We frequently write about the need to teach about and be aware of location privacy with the rapid advancement and web-enablement of GIS. Thus it wasn’t a surprise when recent concerns arose over an amazing map from Strava Labs. Maps generated from GPS-enabled fitness devices and other recreational uses of GPS such as GPS Drawing, as well as those from the fitness tracker market such as Fitbit and Garmin, have for several years been sharable and viewable. Strava has been one of the leaders in helping people stay motivated to meet their fitness goals by providing tools such as apps and maps. But perhaps the Strava map attracted more attention than others because it contains an amazing “over 1 billion activities and 13 trillion data points”, or perhaps because the map is so responsive and contains some stunning cartography that the web map user can customize.
Whatever the reason, as reported in USA Today, Popular Mechanics, Wired, and elsewhere, location privacy concerns have arisen recently over the new Strava map. Specifically, “Security experts over the weekend questioned whether the user-generated map could not only show the locations of military bases, but specific routes most heavily traveled as military personnel unintentionally shared their jogging paths and other routes.” Some of the posts have reported that it may even be possible to scrape the data to discover the person behind each of the tracks, and the Strava CEO has responded to these and other concerns. Any GIS user knows that much can be discovered through mapped layers and satellite imagery these days, shedding new light on what is really “secret” in our 21st Century world, but maps aimed at the recreational user are bringing these discussions to the general public. The particular concern with the Strava data is not so much just the location information, but the temporal data tied to the location, and potential identification of individuals.
Much of it comes down to what we have been saying in this blog–understand the defaults for whatever you are doing in GIS, whether it is the projection of your geospatial data or the location-based app on your phone. Ask yourself, “What is the default–is my data public by default? Is my projection Web Mercator by default? Can I override the default, and if so, how? What is the best way to represent this spatial information? Do I need to share this information? If I need to share the information, how should I do it?” and then act accordingly. For more on this topic, I encourage you to read some of our short essays, such as Why Does a Calculator App need to know my location?, Making the Most of Our Personal Location Data, posting cat pictures, and The Invasion of the Data Snatchers.
A section of the Strava heat map, showing the results of people who have recorded and shared their fitness walks and runs. As one might expect, city park and a high school track stand out as places where more people conduct these activities. As with other maps showing locations where people are now or where they have been, location privacy concerns have been raised.