More Privacy Settings

Suggestions: 

1. An overall barrier to make Strava users' information and activities only visible to logged in Strava users, not to anyone with an internet connection 
2. A user setting that enables you to make your activity only visible to your followers, while leaving segments and achievements visible on leader boards.

Justification:

Aim: I want my segments/achievements/leaderboards to still function as normal, but I want only my followers to be able to see the full detail of my rides. People who are not followers should not be able to see my "morning ride" with its map, speed, time, comments etc.

The existing options of either making all your rides completely private, using the "Enhanced Privacy Mode", or creating privacy zones, are insufficient for the following reasons:

1. Making all your rides completely private defeats the purpose of using Strava, by taking away the segments and other social features.

2. Enhanced Privacy Mode only hides the details of your activities on your profile page. Just one page! But ANYONE on the internet can get to your detailed activities (including all details, maps, comments etc). This mode is therefore ineffective, and leaves users exposed to possible stalker activity. Anyone, not just Strava users and definitely not just your followers, can see all your rides/runs and put together a pattern of your regular movements.

3. Privacy zones still expose you to people knowing your regular movements on the rest of your commute. Even if I hide my work and home locations, people can still see that I ride past a given location at a particular time each day.

This lack of any real privacy settings is a serious issue and should be addressed urgently.

82

評論

  • 正式評論

    Here's an update on Privacy on Strava:

    We added some privacy settings to the mobile app that were previously only available on the website:

    Flyby opt out: "Your activity will not be visible on the Strava Labs Flyby feature."

    Private by default: "Your new activities will not be visible to other athletes or eligible for leaderboards. This setting does not alter past activities, and you can make individual activities public at any time."

    New privacy features:

    Group Activity Enhanced Privacy: "Only your followers and athletes you follow can see that you were part of a group activity"
     
    Remove Athlete: "The selected athlete's activity will no longer be grouped with yours. Are you sure you want to proceed?" This tool lets you remove a grouped athlete from your activity. The button is located next to the grouped athlete's name in the "Other Athletes" lightbox tab. Currently only available on the website.
     
    Hide From Leaderboards: "Your new activities will not appear on public segment leaderboards. This setting does not alter past activities, and you can change this on individual activities at any time." When the activity owner goes to a leaderboard, they will see a -/1244 for their record, but can still filter by "my results" to see all of their times. 

    Club-specific changes:
     
    - Hide activities from non-followers on Club pages for athletes with Enhanced Privacy ON.
    - Omit leaderboard activity links when logged out or not a member 
    - Hide athletes with Enhanced Privacy from non-members in the member list on all clubs. 
    - Blocked athletes can no longer see their blocker's activity in a club feed. 
     
    Misc:
    Blocked athletes and athlete search: A blocked athlete can no longer see their blocker in athlete search results.  
    評論操作 永久連結
  • This really should be addressed soon.  Privacy should be a high priority.

    2
    評論操作 永久連結
  • Come on guys (Strava) this really isn't good enough. Sort it out before one of your competitors does

    1
    評論操作 永久連結
  • What you have here is an example of people genuinely wanting to use Strava as a social media platform, and expecting the kinds of privacy features part-and-parcel of the existing services they are attempting to (at least partially) replace with your own.

    Progressing the social component of Strava beyond the current bolt-on solution is not only something that would satisfy the legitimate privacy concerns of those who wish to withhold sensitive information from the general public while still maintaining the gamification elements, it would go some way toward growing the site both in terms of scope and user base.

    I don't have the same privacy concerns Jenica has for my own data, but having friends like her here on this site is an important part of my being here rather than Garmin Connect, or RunKeeper, or some other, similar service. Not being a premium member, my concerns cost you very little, but they certainly take the shine off the notion of a subscription in the future.

    Something for you to consider, at any rate.

    1
    評論操作 永久連結
  • Thanks for all the great feedback on our privacy settings!

    -4
    評論操作 永久連結
  • Hi Elle, 

    Thanks for the reply.  Just curious to find out if this privacy concern will make it onto the potential enhancements list and perhaps a change request?

    0
    評論操作 永久連結
  • I'm interested in this too. Comments like "Thanks for all the great feedback on our privacy settings!" are very non committal to any action.

    Perhaps you can feedback the thread to head of security for Strava, and then ask they respond to the thread about future development plans for the Strava security features.

    I'd hate to see Strava lose popularity due to its lax security features.

     

    3
    評論操作 永久連結
  • Agreed, I'd really like to know if any action is being taken on this, given how potentially serious this is. 

    1
    評論操作 永久連結
  • It would be very easy for someone to write a BOT that traverses all activities, saves the comments to a file and sends them off to a data analysis group to look for pii (personal identifiable information) and then sell this information onto identity theft groups. Not giving users an option to protect their data could potential leave Strava liable for any loss occurred I imagine.

    1
    評論操作 永久連結
  • Elle, any update on this?

    1
    評論操作 永久連結
  • @Jenica and @Aaron - no updates but I will check with the product team!

    0
    評論操作 永久連結
  • Thank you.

    1
    評論操作 永久連結
  • I agree with the privacy comments. Personally I'd like to see an a la carte selection of what a users wants to share and does not. On other sites I put things in the comments such as my goals for the workout, if I had an injury that I was recovering from, etc. I really don't want that type of information out in the public, but I am willing to share much of my other information.

    Thanks,

    Keith 

    0
    評論操作 永久連結
  • Hi Elle,

    How'd you go on this one?

    0
    評論操作 永久連結
  • Hi everyone,

    Strava is a growing network of engaged and competitive athletes; we're encountering new and dynamic problems every day. Privacy is definitely one of those problems, and we appreciate the suggestions!

     

    It sounds like more nuanced sharing controls are at the core of your feedback. The ability to restrict your activities to logged-in users only is something we will definitely explore. An option to further restrict those activities to only the users you follow has it's own set of trade-offs, as activities that are not available for public consumption are not eligible for segment leaderboards. However, in place of making the activity page private, limiting some aspects of the activity page sounds like it warrants a discussion. For example, simply hiding the activity map for viewers that are not approved followers. 

     

    Pardon us while we do our due diligence on this topic - it's definitely a problem we want to solve, but it's also a problem we want to solve right!
    As a reminder, per the opt-in Enhanced Privacy settings that exist today:
    • Your name will be anonymized to all logged out athletes.
    • Only Strava athletes that you approve can follow you.
    • Only Strava athletes that you approve can access the links on your Profile.
    • Only approved followers can see and download your activities on your Strava Profile.
    Cheers,
    The Strava team
    0
    評論操作 永久連結
  • @Keith, Also there is a separate request for Private Training notes here: https://strava.zendesk.com/entries/25702975-Add-Private-Training-Notes

    0
    評論操作 永久連結
  • Thank you Elle for following this up.

    I know it is a difficult issue with many trade offs.  Being a developer myself I understand the complexities.

    "However, in place of making the activity page private, limiting some aspects of the activity page sounds like it warrants a discussion. For example, simply hiding the activity map for viewers that are not approved followers."

    I like what you are suggesting above.  The map being visible to all is one of my main concerns with regards to potential stalkers.

    I agree that much thought should be put into it before any changes are made.  If its worth doing it is worth doing right.

    One thing that I would like to remain (if possible that is) is the ability to review suspect leaderboard results (so that they can be flagged).  My process for weeding these out is as follows

    1. The first tell tail sign is that the person smashes the existing records.
    2. I then look at their ride data and look at the speed graphs.  It is very easy to see if someone has caught a train or jumped in a car via the speed graphs.
    3. If they have been in a vehicle, I flag the ride.

    Would it be possible to just hide the map and leave the speed graphs etc.?

    I know that complicates things.... 

     

     

    0
    評論操作 永久連結
  • Hi Elle,

    Thanks for your feedback.

    Regarding your comment "An option to further restrict those activities to only the users you follow has it's own set of trade-offs, as activities that are not available for public consumption are not eligible for segment leaderboards."

    Is this a technical restriction? To my mind (not being a developer myself), I don't see why you couldn't hide the detailed activity page, while still having the activity included on segment leaderboards. 

    I think this approach warrants investigation, and if there's a technical reason why it's not possible that would be good to understand.  However, hiding the map on the activity page is a good idea as a compromise. 

    Thanks,

    Jenica

    0
    評論操作 永久連結
  • Hi,

     

    Some really great points on this thread. As I cycle from my work to my home, I decided for my own safety to only show activities to people that follow me, and I have request to follow enabled. Although this makes all of my activities non-public.

    I'd like to be able to set an activity to 'public' so that everybody can see it, even if they're not registered. This would mean I can have all of my day-to-day activities protected but then if I do a big event like a race, sportive or a classic climb etc I can make this ride public and share that activity with people that don't follow me.

    So the current functionality works for me, although a more granular ability to make activities public would be great! :)

    Thanks,

    Beth

    0
    評論操作 永久連結
  • Hi, it seems for me as well that privacy has no priority for Strava. The privacy settings are a big security problem and I will cancel my Premium Subscription till this is solved.


    1.    Wrong Start
    For Strava “enhanced privacy settings” means most of the time, that non-logged-in members aren´t able to see the full name or details of a ride. However just everybody with an account can see most details, even though they aren’t following me. Example? I do have “enhanced privacy settings” on and think my rides are just visible for followers, however if I join a club everybody can see all my rides, even though the club might be in the “private” mode.   


    2.    Degrees of Privacy
    I want to decide about the degree of privacy
    a)    totally private: these activities aren’t visible for anybody and don’t account for miles ridden or my goal for the week
    b)    follower private: my activities can be seen by followers, but segment-times aren’t listed in leaderboards
    c)    not private: logged in users are able to see details of my ride and the segment-times contribute to the leaderboards


    3.    Profile
    I don’t want not-follwers to see how much I trained (during the year or the last weeks) or my last achievements. And I want to see who checked my profile.

    4.    Clubs
    “Private” Clubs should be private. Just the members should be visible for everybody. Any rides, rankings, activitities or discussions(!) of club members should just be visible for club members.

    I can not understand that Strava does not secure the user data in a better way.

    2
    評論操作 永久連結
  • I agree with above comments. Ive decided to pull myself off strava as well, until these issues re solved..

     

    0
    評論操作 永久連結
  • I just discovered that even if you have set your security so that you have to approve your followers, if you're in a club, even those you have not approved to follow you can see ALL your ride details.  Even people who are not club members can see everything that your followers can see by going to the club, clicking on 'Recent Activity' scrolling down to your activity and clicking on it.  This negates the point of having to approve followers.  This is a gapping hole in security and likely gives users who have 'request to follow' enabled the incorrect belief that only those whom they approve to follow can see their activity details.  This needs to be attended to quickly. 

    1
    評論操作 永久連結
  • Thanks for raising this issue Lori. We will certainly discuss internally! 

    0
    評論操作 永久連結
  • Hi something I would really like to see is to be able to have a "whitelist" of users who can see my whole activities, just as I can see them myself including bits normally hidden by privacy zones, would that be possible?

    0
    評論操作 永久連結
  • Same applies to the activity playback under strava labs. You can see any ride that crossed yours even if the other rider has enhanced privacy enabled. Personally I don't mind that someone sees the flyby location with enhanced privacy, but full rides is a no go.

     

    I hope the privacy concerns will be soon fixed. 

    0
    評論操作 永久連結
  • Come on Strava this is exactly what your users want stop replying to posts and action privacy controls like other sites. Also, why if you block someone they still appear in your group rides can still see you and your activity this is useless and needs to be addressed.

    0
    評論操作 永久連結
  • Folks, it is totally unreasonable to want to appear on the leader board and then keep your ride hidden from my scrutinizing your "achievements".

    There are LOTS of folks that leave their recording device(app) running after they boarded a car or train.

    Those of us that has our placing displaced, needs to be able to see BOTH

    [1] Your full map (other than exact start/stop) -- so I can see where it is obvious you've pulled into a parking lot, loaded up your bike, and then hit the highway (where bikes aren't allowed).

    [2] Your speed graphs (for those times you didn't hit the highway) but are still in a car.

    Also those of us that has our placing displaced, needs to be able to see just how bad and jittery your iPhone recorded track is when you hit "50 mph" on that flat segment on your bike.

    If Strava can limit me to seeing rides of folks I don't follow to only those that appear higher than me on the leader board - that would be OK and more power to them.

    0
    評論操作 永久連結
  • David, these are things that can be determined from the segment, and the speed and positioning data within the segment, without seeing the whole map. If I completed segment A, then obviously you know where I was and how fast I was going. What you don't need to know is where I came from, what time I was there, and which other segments I completed that day. You really don't need to see parking lots - if you're so protective of your achievements that you see privacy concerns as 'totally unreasonable' I'm sure you'll just flag the ride anyway.
    1
    評論操作 永久連結
  • David, I tend to agree with you that you shouldn't be included in the leader board if you don't let people see your route data (other than privacy zone). 

    For me the concerns with privacy are that Strava does not have good ways for me to hide some more sensitive information such as my descriptions.  Personally I like to make comments that allow me to remember the ride better and how I was feeling, was I sick that day etc. However, I don't want to share this with everyone. Same as some may not want to share their weight and other personal info we should have granular control over what people see. 

    I think there are also holes where if you share some rides only with limited people then joining a group will show it to everyone in the group.

    Personally I'd be happy with the following privacy settings.

    1. Allow me to hide the description (or give me a personal notes section).

    2. Allow me to make a ride private and only show it to people or groups that I explicitly define. 

    3. Allow me to make a ride "Friends Only".

    4. And of course allow me to make a ride public.

    If I elect to hide a ride/run, then I should not be included in the leader board.

    Keith

     

    0
    評論操作 永久連結
  • David & Keith think you are missing the point I don't mind my name on segments and leader boards but I don't think anyone should be able to give kudos or comments that you don't know equally well anyone you have personally blocked should not be able to see any of your rides and show up in your group ride. If your that obsessed with find out how someone achieved the segment compared to you copy the URL of segment you are interested into raceshape.com will give you the info you require giving each user on strava the privacy controls they want! Or as it appears you become strava stalkers.
    0
    評論操作 永久連結

登入寫評論。

不是您要找的?

新貼文