Strava, a fitness and social running company, is tightening its security measures to prevent unauthorized AI scraping of its website. The company will now require authentication for users to view certain data, including public profiles and fitness club listings. Strava previously allowed these details to be accessed without logging in.
The move is part of the company's efforts to protect its data from aggressive scraping by AI startups. In response to this issue, Strava is also introducing a flat fee of $11.99 per month for all developers who want to access its API, which allows them to build apps on top of Strava's platform. This fee replaces a tiered access program that allowed developers to request more access as their app grew.
Strava's CEO, Michael Martin, stated that unchecked AI scraping could be the death knell of the public internet, and that his company has refused overtures from leading AI labs seeking data licensing deals. The company is also planning to add support for the Model Context Protocol (MCP), a standard that allows AI assistants and apps to access external data in a structured way.
Strava is giving its developer community 90 days to adjust to these changes, which include retiring some API endpoints to protect user data. The company's move may be intended to signal data discipline to prospective investors as it prepares for an IPO.
