Mobile fitness-tracking apps such as Strava are com- monly used to record activities, track fitness progress, and form a community with like-minded people. In an effort to engage the community further, in 2018 Strava implemented an opt- out heatmap feature that anonymously aggregates all activities onto a single map. This allows users to find hot spots and active trails while simultaneously opening up the platform to de- anonymization attacks like inferring users’ home addresses. By crawling the publicly available heatmap and through manual validation, we have demonstrated that the home address of highly active users in remote areas can be identified, violating Strava’s privacy claims and posing as a threat to user privacy.