You’ve got your STRAVA account and you’ve set up the HOME ZONE so no-one can find out where you live and steal your bike. Phew!!
All’s good, right? Your data is private and safe?
Well…emphatically …NO.
Before STRAVA even gets your file from, let’s say, Garmin, you will probably have already given Garmin MUCH more private data than just the likelihood of where you live based on the start points of your workouts.
Q: Is that important
A: Generally speaking, “probably not”. But I know MANY people are concerned about what data they are passing, to whom and simultaneously being very suspicious about what is being done with their data.
Let’s say you post a FIT file on the net for some help. Well, that FIT file probably tells the world your age, height, sex, VO2max and maybe a good estimate of the location of your home address. Probably also what expensive Garmin watch you own too!
What Data Is Involved?
The worst offender is the PERSONAL data in FIT files
Let’s start off with looking at what data you are putting in a FIT file from a modern Garmin device. For this article, I’ve used fitfilerepairtool.info to interrogate some of my workout files from the recent Fenix 6 and other devices. Handily, fitfilerepairtool has just come up with a new PRIVACY mode to clean your FIT Files. More on that in a minute.
Really Personal Stuff
Here are some of the data elements in a FIT file that you might consider to be private & personal, you can see they include gender, height, weight & age/year of birth as well as language. I guess knowing what language I speak isn’t that personal…but the rest is. This image shows the record names but the record contents ARE POPULATED with the ‘correct’ data that I’ve not shown.
Wahoo does NOT seem to need the same information, although you might consider your FTP to be private, especially if it has been ‘incorrectly calculated’ by your sports device (hmmm)
Looking instead at a TCX file the situation is much cleaner – it might be possible to ‘correctly’ incorporate some personal data into tcx files with the tcx schema but, other than device ID, I don’t think so.
Equipment-Related Stuff
You will also see other fields list the device type and ID, in this case, it’s the V800
You could perhaps check published files from reviewers to make sure that they really were using the devices that they claimed to be for certain tests.
Although you probably could NOT look at a FIT file to discover the identity of NEW devices that have not yet been made available for public sale. From my fleeting looks into this area, new devices (like the Fenix 6 today) do NOT have the device name saved into FIT files. This is added ‘later’ through a firmware update.
Location-related Stuff
Of course, the GPS points of every single part of your ride is in the original source file be that TCX, GPX or FIT. Maybe that gives away the exact location of your home or office.
STRAVA introduced privacy zone(s) to stop you inadvertently revealing your home or work location on a public profile. Apparently, there were cases of bike thefts several years ago where thieves identified fast riders and assumed they had expensive bikes and tracked them down and stole their bikes. Where I live in SW London, bike thefts ARE a problem but I don’t think that any are stolen using this particular method. Maybe because the STRAVA route to identifying where you live has been sufficiently closed down?
However, if you post a FIT file on a forum then I guess you’re fair game for having some unwanted person appearing at your doorstep.
Edit: As of 19 Sept, fitfilerepairtool.info has now added a HOME ZONE similar to that from STRAVA. I guess that’s one of the reasons removed that has previosuly stopped me publishing some workout test files (the other reasons is that my FTP is about 50w below where it was a few years back 😉 )
Thoughts
You can take privacy to extreme levels and argue that every heart beat or any performance statistic is personal. If you go down that route then you will only ever send anyone GPX files that just contain GPS points…and even they will still give an indication of how fast you are if you’re not careful.
You might shout “GDPR!” very loudly but I’m betting that we’ve all ticked the appropriate boxes somewhere that give the sports data companies of our choice the full right to do pretty much whatever they want with our data IF we want to keep using their services. Although most (all?) of them do give the options to create private accounts and/or private workouts.
You can ‘lie’ to Garmin Connect and put in incorrect personal information. The problem with that is that I would assume that ALL THE FIRSTBEAT stuff will be wrong as a result. So you should probably make all your accounts private but then that spoils the fun of social sharing of your sporting endeavours.
It’s perhaps cleaner to keep your private data and public data in separate accounts. To a degree, I do that but it’s a real, time-consuming PITA.
You could use something like fitfilerepairtool.info to strip out the personal data AND THE LOCATION POINTS AT THE START AND END OF THE RIDE – it costs Eu39 and does have an automatic batch mode. But you would have to run that BEFORE any kind of synchronisation with Garmin Connect. So, it’s possible but you would need to be organised.
Ideally, Garmin will introduce privacy settings into their ecosystem to cut out the data at source but I can’t see that happening as a) not enough of you will complain and b) it probably will be quite hard to do whilst still delivering the benefits of the Firstbeat physiology metrics throughout their ecosystem
So the only real solution to maintaining your data privacy that I can see is that you have to be more careful and insular.
Inspiration: fitfilerepairtool.info and, no, I don’t get anything if you buy it
By wearing any sort of sports tracker, you’re basically waving your rights to privacy for at least that company. What they do with that data is governed well by gdpr and the likes but they’re still going to have it.
Recently cleared out a bunch of old accounts based on this topic and am considering ditching Strava for the same. Not sure the social side of fitness is important enough to me to let strava know where I am every day of the week.
Worth adding that Garmin Connect also has privacy zones like Strava; something I believe that everyone should set up, but sadly they don’t as they’re not aware of the feature.
For anyone unsure where to go to set up privacy zones in Garmin Connect, log in to your Garmin Connect account on a web browser (you can’t do it from the Garmin Connect Mobile app), then click on your account symbol at the top right of the screen and go to Account Settings>Privacy Settings>Privacy Zones.
guess what…I wasn’t aware of this feature!!
thank you for the info
Adding me to the duo of people that didn’t know that existed. Huh!
even more strangely mine was already setup
Wow, I didn’t either. Wonder if they’ve ever advertised it and how long it’s been there. The reality, though, is that for most of us the ship has already sailed. It wouldn’t take much for pretty much anyone to figure out the things you are talking about hiding here.
Most strava users setup the privacy zone in a way that reveals exactly where they are!
If your address is the center of the zone, and the strava zone has a known width (which it does), then your private location is defined by a arc from the “vanish point”. If your activity track has more than one “vanish point” then it is simple to locate the center of the zone!
So always hide the true center of the privacy zone. Maybe place it on your neighboring competitor’s bike storage shed.
sort of, the varying centre point of the circle can have more than one width
The privacy zone is no longer that simple. It used to be, but is no longer a static circle. It now moves.
Maybe, MAYBE, their movement is so simple that one could find the true center by finding what spot has the lowest frequency of paths running through it, but that’s not the same thing at all as what you’re alleging.
Is it still actually a shock to people that this is what you agree to when accepting a companies terms and conditions / terms of use / data privacy policy? If you want to know, read those documents when you sign up. If you don’t like it, nobody forces you to use the service. Get over it.
I think most people realise that.
Hopefully the post highlighted some of the kinds of data that are in a FIT file eg age, gender and your location. and a means to remove it by stripping out the data.