Is Strava Safe for Activity and Route Tracking?
Strava is a social fitness platform for runners, cyclists, and other athletes that tracks GPS routes and performance data. The platform gained notoriety when its Global Heatmap inadvertently revealed the locations of secret military bases and patrol routes used by soldiers. Activity routes can reveal your home address, workplace, and daily patterns if not properly configured. While Strava offers privacy zones and activity visibility controls, the default settings expose significant location data. Strava requires careful privacy configuration to use safely.
What Strava Collects
- Detailed GPS routes including exact start and end locations
- Speed, distance, elevation, and heart rate data from connected devices
- Activity timestamps revealing daily routines and patterns
- Photos and descriptions attached to activities
- Social interactions including followers, kudos, and comments
Who Sees Your Data
- Strava Inc. for platform operations and feature development
- Other Strava users based on your privacy settings (public by default)
- Third-party apps connected through the Strava API
- Aggregate data contributors to the Strava Metro and Heatmap products
The Global Heatmap Incident
In 2018, security analysts discovered that Strava Global Heatmap, which visualizes aggregated user activity, revealed the layouts and patrol routes of secret military installations in remote areas where only military personnel would be exercising. The heatmap exposed bases in Afghanistan, Syria, and other sensitive locations. The incident demonstrated how aggregated fitness data can reveal security-critical information. Strava has since updated its heatmap policies, but the episode permanently illustrated the privacy risks of shared GPS data.
Home and Workplace Exposure
Most Strava activities start and end at the same locations, typically your home and workplace. If your activities are public, anyone can see exactly where you live and work by viewing the start and end points of your routes. Strava privacy zones can obscure these locations by hiding the first and last portion of your routes within a specified radius. However, privacy zones must be manually configured and the default radius may not be large enough to truly obscure your address from determined observers. Set up privacy zones immediately upon creating your account.
Social Features and Default Visibility
Strava has a strong social component with followers, clubs, leaderboards, and activity feeds. By default, activities may be visible to other Strava users or even publicly indexed. This social design encourages sharing but creates privacy exposure if you do not intentionally configure visibility settings. Review who can see your activities, turn off features like Flyby that show your proximity to other users, and consider whether the social benefits outweigh the detailed location data you are sharing with the community.
Recommended Privacy Settings
| Setting | Where | Recommended |
|---|---|---|
| Privacy Zones | Settings > Privacy Controls > Privacy Zones | Create privacy zones around your home and workplace with the maximum radius to obscure start and end points |
| Activity Default Visibility | Settings > Privacy Controls > Default Activity Privacy | Set default visibility to Followers Only or Only You rather than Everyone |
| Flyby | Settings > Privacy Controls > Flyby | Disable Flyby to prevent other users from seeing when your routes overlapped with theirs |
Safer Alternatives
Tracks activity data locally on your device without a social sharing component, keeping routes private by default
Syncs with Garmin devices with granular privacy controls and no social-first default sharing
Our Verdict
Strava is a powerful fitness tracking platform but requires careful privacy configuration due to the detailed GPS route data it collects and shares by default. The Global Heatmap incident demonstrated the real-world consequences of shared location data. Set up privacy zones immediately, change default activity visibility to private or followers-only, and disable features like Flyby that expose your proximity to other users. With proper configuration, Strava can be used safely, but the default settings expose too much location data for a caution-free rating.
Related Safety Checks
Frequently Asked Questions
Can someone find my home address through Strava?
Yes, if your activities are public and you have not set up privacy zones. Most runs, rides, and walks start and end at your home, and anyone viewing your activity map can see these locations. Strava privacy zones hide the portions of your route within a configurable radius of a specified address. Set up privacy zones for your home, workplace, and any other sensitive locations immediately. Use the maximum available radius for best protection.
What did the Strava Heatmap reveal?
In 2018, the Strava Global Heatmap revealed the locations and layouts of military bases, CIA black sites, and patrol routes in conflict zones. In remote areas where few civilians exercise, the heatmap showed concentrated activity patterns that clearly outlined military installations. The Pentagon issued guidance restricting military personnel from using fitness trackers. The incident demonstrated that aggregated location data, even when anonymized, can reveal sensitive information when concentrated in otherwise empty areas.
How do I make my Strava activities private?
Go to Settings then Privacy Controls and change your Default Activity Privacy to Followers Only or Only You. Set up Privacy Zones for your home and workplace. Disable Flyby and the Local Legends features. Review your follower list and remove anyone you do not want seeing your activities. You can also make individual past activities private by editing each one. For maximum privacy, consider using Strava only for personal tracking without the social features.