Digital security for cyclists

“Digital security? What do you mean by that? I have a complex password for my email – surely that’s all I need? Besides, I’m not anyone famous or important, so nobody will target me, right?”

Wrong, actually. Very wrong. Let’s have a look at how digital security, and your digital footprint, reaches into your life.


Ah, good old GPS – a cyclist’s greatest tool. Or is it? A growing number of cyclists track their rides, using a myriad of satellite-tracking apps, such as Strava, RideWithGPS, Komoot, or more. It’s great to be able to do so, both for training purposes, or even just to keep track of where you cycled. In fact, I wrote about creating an enduring, shareable digital scratch map before.

Many such apps have a social networking element to them, allowing you to compete against others. This requires you to share your rides with others, and there are some points you need to consider, starting with how extremely important it is to set privacy zones, so others cannot see where you live.

If you cycle commute, you also need to set a privacy zone for work, but remember, even with privacy zones set, you’re still giving away a great deal of information with rides that you share. You will start disclosing patterns of behaviour & routines. Others will be able to see what time you tend to set off for work, what time you return, and what route you typically take.

Think about that for a moment, especially if you’re a woman – are you happy for random strangers to be able to know when you will be where, especially if your commute contains some secluded areas? Is showing others that you set new Strava PBs on that sprint section really worth potentially letting an attacker know when you will next be there?

Consider setting all your rides to private, except club rides, perhaps. Yes, that will remove you from leader boards, and you will have to answer for yourself which you value more – leader board positions, or safety.

There’s another issue with such apps, which we’ll come back to in a bit.


Do yourself a favour: go to HaveIbeenPwned, type in your email address, and check to see if your email address was found amongst disclosures of hacked credentials. If you’re fortunate, the site will give you an all-clear, but remember that doesn’t mean your credentials haven’t been stolen, only that it hadn’t been disclosed. Any password that has been disclosed should never be used again.

See also  The trouble with canal routes...

People overcomplicate passwords – the simple truth is longer is better. Also, most people use exactly the same password everywhere, thinking that because they created a “good” password, they’ll be safe. Imagine for a minute you created the world’s best-ever password, and used it everywhere: Facebook, Twitter, email, online banking, work login, Strava, and a million other places. Now imagine – through absolutely no fault of your own – one of the sites where you used that email & password combo is hacked, and ALL the email addresses and passwords used are stolen.

That happens all the time, for more often than you realise, and if the above scenario is true in your case, the hackers will know your email address and password. These details are shared online, and aren’t overly difficult to access. If you then use the same password for everything, you’re in trouble.

Now, imagine your ride a Pinarello Dogma, or another equally expensive bike, and a thief targets you. Online, they manage to get your email address and password, which means they can log in to Strava, using your details, and see exactly where you live. You might even helpfully have started your Garmin early, so you’ll show them exactly where the shed is in which you store your bike. If you cycle commuted some days, but not others, they’ll even be able to see when you’re not home, but the bike is.

Can you see the scale of the problem yet? When we look at digital security, most people don’t realise that bits of information are all pieces of a puzzle, and when enough bits are collected, they form a highly detailed picture of your life.

Fortunately, the password problem is not hard to fix: use a password manager. Doing so will make your life SO much easier, as you will have just one password to remember. Oh, and no – your browser’s ability to remember a password is neither a password manager, nor secure!

I suggest you sign up for an account with a password manager service, such as Bitwarden, and install the browser extension. Then, over time, whenever you log in to web sites,
Bitwarden will let you know that you used the password for that site elsewhere too, and prompt you to change it. Soon enough, you’ll have unique, complex passwords everywhere, all remembered for you by Bitwarden. It will even fill in the passwords for you, and create new ones, when you need it to.

See also  The trouble with canal routes...

Social Media

Everyone wants to be liked, and be admired. That’s perfectly human, and perfectly normal. Social media often exploit that by fooling people into believing how many “friends” you have on Facebook, or followers on Twitter or Instagram means anything.

As a result, some people often overshare information on social media. Yes, the intimacy of strangers is real, and often tempting, but do try to moderate what you share. Sadly, this is particularly true if you’re a woman.

Have you ever publicly celebrated your birthday, perhaps with a “Happy birthday to me!” tweet? Followed by telling people how old you are? If so, you’ve given away your birth date – a key piece of information many sites use when verifying it’s actually you trying to change your password.

When I go cycle touring, I’ll tweet regular updates, and anyone reading those will easily enough be able to figure out where I am. When just cycling on the roads, that’s less of a big deal, as they might not know what route I’ll take, but when cycling a canal, for example, once they know where you are, they’ll also know where you’re going, and what route you’ll follow.

Mostly, I’m happy to take my chances, and besides, in my world, most people are good, and the sun is shining. However, when I wild-camp (as I usually do) I won’t reveal where I’ll be camping beforehand.

Many women do solo cycle touring without issues, but the majority of women have been the victim of some form of sexual assault in their lives. That means, especially if you’re a woman, it’s best to only post those Instagram pics a day after you were in a certain location. Also, if you’re a man, here’s where I beg you to go read this.

See also  The trouble with canal routes...

It really is a case of need-to-know, and most of your followers never need to know exactly where you are, or will be in the immediate future.


Who doesn’t like a good quiz, right? How can you possibly refuse a good old online quiz “to see what type of cat you are”? Most quizzes are simply cleverly-disguised data-harvesting exercises. Remember we’re talking about pieces of the puzzle? Well, tucked away in many quizzes, you’ll find questions like “What was your first car?” or similar. Questions that are often used as part of the verification process when you’ve forgotten your password to a site, and you’re trying to reset it.

This is right back to need-to-know – no quiz ever needs to know the truth about you, so don’t give away important pieces of information about yourself.
Equally, unless a site has a real need to know your real name, sign up with false details. I regularly sign as as either Homer Simpson, or as Just Moi, and I use a disposable email address. Oh, and unless it’s a banking site, or very trustworthy site, don’t ever give your real phone number. Some sites insist on a phone number, and on such sites I post the number for a taxi firm.

As you can see, the information we give away about ourselves can have implication for our lives off the Internet, too. You don’t need to be alarmed, but you do need to be careful.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.