Strava declares war on scrapers ahead of IPO
Another company has decided to throw a login wall around its public data to stop AI companies from scraping it. This time, it’s a fitness-focused platform putting details like public club listings and user profiles behind authentication. The stated goal is to protect “unauthorized” scraping. Let’s cut through the PR: this isn’t primarily about security. It’s about seizing control of a valuable data pipeline.
Analysis
Another day, another walled garden going up. A company—name not important, the pattern is—is slamming the gates on its public data, yanking away guest access to user profiles and business listings under the banner of "security." The real, unspoken reason? To build a moat against the relentless, all-consuming AI data-scraping machines. This isn't a security update; it’s a white flag in the war for data, and we all lose when it's raised.
Let’s be blunt about the facts first. Previously, if you wanted to look up a gym or see a public profile, you could. It was a basic, almost foundational feature of the modern web. Now, you have to create an account, surrender your email, and become an authenticated user just to peek at what was once freely available. The company frames this as protecting its "assets" from "unauthorized AI scraping." In reality, it's punishing every legitimate human user for the sins of the bots. This is the digital equivalent of a bookstore deciding the only way to stop shoplifters is to charge everyone a $5 entry fee and demand ID at the door.
Here’s the thing about the "AI scraping" justification that stinks to high heaven. These models are trained on the vast, glorious, chaotic public internet. The entire ecosystem of search engines, social media, and niche forums we built over 25 years was fueled by this open ethos. The problem isn't that AI companies are scraping; it's that they're scraping too much, too fast, and with zero reciprocity. But the industry’s solution isn’t to build better, more ethical data pipelines or to establish fair compensation models. No, that’s too complex. The lazy, brute-force solution is to just make everything private. It’s scorched-earth policy for data.
This move fundamentally misunderstands—or perhaps willfully ignores—the purpose of public data. A public business listing isn’t a "scarce asset" to be guarded like Fort Knox gold. It’s an advertisement. It’s a tool for discoverability. Its entire value is derived from being seen by potential customers, not hoarded in a database behind a login wall. By hiding it, the company isn’t protecting its asset; it’s actively destroying its utility. It’s like a chef deciding the best way to protect his secret recipe is to stop serving food altogether.
And what about the users who willingly put their data there? The fitness club owner who listed their hours, the individual with a public profile—they did so under an implicit contract: "You, the platform, will make this data findable for the world, and in return, I participate in your ecosystem." Authentication shatters that contract. Suddenly, my data isn’t for people to find; it’s for our users to find, a much smaller, captive audience. The platform has unilaterally changed the deal, diminishing the reach and value I signed up for.
I can hear the tech executives' rebuttal: "But we have to protect our users’ data from being sucked into a large language model to be regurgitated!" This conflates two wildly different things. A public business listing with a name and address is not the same as private messages or health data. They’re lumping everything together to create a false sense of danger. It’s a smokescreen. The primary motivation isn't user protection; it’s data control. In the age of AI, the entity that controls the best datasets controls the future. This is a pre-emptive land grab, fencing off previously open territory to build a proprietary advantage for their own future AI products.
This is the most corrosive trend in tech right now: the end of the open web as a default state. We’ve seen it with the death of the "link economy" as platforms walled off their content, and now we see it with data itself. Every company is becoming a fortress. The result? A balkanized internet where information silos proliferate, search becomes less useful, and the serendipity of stumbling upon a new idea or a local business through open links withers and dies. Innovation thrives on accessible, connective tissue. We’re busy cutting it all.
The great irony is that this fortress-building is likely futile. Determined scrapers will find a way in. They always do. But the friction will be enough to stop casual developers, journalists, small businesses, and researchers who might have built something useful on this data. It’s the digital version of “if you can’t beat them, join them” gone horribly wrong: “If you can’t beat them, lock the door, turn off the lights, and hope no one notices you’re home.”
What this company has done is a canary in the coal mine. When the foundational act of viewing public information online becomes a logged, tracked, and permission-based activity, the nature of the web changes. It ceases to be a library and becomes a series of private showrooms. We’re trading the chaotic, vibrant, and sometimes messy public square for a series of sterile, authenticated shopping malls. And every time we click "Create Account" just to see a gym’s opening hours, we’re consenting to that bleak future. The bots aren’t the biggest threat to the internet’s soul. It’s this cowardly, enclosure-driven reaction to them.
Disclaimer: The above content is generated by AI and is for reference only.