From the current run across America thread going on (which I think are legit attempts right now), there is discussion about how easy it is to spoof GPS/Strava data. This got me thinking and doing a bit of searching and it is surprising easy because there is nothing to authenticate the common GPX or TCX file formats in use. You can easily edit the contents of GPS files to say whatever you want and there are websites and services out there to let you do this.
There are even Pokemon Go tutorials. And both Android and iPhones can spoof their GPS locations. For GPS files from watches, you can edit them afterwards with various tools or even create your own.
As a proof of concept on how easy it is to spoof GPS, I used the "Fake Runner" website to generate a run on a track for myself where I ran a mile in 3 min 30 sec, obliterating the current world record. I've uploaded it to Strava and there is a screenshot below.
I plan to demonstrate that this GPS/Strava spoofing can also be done for a transcon run. I will have to find/create a different tool to spoof that because the "Fake Runner" website chokes on long runs and doesn't include cadence and heart rate like I want to include.
I think the important lesson here is that you can't trust GPS/Strava data without other corroborating proof, like video and independent witnesses. If it's on Strava and there is no other proof, did it really happen? I believe the gold standard for proof should be video of entire runs since phones/Go Pro type cameras and SD cards are so cheap. GPS/Strava data should not be a primary form of proof.