Strava, a popular app for runners and cyclists, is once again in the spotlight due to privacy concerns. Known for its extensive mapping tools, Strava’s heatmap feature can inadvertently expose sensitive locations, as recently highlighted by a report from French newspaper Le Monde. The report claims Strava data revealed the whereabouts of high-profile individuals, including world leaders, through activity tracking by their bodyguards.
Unlike a vague location like “the White House” or “Washington, D.C.,” Le Monde discovered Strava's data might pinpoint undisclosed meeting places and hotels used by these leaders. In one example, activity by Vladimir Putin’s bodyguards near properties he allegedly owns could reveal his movements. Additionally, the location history of bodyguards connected to Melania Trump, Jill Biden, and secret service agents from two recent assassination attempts on Donald Trump was reportedly exposed.
Strava's global heatmap, built from user-contributed data, tracks common running and cycling paths worldwide. Premium users can view detailed street-level data, showing where routes are popular, even in rural or isolated areas. If used carefully, the heatmap and location-based features like Segments are mostly safe. However, in low-traffic areas, routes can reveal too much.
Determining someone’s identity from Strava data isn’t difficult. By analyzing heatmaps and repeated routes, investigators—or even stalkers—can identify users and match their profiles to real-world identities. If an account continually shows up in a particular area where a leader is known to be, patterns can be drawn.
Despite privacy concerns, Strava remains popular because of its social features. Users enjoy sharing achievements and compete on Segments—specific road or trail sections where the fastest earn titles like CR (Course Record) or KOM/QOM (King or Queen of the Mountain).
For those concerned about privacy, Strava offers several settings to limit data exposure. In Privacy Controls, users can opt out of adding data to heatmaps, restrict their profile to followers, and hide activity start and end points.
