More Privacy Settings

Suggestions: 

1. An overall barrier to make Strava users' information and activities only visible to logged in Strava users, not to anyone with an internet connection 
2. A user setting that enables you to make your activity only visible to your followers, while leaving segments and achievements visible on leader boards.

Justification:

Aim: I want my segments/achievements/leaderboards to still function as normal, but I want only my followers to be able to see the full detail of my rides. People who are not followers should not be able to see my "morning ride" with its map, speed, time, comments etc.

The existing options of either making all your rides completely private, using the "Enhanced Privacy Mode", or creating privacy zones, are insufficient for the following reasons:

1. Making all your rides completely private defeats the purpose of using Strava, by taking away the segments and other social features.

2. Enhanced Privacy Mode only hides the details of your activities on your profile page. Just one page! But ANYONE on the internet can get to your detailed activities (including all details, maps, comments etc). This mode is therefore ineffective, and leaves users exposed to possible stalker activity. Anyone, not just Strava users and definitely not just your followers, can see all your rides/runs and put together a pattern of your regular movements.

3. Privacy zones still expose you to people knowing your regular movements on the rest of your commute. Even if I hide my work and home locations, people can still see that I ride past a given location at a particular time each day.

This lack of any real privacy settings is a serious issue and should be addressed urgently.

81

Comments

61 comments
  • David and Keith:  

    I also raised these points on April 22.  It is important that 'cheated' (intentionally or not) leader board anomalies can be identified and flagged.

    I disagree that you need to be able to see the 'entire' ride map to analyse if someone 'cheated' (intentionally or not) on a segment.   The 'entire' ride map is the important bit here.

    At 'worst' you only need to see the ride map from the 'start' of the first segment to the 'end' of the last segment.  Personally I don't think you even need to see the map for any more than the segment you are investigating.

    Basically strava is a stalkers wet dream.  And it seems like Strava doesn't care.  There has been no confirmation that these privacy issues will be addressed.

  • Simon Nix has hit the nail on the head.  I think the map should only be visible for the segment you are looking at.  There is no need for other people to see you complete ride.

    Strava, can you please respond and let us know if this is actively being looked at or if it has been shelved ??

  • Elisabeth A, part of my concern (per the initial post in this thread), is the 'Enhanced Privacy Mode' says that it restricts who can see your activities, but it actually doesn't really. People can still get to the full detail of your ride, including comments between you and your friends. They just can't get to this detail via your Profile page. That is the only restriction. People can see the full details of your rides via other avenues, including via your name on a leaderboard. It's not even limited to Strava users - any internet user can view this data using the right method. The wording of this setting gives you a false sense of security.

    Strava, I find it extremely disappointing that zero changes have been made, in the five months since I first created this thread. At the very least you need to create the barrier that makes data only available to logged in Strava users. The nuances of who exactly can see what can be debated, but that overall barrier is a no-brainer and should not be difficult nor time consuming to implement. The lack of action on this issue is a disgrace. If somebody is stalked and hurt via Strava's data and lack of privacy control, you will be liable for your inaction.

  • Simon and Aaron, I think you make interesting points. Unless I explicitly share my route with you (as a follower or the community as a whole) maybe there isn't any point in showing the entire ride the to community at large. In fact, this would reduce the security risk and reduce the need for a privacy zone because you would just see the segment and would not know if I was down the street from my house or some other random place.

    Hum... this should probably be mulled over.

    Keith

     

  • There is nothing to stop someone from cropping their entire ride so all that is left is a single segment, so I agree that if someone wants to "investigate" a KOM, all they need to see is data from the segment, the rest of the ride is irrelevant.  Something I would like though is a setting where I can opt-out of "public" leader-boards (they don't do much for me), but still appear on "my followers" and clubs.

  • Elisabeth A, one of the things I am concerned about (per my initial post in this thread) is that the Enhanced Privacy Mode does NOT prevent other people from viewing your entire ride with full details including the map and the comments between you and your friends. It only stops people from being able to navigate to the activity's detail from your profile page. But ANYBODY can access your activity details via other avenues, for example by clicking on your name on a leaderboard. The wording of the Enhanced Privacy Mode is therefore misleading and gives a false sense of security. Like you, I thought I was restricting the visibility of my daily commute to just my followers, but that is not actually the case.

    Strava, it is extremely disappointing that in the five months since the first post in this thread, nothing seems to have changed at all. 

    The nuances of who should be able to view what details can be debated. But at a bare minimum you should have been able to implement the overall barrier to ensure that only logged-in Strava users can see activity details and leaderboards. This is a fundamental security measure that is a no-brainer in terms of benefits, and should not take very long to implement. It is totally unacceptable that anybody with an internet connection can see so much personal data and movements. 

    Strava, if somebody is in fact stalked via your app and an unpleasant incident occurs, you could be held liable for failing address these security issues in a timely fashion. Please, take action!

  • Strava does not provide any privacy control at all ! Privacy in Strava is a joke ! There are a lot of ways to avoid privacy settings... Here are some :

    A user could have a "request to follow" privacy settings in order to hide its activities BUT you can visit all its rides by clicking on the activity links provided in the leaderboards.

    You can try to use a anonymous pseudo BUT as soon as you ride with another user, you are discovered as your pseudo is mentionned in the ride of the other user.

    Now I use Garmin Connect because they have a new website AND provide real privacy !

  • @Elle you say thanks for comments (months ago) but Strava still does nothing why if I have blocked a user do they still show up in a group ride even if only following a similar route minutes apart. If someone is blocked they should not show up in group ride.

    Seriously sort out your privacy settings actually re-phrase that Strava hasNo Privacy!

    Time to act instead of hiding behind a keyboard and doing nothing!

  • I'm all for more privacy features.

    But I have to disagree with those of you that say you only need to see the segment data to determine if someone's cheated. I've flagged a few rides where I was only able to tell the person was driving once I zoomed out enough to see they got on a freeway, connected road segment KOMs with rugged trails only passable with a mountain bike, or suddenly switched from 105 watts to 750 watts in a very suspicious location.

    Around where I ride, there are plenty of absolute monsters on the bike--seriously fast people. Guys and girls capable of riding as fast as cars on local roads. So sometimes it takes additional scrutiny outside of the segment in question to determine if a person really has the power to pull it off before confidently flagging.

    Yay internet racing!

  • Privacy trumps that concern though.

    Not that it matters.  Strava has made no comment and / or commitment on satisfying our privacy concerns.  And they do not look likely too.  

    Pity.  I think Strava would gain more of a market hold if they did take privacy seriously.  Especially with the more safety conscience female riders.

  • So now KOMs mean more than Privacy - I don't think so. From all social media programmes all include who you want to see your info all have the ability for the user to allow who and what they see apart from Strava.

    This thread has been going on for months the overall opinion is only segments be shown and not full rides also everyone seems to want only people who they allow to follow them to see their rides and certainly blocked people should not show up in group ride (hardly a blocking tool is it).

    Come on Strava @Elle some action please!

  • I would like to add another thing that I think should be taken into account regarding privacy. I have started using the new automatic sync between Garmin and Strava, and I have to say that it works very well and saves me a lot of time importing data - thanks for this new feature Strava!

    That being said, I would really like control over whether or not new activities go into Strava as private or public. Since I use the Garmin 510 linked with my phone my activities are uploaded to Garmin immediately after I hit the save button. This activity is then quickly synced to Strava. HOWEVER, I don't necessarily want to share "every" ride with the community. 

    I would like to have new auto-synced activities go into Strava as private and allow me to elect to make them public if I wish. 

    Let's take for example a couple of weeks back I took a weekend trip out of town, I also took my bike. After my morning ride my data was uploaded to Garmin, which I wanted so I could review. But it was also published to the Strava community showing that I was not home.  That's really not cool.

    Strava, please allow me to auto-sync activities as private until I explicitly change them to public. 

    Keith Black

  • Hello,

    This is obvious that Strava is reluctant to add privacy settings !!!

    First, a skilled webmaster would need 1 hour to implement them. A beginner would need 1 day.

    Second, Strava is a reality show !!! It is absolutely necessary to enter in people life to make Strava attractive in order to make money !

    Strava is like a zoo. Strava.com is the cage and riders are the animals !!!

  • @Not Happy W… S

    With the greatest of respect, the issue is *much* more complicated than you're suggesting. Not sure you understand what development is about but speaking as a software engineer, it's much more complex than you give it credit for.

    Though I suspect your email is a troll, given the florid language you're using. Not sure it's much help to this thread really.

  • @Elisabeth

    Not complicated at all to develop this kind of thing, especially on a website !

    And you perfectly understood that we are upset that you are using our privacy and doing NOTHING to improve. Note that first message here is from 6 month ago...

  • Strava, any update?

    I think we've all been extremely patient - it's been six months since the first post in this thread, and two months since your last reply, but still no real update or promise of any kind of action at all. 

    Aaron B is right that Strava has made no commitment to satisfying the concerns raised here, however Strava has an implicit obligation to protect users' privacy. At the very least, not to misrepresent the flimsy protections in place, as they continue to do. Seriously Strava, if someone is stalked/attacked using the data available here, you are risking a very nasty liability situation. Surely you understand that, even if you don't actually care about your users.

    Considering how very serious this issue is, Strava's continued silence and inaction is very disturbing. Time to check out other options for tracking my activities.
  • @Not Happy W… S

    Like I say, it's easy to say something is easy if you don't understand what that thing is. It's not straight-forward at all, given Strava is all about sharing data so providing the vector between private and public data is a tough problem to solve. Saying Strava are doing 'NOTHING' is not the case. 

     

  • I'm a code monkey myself, and no, 1 day of work is not going to cut it.   And it's a web app, not a static website N H W S.

    That said... Strava is being negligent here.  Lets not kid ourselves, yeh?

    A reply in here from a Strava rep to say that a CR (Change Request) has been raised to address our concerns would at least let us know things are in motion.  At this point in time we haven't even been made aware of any PE (Potential Enhancement) ......

    Jenica, Garmin has their equivalent to strava.  Might be worth looking into as a replacement.

  • Hey there Strava / Elle,

    It has now been a whole THREE MONTHS since you last replied to this thread, and SIX MONTHS since you said anything meaningful or informative.

    Surely that is plenty of time to fix this.

    Not good enough.

    Jenica

  • Greetings, I manually uploaded a Garmin file to Strava, and in the review window--before the run was posted, I named the run and marked it PRIVATE, finished the upload, and within a minute...I received a KUDOS on my private activity. As I understand it no one should be able to see the activity. I wasn't on any leaderboards, etc.

    The privacy lock appears to be broken. Please advise what I need to do to keep my activities private.

    Thank you!

  • Jay Edwards, I've had that happen too, and I believe (at least in my case) it was due to the way the activity is automatically uploaded before you've finished editing. I think Strava uploads the activity while you're still changing the name of it etc. This is a privacy hole in itself, which Strava should fix.

    Strava, STILL no response or action on all of this? Really?
  • Hi Jenica, Strava did promptly reply to me...I submitted a ticket. They confirmed there can be a narrow sliver of time between uploading an activity..and flipping the 'private' switch, where an activity is public and can be seen. I think the only folks that will see it for that brief moment in time are your followers who are also using the 'mini-feed.' When you post an activity, it immediately pops up on the mini-feed where others can see it. After the 'private' switch is activated, the activity can no longer be seen. I'm thinking Strava could program in a 'delay' in the mini-feed results...so those of use who would like to keep something private...aren't racing to hit that private switch before our activity is show on the feed. Anyhow, good to know that's what happens, and now to minimize the exposure...if you want.

  • I agree with all of this, Strava, update and appropriate action please??

  • There are great privacy suggestions in this idea and comments. I think privacy related to establishing new connections should be addressed as well.

    Currently, if persons A and B have Enhanced Privacy (EP) enabled and A requests to connect to B, B cannot see much about A in order to screen them (to decide whether to allow the connection or not). A has EP enabled to make it harder for the public to see all their riding details. Imagine a better privacy solution that completely hides A's activities. B wouldn't be able to see anything about A.

    I think that once a connection request is made, the person making the request (A) should be completely visible to B, but not necessarily the other way around, unless B requests to connect to A (then A could see all of B's activities) -- prior to the connection being accepted.

    I also think that A should be able to rescind their request to connect to B, at which point B would no longer have access to A's activities without their own connection request back to A.

  • Having not seen any response from Strava on this thread for many months, I tried contacting them on Facebook instead. My request for an update was met with "Sorry Jenica - more privacy settings are on our radar, but nothing is currently planned!"

    So, Strava are not planning to do anything at all about our privacy concerns, despite this being raised almost a year ago. 

    I have been patient, I have given Strava more than ample time to do something (anything!!) but they clearly don't give a hoot about their duty of care to protect their users against misuse of the reams of personal data they collect.

    I've had enough, I will be moving to an alternative activity tracker.

  • there are enough people who want more privacy and ant+ functionality, maybe we should just start an open source app and be done with strava. i'd be down for contributing some time to it :)

  • Since my last comment in April 2014, no changes have been made to our Privacy settings (we did fix some bugs around blocking athletes and Clubs). It's true that there is a lot of great feedback on this thread, but as our discussion progresses it would be great to surface specifics as to how we can improve our Privacy settings, and exactly what you would like to see in the future. Knowing that the Strava community would like to see better privacy settings is great, but knowing how we can specifically address your privacy concerns is better! 

    Here is a summary of feedback we've heard so far, and related links:

    Even with Enhanced Privacy turned on, through the Segment Leaderboard and Club Activity Feed other Strava non-followers can view/comment/kudo certain Activity pages, but only the specific activity on the Leaderboard, or the recent activity in the Club Activity Feed. 

    Currently, when you join a Club your activity data becomes accessible to other members in the club as well as anyone on Strava who views the Club page. Anyone can view the "Recent Activity" tab for a Strava Club, member or not, follower or non-follower. The Private Club setting doesn't change the visibility of Club data, but simply restricts who can become a member. 

    This is a fairly frequent request, and would likely mean that an activity with this proposed privacy setting would be removed from Segment Leaderboards*, and would appear in the Activity Feeds of your Followers, but the activity page would not be accessible to non-Followers. 

    *As an aside, it's problematic to have segment results appear on public Leaderboards for private activities. Activities that match to public segments are public, making the data on the activity page also public. Any private or semi-private settings for an Activity page would mean that the Activity couldn't match segments or appear on Leaderboards. Strava's platform centers on social and motivational features, so for folks who prefer to have their activity data completely private from the Strava Community, it's best to routinely mark activities as private and avoid joining any Strava clubs. That being said, we certainly want to hear how we can develop better features on Strava to protect your privacy. 

    Please click on the links above to leave feedback on those topics, or start a new topic regarding settings by clicking here

  • We've been working hard to bring you new privacy features for your Strava account. 

    In an effort to prevent undesired kudos from Strava athletes you do not know, we've recently released a feature related to Clubs which ensures that

    • "Your Activities in the Club's Feed will only be visible to club members who are also your approved followers". 

    Coming soon are two additional privacy features: 

    • "Only your followers and athletes you follow can see that you were part of a group activity", enhanced privacy for group activities, and
    • "Your new activities will not appear on public segment leaderboards" A setting you can change on individual rides (or on all rides) to opt-out of showing your results on public leaderboards. 

    We are also brining two important privacy features to the mobile app, which have historically only been available on the Strava website:

    • Opt-out of the Flyby feature
    • New activities upload as Private by default. 

    Please keep an eye out for these new Privacy settings to be available in your account. 

  • The point made by Jenica is of prime concern to me too and as a premium strava user, I'll be thinking twice when renewal comes, weather or not submit another year, if I can't shake anyone, who has an internet connection, stalking and commenting seeing where I've been, on my activities.

  • Despite the privacy improvements, making activities private removes them from leader boards and rankings. This is an all or none approach. It should be possible to have ones activities private without losing that feature. 

     

Please sign in to leave a comment.

Didn't find what you were looking for?

New post