Protecting Tracks from Manipulation

3 months ago
December 29, 2024
6 replies
134 views

Yurixx
Hub Rookie
4 replies

Hi everyone,

Strava’s competitive and athletic features attract cheaters and fraudsters. We constantly encounter cases where segments are completed using cars, motorcycles, e-bikes, and other tricks. What’s even more surprising is that Strava allows uploading any tracks, which are essentially text files with XML markup, without any validation.

To prove my point, here’s an example of a website that lets you “speed up” your own (or even someone else’s) track, making the result indistinguishable from a real activity: https://starva.duckdns.org/

Try it yourself and see—there’s no protection in place. Meanwhile, you’ve disabled FlyBy by default and keep cutting features in the free (non-subscription) version. Wouldn’t it make more sense to focus on tackling cheaters?

Yurixx
Author
Hub Rookie
4 replies
2 months ago
January 7, 2025

Oh, did you really post that. I can't believe my eyes.

+17

JBW-Florida
Hub Explorer
148 replies
2 months ago
January 7, 2025

Strava should sue that website for trademark infringement.

JBW-Florida | Environmental activist, human rights campaigner, & big coffee drinker!

Yurixx
Author
Hub Rookie
4 replies
2 months ago
January 7, 2025

JBW-Florida wrote:

Strava should sue that website for trademark infringement.

I think it would be cheaper for them to buy this site along with the algorithm.

But the point is different - they don't care about protection against modifications at all.

+26

Jan_Mantau
Superuser
930 replies
2 months ago
January 7, 2025

@Yurixx What is you proposal how Strava should differentiate between original and manipulated files?

Yurixx
Author
Hub Rookie
4 replies
2 months ago
January 12, 2025

Jan_Mantau wrote:

@Yurixx What is you proposal how Strava should differentiate between original and manipulated files?

They may restrict importing plain text files (e.g., .gpx). They may check uploaded files for duplicates. They may flag activities with anomalous GPS data and exclude the results from segments.

+26

Jan_Mantau
Superuser
930 replies
2 months ago
January 12, 2025

@Yurixx The last two points are already at work, though with a low success rate. It wouldn’t do much anyway if someone deletes the original activity and doesn’t overly exaggerate the manipulations. For the gpx ban I would think that could be done, but we would have to check first if there are still devices out their where people only have the gpx option for transferring tgheir activities to Strava.

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept, you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 4 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies ( referred to as 'Strictly Necessary' cookies in our Cookie Policy) to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Related topics

Simple Alternatives to Storage by Zapiericon

Using JS and Storage to mitigate webhook race conditions

Is it possible to have dynamic google spreadsheet files, so that actions are taken on a different one every month?icon

A Simple Single Step Round Robin with Storage by Zapier and Code By Zapier

Unique Storage Key per Zap Instanceicon

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings