Fitness has ascended into a secondary religion over the past years, at least according to various Swiss media outlets. Maybe an over-generalization that rings at least partially true considering the masses of runners, bikers and rowers that are drawn to the big outdoors on sunny and rainy days alike. Most of them looking for a balance to their workdays, which is traditionally somewhat lacking in movement.
Making progress is a primary goal of most casual athletes: A higher step count, lower heartrate and, first and foremost, better splits are highly coveted metrics for runners to see if they are actually increasing their own performance. They still exist, the ascetic kind of person who just runs, Rocky-style, without caring much about duration or length, but they are definitely a minority. Most casual athletes measure their workouts using sports watches or similar gadgets made by Garmin, Fitbit, or Nike. Or directly by smartphone. The options are overwhelming, the business with fitness accessories is booming.
Once data has been captured, it needs to be analyzed. A variety of apps, such as Runkeepers, Fitbit or Nike’s Running Club are competing for casual athletes’ attention here. Another popular choice is Strava, who has garnered quite a bit of attention over the last couple of days. Strava, located in San Francisco, markets itself as the “Social Network for Athletes” and pursues this promise vigilantly. People running the same segments repeatedly can compare themselves to other people active on these routes. After adding friends, they can complement each other on successful workouts or add comments. A nicely made animation titled “Flyby” even allows it to identify other Strava users that were encountered – or sometimes even better – overtaken on the morning bike ride.
When looking at the data in context of a single run or ride, it is not irrelevant, but hardly of large significance for a large percentage of users. But the more data can be correlated, the more potential for abuse arises. A female runner wrote about her concerns of strangers following her regular routes in 2017. The issue was considered an isolated case and was dismissed by Strava with the advice to adjust privacy settings.
The “Global Heatmap” that Strava published recently made significantly more of a splash. Created from approximately a billion of workouts, roughly ten terabyte of raw data, Strava built an international heatmap showing popular spots to run, swim, and bike. Nathan Ruser, an analyst for UCA, quickly realized that this kind of “Big Data” would yield more than just athletic hotspots, including other areas of interest.
It becamse apparent very quickly that apps like Strava are not exclusively used by casual athletes in rather peaceful western countries, but also by servicemen and -women in war regions. Within a short amount of time, several secret or classified army bases have been identified, partially with correlating patrol or supply routes.
The public reaction was, as was to be expected, harsh: It was not deemed acceptable, that the life of soldiers would be exposed to new threats due to the irresponsible sharing of this dataset. Strava reacted in a statement and, again, pointed out that the sharing of said information is voluntary and could be deactivated by each individual user.
A statement that is not wrong, but does not relieve Strava of taking responsibility for handling the data entrusted to them in any context with care. When using a very liberal setting as a default, customers need to be informed about said option and the opt-out needs to be easy. With Strava, the opposite is the case: Privacy Settings are confusing at best and offer, all things consider, about six different settings of partial effectiveness. Even proficient users who think they have adjusted their settings properly might actually not have done so and regularly leak sensitive movement data. The standard setting defaults essentially to “Everyone sees everything”. Blaming an enduser for not being able to handle this challenge properly, is absurd.
In a time where the usage of increasingly complex technological tools is penetrating our lifes deeper and deeper, enterprises need to be held accountable under the threat of harsher consequences. The case of Strava illustrates, once again, how important the context of data is to assess their importance or criticality. It is an important lession, also for Swiss companies, to reconsider the secondary usage of the data entrusted to them.
Strava Flyby: Risk or Feature?
We are going to monitor the digital underground for you!
Our experts will get in contact with you!
Further articles available here