If you use a fitness tracker and post your workouts online, you may be sharing more than your distance and your pace.
You could also be sharing the location of your home, even if you have been using the privacy protections offered by fitness tracking sites.
University of Illinois computer science professor Adam Bates researches and teaches computer security. Bates has analyzed privacy protections offered by Strava and Garmin Connect, the two most popular fitness sites for tracking workouts, as well as a smaller company called Map My Tracks. The sites allow runners and cyclists to record their favorite routes and upload their workouts to compare with and compete against other athletes.
“They’ve tapped into something that allows you to connect with a broader community of athletes. There’s clearly a benefit to the service they are offering,” Bates said.
But he found that even with when certain privacy protections are used, he could determine where athletes were starting their workouts.
“In the past year, everyone is becoming much more aware of the privacy risks on social networks. But no one is talking about fitness networks,” he said. “Instead of posting what you had for dinner, you’re posting your location and, in some respects, your health data. That can be really dangerous information in the hands of someone who wants to do you harm.”
Users of both Garmin Connect and Strava can keep their information private and share it only with other individuals they choose, similar to Facebook and Twitter. “But in doing so, you miss out on a lot of the benefits to the service,” Bates said.
For those who choose to have their workout information public, so they compete against other users, the services offer privacy zones that don’t specify the address of where you start your workout — which for most people would be their home address. Instead, the sites place a circle over the start and end points of your workout, hiding their exact location.
“It’s like an anonymity bubble,” said Bates, who found that 16.5 percent of athletes used the privacy zones on the fitness tracker sites.
But he found the information isn’t really as secure as you might think.
After a student suggested it would be easy to find the exact address where someone started a workout, Bates tested it out.
For someone using the privacy zone, the fitness sites draw a circle of a certain radius around the location where a workout starts. But, he said, “until recently, it would plot the circle directly over the place you’re trying to protect.
“You can see the boundary of the circle based on where the route ends. If you know the radius and a couple of points along the circle, there are only so many ways to draw a circle that would match up with this,” Bates said. “This is basically a geometry problem.”
He and his students designed an algorithm to solve the geometry problem. They analyzed 21 million public Strava posts recorded by 3 million users over the span of a month, using privacy zones. Bates initially found that he could figure out the exact location where a person started his or her workout in 84 percent of the posts. When he considered people who had logged at least three workouts during the month, the number of times he could identify the exact starting location increased to 95 percent.
Then Bates and his students began looking at how to improve the security of the fitness websites. They suggested a surprisingly simple fix: Rather than placing a circle indicating a range of possible starting locations with the center directly over a person’s actual starting point, allow the system to randomly select an offset point and place the circle over it.
“This gives you geo-indistinguishability, or the likelihood that a user’s home will fall at any point within the circle,” Bates said.
He found that method reduced the certainty of finding the exact starting location of a workout from 95 percent to between 30 and 45 percent.
“That’s a very real impact for people’s safety,” Bates said.
He contacted the companies about his findings and has been working with them on privacy strategies. Strava and Garmin Connect have incorporated additional privacy methods.
Strava added the geo-indistinguishability factor that places a circle over a random starting point near the actual starting point and that gives the user the option of regenerating the circle.
Garmin obscured the point at which a workout route is truncated when the privacy zone is in use, so the exact boundary of the circle can’t be detected, and it randomly changes the place where a workout is truncated for each route.
“Strava and Garmin Connect were really open about the changes that they made. They are sharing with their users the information they need to make informed decisions about their own privacy,” Bates said.
Bates said that even with privacy settings, there is still a risk to posting personal information online. He recommended athletes set their profiles to private or be cautious about what information they are sharing with the world.
Just as Bates was doing his research on the privacy networks of the fitness websites, news stories were reporting that a student studying international security found that Strava’s heat maps — visualizations of user activity — could reveal the location of U.S. military facilities in certain locations, including hostile nations. So Bates looked at his dataset to see if anyone had logged data from those locations during the time period he was analyzing. He found about 30 workouts had been recorded, and the athletes used the privacy zones at about the same rate as the general population.
“This suggests people on military compounds were aware there was privacy risk and thought they were taking appropriate precautions,” Bates said. “This mechanism presented the illusion of privacy.”
The Department of Defense has since banned the use of fitness trackers for personnel at some locations.
Jodi Heckel, a writer for the University of Illinois News Bureau, is a runner and triathlete. You can email her at [email protected], or follow her at twitter.com/jodiheckel. Her blog is at www.news-gazette.com/blogs/starting-line/.
Photos: Top: University of Illinois computer science professor Adam Bates; Bottom: Strava, a popular fitness site for tracking workouts, allows runners and cyclists to record their favorite routes and upload their workouts to share with other athletes. It offers a privacy network to hide the exact starting and ending location of workouts.