When a Privacy Zone is configured around a home location, the activity track is correctly hidden and the start and end points are moved outside of the defined zone.
However, if an image is uploaded to the activity, the image is displayed on the map based on its embedded GPS metadata. If the photo was taken inside the Privacy Zone, the image marker remains visible at its original location.
As a result, other users cannot see the activity track inside the Privacy Zone, but can still see the exact position of the image. This behavior can indirectly reveal the user’s home address or other sensitive locations.
From a privacy perspective, image locations should respect Privacy Zones in the same way as activity tracks.
Steps to Reproduce
-
Create a Privacy Zone around a home address.
-
Record an activity that starts or ends within the Privacy Zone.
-
Take one or more photos inside the Privacy Zone.
-
Upload the activity including the images.
-
View the activity as another user.
Expected Result
-
Image locations taken inside the Privacy Zone are either:
-
hidden completely, or
-
moved outside the Privacy Zone, consistent with track handling.
-
Actual Result
-
Image markers are still shown at their original GPS coordinates inside the Privacy Zone.