the5krunner

FIT File Privacy – How PRIVATE Is Your Personal Data?

Source: freeimages.com

FTC: Affiliate Disclosure: All links pay commissionReading Time: 5 minutes

You’ve got your STRAVA account and you’ve set up the HOME ZONE so no-one can find out where you live and steal your bike. Phew!!

All’s good, right? Your data is private and safe?

Well…emphatically …NO.

Before STRAVA even gets your file from, let’s say, Garmin, you will probably have already given Garmin MUCH more private data than just the likelihood of where you live based on the start points of your workouts.

Q: Is that important

A: Generally speaking, “probably not”. But I know MANY people are concerned about what data they are passing, to whom and simultaneously being very suspicious about what is being done with their data.

Let’s say you post a FIT file on the net for some help. Well, that FIT file probably tells the world your age, height, sex, VO2max and maybe a good estimate of the location of your home address. Probably also what expensive Garmin watch you own too!

I was generally not too bothered about these things myself but there have been a couple of incidents which gave me pause for thought and that’s one of the reasons why I run this blog pseudo-anonymously. You may well have other, valid reasons of your own for wanting a similar level of privacy. Perhaps you really are that fast.

What Data Is Involved?

The worst offender is the PERSONAL data in FIT files

Let’s start off with looking at what data you are putting in a FIT file from a modern Garmin device. For this article, I’ve used fitfilerepairtool.info to interrogate some of my workout files from the recent Fenix 6 and other devices. Handily, fitfilerepairtool has just come up with a new PRIVACY mode to clean your FIT Files. More on that in a minute.

Really Personal Stuff

Here are some of the data elements in a FIT file that you might consider to be private & personal, you can see they include gender, height, weight & age/year of birth as well as language. I guess knowing what language I speak isn’t that personal…but the rest is. This image shows the record names but the record contents ARE POPULATED with the ‘correct’ data that I’ve not shown.

Wahoo does NOT seem to need the same information, although you might consider your FTP to be private, especially if it has been ‘incorrectly calculated’ by your sports device (hmmm)

Looking instead at a TCX file the situation is much cleaner – it might be possible to ‘correctly’ incorporate some personal data into tcx files with the tcx schema but, other than device ID, I don’t think so.

Equipment-Related Stuff

You will also see other fields list the device type and ID, in this case, it’s the V800

You could perhaps check published files from reviewers to make sure that they really were using the devices that they claimed to be for certain tests.

Although you probably could NOT look at a FIT file to discover the identity of NEW devices that have not yet been made available for public sale. From my fleeting looks into this area, new devices (like the Fenix 6 today) do NOT have the device name saved into FIT files. This is added ‘later’ through a firmware update.

Location-related Stuff

Of course, the GPS points of every single part of your ride is in the original source file be that TCX, GPX or FIT. Maybe that gives away the exact location of your home or office.

STRAVA introduced privacy zone(s) to stop you inadvertently revealing your home or work location on a public profile. Apparently, there were cases of bike thefts several years ago where thieves identified fast riders and assumed they had expensive bikes and tracked them down and stole their bikes. Where I live in SW London, bike thefts ARE a problem but I don’t think that any are stolen using this particular method. Maybe because the STRAVA route to identifying where you live has been sufficiently closed down?

STRAVA Privacy Zone – EXACTLY How Does It Work?

However, if you post a FIT file on a forum then I guess you’re fair game for having some unwanted person appearing at your doorstep.

Edit: As of 19 Sept, fitfilerepairtool.info has now added a HOME ZONE similar to that from STRAVA. I guess that’s one of the reasons removed that has previosuly stopped me publishing some workout test files (the other reasons is that my FTP is about 50w below where it was a few years back 😉 )

fitfilerepairtool.info – export screen – strip that personal data !!

Thoughts

You can take privacy to extreme levels and argue that every heart beat or any performance statistic is personal. If you go down that route then you will only ever send anyone GPX files that just contain GPS points…and even they will still give an indication of how fast you are if you’re not careful.

You might shout “GDPR!” very loudly but I’m betting that we’ve all ticked the appropriate boxes somewhere that give the sports data companies of our choice the full right to do pretty much whatever they want with our data IF we want to keep using their services. Although most (all?) of them do give the options to create private accounts and/or private workouts.

You can ‘lie’ to Garmin Connect and put in incorrect personal information. The problem with that is that I would assume that ALL THE FIRSTBEAT stuff will be wrong as a result. So you should probably make all your accounts private but then that spoils the fun of social sharing of your sporting endeavours.

It’s perhaps cleaner to keep your private data and public data in separate accounts. To a degree, I do that but it’s a real, time-consuming PITA.

You could use something like fitfilerepairtool.info to strip out the personal data AND THE LOCATION POINTS AT THE START AND END OF THE RIDE – it costs Eu39 and does have an automatic batch mode. But you would have to run that BEFORE any kind of synchronisation with Garmin Connect. So, it’s possible but you would need to be organised.

Ideally, Garmin will introduce privacy settings into their ecosystem to cut out the data at source but I can’t see that happening as a) not enough of you will complain and b) it probably will be quite hard to do whilst still delivering the benefits of the Firstbeat physiology metrics throughout their ecosystem

So the only real solution to maintaining your data privacy that I can see is that you have to be more careful and insular.

Inspiration: fitfilerepairtool.info and, no, I don’t get anything if you buy it

Reader-Powered Content

This content is not sponsored. It's mostly me behind the labour of love which is this site, meaning it's entirely reader-powered content I'd really appreciate it if you'd follow, subscribe or Buy Me A Coffee Alternatively please buy the reviewed product from my partners (which costs you no extra) and, for that, I receive a small commission. Thank you!
FTC: Affiliate Disclosure: All links pay commission
Exit mobile version