[TallGuyShort]

Updates are effectively public because once they're collected by a third-party and / or shared with anyone, it's now out of your control. But my understanding (in which I'm not certain) is that the controversy is the heatmap feature, and that your name wouldn't show up in this proof-of-concept attack unless you had opted into that specific feature.

[anfedorov]

I get what the controversy is about, but I don't get how this is OK from Strava's PoV — none of my runs are "public" in the sense that I think of it — they're not on the website that's my "profile" and they're not visible to people who are not following me in the app...