[imagesource:strava]

Strava – the hugely popular running and cycling app, often referred to as Cape Town’s Tinder, has just revealed its major security issues, especially for some of the world’s top brass people.

The Guardian reported how an investigation by French newspaper Le Monde has used the app to track the movements of Joe Biden, Donald Trump, Kamala Harris and other world leaders.

You’re right in thinking Trump doesn’t look like your typical Strava user, but his bodyguards are, and that’s how his location was given away during his recent assassination attempts.

In another example from the investigation, they identified a San Francisco hotel where Joe Biden was meeting Chinese President Xi Jinping, using an agent’s Strava-tracked jogging route. The paper also identified 12 members of the French security group GSPR and six members of the Russian FSO.

Yep, that means they saw Vladimir Putin’s bodyguards frequenting the areas around two mansions that Putin has denied are his.

Actually, Strava has always been a bit wonky with security.

In 2018, a student found it had mapped US bases in Syria and Afghanistan as well as the Royal Navy’s Faslane base. Another security flaw in 2022 revealed the identities and movements of security personnel at military bases in Israel. Then things got really serious last July …

In Singapore, rent-a-runners hit the news by offering a service whereby they logged on to other people’s IDs and did runs for them, and charged by the kilometre.

As Life Hacker notes Strava boasts a powerful suite of mapping tools, all fueled by the dynamic data in its global heatmap—a vivid, evolving map that captures the world’s running and cycling routes. Imagine this: the very moment you lace up and head out for a jog around the block, tracking it with Strava (or any app that syncs with it), the paths you tread subtly light up. Your route joins countless others, making the roads you ran just a bit brighter on this living map.

You can see the global heatmap here, although you’ll need a premium Strava subscription to view street-level data. Creative investigators or stalkers come up with plenty of ways to use this data to find the people they’re after.

Whenever Strava’s privacy issues make headlines, a familiar question surfaces: why would anyone want to broadcast their location or share their running and cycling routes with the world?

Well besides wanting to show off your fitness, you need to share the location of your runs (or cycling routes) to compete on the leaderboards it calls Segments. A Segment is a bit of road or trail, and you can get a CR (course record) or KOM/QOM (king or queen of the mountain) recognition for being the fastest person to cover that distance – ala motivation!

Strava has privacy controls, but you’ll want to use specific ones so that you don’t get locked out of Segments. To find the privacy settings, go into the Strava app, select You, and tap the settings gear. Then tap Privacy Controls. Fortunately, each setting has a pretty good explanation of what it does, so read those carefully. If you’re doing this on the web interface, make sure to hit “save” after each change.

Read more on each setting here.

[source:lifehacker]