Over the weekend, an international security snafu erupted when it was “discovered” that anonymous Strava user data, actually released by the company last November, can be used to identify the location of up-till-now secret US Army bases, possibly putting soldiers in danger.
Strava has defended the release of this information saying that its map “represents an aggregated and anonymized view of over a billion activities uploaded to our platform, but also that “the information was already made public by the users who uploaded it.” Strava also said that it’s “committed to helping people better understand our privacy settings.” It does sound a bit like Strava is blaming the users for not understanding what data is they’re sharing, what the default sharing setting are, and how to control those settings.
It comes back to this: “The controversy around Strava demonstrates a common issue with the relationship between tech companies and their users: People casually using an app often don’t understand what companies do with their data or how to properly protect it.”
This pervasive disconnect between what a company does with personal user data and what the users think it does with it plays out across so many different apps and services. As in most cases of “free,” if you’re not paying for the product, you are the product. Strava, a free app, has to make money somewhere, so along with premium membership it also sells aggregated, anonymized data such as cycling data: “We also have a metro business, which is aggregating and anonymizing commute data to sell that back to departments of transportation so they can better plan pedestrian bicycle routes in cities.”
This isn’t new. It just pops up every time a surprised media reports on some company’s data usage or another, sometimes with the backing of the company itself. In this case, Strava itself released the heat maps. Users were also outraged when Uber released its “walk of shame” data and Netflix and Spotify started using peculiar viewing/listening data in ads. Last year fury erupted when it turned out that Unroll.me, a service meant to unsubscribe users from unwanted emails, sold anonymized emailed Lyft receipts to Uber. CEO Jojo Hedaya’s response sounded familiar when he said it was “heartbreaking to learn that people were upset after discovering that Unroll.me sells data to make its service free. He believes the company wasn’t ‘explicit enough’ in telling users what it does, and that there will be clearer messaging in apps and the web.”
Facebook is another a free-to-use product that deeply profiles users and users often get upset when the depth of data is revealed. This week it reported that even with a decline in the number of daily users in the US and Canada and in the time spent on the site, an increase ad prices boosted revenue. Says Erin Griffith: “unfortunately for users, mining our personal data to better sell us stuff is the future of Facebook’s business. Over the years, Facebook has managed to rise above criticism over privacy and transparency by pointing to settings that purport to give users control over what they share and with whom. But those settings are complex and not well understood by users. Further, Facebook does not give users full control over their data.”