QCTEK

A new report claims that the activity-tracking social network Strava — already knocked off stride when it was revealed that its users were unwittingly mapping out secret U.S. military bases overseas — has a major privacy problem: it can publicly reveal where its users live.

To make matters worse, the report from the mobile-security firm Wandera says this problem occurs when users try to mark their homes or other sensitive spots as private, not because of any failure to enable the right privacy settings.

In fewer words, people who followed the company’s advice about how to keep their home addresses private may have instead made them easier to find.

The post by Wandera, one of a new crop of firms specializing in mobile security, explains how Strava’s “Privacy Zones” feature can pinpoint a runner or cyclist because these zones are represented as identical circles of on a map. The circles then block out where you start or end a run.

“Using the ending points of an activity, it is possible to determine which radius option was selected by the user and then to triangulate the exact location of the selected address,” the report says. “As the privacy zone is of equal size in each activity, it’s possible to represent this graphically by increasing the radius of circles around each activity end marker until three or more circles intersect.”