Strava: A Curious Case for Security Awareness


The Strava Fitness app is marketed as a tool that “connects the world’s athletes.” Meaning, it’s an application for most phones and GPS-enabled watches that hosts fitness clubs and triathletes, gym rats and track stars, sweat-junkies and granola types – all in one platform. The power of Strava is in its ability to collect enough information to fulfill any New Years Resolution. The downside is that it also manages to publicize location, contact information and fitness activities on a heat-map, amounting to some “three trillion GPS data points” worldwide.

One researcher recently discovered, for example, that members of the armed forces were unintentionally mapping global military infrastructure as they jogged or biked with Strava. This is a classic case of data privacy loss: sensitive information disclosed to unauthorized parties inadvertently. Strava did not intend for these data points to uncover sensitive military outposts, of course. But consent is a fickle friend. Once the risk was ‘franchised’ to Strava, the unintentional disclosure was outside of military control.

From a user perspective, this brings many different forces to bear: users feel like they have limited control of their privacy, passive control of their consent and little reason to change. Privacy settings in most applications typically default public, risk declarations are in fine print and data just feeds the beast, right?

If users are made aware of the implications of their data-made-public, they are far more likely to take advantage of the control they do have over their privacy and exert it in a way that matters. Practically, this looks like changing default settings to private, opting out of inappropriate data gathering and employing the ultimate failsafe (if privacy disrespected): app removal. In the workplace, this means waging culture change by way of powerful awareness activities that communicate to employees in language and methods they can intuitively understand.

This Strava scenario could live and die as a classic case of data privacy loss. Or it could teach us something… that even curious cases like a map of the global military-fitness complex is a reason to reclaim privacy now.

Living Security is a company committed to throwing out the security soapbox and taking a fresh approach to security awareness.

Contact us at:

Living Security is Thrilled to Announce our Acceptance in to Darkfield, a Cybersecurity Accelerator!


We could not be more excited and honored to announce our acceptance and partnership with Darkfield, a Cybersecurity focused accelerator beginning this month! Other than the obvious draw that it is in Denver (and I personally love skiing), Darkfield is co-led by industry experts with real world experience in Cybersecurity and technology. 

We look forward to working hand in hand with some of the brightest and most influential minds in the industry to revitalize and enhance people-centric security in the enterprise. The program lasts three months and will include intense focus on product development, company building and sales.

Thank you Darkfield, David and Alex, for this opportunity! We look forward to the journey ahead! 


InnoTech Teams Kill It At The Living Security Escape Room

Austin is where it's at! I may be partial since I live here, but it brings some of the most fun crowds to our conference escape rooms! The groups came from a wide range of backgrounds, unlike many of our conferences where Security is the main job focus, these marketing, QA (and everything in between) folks were up for the challenge! Check out some great photos from the event! 

We would love to bring our engaging Security Awareness training tools to your organization. If you are interested in learning about our many educational options, check out the Contact Us page above!

See you next year InnoTech!

Thanks BSidesDFW for inviting us to host another fantastic event!

We love the BSides crowd! This was the first event that an attendee tried to hack in to my presentation on my iPad stands at the booth. Normally, people save their skills for the escape room, but not here. At BSides you can feel the excitement and authentic interest in our space, like no where else. 

We started off the day with only a few spots booked up for our escape room, but I hit the ground floor and within a couple hours they were gone! Just like the ISC2 event, by the end of the day, people were coming by hoping for space! Check out these fantastic teams and congrats to the winners- the 11AM team! 

We will be hosting our next event at Innotech in Austin, TX tomorrow 11/16!