And whaddaya know, one of the houses at the end of that cloudy blue line is owned by a person with the same first and last name as our Local Legend.

I wouldn’t have been able to get that kind of precision with just the global heatmap, or just the segments. I may have been able to guess that the LL lived nearby, but I wouldn’t have had any clue which road, much less which house, to look up. But the weekly heatmap led me right to their house. 

How to remove your data from the weekly heatmap

Check the box at the bottom (see text for description)


Credit: Strava/Beth Skwarecki

If your account is completely locked down, with everything set to private, your data isn’t being used here. But if you have portions of your runs or rides visible to everyone—which is necessary if you want to compete on segments—your data is part of the weekly heatmap. Here are some ways to change that:

  • Strava says that activities set to “only you” or “followers” are excluded from the map. However, these activities are not eligible for segment leaderboards. (You can read Strava’s explanation of the privacy settings here.)

  • Strava also allows you to automatically hide the start and end points of your activities. This would let you run from your house to a nearby park, and the portion of the run in the park would be public while the portion near your house would not. Read here about how to set that up. Again, the private portion does not appear on the weekly heatmap and will not be eligible for segment leaderboards. Hiding start and end points will help to avoid the scenario above, where I was able to track down a person to a specific house. But it doesn’t change the fact that a stranger could figure out that you run a certain route often. 

  • Another partial solution is to change your name and profile picture so that they don’t contain any identifying information. This will also make it harder for your friends to recognize you on Strava, so not everybody will want to do that (the social activities are part of the point of Strava). 

  • Finally, there’s a setting that will remove your data from the global and weekly heatmaps. (It’s too bad they don’t have those as two separate settings.) Go to Settings, and then Privacy Controls, and scroll to Map Visibility. There is a checkbox labeled “Contribute your activity data to de-identified, aggregate data sets.” Uncheck that.

And, yes, Strava considers this information to be “de-identified” even though it is, in at least some cases, trivial to link it back to your name. Such is the nature of big data sets: they contain small, identifiable pieces, far more often than the people who collect the data may realize. The Census Bureau, for example, deliberately adds noise (variation) to data sets it releases publicly, as a form of “disclosure avoidance.” This is a known problem in large data sets, but so far Strava’s main method of avoiding disclosure is to ask users to change their privacy settings if they don’t want to be included. That’s not good enough, in my opinion, but at least now you know where to find those settings.



by Life Hacker