DOCSLIB.ORG

Analysis of Privacy Protections in Fitness Tracking Social Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analysis of Privacy Protections in Fitness Tracking Social Networks Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide? Wajih Ul Hassan, Saad Hussain, and Adam Bates, University Of Illinois Urbana-Champaign https://www.usenix.org/conference/usenixsecurity18/presentation/hassan This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide? Wajih Ul Hassan∗ Saad Hussain∗ Adam Bates University of Illinois at Urbana-Champaign fwhassan3,msh5,[email protected] Abstract tracking (i.e., self-tracking [44]). These apps sync to Mobile fitness tracking apps allow users to track their a social network that provides users with the ability to workouts and share them with friends through online so- track their progress and share their fitness activities with cial networks. Although the sharing of personal data other users. The ability to share fitness activities is an es- is an inherent risk in all social networks, the dangers sential ingredient to the success of these services, moti- presented by sharing personal workouts comprised of vating users to better themselves through shared account- geospatial and health data may prove especially grave. ability with friends and even compete with one another While fitness apps offer a variety of privacy features, at via leaderboards that are maintained for popular routes. present it is unclear if these countermeasures are suffi- Although the sharing of personal data is an inherent cient to thwart a determined attacker, nor is it clear how risk in all social networks [42, 45, 48, 53, 56], there are many of these services’ users are at risk. unique risks associated with the data collected by fitness In this work, we perform a systematic analysis of apps, where users share geospatial and temporal infor- privacy behaviors and threats in fitness tracking social mation about their daily routines, health data, and lists of networks. Collecting a month-long snapshot of pub- valuable exercise equipment. While these services have lic posts of a popular fitness tracking service (21 mil- previously been credited as a source of information for lion posts, 3 million users), we observe that 16.5% of bicycle thieves (e.g., [6, 17]), the true risk of sharing this users make use of Endpoint Privacy Zones (EPZs), which data came to light in January 2018 when Strava’s global conceal fitness activity near user-designated sensitive lo- heat map was observed to reveal the precise locations of cations (e.g., home, office). We go on to develop an classified military bases, CIA rendition sites, and intel- attack against EPZs that infers users’ protected loca- ligence agencies [24]. Fitness activity is thus not only a tions from the remaining available information in pub- matter of personal privacy, but in fact is “data that most lic posts, discovering that 95.1% of moderately active intelligence agencies would literally kill to acquire” [46]. users are at risk of having their protected locations ex- In response to public criticism over the global heat tracted by an attacker. Finally, we consider the efficacy map incident, Strava has pointed to the availability of of state-of-the-art privacy mechanisms through adapting a variety of privacy protection mechanisms as a means geo-indistinguishability techniques as well as developing for users to safeguard their accounts [50] – in addition a novel EPZ fuzzing technique. The affected companies to generic privacy settings, domain-specific mechanisms have been notified of the discovered vulnerabilities and such as Endpoint Privacy Zones (EPZs) conceal fitness at the time of publication have incorporated our proposed activity that occurs within a certain distance of sensitive countermeasures into their production systems. user locations such as homes or work places [15, 16, 13]. However, at present it is unclear if such features are widely used among athletes, nor is it clear that these 1 Introduction countermeasures are adequate to prevent attackers from discovering the private locations of users. Fitness tracking applications such as Strava [23] and In this work, we perform a systematic analysis of pri- MapMyRide [1] are growing increasingly popular, pro- vacy threats in fitness tracking social networks. We begin viding users with a means of recording the routes of by surveying the fitness app market to identify classes of their cycling, running, and other activities via GPS-based privacy mechanisms. Using these insights, we then for- ∗Joint first authors. malize an attack against the Endpoint Privacy Zones fea- USENIX Association 27th USENIX Security Symposium 497 (a) Without Privacy Zone (b) With Privacy Zone Figure 1: Summary of a Strava running activity that occurred in Austin, Texas during USENIX Security 2016. Figure 1a displays the full exercise route of the athlete. Figure 1b shows the activity after an Endpoint Privacy Zone (EPZ) was retroactively added, 1 obscuring the beginning and end parts of the route that fell within 8 miles of the Hyatt Regency Austin hotel. ture. To characterize the privacy habits of users, we col- demand for privacy protections by 16.5%, motivating lect a month-long activity dataset of public posts from the need for further study in this area. Strava, an exemplar fitness tracking service. We next use this dataset to evaluate our EPZ attack, discovering • Develop Privacy Extensions. Leveraging our that 95.1% of regular Strava users are at risk of having dataset of public activity posts, we evaluate the effec- their homes and other sensitive locations exposed. We tiveness of state-of-the-art privacy enhancements (e.g., demonstrate the generality of this result by replicating geo-indistinguishability [26]) for solving problems in our attack against data collected from two other popular fitness tracking services, and develop novel protec- fitness apps, Garmin Connect and Map My Tracks. tions based on insights gained from this study. These findings demonstrate privacy risks in the state- of-the-practice for fitness apps, but do not speak to the • Vulnerability Disclosure. We have disclosed these state-of-the-art of location privacy research. In a final results to the affected fitness tracking services (Strava, series of experiments, we leverage our Strava dataset Garmin Connect, and Map My Tracks). All companies to test the effectiveness of privacy enhancements that have acknowledged the vulnerability and have incor- have been proposed in the literature [26, 27]. We first porated one or more of our proposed countermeasures evaluate the EPZ radius obfuscation proposed by [27]. into their production systems.1 Next, we adapt spatial cloaking techniques [41] for use in fitness tracking services in order to provide geo- indistinguishability [26] within the radius of the EPZ. 2 Fitness Tracking Social Networks Lastly, we use insights from our attack formalization to develop a new privacy enhancement that randomizes the Popularized by services such as Strava [23], fitness track- boundary of the EPZ in order to conceal protected lo- ing apps provide users the ability to track their outdoor cations. While user privacy can be improved by these fitness activities (e.g., running) and share those activi- techniques, our results point to an intrinsic tension that ties with friends as well as other users around the world. exists within applications seeking to share route infor- Leveraging common sensors in mobile devices, these mation and simultaneously conceal sensitive end points. services track users’ movements alongside other met- Our contributions can be summarized as follows: rics, such as the altitude of the terrain they are travers- ing. After completing a fitness activity, users receive a • Demonstrate Privacy Leakage in Fitness Apps. We detailed breakdown of their activities featuring statistics formalize and demonstrate a practical attack on the such as distance traveled. If the user pairs a fitness moni- EPZ privacy protection mechanism. We test our at- tor (e.g., Fitbit [3]) to the service, the activity can also be tack against real-world EPZ-enabled activities to de- associated with additional health metrics including heart termine that 84% of users making use of EPZs unwit- rate. Beyond publishing activities to user profiles, fit- tingly reveal their sensitive locations in public activity ness tracking services also offer the ability for users to posts. When considering only moderate and highly create and share recommended routes (segments). Each active users, the detection rate rises to 95.1%. segment is associated with a leaderboard that records the speed with which each user completed it. Most fitness tracking services also contain a social network platform • Characterize Privacy Behaviors of Fitness App Users. through which users can follow each other [12, 18, 23]. We collect and analyze 21 million activities represent- ing a month of Strava usage. We characterize demo- 1A summary of the disclosure process as well a statement on the graphic information for users and identify a significant ethical considerations of this work can be found in Section9. 498 27th USENIX Security Symposium USENIX Association Radius Private Private Block # D/Ls EPZs App Name Profiles Activities Users Sizes [min,max], inc Strava [23] 10M 3 3 3 3 [201,1005], 201 x Garmin [12] 10M 3 3 7 3 [100,1000], 100 Runtastic [22] 10M 3 7 3 7 - RunKeeper [21] 10M 3 3 7 7 - Endomondo [20] 10M 7 3 7 7 - MapMyRun [1] 5M 3 3 7 7 - Nike+ [7] 5M 3 3 7 7 - Map My 1M 7 3 7 3 [500,1500], 500 Tracks [18] Table 1: Summary of privacy features offered across different (a) With fewer activities, there are multiple possible EPZs. popular fitness tracking services. #D/Ls: downloads (in mil- lions) on Android Play store.
Load more

Recommended publications
  • Crowd Cycling: Understanding Cyclist Behaviour Using the Mobile Tracking App Strava
    Crowd Cycling: Understanding cyclist behaviour using the mobile tracking app Strava Mark Dunleavy A research paper submitted to the University of Dublin, in partial fulfilment of the requirements for the degree of Master of Science Interactive Digital Media 2015 Declaration I declare that the work described in this research paper is, except where otherwise stated, entirely my own work and has not been submitted as an exercise for a degree at this or any other university. Signed: ____________________________ Mark Dunleavy 14 May 2015 Permission to lend and/or copy I agree that Trinity College Library may lend or copy this research paper upon request. Signed: ____________________________ Mark Dunleavy 14 May 2015 Acknowledgement I would like to thank my research supervisor Professor Glenn Strong for his guidance and encouragement during this research. I would also like to thank my wonderful wife Jennifer for her support and amazing MS Word skills. Summary Concerns over traffic congestion, climate change and increased morbidity and mortality due to the rising rate of obesity have led to the promotion of cycling as a means to address all these issues simultaneously. Governments and city planners have created policies, and reserved significant funds, to promote cycling as a mode of transport. Many cities, however, have evolved for motor vehicles with little consideration for cyclists. In order to ensure that the cycle- friendly policies are implemented as efficiently and effectively as possible, planners need to understand how cyclists behave, both as individuals and as a group. Current information on cyclist behaviour is derived mainly from surveys and bicycle counting studies, providing a very limited snapshot of cyclist behaviour in cities.
    [Show full text]
  • Connect Compatible Apps and Devices to Go365®
    EARN REWARDS Connect compatible apps and devices to Go365® Go365.com GCHJHTFEN 0621 Table of contents Compatible fitness devices and apps 2 Earn Points by type of tracker 3 • Earn Points using your device 3 • Earn Points using your mobile app 4 • Earn Points for virtual coaching apps 5 How to connect to Go365 6 Important details after you’ve connected 7 How to earn Points 8 • Verified workouts and bonus Points 8 • Virtual well-being coaching activities 9 • Additional Go365 activities 10 1 Compatible fitness devices and apps Manufacturer Device Expresso All Expresso devices are compatible Fitbit All Fitbit wearable devices are compatible Garmin All Garmin wearable devices are compatible All Garmin Edge devices are compatible iHealth Edge Misfit All Misfit wearable devices are compatible Withings All Withings wearable, scale and blood (formerly Nokia Health) pressure devices are compatible Polar All Polar devices are compatible Qardio All Qardio scale and blood pressure devices are compatible Compatible apps Apple Health Health IQ Samsung Health Craving to Quit Life Fitness MyLife Daily Burn MyFitnessPal (formerly Stop, Breathe & Eat Right Now Noom Think) Fitbit RunDouble C25k Strava Fitbit Premium RunKeeper Unwinding Anxiety References to products and equipment in this material are not an endorsement or warranty by Humana or Go365 of the products or equipment. The manufacturer of the products or equipment is solely responsible for defects with or problems arising out of the use of the products or equipment. Such references to products and equipment are used as examples of products and equipment that are compatible with Go365, of which are subject to change at any time without notice.
    [Show full text]
  • How to Sync Your Device to Staywell the Following Slides Include a Step-By-Step Guide to Get You Started with Tracking Your Fitness in My Staywell Platform
    How to Sync your Device to StayWell The following slides include a step-by-step guide to get you started with tracking your fitness in My StayWell Platform. Choose from the following options: Available connections: Connect a Device • Apple Health Kit • Fat Secret (iPhone or Apple Watch) • Fitbit Connect the Apple Health App • Garmin • Google Fit Connect the Google Fit App (Android) • HealthSpective • IHealth • MapMyFitness • MyFitnessPal • Misfit • Runkeeper • Strava • Vitadock • Withings How to Sync your Device 1. Click the sync icon in the top right-hand corner of the dashboard. 2. Choose source (e.g. Fitbit) 3. Enter login credentials and share all activity How to Sync the Apple Health App (iPhone or Apple Watch) It’s simple to sync your iPhone or Apple watch with the My StayWell app! Review the following step by step guide to get started with tracking your fitness in the My StayWell Platform! A few notes before getting started: - The StayWell Platform app is called “My StayWell” in the App Store. - These instructions are how to sync your Apple Health app with the My StayWell Platform app, so be sure to find the My StayWell app in the App store on your phone, download it, and log in before continuing with this guide. - Once your Apple Health app is synced with the My StayWell app, just log in to the My StayWell app regularly to see your Apple Health data automatically shared to your StayWell account. How to Sync the Apple Health App (iPhone or Apple Watch) Before getting started, make sure that you have downloaded the My StayWell app from the App store and have logged in.
    [Show full text]
  • Exploring the Use of Mobile and Wearable Technology Among University Student Athletes in Lebanon: a Cross-Sectional Study
    sensors Article Exploring the Use of Mobile and Wearable Technology among University Student Athletes in Lebanon: A Cross-Sectional Study Marco Bardus 1, Cecile Borgi 2, Marwa El-Harakeh 2 , Tarek Gherbal 3,4, Samer Kharroubi 2 and Elie-Jacques Fares 2,* 1 Department of Health Promotion and Community Health, Faculty of Health Sciences, American University of Beirut, Beirut 1107 2020, Lebanon; [email protected] 2 Department of Nutrition and Food Sciences, Faculty of Agricultural and Food Sciences, American University of Beirut, Beirut 1107 2020, Lebanon; [email protected] (C.B.); [email protected] (M.E.-H.); [email protected] (S.K.) 3 University Sports, Office of Student Affairs, American University of Beirut, Beirut 1107 2020, Lebanon; [email protected] 4 Aman Hospital, Doha, Qatar * Correspondence: [email protected] Abstract: The markets of commercial wearables and health and fitness apps are constantly growing globally, especially among young adults and athletes, to track physical activity, energy expenditure and health. Despite their wide availability, evidence on use comes predominantly from the United States or Global North, with none targeting college student-athletes in low- and middle-income Citation: Bardus, M.; Borgi, C.; countries. This study was aimed to explore the use of these technologies among student-athletes at El-Harakeh, M.; Gherbal, T.; the American University of Beirut (AUB). We conducted a cross-sectional survey of 482 participants Kharroubi, S.; Fares, E.-J. Exploring (average age 20 years) enrolled in 24 teams during Fall 2018; 230 students successfully completed the Use of Mobile and Wearable the web-based survey, and 200 provided valid data.
    [Show full text]
  • The Effect of Physical Activity Apps on Physical Activity Behavior and Users’ Evaluation of Physical Activity Apps
    Wageningen University – Department of Social Sciences Chair Group Strategic Communication The Effect of Physical Activity Apps on Physical Activity Behavior and Users’ Evaluation of Physical Activity Apps 31 March 2016 MSc Thesis Strategic Communication (CPT-81333) MSc Applied Communication Science Laura Ploumen 1st Supervisor: Jorinde Spook 2nd Supervisor: Edith Feskens Abstract Background: A new development in the promotion of health and physical activity (PA) is the use of PA apps. This development brings along a new field of research. Despite the broad range of research in the previous years, there are still research gaps with regard to the effect of PA apps on behavior determinants and with regard to the users’ evaluation of PA apps. Objective: Determine what the effect is of the use of PA apps on PA and its’ determinants self-efficacy, outcome expectations, socio-structural factors, and self-regulation. In addition, an objective is to find out how Dutch adults evaluate PA apps and why they use it or do not use it. Methods: The Social Cognitive Theory (SCT) was the theoretical framework for this study. A cross-sectional study design was used, with 251 participants. Differences in determinants, PA and PA enjoyment between app users (N=63) and non-users (N=188) were measured using ANCOVA’s, adjusting for the covariates age and education. As exploratory research, mediation analyses were performed to get insight into the underlying mechanisms of the SCT model. Several apps were evaluated using a system usability score, an evaluation of behavior change techniques and open questions. Results: App users scored significantly higher than non-users on self-efficacy, outcome expectations, and self- regulation.
    [Show full text]
  • Securerun: Cheat-Proof and Private Summaries for Location-Based Activities Anh Pham, Kévin Huguenin, Igor Bilogrevic, Italo Dacosta, Jean-Pierre Hubaux
    SecureRun: Cheat-Proof and Private Summaries for Location-Based Activities Anh Pham, Kévin Huguenin, Igor Bilogrevic, Italo Dacosta, Jean-Pierre Hubaux To cite this version: Anh Pham, Kévin Huguenin, Igor Bilogrevic, Italo Dacosta, Jean-Pierre Hubaux. SecureRun: Cheat-Proof and Private Summaries for Location-Based Activities. IEEE Transactions on Mo- bile Computing, Institute of Electrical and Electronics Engineers, 2016, 15 (8), pp.2109-2123. 10.1109/TMC.2015.2483498. hal-01198596 HAL Id: hal-01198596 https://hal.archives-ouvertes.fr/hal-01198596 Submitted on 18 Sep 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. IEEE TRANSACTIONS ON MOBILE COMPUTING 1 SecureRun: Cheat-Proof and Private Summaries for Location-Based Activities Anh Pham, Student Member, IEEE, Kevin´ Huguenin, Member, IEEE, Igor Bilogrevic, Member, IEEE, Italo Dacosta, Member, IEEE, Jean-Pierre Hubaux, Fellow, IEEE Abstract—Activity-tracking applications, where people record and upload information about their location-based activities (e.g., the routes of their activities), are increasingly popular. Such applications enable users to share information and compete with their friends on activity-based social networks but also, in some cases, to obtain discounts on their health insurance premiums by proving they conduct regular fitness activities.
    [Show full text]
  • Sport Trackers and Big Data: Studying User Traces to Identify Opportunities and Challenges Rudyar Cortés, Xavier Bonnaire, Olivier Marin, Pierre Sens
    Sport Trackers and Big Data: Studying user traces to identify opportunities and challenges Rudyar Cortés, Xavier Bonnaire, Olivier Marin, Pierre Sens To cite this version: Rudyar Cortés, Xavier Bonnaire, Olivier Marin, Pierre Sens. Sport Trackers and Big Data: Studying user traces to identify opportunities and challenges. [Research Report] RR-8636, INRIA Paris. 2014. hal-01092242 HAL Id: hal-01092242 https://hal.inria.fr/hal-01092242 Submitted on 8 Dec 2014 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Sport Trackers and Big Data: Studying user traces to identify opportunities and challenges Rudyar Cortés, Xavier Bonnaire, Olivier Marin, Pierre Sens RESEARCH REPORT N° 8636 November 2014 Project-Teams ARMADA ISSN 0249-6399 ISRN INRIA/RR--8636--FR+ENG Sport Trackers and Big Data: Studying user traces to identify opportunities and challenges Rudyar Cortés, Xavier Bonnaire, Olivier Marin, Pierre Sens Project-Teams ARMADA Research Report n° 8636 — November 2014 — 15 pages Abstract: Personal location data is a rich source of big data. For instance, fitness-oriented sports tracker applications are increasingly popular and generate huge amounts of location data gathered from sensors such as GPS and accelerometers.
    [Show full text]
  • A Digital Forensic Study of Mobile Health and Fitness Applications Courtney Hassenfeldt University of New Haven
    University of New Haven Digital Commons @ New Haven Electrical & Computer Engineering and Computer Electrical & Computer Engineering and Computer Science Faculty Publications Science 8-2019 Map My Murder: A Digital Forensic Study of Mobile Health and Fitness Applications Courtney Hassenfeldt University of New Haven Shabana Baig University of New Haven Ibrahim Baggili University of New Haven, [email protected] Xiaolu Zhang University of Texas at San Antonio Follow this and additional works at: https://digitalcommons.newhaven.edu/ electricalcomputerengineering-facpubs Part of the Computer Engineering Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, and the Information Security Commons Publisher Citation Hassenfeldt, C., Baig, S., Baggili, I., & Zhang, X. (2019, August). Map My Murder: A Digital Forensic Study of Mobile Health and Fitness Applications. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES '19 (Article No. 42). ACM. Comments Dr. Baggili was appointed to the University of New Haven's Elder Family Endowed Chair in 2015. This is the authors' version of the paper published in ARES '19 Proceedings of the 14th International Conference on Availability, Reliability and Security by ACM. ISBN: 978-1-4503-7164-3 The ap per of record can be found at http://dx.doi.org/10.1145/3339252.3340515 Map My Murder! A Digital Forensic Study of Mobile Health and Fitness Applications Courtney Hassenfeldt Shabana Baig University of New Haven University of New Haven [email protected] [email protected] Ibrahim Baggili Xiaolu Zhang University of New Haven University of Texas at San Antonio [email protected] [email protected] ABSTRACT professionals.
    [Show full text]
  • Center for Advanced Multimodal Mobility Solutions and Education EVALUATING the POTENTIAL USE of CROWDSOURCED BICYCLE DATA IN
    Center for Advanced Multimodal Mobility Solutions and Education Project ID: 2018 Project 03 EVALUATING THE POTENTIAL USE OF CROWDSOURCED BICYCLE DATA IN NORTH CAROLINA Final Report by Wei Fan (ORCID ID: https://orcid.org/0000-0001-9815-710X) Zijing Lin (ORCID ID: https://orcid.org/0000-0001-6529-5725) Wei Fan, Ph.D., P.E. Director, USDOT CAMMSE University Transportation Center Professor, Department of Civil and Environmental Engineering The University of North Carolina at Charlotte EPIC Building, Room 3261, 9201 University City Blvd, Charlotte, NC 28223 Phone: 1-704-687-1222; Email: [email protected] for Center for Advanced Multimodal Mobility Solutions and Education (CAMMSE @ UNC Charlotte) The University of North Carolina at Charlotte 9201 University City Blvd Charlotte, NC 28223 September 2019 i ii ACKNOWLEDGEMENTS This project was funded by the Center for Advanced Multimodal Mobility Solutions and Education (CAMMSE @ UNC Charlotte), one of the Tier I University Transportation Centers that were selected in this nationwide competition, by the Office of the Assistant Secretary for Research and Technology (OST-R), U.S. Department of Transportation (US DOT), under the FAST Act. The authors are also very grateful for all of the time and effort spent by DOT and industry professionals to provide project information that was critical for the successful completion of this study. DISCLAIMER The contents of this report reflect the views of the authors, who are solely responsible for the facts and the accuracy of the material and information presented herein. This document is disseminated under the sponsorship of the U.S. Department of Transportation University Transportation Centers Program in the interest of information exchange.
    [Show full text]
  • C 2018 Muhammad Saad Hussain ANALYSIS of PRIVACY PROTECTIONS in FITNESS TRACKING APPLICATIONS
    c 2018 Muhammad Saad Hussain ANALYSIS OF PRIVACY PROTECTIONS IN FITNESS TRACKING APPLICATIONS BY MUHAMMAD SAAD HUSSAIN THESIS Submitted in partial fulfillment of the requirements for the degree of Master of Science in Computer Science in the Graduate College of the University of Illinois at Urbana-Champaign, 2018 Urbana, Illinois Adviser: Assistant Professor Adam Bates ABSTRACT Mobile fitness tracking apps allow users to track their workouts and share them with friends through online social networks. Although the sharing of personal data is an inherent risk in all social networks, the dangers presented by sharing personal workouts comprised of geospatial and health data may prove especially grave. While fitness apps offer a variety of privacy features, at present it is unclear if these countermeasures are sufficient to thwart a determined attacker, nor is it clear how many of their users are at risk. In this work, we perform a systematic analysis of privacy behaviors and threats in fitness tracking social networks. Collecting a month-long snapshot of public posts to the popular Strava fitness tracking service (21 million posts, 3 million users), we observe that 16.5% of users make use of Endpoint Privacy Zones (EPZs), which conceal fitness activity nearby user-designated sensitive locations (e.g., home, office). We go on to develop an attack against EPZs that infers users' protected locations from the remaining available information in public posts, discovering that 95.1% of moderately active users are at risk of having their protected locations extracted by an attacker. Finally, we consider the efficacy of state-of-the-art privacy mechanisms through adapting geo-indistinguishability techniques as well as developing a novel EPZ fuzzing technique.
    [Show full text]
  • Creating an Owned Audience with Branded Running Apps
    Creating an Owned Audience With Branded Running Apps Activewear Part 1 Case Study | Running Apps Several leading running apparel brands have acquired or developed popular run tracking apps. Part 2 Case Study | Running Apps In total, the top run tracking apps serve over 1 million highly engaged North American runners on Android that use their app at least once per month. This figure does not include iOS. 2M 1M Monthly Active Users (MAU) 0 Feb. ‘20 Jul. ‘20 Runkeeper Runtastic Strava Map My Run Pacer Nike Run Club (Under Armour) (ASICS) (Adidas) Part 3 Case Study | Running Apps Under Armour’s Map My Run App has consistently remained the most popular branded tracking app amongst runners, only second to Strava. 2M 1M Monthly Active Users (MAU) 0 Feb. ‘20 Jul. ‘20 Runkeeper Runtastic Strava Map My Run Pacer Nike Run Club (Under Armour) (ASICS) (Adidas) Part 4 Case Study | Running Apps Pacer and Strava are the two largest run tracking apps that are not owned by running apparel brands. 2M 1M Monthly Active Users (MAU) 0 Feb. ‘20 Jul. ‘20 Runkeeper Runtastic Strava Map My Run Pacer Nike Run Club (Under Armour) (ASICS) (Adidas) Part 5 Case Study | Running Apps Adidas’ Runtastic app has its own blog and social accounts (@adidasruntastic) that are separate from the @adidasrunning account. Beyond brand building, the Runtastic blog also drives users to Adidas’ eCommerce site. The Runtastic blog features articles about nutrition, lifestyle, fitness, Instagram page features a variety of at-home workouts and fashion, but also drives users to Adidas eCommerce site. for runners from yoga to cardio crushers.
    [Show full text]
  • Kudos and K.O.M.‚Äôs: the Effect of Strava Use on Evaluations of Social
    Utah State University DigitalCommons@USU All Graduate Theses and Dissertations Graduate Studies 8-2020 Kudos and K.O.M.‚Äôs: The Effect of Strava Use on Evaluations of Social and Managerial Conditions, Perceptions of Ecological Impacts, and Mountain Bike Spatial Behavior Noah E. Creany Utah State University Follow this and additional works at: https://digitalcommons.usu.edu/etd Part of the Environmental Studies Commons, and the Recreation, Parks and Tourism Administration Commons Recommended Citation Creany, Noah E., "Kudos and K.O.M.‚Äôs: The Effect of Strava Use on Evaluations of Social and Managerial Conditions, Perceptions of Ecological Impacts, and Mountain Bike Spatial Behavior" (2020). All Graduate Theses and Dissertations. 7901. https://digitalcommons.usu.edu/etd/7901 This Thesis is brought to you for free and open access by the Graduate Studies at DigitalCommons@USU. It has been accepted for inclusion in All Graduate Theses and Dissertations by an authorized administrator of DigitalCommons@USU. For more information, please contact [email protected]. KUDOS AND K.O.M.’S: THE EFFECT OF STRAVA USE ON EVALUATIONS OF SOCIAL AND MANAGERIAL CONDITIONS, PERCEPTIONS OF ECOLOGICAL IMPACTS, AND MOUNTAIN BIKE SPATIAL BEHAVIOR by Noah E. Creany A thesis submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE in Recreation Resource Management Approved: ________________________________ ________________________________ Christopher A. Monz, Ph.D. Jordan W. Smith, Ph.D. Major Professor Committee Member ________________________________ ________________________________ Ashley L. D’Antonio, Ph.D. Janis L. Boettinger, Ph.D. Committee Member Acting Vice Provost of Graduate Studies UTAH STATE UNIVERSITY Logan, Utah 2020 ii Copyright Ó Noah E.
    [Show full text]