Disclaimer: I work for Uber. However, my opinions are mine. I am also not defending nor attacking in any way Uber gathering location data.
With that out of the way - you know your cell phone carrier already has this data right? They have way better data than Uber ever will about all your habits, including establishing relationships based on who you call, which sites you visit, who you are signed up on a plan with, etc etc. A much more weakly guarded pot of gold, I would say.
I'll agree with your point as soon as Uber signs up to the same level of regulatory restrictions as every phone carrier enjoys. The fact is that there are laws that strictly prohibit my phone carrier doing certain things with data about my usage. Case in point, the stalking that the article mentions - I don't think employees of my phone carrier can do the same thing. Technically they could because they have the necessary data, but they don't because regulations have been put in place to stop them.
Uber has demonstrated that they can't be trusted with personal data, so I'm quite sure the government will be considering implementing some regulation in their industry too. That's a shame really, because I'm sure most of us would prefer companies weren't restricted by regulation and were just sensible and ethical by default, so laws weren't necessary.
That's a shame really, because I'm sure most of us would prefer companies weren't restricted by regulation and were just sensible and ethical by default, so laws weren't necessary.
Interesting. I prefer regulation by default to be honest. Possibly shows my biases from growing up and living in Europe. I see regulation as something you should start with not something you should end up having to do. Just like I prefer civil laws to be in place by default rather than leaving it to people to be good to each other.
> I see regulation as something you should start with not something you should end up having to do.
That's the Platonic/Napoleonic mindset right there :)
It's one of the Great Philosophical Questions - do we build society from first principles, or do we just react to what people do as they get together? The latter is the current fashion, at least in theory - in practice, the former keeps coming up over and over, because lawmaking is fundamentally a prescriptive action that instinctively moves from first principles (and it's the only way that lawmakers can forever justify their role: if we ever figured out a society working so well that no reaction or correction is necessary, what would lawmakers do? Write law covering behaviour in places where humans could only potentially exist, i.e. prescribe from first principles).
TBH I rarely ever thought about this sort of thing until I moved to the UK, where the average mindset is deeply anti-Napoleonic/anti-Roman.
The NSA using the power of the state to persuade a telco to intercept some stuff for them is somewhat different from having random employees of a private company just deciding to arbitrarily browse through their corporate databases.
You missed the point: the telecom carriers haven't either, however they are regulated, which is not the case for Uber.
So the point is moot for telecom carriers because the regulator already swept in. The point is still important to make concerning ongoing practices in unregulated markets, like big data in tech.
If you don't like how little is done to correct the NSA using telecom facilities however, you should see with your government, not simply the companies it coerces.
The point, as I see it, is that your data is never really safe. I don't much care if Uber can be trusted or not, when the State can always step in and hoover up whatever data Uber has.
If you don't like how little is done to correct the NSA using telecom facilities however, you should see with your government, not simply the companies it coerces.
As long as the State can't be trusted, the rest is moot.
Wait, that makes no sense. Your argument is that since there's one (huge) malicious actor we haven't stopped we should not care about any other malicious actors? "Privacy" is not binary. You can have privacy from Uber even while the government spies on you, and the situation when only one of them does is better than the one when both do.
I'm more afraid of the USG than I am of Uber. And while the line you're talking about clearly exists, I consider it such a thin line as to be essentially moot.
I guess the analogy I'd use would be this: worrying about Uber in the era of rampant warrant-less nation-state surveillance is like rearranging the deck chairs on the Titanic.
It's not and it doesn't matter. You won't get less state surveillance by only complaining about state surveillance and not about companies that do the same on a smaller scale.
Respect for privacy has to become the normal situation. You can't say what does it matter if the other party does it way worse? No, they both need to step up. Even if it wouldn't make much practical difference if Uber just deleted their databases tomorrow while the NSA goes about their merry nefarious ways, it's also a battle of the public mind. The public doesn't care a lot, in a very large part because they just feel powerless about it, that they have no choice (and people really tend to come up with the stupidest arguments for the status quo if they feel powerless about it). Best way to make people care again (which is a small step towards getting our governments to stop giving our data to the NSA) is to draw a very clear line in the sand, NO you will respect our privacy, even if you're smaller than the big guys, it's not gonna happen, not on my watch.
It's not like people in war-torn areas stopped caring about muggers and looters just because the US army is killing women and children way more effectively using drone-strikes and misinformed soldiers all hyped up on a mission to kill terrrists (oops). No it's wrong and it shouldn't happen.
My opinion is, the data shouldn't be there in the first place. We can't protect it well enough. Especially not from future people who might legally come into possession of this data. Like in the US, privacy statements apparently mean nothing if a company or startup goes bankrupt and its assets are sold to third parties. They don't buy the obligations. This happened to Radioshack a few years ago, IIRC.
In the sense that the government are more likely to use data on a massive scale I also find that a scarier prospect. But that's not what we're talking about. The threat from Uber is different. Uber is far more dangerous in the sense that someone might target me specifically. More so if I was the ex-girlfriend of someone who works there or is friends with someone who works there.
Suggesting that the threat posed by Uber and by the government are just different points on the same scale is wrong. They're entirely different problems, and they'll need different solutions.
The key difference is the telephony company needs to know who I want to talk to so they can connect me, which web sites I want to load so they can retrieve the data from the server, and where I am so phone calls and data are routed through a nearby tower. People aren't going to be as upset about a company having data that is necessary for their core service to be provided. Does Uber need to know where I sleep in order to catch a ride from my office to a bar for happy hour?
No no no don't worry, see? It doesn't have to quit at Z. That's just a convention from using letters of the alphabet.
"But we can already has Z, so why shouldn't we do AA?"
"But we already make with the AA going, so why you no AB?"
...
Is no problem we just continue continuing on, standing on the shoulders of somebody else's problems, until the problem becomes the soil and a beautiful flower grows. Is future!
> A much more weakly guarded pot of gold, I would say.
Citation needed. I have no reason to believe Uber is better at protecting customer data than my phone provider. The latter likely feels a lot more bound by local laws than a US cooperation nearly priding itself in not adhering to them.
> With that out of the way - you know your cell phone carrier already has this data right?
Its close to fascism when the argument becomes that the government (ie. NSA) already has this data.
> including establishing relationships based on who you call, which sites you visit, who you are signed up on a plan with, etc etc.
Not if you use Signal and Tor.
Also, the phone company supposedly doesn't abuse that data (they certainly don't have my permission for that); Uber supposedly doesn't either, but it is proven time and time again that it is being abused. Just like the NSA watched people on watchlists watching porn.
For evil software practices like the ones from your employer we need two things:
1) FLOSS applications, and legislation against these practices. (Ironically, your employer is already breaking the law in many jurisdictions as we speak.)
2) If that fails, and for the time being we can still work around it by uninstalling your application. We can also still work around it using magic like LD_PRELOAD faking the geolocation. There already exists libfaketime, not sure about geolocation.
I have a legally binding contract with my phone carrier, which is located in my country of residence. The US can do whatever the fuck they want with the data you collect and it's not theirs to have.
> A much more weakly guarded pot of gold, I would say.
Bigger pot, way more strongly guarded.
Much more frightening is that literally all (4 or 5 I've seen by now) HN accounts that identified as Uber developers tried to ascertain "no it's fine and also I trust Uber" did so by while revealing they either
1. have no idea about Uber's exact privacy and security procedures (you don't need to put all the cards on the table if it's sensitive--though it shouldn't be--but you should be aware of the procedures and be able to ascertain they are in fact in place and implemented)
2. or, like the above poster, have very strange ideas about what constitutes their responsibility of protecting the privacy of their users. Hint: it's NOT "be slightly less bad at it than the next guy" (even though in above example that's arguably not even the case). This may be enough semi-security for your personal WordPress-blog, be slightly harder to hack than most people and if you're not a target, you're probably fine, probably.
Except of course, Uber is a target.
And yes, if I were a bad actor and I wanted data like that, of course I'd try Uber first instead of the (way better protected) cell phone carriers.
Especially now that I've seen all these Uber developers publicly flaunt their ignorance on the subject.
Cell tower location is far less precise than the location returned by IOS location services. They can't tell that I stopped in the coffee shop then went to the bank next door.
>you know your cell phone carrier already has this data right?
No, they don't. My carrier has coarse location data because they know which cell tower served me. Uber has much more precise GPS data. That's the difference between knowing that I'm in the same building as Edward Snowden and knowing that I'm in the same neighborhood.
With that out of the way - you know your cell phone carrier already has this data right? They have way better data than Uber ever will about all your habits, including establishing relationships based on who you call, which sites you visit, who you are signed up on a plan with, etc etc. A much more weakly guarded pot of gold, I would say.