A few days ago (on the discussion of the Uber app tracking users' movements after the end of their ride) an Uber employee commented on their data handling: [0]
> Individual users' data is very closely guarded internally. It's immensely difficult to look at user data without specific access. Overwhelmingly, this data is queried in aggregate and fed into machine learning systems. The risk of abuse is exceptionally low.
"Uber continues to increase our security investments and many of these efforts, like our multi-factor authentication checks and bug bounty program, have been widely reported"
That has absolutely nothing to do with preventing insider access. Where there's smoke screen, there's fire.
> Uber says employees don't receive across-the-board access to customer data and there are several controls in place to ensure that employees only access that data for work purposes.
The choice of the word "control" in this context I think gives away a little bit here, it's auditor-speak.
This word does not always mean to an auditor what it means to you or I. Having a written policy that says "Don't access X unless it's required for your job" and keeping access logs can satisfy a "control" from an auditor's perspective, depending on the certification.
That's better than nothing, but back to your point, you're right that it doesn't prevent insider access. Which isn't something I worry about normally...
keeping an audit log should never satisfy an auditor. The keeping of a log is not a control, reviewing the log to detect inappropriate activity and acting upon it, thats the control.
Careful with that brush, Eugene. As someone who has done (extensive) audit, I respectfully submit that the problem is not the audit process but the auditors you hire.
The usual process for such a control should be:
* Is there a requirement for a log?
* Does that log exist?
* Can the system(s) that write to the log be prevented from doing so/tampered with? (branch here to system security review)
* How are the contents of that log secured against tampering? (branch here to security review of logs)
* Who is responsible for reviewing it?
* Where is the evidence that such reviews occurred?
* What violations of policy were found during those reviews? (branch here to a review of the follow-up process)
* Can I, the auditor, find violations that were not found during the reviews? (if yes, branch here to figuring out why not)
This is not an especially complex script to follow, and winning at that last step is the kind of thing that gets you nice fat bonuses and happy bosses, because suddenly the auditee needs remediation consulting services. Especially as the cost of "taking a complete sample" (i.e. reviewing every entry in the log) goes down to nearly zero, this kind of review gets easier and easier (and is often automated by the company being audited, which just shifts the focus slightly... with no change to the last step).
Thats broadly correct, although auditing is usually risk based. The first question should be is there a risk that requires a detective control of audit logging to be in place, if the answer is no (because the system is of low risk or value) then you would be unlikely to continue down the checklist.
They're probably both true. The article talks about information from last February and a New York settlement this year. The comment you linked is from 11 days ago and used present tense. Adding them together, Uber probably was far too open with this data and then, under pressure from New York and other parties, locked it down recently.
I don't know about Uber, but I've worked at a lot of places that had sensitive data. A common patterns is to fail to treat employees like attackers, and protect data in ways that are very beatable by a motivated employee. Some examples that hopefully have been fixed:
-A company had a specific dataset that would be worth millions: The kind of things that a wikileaks might want to publish, and would make the papers. I was supposedly unable to access the app that displayed it, but I had access to the tables. For legitimate business reasons, I took the data out, put it in my company laptop, and stuck a search engine on top. There were no logs of my activity, and nobody came to ask why in the world I was doing something like this.
-At another place, they were saving credit cards, encrypted, but their idea of saving encryption keys was to put them in a file that only root could access. Well, everyone had access to create batch jobs (yes, even phone reps), and batch jobs ran as root, so anyone could walk out with the lot. I had to do a lot of work to convince them that yes, this was not PCI compliant.
-Another system had relatively well protected data, only available to people with access. Except they had single sign on, and some of they systems that took credentials did so in the clear. Peek at network traffic, steal credentials, and then do whatever you want as anyone you want! They had a process where you were never supposed to leave your computer unattended, and if you did, team members would go into your computer and send an email to the team promising cake, and you'd have to bring it as punishment for your security problems. Imagine their surprise when people were sending emails promising cake while they were using their computers.
-A phone company having cell call metadata in the clear, in a DB any developer could query. There was another system with billing information, equally accessible. So search for your favorite person in one, and go to the other and see who they call, when they call, and from where. Isn't that convenient?
So I don't believe anyone's claims about their data security unless they come from someone that has some security knowledge and has tried to evaluate the security pretending to be a real attacker. And even in that case, I'll probably want a team of them. Otherwise, I'll assume there are major flaws that nobody has found, just because nobody has cared enough. I have yet to find an employer where this was not the case.
No, I'm not naive, and I, proudly, stand behind everything I wrote.
The person in the article was terminated before I joined, so I don't know what the systems were like back then, but every time I access production systems, I have a ton of messages telling me that our access is being completely tracked and we are prohibited from doing anything that was mentioned in the article. I haven't actually tested to see what I can get away with because I'm not in the habit of risking my job and career over curiosities.
> every time I access production systems, I have a ton of messages telling me that our access is being completely tracked and we are prohibited from doing anything that was mentioned in the article. I haven't actually tested to see what I can get away with because I'm not in the habit of risking my job and career over curiosities.
You do know that this is literally the bare minimum level of user protection that you can legally get away with... right? That this isn't actually reassuring to anyone who has seen user data with any amount of protection?
If you're satisfied with this level of protection, I assume you're satisfied with it at the NSA/GHCQ.
As someone who works at an actual tech company, I can tell you without looking them up at least three layers that actually deny me access to user data. I know the team that actually audits any accesses made by those who can break glass, and I know who does the firing when the rules are broken.
And the products I work on aren't even regulated like those involved in finance/health/safety/etc.
... It's very easy to add those messages and not actually track people. Not even on purpose, necessarily; just set up monitoring and then get distracted by more important things because your employees are good people and checking logs is likely a waste of time.
That judgment is probably even correct until you happen to hire a bad person one day.
I don't know if you're being serious or you're trying to damn them with faint praise by mentioning they changed their MOTD as a 'security measure'
If you want to defend uber, it's pretty easy, just say there you know people that work on the team that audits the logs of employee access to personal data every quarter, and if those logs aren't justified by a ticket people get fired.
I have no idea what you're talking about, I'm just telling the truth. I don't access customer information, and I don't know anyone who audits the logs so I can't comment on those. I also don't know what other processes are in place, I'm sure there are others, but I've just never had to deal with it so I don't know. But I trust that Uber takes the security of their customers information very very seriously.
The image of Uber being a brogrammers haven just isn't true anymore. There are thousands of engineers working that care very much about the company and our customers, including drivers and riders.
The truth, at least the part of it that you can see for yourself. You freely admit that you don't know if there even are actually audit logs, or if the measures in place are simply big warnings (that have no teeth behind them). Even if there are audit logs, they're useless if there's no system in place that flags suspicious use for a human to check up on... or lacking that, someone whose job it is to regularly read through the audit logs and verify that each access of personal info is legit. You seem like an ethical person, so you're unlikely to find out if there are consequences to looking at customer data without good reason, so you don't know what -- if anything -- is triggered if you click on something sensitive.
I know you want to believe that what you're saying is true, but it sounds like you have no hard evidence to back that up to yourself, let alone evidence you can present to someone outside such as the HN readers reading this thread.
You may trust that Uber takes the security of customer info seriously, but from the outside we have no frame of reference, except for reports of past wrong-doing. A statement to the effect of "it was bad in the past but it's better now" unfortunately isn't all that reassuring, and I hope you can see it from our side of the fence and understand why.
> You may trust that Uber takes the security of customer info seriously, but from the outside we have no frame of reference, except for reports of past wrong-doing. A statement to the effect of "it was bad in the past but it's better now" unfortunately isn't all that reassuring, and I hope you can see it from our side of the fence and understand why.
You are calling the OP out for not having hard evidence, yet you are happily accepting the words of other folks in news reports as being true. You can't really have it both ways...you're just picking the side you want to believe is true...
> You are calling the OP out for not having hard evidence, yet you are happily accepting the words of other folks in news reports as being true. You can't really have it both ways...you're just picking the side you want to believe is true...
You're implying every information available is to be credited with the same amount of trust. A published article from a journalist from a mainstram media outlet has track records, both on the journalist and the editor. The underlying source, is someone testifying in court, which engages more than aliased online posting, as well as cross-check performed by the journalist on other people.
Second point : the person you quote mainly questions whether the experience he described gives us information on Uber's data protection policy. I had the same feeling.
This has nothing to do with the guy's integrity.
When, from either side, zero evidence is provided: The burden of evidence falls to the side which can cause the most potential damage to you/society, such that it can be mitigated/fixed.
In this case believing a news article over Uber is in our best interest. As a result your the parent poster is justified in requesting Uber for evidence.
> The image of Uber being a brogrammers haven just isn't true anymore.
Maybe -- I don't work there or know anyone who does. But you have to admit that a company that would even think of creating something like "God Mode," then actually do so, then show it off, is seriously twisted and out of touch. AFAIK most of the higher-ups who were around then are still there now. You shouldn't be surprised if "I swear I've changed, baby" is met with a bit of skepticism.
Uber employee here too. Would never ever check any data of anyone not related to debugging crashes, race conditions, unexpected app behavior etc etc, its just not worth losing my job. Despite the bad press it is actually a pretty freaking great place to work. Also wanna +1 the warnings about data access and only looking at PII for legitimate purposes are all over the place.
I understand and appreciate your attitude, but to me this just says that Uber employees who aren't so conscientious and caring may well have no trouble accessing this data.
Giving people a ton of warnings about the dire consequences of accessing data they're not supposed to is really easy. Preventing them from actually doing it is substantially harder.
Actually I do drive. I drive so I can sympathize with the partners I am serving and better server them by making the product the rely on to make money better, and more reliable.
So now they are making exceptions for employees to drive? Pretty sure that the employee handbook and HR made it crystal clear that employees can't be drivers because then things get real fuzzy legally...
That's uncalled for. How many software developers ever bother to use the software they develop, or work with (or even talk to) the people who use the software as part of their job? Actually doing the job that your users do, even part time, is fantastic dedication. Doing it full-time is absurd; when would he make use of what he's learned?
It's not an insult. It's a statement of fact: it is a different experience than depending on Uber driving for your livelihood. So one should not read much into it regarding the hardships/issues of drivers as professionals.
The same way a NLE developer that "eats his own dog food" by editing his daughter's birthday video doesn't exactly have the same experience/needs/issues of using the software as a professional editor in TV or film.
Someone should tell the folks at Uber that, somehow it's left out of the billboards they put up in poor neighborhoods. Instead they tell potential drivers that they'll take home a middle-class income.
For what purposes are you allowed or prohibited to access user location data? Which external firm is auditing the access to user location data? Where are the public reports of these audits?
>every time I access production systems, I have a ton of messages telling me that our access is being completely tracked and we are prohibited from doing anything that was mentioned in the article.
That's nice, but it shouldn't be forbidden to violate users' privacy, it should be impossible.
I mean... it should be, but every business I've ever worked at has had difficulty cleaving between "the kind of access that developers need in order to do their jobs" and "the kind of access that would be abusable." It's legitimately difficult to do, and there's no way to make your system proof against insider abuse without serious trade-offs.
The purported "God-mode" that Uber had years ago, and showed off at parties, was a real problem with their culture. The ability of devs to get read access to some production data is much less of a huge deal.
While I admit that I have literally zero experience with homomorphic encryption, I suspect that even after whatever deployment costs there would be, the burden on your ability to do things like investigate bugs, much less repair data if needed, would be non-trivial.
>That's nice, but it shouldn't be forbidden to violate users' privacy, it should be impossible.
Work for just about any company, tech or otherwise, in a sysadmin role. There is always going to be some way for a smart, malicious admin to get into things.
Snowden is maybe the best example. If an organization with an insider threat risk profile as high as the NSA's can't get it right, then you can be pretty certain almost no one else is either.
Selection bias. Nobody wants to work at an unethical company, and engineers in the Valley generally have enough job mobility that they can follow through on that. Humans perceive whether a company is unethical in very different ways (I would never work at, say, Palantir, but clearly people do; I'm sure many of them would never work for my current employer, in finance).
So, the only people with objective knowledge of a company's internal safeguards and hiring practices are those with favorable subjective value judgments of just how hard it is to bypass those safeguards or just how good those hiring practices are at keeping out unethical people.
From the way that description lacks any specifics and is filled with unnecessary adverbs, I'd guess that the engineer in question doesn't work with this data, and is just repeating what he's been told. I would imagine that Uber reassures its employees about how great their data privacy policies are, just as they do with their customers.
> Uber would not give more details on its technical controls. In practice, the security sources said, Uber’s policy basically relies on the honor system. Employees must agree not to abuse their access. But the company doesn’t actually prevent employees from getting and misusing the private information in the first place, the security sources said.
If true, that is fantastically ludicrous.
It seems I wasn't paying attention, in 2014 - as this "God view" news passed me by. I will be keeping a closer eye on this as it plays out.
Uber obviously seems to be in a strong position, but going only by this article, Uber might fare poorly in a multi-region privacy-legislation legal battle (war?).
It's exactly what an employee writes in another comment here:
> every time I access production systems, I have a ton of messages telling me that our access is being completely tracked and we are prohibited from doing anything that was mentioned in the article.
There is probably a small department doing random checks on data access. But with several thousand people (including support staff) accessing data, the chance of being noticed is extremely low.
This seems like a good place to tell Uber users that the only way of removing your credit card details from your Uber account is to either:
a) plead with Uber's customer service to do so
or
b) add another payment method (like another credit card)
This, of course, is horribly bad practice. I can only imagine that they arrived at this very peculiar arrangement after extensive A/B testing - Uber has hired plenty of FB folks and those people tend to be really into that kind of thing. I haven't seen this kind of outright customer-hostility from a large Internet company.. well, ever, before.
So, no, I'm not surprised that this company is doing other unethical things - it sort of seems interwoven into their DNA.
Another way I discovered by accident: Add paypal, remove cc, revoke PayPal from its own settings. PayPal is left there buy there is no way to charge you anymore.
I uninstalled Uber after it wanted to track my location before and after using the app. That wasn't the only reason, but it was the final straw. As much as I loathe using taxis, I'm actually more annoyed with Uber and their business practices.
>So, no, I'm not surprised that this company is doing other unethical things - it sort of seems interwoven into their DNA.
Grubhub refused to delete my account even after pleading with them to do so many many times. To me seems like a general tech company trend not something specific to uber.
This is actually a great technical and legal question. And it depends a lot on the type of service you have, and which jurisdiction's law governs you and your service provider.
On the one hand, we have the EU's "right to be forgotten" actions against Google, which seem to be gaining ground and are essentially bona fide in their protection of the consumer/society, in the sense that it might be a good idea for other jurisdictions to adopt it as well.
But consider the EU (and worldwide) regulation of banking and transactional accounts. Particularly the prohibitions on money laundering and counter-terrorism funding (AML/CTF laws). You're not allowed to open and close a bunch of bank accounts, which means that you don't really have a "right to be forgotten" in this sense either. Nor, if you are not a "legit" user, should you be.
From a technical standpoint, how do you detect the law abiding citizens that want to close (in the sense of permanently deleting records) their account(s) from the malfeasant actors that want to launder money or fund terrorism by holding many accounts over time in order to obfuscate their transaction patterns.
It's an interesting question that the law -- and to a certain extent, the people -- have not yet got a good answer
RtbF is possibly not relevant here. More important would be the EU regulations on data protections. These say that companies must explain what data they're gathering and why they gather it; and that companies can only gather what they need; and only keep it for as long as they need; and that it must be accurate; and that customers have a right to see the data and to have corrections made.
But even the EU has exemptions and complications around data that's used to prevent crime.
I'm seeing a few replies suggesting that it varies between EU/US etc ... but either way it sounds like a REALLY effective way to piss off those customers and guarantee they'll never come back and use your service in future (or share such "horror" stories with their friends and relatives). I don't get why those companies would go out of their way to make things difficult for themselves in the long run
Transactional data surely does not have to include full card and address details though. That would contradict EU directives on sensitive data and privacy.
I think in some countries companies/websites have to keep a trace of all accounts. So they don't really delete accounts, pretend they do and move them to another DB.
Pretty much all bigger companies have subsidiaries in EU (Uber included), so they must obey EU laws too. I think it's only a matter of time when Uber will get sued for privacy violations.
thats what i assumed too. they outright told me that they won't delete my account. Instead they sent me bunch of these totally irrelevant emails to me( probably just made a false assumption due to the timing)
"Thank you for reaching out and providing us with the opportunity to clarify. We welcome and accept employees with all political beliefs at Grubhub, no matter who they voted for in this or any election. We do not discriminate on the basis of someone's principles, or otherwise. The message was intended to advocate for inclusion and tolerance -- regardless of political affiliation -- during this time of transition for our country.
When you lose your credit card and you call your credit card company and them them that you lost it, they issue you a new card with new numbers; this way anybody that had the information on the card would not be able to make further transactions. I would consider the card lost when a company would not delete the credit card information on my request to delete the information.
A new number doesn't necessarily prevent charges from vendors who had the old one. For your convenience the banks actually allow new charges on the old cards after they are cancelled. I assume they whitelist vendors that have good reputations or filter based on patterns of charges against your account which you have not disputed.
Verizon was able to charge against my old account for over a year. I kept getting snail mail letters from my bank telling me that the card I was using had been cancelled and that I needed to update it, but I kind of just wanted to see how long they would let it go.
In other cases, the bank will actually update the vendor with your new card number so that subscriptions are not interrupted.
Even if it is stolen? This thing is massively dangerous. It ensures your credit card details are stored all over the place for them to be leaked or stolen, with no way for the consumer to clean this up.
Yeah but letting services expire with the credit card unless you still use them is not a bad way to get rid of all the services you subscribed thinking it could be useful but never used.
Reminds me of what was done in the military (I think it was in a European country). Officers were spending their time writing reports that were never read. They introduced a policy under which for a given time everyone should stop writing reports until someone complained that they were not receiving it. And if that didn't happen this type of report would be scrapped.
Hmm, I feel like in my job I write a lot of things that no one ever reads (issue notes, extra commit information, comments) with the expectation that it'll be helpful information if I or someone else ever does need to look to figure out why I did something.
And it has been helpful. I mean maybe about 1% of it is read later at some point and helps clarify a situation. 99% of it is never seen again. That 1% of the time it's really helpful to have it.
I have done this. Yes, they initial did keep the subscription going. However, I told the credit card company that I did not authorized any further; they reversed everthing out. I really wonder whether they give the company the new information or whether they just allow authorization using the old numbers; seems like it is pretty screwed up security if they give the new information to the company.
Also, if you say:
- Card was lost.
- After reviewing all accounts, it was discovered that the CC information couldn't be deleted from the ubuer UI.
- I hereby do not authorized uber to make any charges.
- tell them in writing or record the conversation.
I don't see any way uber can make any valid charges against your account (assuming no more action on one's part).
I also wonder whether it follows CC guidelines/rules to keep CC information when the customer has explicitly tried to remove and communicated to the company to remove said information.
>"For your convenience the banks actually allow new charges on the old cards after they are cancelled."
I have not heard this before. My bank certainly doesn't do this and its a major bank. I actually proactively ask for new cards periodically so that the old ones are no longer valid.
I don't have any financial stake in them, I'm just a pleased patron, but it's this stuff that had me leaping to be an early adopter of Final[0].
Flat out, it's a credit card- but with their site or app you can generate single use numbers and CV2, or you can generate merchant locked numbers for things like Uber. There's a lot more they offer, but those two things are what I got it for and how I use it.
Some caveats being an industry-low cash back (1%) and they charge an annual fee after the first year. Another alternative is to check with your current CC company, many already offer single-use numbers.
I know Discover offered it about ten years ago (saw a friend use it). I don't know if they still do. Always thought it was a cool feature and wanted a card that would allow it, but up to this point I don't think any of mine do.
Discover stopped offering them a few years back. At one time I had three cards that had this option and they all slowly stopped, basically saying their fraud detection was good enough the extra trouble wasn't worth it for them.
Google Adwords do this, and vultr.com do it as well. I agree it's really user-hostile and a dark pattern to allow users to enter payment details and then refuse to delete them.
I don't want to leave my credit card details on the servers of hundreds of companies, or allow them to charge at will, but it's obvious why from the companies point of view why this is attractive.
the only way of removing your credit card details from your Uber account is to...
You could also ask them to delete your account and certify that all PIO and payment information has been purged. Depending on your state if residence, there may be other things you can ask for.
I was recently unsettled when I installed Lyft on a new phone after a pretty long lapse. Sure enough, with no verification of any kind, my credit card information was still there. Apparently it is keyed to the phone number. Insane.
Credit card vendors with a high reputation score have extraordinary powers.
During the credit card auth they are told whether the expiration, CVV, and ZIP code match and they can choose to accept the charge even if they do not match, although they do so at some additional risk of the charge being flagged/reversed. They can even charge expired and cancelled credit cards as well.
Expiration/CVV/ZIP checking are an additional security layer but they are there for the merchant, not for you. A credit card number is all a merchant actually needs to make a charge.
> Most consumers think their credit card expiration dates -- the month and year in which their cards are supposed to be renewed -- are a sacrosant security feature, without which a business can't process a payment.
> In fact, big players in the U.S. consumer-sales industry have developed informal agreements with credit-card issuers that allow charges to be made to consumers' credit cards without specifying the expiry month and year. This procedure works even after an individual's card has expired and been re-issued with a new expiration date.
Disclaimer: I work for Uber. However, my opinions are mine. I am also not defending nor attacking in any way Uber gathering location data.
With that out of the way - you know your cell phone carrier already has this data right? They have way better data than Uber ever will about all your habits, including establishing relationships based on who you call, which sites you visit, who you are signed up on a plan with, etc etc. A much more weakly guarded pot of gold, I would say.
I'll agree with your point as soon as Uber signs up to the same level of regulatory restrictions as every phone carrier enjoys. The fact is that there are laws that strictly prohibit my phone carrier doing certain things with data about my usage. Case in point, the stalking that the article mentions - I don't think employees of my phone carrier can do the same thing. Technically they could because they have the necessary data, but they don't because regulations have been put in place to stop them.
Uber has demonstrated that they can't be trusted with personal data, so I'm quite sure the government will be considering implementing some regulation in their industry too. That's a shame really, because I'm sure most of us would prefer companies weren't restricted by regulation and were just sensible and ethical by default, so laws weren't necessary.
That's a shame really, because I'm sure most of us would prefer companies weren't restricted by regulation and were just sensible and ethical by default, so laws weren't necessary.
Interesting. I prefer regulation by default to be honest. Possibly shows my biases from growing up and living in Europe. I see regulation as something you should start with not something you should end up having to do. Just like I prefer civil laws to be in place by default rather than leaving it to people to be good to each other.
> I see regulation as something you should start with not something you should end up having to do.
That's the Platonic/Napoleonic mindset right there :)
It's one of the Great Philosophical Questions - do we build society from first principles, or do we just react to what people do as they get together? The latter is the current fashion, at least in theory - in practice, the former keeps coming up over and over, because lawmaking is fundamentally a prescriptive action that instinctively moves from first principles (and it's the only way that lawmakers can forever justify their role: if we ever figured out a society working so well that no reaction or correction is necessary, what would lawmakers do? Write law covering behaviour in places where humans could only potentially exist, i.e. prescribe from first principles).
TBH I rarely ever thought about this sort of thing until I moved to the UK, where the average mindset is deeply anti-Napoleonic/anti-Roman.
The NSA using the power of the state to persuade a telco to intercept some stuff for them is somewhat different from having random employees of a private company just deciding to arbitrarily browse through their corporate databases.
You missed the point: the telecom carriers haven't either, however they are regulated, which is not the case for Uber.
So the point is moot for telecom carriers because the regulator already swept in. The point is still important to make concerning ongoing practices in unregulated markets, like big data in tech.
If you don't like how little is done to correct the NSA using telecom facilities however, you should see with your government, not simply the companies it coerces.
The point, as I see it, is that your data is never really safe. I don't much care if Uber can be trusted or not, when the State can always step in and hoover up whatever data Uber has.
If you don't like how little is done to correct the NSA using telecom facilities however, you should see with your government, not simply the companies it coerces.
As long as the State can't be trusted, the rest is moot.
Wait, that makes no sense. Your argument is that since there's one (huge) malicious actor we haven't stopped we should not care about any other malicious actors? "Privacy" is not binary. You can have privacy from Uber even while the government spies on you, and the situation when only one of them does is better than the one when both do.
I'm more afraid of the USG than I am of Uber. And while the line you're talking about clearly exists, I consider it such a thin line as to be essentially moot.
I guess the analogy I'd use would be this: worrying about Uber in the era of rampant warrant-less nation-state surveillance is like rearranging the deck chairs on the Titanic.
It's not and it doesn't matter. You won't get less state surveillance by only complaining about state surveillance and not about companies that do the same on a smaller scale.
Respect for privacy has to become the normal situation. You can't say what does it matter if the other party does it way worse? No, they both need to step up. Even if it wouldn't make much practical difference if Uber just deleted their databases tomorrow while the NSA goes about their merry nefarious ways, it's also a battle of the public mind. The public doesn't care a lot, in a very large part because they just feel powerless about it, that they have no choice (and people really tend to come up with the stupidest arguments for the status quo if they feel powerless about it). Best way to make people care again (which is a small step towards getting our governments to stop giving our data to the NSA) is to draw a very clear line in the sand, NO you will respect our privacy, even if you're smaller than the big guys, it's not gonna happen, not on my watch.
It's not like people in war-torn areas stopped caring about muggers and looters just because the US army is killing women and children way more effectively using drone-strikes and misinformed soldiers all hyped up on a mission to kill terrrists (oops). No it's wrong and it shouldn't happen.
My opinion is, the data shouldn't be there in the first place. We can't protect it well enough. Especially not from future people who might legally come into possession of this data. Like in the US, privacy statements apparently mean nothing if a company or startup goes bankrupt and its assets are sold to third parties. They don't buy the obligations. This happened to Radioshack a few years ago, IIRC.
In the sense that the government are more likely to use data on a massive scale I also find that a scarier prospect. But that's not what we're talking about. The threat from Uber is different. Uber is far more dangerous in the sense that someone might target me specifically. More so if I was the ex-girlfriend of someone who works there or is friends with someone who works there.
Suggesting that the threat posed by Uber and by the government are just different points on the same scale is wrong. They're entirely different problems, and they'll need different solutions.
The key difference is the telephony company needs to know who I want to talk to so they can connect me, which web sites I want to load so they can retrieve the data from the server, and where I am so phone calls and data are routed through a nearby tower. People aren't going to be as upset about a company having data that is necessary for their core service to be provided. Does Uber need to know where I sleep in order to catch a ride from my office to a bar for happy hour?
No no no don't worry, see? It doesn't have to quit at Z. That's just a convention from using letters of the alphabet.
"But we can already has Z, so why shouldn't we do AA?"
"But we already make with the AA going, so why you no AB?"
...
Is no problem we just continue continuing on, standing on the shoulders of somebody else's problems, until the problem becomes the soil and a beautiful flower grows. Is future!
> A much more weakly guarded pot of gold, I would say.
Citation needed. I have no reason to believe Uber is better at protecting customer data than my phone provider. The latter likely feels a lot more bound by local laws than a US cooperation nearly priding itself in not adhering to them.
> With that out of the way - you know your cell phone carrier already has this data right?
Its close to fascism when the argument becomes that the government (ie. NSA) already has this data.
> including establishing relationships based on who you call, which sites you visit, who you are signed up on a plan with, etc etc.
Not if you use Signal and Tor.
Also, the phone company supposedly doesn't abuse that data (they certainly don't have my permission for that); Uber supposedly doesn't either, but it is proven time and time again that it is being abused. Just like the NSA watched people on watchlists watching porn.
For evil software practices like the ones from your employer we need two things:
1) FLOSS applications, and legislation against these practices. (Ironically, your employer is already breaking the law in many jurisdictions as we speak.)
2) If that fails, and for the time being we can still work around it by uninstalling your application. We can also still work around it using magic like LD_PRELOAD faking the geolocation. There already exists libfaketime, not sure about geolocation.
I have a legally binding contract with my phone carrier, which is located in my country of residence. The US can do whatever the fuck they want with the data you collect and it's not theirs to have.
> A much more weakly guarded pot of gold, I would say.
Bigger pot, way more strongly guarded.
Much more frightening is that literally all (4 or 5 I've seen by now) HN accounts that identified as Uber developers tried to ascertain "no it's fine and also I trust Uber" did so by while revealing they either
1. have no idea about Uber's exact privacy and security procedures (you don't need to put all the cards on the table if it's sensitive--though it shouldn't be--but you should be aware of the procedures and be able to ascertain they are in fact in place and implemented)
2. or, like the above poster, have very strange ideas about what constitutes their responsibility of protecting the privacy of their users. Hint: it's NOT "be slightly less bad at it than the next guy" (even though in above example that's arguably not even the case). This may be enough semi-security for your personal WordPress-blog, be slightly harder to hack than most people and if you're not a target, you're probably fine, probably.
Except of course, Uber is a target.
And yes, if I were a bad actor and I wanted data like that, of course I'd try Uber first instead of the (way better protected) cell phone carriers.
Especially now that I've seen all these Uber developers publicly flaunt their ignorance on the subject.
Cell tower location is far less precise than the location returned by IOS location services. They can't tell that I stopped in the coffee shop then went to the bank next door.
>you know your cell phone carrier already has this data right?
No, they don't. My carrier has coarse location data because they know which cell tower served me. Uber has much more precise GPS data. That's the difference between knowing that I'm in the same building as Edward Snowden and knowing that I'm in the same neighborhood.
I've begun to ditch apps that I've perceived as going downhill regularly, and its been working out pretty well. Uber, Youtube, Facebook/Instagram, and Twitter have decent mobile sites.
I can even silo whatever service I want into its own browser to limit tracking, and all location/permissions/etc are all sandboxed by the browser.
Agreed 100%. I don't get it why anybody would need dozens of apps to spam you ads, drain battery life and collect your contacts, location data and whatnot when you can easily access the same services via a browser without all these mentioned drawbacks. An anecdote, but after cleaning my girlfriend's phone (she's asked for it), its battery life increased nearly twice and cell data usage was reduced by ~30%.
"Let me ask a question of everyone complaining: why not use Lyft? I switched."
Because Lyft is not so widely available. For example, only Uber is available where I live, though I still prefer traditional taxi because of (usually) better price, more reliable service, availability for short rides and privacy.
I seriously don't understand why the updated Uber app asks to access my location all the time -- as opposed to only when I'm using the app. Not only is it not required but it's a huge drain on the phone's battery, potentially decreasing the battery's life.
Now I'm from a third-world country and can't afford to buy a $1000 phone every year, so I have to be careful with the life of my phone.
The turnaround this, I found, is to disallow location to the Uber app when not using the app and allowing access only when I use the app. This, however, is a pain and the Uber app behaves weird if I do so (the previous trip does not end after hours of it actually ending).
Very poor UX from Uber, potentially dangerous, definitely unethical. This is definitely a trend -- startups start with being caring of its customers, but once they grow big, they become callous and even malicious when it comes to users (I don't ask of them to give every customer personal support, but not mis-using customers is the least I can expect).
I'm with you on this. I don't get why Apple can't mandate a "Only when in app" option. The description for why they require it says they use the location while in app or for a few minutes after the trip is over.
When I was getting ready to leave for work today, I got out of the shower and grabbed my phone and saw a alert saying Uber has been using my location in the background. I hadn't opened the app since last week, last time I needed a ride. I'm sure it could've just been an errant push notification coming in late and waking the app up in the background, but I'm spooked.
That popup is standard for any app that is approved to potentially use location in background and you don't use often. I think it's meant to discourage apps to ask location in background altogether
The pop-up that says "Uber has been using your location in the background recently"? I don't think this is true.
I think the pop-up is telling me it was using my GPS, especially since the GPS icon on the Settings page where you can retract the permissions was lit up to indicate "Recently used".
I don't want to jump to conspiracy theories but the experience scared me a bit because it was around the exact same time of day I had grabbed an Uber to go to work the last time I had used it.
Perhaps it was an errant random notification meant to scare me, perhaps it was a late delivered push notification opening Uber in the background, perhaps it was Uber seeing if I was home and wanted to commute to work again.
When they migrated to this style of permission it seemed like a bit of a missed opportunity to give the user the option of choosing "no, only when the app is open"
No, I mean Apple shouldnt have given app developers the option to not allow "only when open". So app developers request the highest amount of permission, and either that (or less) would be granted:
Uber would like to access your location at all times
[Yes, allow in the background]
[Yes, only when open]
[No, deny all together]
Operationally, "God Mode" doesn't need to show who the passenger is. It's reasonable to have info about where all the cars are and their status and destination available to everyone involved with dispatching, but passenger identity? Sloppy.
I think it's time for the government to give you as many names as you want to give out to companies, and there's no reason for anyone who isn't suing you for it to know which of your aliases go together. Also aliases should be shared, to further conflate things. (nothing should stop my friends and i from sharing an alias and persona - companies should be legally forced to bend over backwards and enable this, for everyone. For example Google should be legally forced to allow you to create a new gmail inbox with a new name in a single click and not have it tied on any way to the old name.) Also credit card companies should be forced to give you as many cards in whatever names that you ask for. Nobody who isn't suing you should have a right to know your true name. They shouldn't even have it on record. If they wanna know something about you, they should ask you.
It works for writers, celebrities, etc - why not the rest of us.
EDIT to clarify: this is a serious comment, you can read it literally.
Register an LLC (using your real name). Get a domain for the LLC and register a pseudonymous email address. Get a debit card and have the issuing bank give you a John Doe card. You sign as your LLC from now on, no government intervention needed.
But it is that simple. In my case, I got a card for a family member. But there is no verification done so you can literally get a card with any name on it. It is still tied to your identity through the bank.
But they may not like it when you have 73 active cards/names - so making this a mandatory thing would affect banks' processes. Also even if you're being literal and can do it in 17 seconds (i.e. after opening a new tab, 30 seconds from now you can have a card in the name of Mary Smith on its way to you) I and I think most people using online banking don't have it so smooth.
I timed it and it took about 25 seconds to go from the Chase login prompt to the "Add authorized user" page where you can get another credit card added to an existing account. So, I admit its not quite as fast as you would like. There is a caveat if you pay an annual fee: you pay the fee for each card. My accounts have no annual fee.
I also checked US Bank and American Express and you are correct, the process is not smooth at all. US Bank wants me to print, sign, and mail it! American Express wants to verify identity of the additional user using an SSN. That makes no sense of course, because they might not even have an SSN and the main account holder is still contractually obliged to pay the account balance.
I was very impressed with your report of Chase's behavior (and while 25 seconds might be an inconvenience of course it's acceptable.) It sounds like a gold standard. Of course, it's not practical to do that 72 times (for example every time you want to order a dildo from Amazon), due to the wait to get the card (it's not instant), but practically today people could use Chase fine to make companies not follow them. Do you think you can choose a name such as Donttrackme McSpammer? I realize this is pretty much the opposite of the term "John Smith" as for example the Uber driver would see that you went out of your way to call yourseld Donttrackme (there is zero chance it's an actual first name) but the adcantage is that it would not appear fraudulent.
Since you don't have an annual fee, can you order a card in the name of Donttrackme McSpammer (or any other similar name that couldn't be mistaken for a real name) and see if you get it?
Thanks for having taken the time to check the other two sites as well. I appreciate it!
Sure - and to be clear the status quo is everyone has a right to do that, if they don't do it fraudulently. That's fine.
But I don't think credit card companies will go ahead and send me a new card in a new made-up name just for Uber. (And one for my awazon dildo purchases.. And one for...)
So it's not quite as simple. What I argue is that companies should legally be forced to do just that.
--
EDIT: to dublinben below
Good to know but I likely wouldn't risk doing that today. It would look too much like fraud. (especially if the name doesn't match.) suppose I needed to be in touch with their cust service or billing in the future for example...
If it were known that companies were forced to accept aliases it would be different.
Your name isn't verified when adding a credit card to an app like this. As long as the numbers (card, expiration, CVV, ZIP) match, you could enter any name you want into Uber's system.
? I thought I was explicit? Can you write how you interpret what I wrote (you can try to interpret my meaning) then I'll clarify if it's not what I meant...
EDIT: to eon - ah, okay. No it was serious, as my other replies here show. I'll add a serious tag.
Creating an audit system and locking down "God" mode seems like something that would save Uber a lot of major headaches down the road. How often do Uber employees need to legitimately track someone's information other than in response to a customer request? I'm guessing about as often as the average Google employee needs access to a specific user's search history, which is to say, fairly rarely.
> Google this week confirmed that it fired an engineer who accessed the Gmail and Google Voice accounts of several minors and taunted those children with the information he uncovered.
I guess the audit system is there, it's just a lot of log files. That's a point where they could use simple rules or ML to flag up possible misuse. E.g. support staff accessing profiles that aren't related to a ticket they were working on. Or a developer tracking a single rider/driver with same last name or address (or really any developer getting data for one rider only).
Won't have a 100% success rate but I guess it could prevent most cases of abuse. It's not that different from what banks do to detect internal fraud.
Menu -> Help -> Account And Payment -> Account Settings and Ratings -> Delete my Uber Account -> Fill in the form.
Oh on iOS you will need to turn on location tracking otherwise the nag screen about how wonderful enabling location services is seems to prevent the app showing the menu button...
EDIT: Oh you can still press the Menu Button, its just the nag screen has a strong tint to it and I had my brightness low. Doh.
This is precisely why it makes sense to keep database data encrypted even to admins and why it makes sense for ride-sharing companies to be co-operatives or non-profits.
Profit-seeking companies engage in bad behaviours all the time.
Except Uber now has arbitration clauses in both it's driver and passenger service agreements. It remains to be seen how well it will hold up in court [1], but I wouldn't count my chickens yet.
"stalk celebrities and their exes"
sounds to me like it could mean:
- stalk celebrities, as well as the exes of said celebrities
- employees stalk their exes and also some celebrities
It's obviously the latter but couldn't the same sentence imply the former as well? Is their a better way to formulate this sentence in a non-ambiguous way?
I think there is a need to regulate how data is used in internet companies. I mean there is the same need for NSA and surveillance, but I'm much more anxious about how a company can be irresponsible compared to a federal agency.
Every time you have customer's information, the people responsible for giving access to that data should be held responsible...
I wonder what it's like working for Uber and hearing this story. I imagine people form into two camps, with one doubling down their loyalty to the company (which could be properly placed for all we know), and another that becomes a little more suspicious walking into work next time.
The internet can really blow things out of proportion.
1980's: long distance company has employee(s) poking around messaging system and sells to newspaper. Few know. All voice over network is stored "searched" for "key" phrases. Very few know. Moreover there are no blogs or places to tell ones story.
Now one little confessional outing becomes widespread and thus assumed to be happening all the time.
I am sure (without facts) that uber is no worse than AT&T back in the day but now so so so many people can read and tell their stories.
Does anyone really think or expect communication via electricity is truly protected?
Can we make the rule that it's not OK to post negative stories about YCombinator companies on this site?
There are a million places to talk negative about everyhing. Here, we're trying to build things. We know no one is perfect. Lets make this place a bastion of positivity instead of negativity.
That's not gonna happen on HN, nor would we want it to. For one thing, there are different kinds of negativity; for another, suppressing the negative is no reliable path to the positive; for a third, the community wouldn't trust us if we ran this place that way.
Most definitely not. If you truly care about YC companies, you'll care about what they're doing wrong so hopefully they can improve. Just dumping on something is of course not helpful in any context, but constructive criticism expressed civilly I can only imagine to be something YC and associated companies would welcome whole-heartedly.
But they don't. Which is also why you can't comment on the YC jobs that get posted here. YC has an image to uphold, because that image is part of their cachet.
I see what you're getting at and understand what you want to accomplish but I do not agree. These revelations concern tons of engineers, especially those working or considering interviewing for Uber right now. It's also a service many of us use, hence why it's so jarring to see that privacy is handled with such little respect.
This negative article is no different from the articles posted about Theranos, Amazon, Facebook etc. Uber does not get a free pass.
Uber is not a small 10 person startup. It affects everyone of us. Would you be so forgiving if this would have been a Russian or a Chinese firm doing this ?
> Critical thinking is good; shallow cynicism, on the other hand, adds nothing of value to the community. It is unpleasant to read and detracts from actual work. If you have something important but negative to say, that’s fine, but say it in a respectful way.
You really should not be being downvoted as your opinion is shared (in my experience) by the majority of struggling startup founders. The founders want to get big and successful and view negativity by techies as at best needless pessimism and at worse as symptomatic of a kind of anti-capitalism.
Capitalists who value the free market who are also the bosses and entrepreneurs see opposition to their money making efforts as an affront to their very core values.
In my opinion it's the wrong way to think - and the root cause is unchecked free market capitalism. However, I think it's true that many people think that to succeed as a startup, money comes before morals. We shouldn't hide that, but criticise it and voice our concerns.
Who cares what struggling startup founders believe? This forum isn't specifically for startup founders and their perspective isn't favored over anyone else's here.
It just happens to be hosted on a subdomain of a startup accelerator but the overwhelming majority of people who read it are not involved with startups.
> Reveal reports that Uber also changed the name of that tool [from "God View"] to "Heaven View."
What a useless change just for the sake of being politically correct. Are companies going to start removing "God Mode" from video games and calling it "super mode"? Seems crazy they would muck with naming to be PC even for internal tools
calm down. how is this being "politically correct"?
the name was most likely changed because the connotation of a "god view" means its omnipotent or at the very least omniscient. aka, it knows everything about you.
so it was most likely changed because of the backlash of the name being associated with invading your privacy and seeing what you were doing in uber. this again is why everyone is upset about uber forcing their app to be always on.
> Individual users' data is very closely guarded internally. It's immensely difficult to look at user data without specific access. Overwhelmingly, this data is queried in aggregate and fed into machine learning systems. The risk of abuse is exceptionally low.
Obviously this doesn't add up. What gives?
[0] https://news.ycombinator.com/item?id=13085775