Privacy concerns from fitness maps and apps

Blog Post created by jkerski-esristaff Employee on Feb 2, 2018

My colleague Jill Clark and I frequently write about the need to teach about and be aware of location privacy with the rapid advancement and web-enablement of GIS on our data blog in conjunction with our Esri Press book The GIS Guide to Public Domain Data.  Thus it wasn’t a surprise when recent concerns arose over an amazing map from Strava Labs.  Maps generated from GPS-enabled fitness devices and other recreational uses of GPS such as GPS Drawing, as well as those from the fitness tracker market such as Fitbit and Garmin, have for several years been sharable and viewable.  Strava has been one of the leaders in helping people stay motivated to meet their fitness goals by providing tools such as apps and maps.  But perhaps the Strava map attracted more attention than others because it contains an amazing “over 1 billion activities and 13 trillion data points”, or perhaps because the map is so responsive and contains some stunning cartography that the web map user can customize.  Yes, billion and trillion - "b" and "t" - truly big data.

Whatever the reason, as reported in USA Today Popular MechanicsWired, and elsewhere, location privacy concerns have arisen recently over the new Strava map.  Specifically, “Security experts over the weekend questioned whether the user-generated map could not only show the locations of military bases, but specific routes most heavily traveled as military personnel unintentionally shared their jogging paths and other routes.”  Some of the posts have reported that it may even be possible to scrape the data to discover the person behind each of the tracks, and the Strava CEO has responded to these and other concerns.  Any GIS user knows that much can be discovered through mapped layers and satellite imagery these days, shedding new light on what is really “secret” in our 21st Century world, but maps aimed at the recreational user are bringing these discussions to the general public. The particular concern with the Strava data is not so much just the location information, but the temporal data tied to the location, and potential identification of individuals.

Much of it comes down to what we have been saying in our writings:  Help your students to be critical consumers and creators of data.  Help them understand the pros and cons of sharing, what to share, and how to share, geospatial information--whether for a GIS project or for fun and recreation.  Help them to investigate and understand the defaults for whatever they are doing in GIS, whether it is the projection of their geospatial data or the location-based app on their phone.  Encourage them to ask, “What is the default–is my data public by default? What is the default projection?  Where is my default location for saving my geodatabase or map project?  Can I override these defaults, and if so, how?  What is the best way to represent my spatial information?  Do I need to share this information?  If I need to share the information, how should I do it?”  and then act accordingly.   For more on this topic, I encourage you to read some of our short but pointed essays, such as Why Does a Calculator App need to know my location?, Making the Most of Our Personal Location Dataposting cat pictures and The Invasion of the Data Snatchers.


Strava fitness map

A section of the Strava heat map, showing the results of people who have recorded and shared their fitness walks and runs.  As one might expect, city park and a high school track stand out as places where more people conduct these activities.  As with other maps showing locations where people are now or where they have been, location privacy concerns have been raised.