Amongst other organised runs, I frequently run parkruns. Results are published online for all to see. They sensibly hide your exact age, except, not entirely.

Weekly results for runners are published with an age group: 10 and under, 11-14, 15-17, 18-19, 20-24 and so on in five year groupings.

parkrun mockup

This means, if you complete a run on x date, you can be between y and z years old. A week later, and again, you are between y and z years old except that age window has changed slightly.

Complete enough events over the years, and you can use these age windows to narrow down a date of birth. Using my results, I can use the public data on the parkrun website to narrow my date of birth to the correct year and a window of less than two months. For some, this window is much less.

In theory, it could take as little as two parkruns, e.g. if a normal run on a Saturday is then followed up the next day by another run the day after for a special event such as Christmas or New Year, and the age category has changed on that second event.

The problem is, is that it is trivially easy to scrape the parkrun website to download a whole history of results for each runner, and work out an individual’s date of birth.

So parkrun have relied on obscuring personal information behind a translucent privacy screen, that with enough data points, is not good enough. I doubt there are robust enough protections on the parkrun server to prevent the entire download of their complete results history, allowing someone to go through the data and seeing just how many dates of birth can be calculated exactly.