according to The Washington Post, the company was so lax about such sensitive data that it even allowed a job applicant to view people’s rides, including those of a family member of a prominent politician.
worries me a lot more than
a 2012 post on the company’s blog that boasted of how Uber had tracked the rides of users who went somewhere other than home on Friday or Saturday nights, and left from the same address the next morning.
Obviously Uber has this sort of data, and it can use it in various aggregated ways. What's more important than demonstrations of what information they could pull out of this is how serious they are about protecting it from access, either from people who want to buy that information or employees simply snooping around. I don't care if someone uses my data in an aggregate way to do something (e.g. facebook) as long as I am not personally identified.
Because the blog post was publicly posted (and had been available for 2 years before Uber's recent PR trouble), and the data that was presented was on an aggregate level.
If you are asking if the blog poster had access to the individualized data, I imagine he did as he was a data scientist at Uber - but I don't see how that is something to be alarmed about.
...so maybe they should keep their hands off the aggregates as well?
For the surge pricing, I'm a bit at a loss, because you don't need personally identifiable data for it, just a request counter per area ID, right? Maybe I don't understand it right though...
Also, the reasoning should be the other way around: if I cannot provide a service respecting the basic privacy of my users, I should not be providing a service.
> I'm not sure I quite get what you mean. How do you produce an aggregate without profiling customers on an individual basis?
You can easily calculate the average of a set without keeping every individual member of the set by updating the running average each time a new data point comes in. You still collect individual data, but destroy it as soon as possible.
> Secondly, I don't see how a company like Uber can use their data to power something like surge pricing while following the exact letter of the BDSG.
Then Uber should be banned and its employees and shareholders punished appropriately. I don’t see how “this business model can’t work with this law” could possibly be an excuse to ignore the law. Protection rackets don’t really work with the exact letter of the law, either.
The problem that most people have with the article is the creepy tone ("I know which of you are fooling around and where") rather than an actual leak of information on individual users.
The problem many people with Uber is that they leak information, rather than that they actually do creepy stuff...
Whether they brag about it or not, whether they make active use of it or not -- they did invest their time & effort into this type of profiling. Was this altruistic goofing around, with no bad intent? I'd prefer to believe that, but there are no checks in place to ensure this. And I believe most of their customers would be enraged to be subject to such a profiling, even just for the goofing...
Those two things are very related. Knowledge of people having sexual indiscretions can be very powerful leverage to manipulate politicians (and others) with.
That part of the article stuck out for me. The authors then draw a comparison to OKCupid "experiment[ing] on its users", but Uber is writing blog posts with anonymized data. I do agree that Uber should be extremely careful with securing its data, but I'd be interested to read more data analysis.
Uber argues that it’s doing only what other technology companies regularly do. That may be true but it only underlines why we need oversight mechanisms that cover all of them.
Such as?
If you're giving your data freely to companies, I don't understand what kind of oversight mechanism could or should protect you.
Imagine a hypothetical oversight mechanism, then imagine the consequences to tech companies. Imagine the consequences to startups. Not Uber; I'm talking about tiny, early-stage startups.
Airbnb and Dropbox have enriched my life. I'd hate for regulatory burden to prevent such startups from forming in the first place.
This isn't a hypothetical concern. The finance industry is so regulated that you can't easily form a finance startup without having a lot of connections or a lot of money. Same for the healthcare sector, as far as I've heard.
> If you're giving your data freely to companies, I don't understand what kind of oversight mechanism could or should protect you.
This argument doesn't make much sense to me.
What if I said,
> If you're giving your money freely to banks, I don't understand what kind of oversight mechanism could or should protect you.
I think the crux of the issue is that if I get a car ride with Uber, I have a reasonable expectation that I am paying for the service of a car ride. There is no reasonable expectation on my part that I'm giving them money for a car ride AND ALSO giving them the information about me/my ride to use freely, regardless of what the TOS may say.
The expectation on the customer's part is that ride remain private, much like anything that goes on in the doctor's office. The reality, of course, does not match that expectation, which is why I think there should be some hypothetical oversight mechanism that manages the differences between the customer's expectation and Uber's reality.
Just because Uber has data on me doesn't mean that I have given it to them to do whatever they want with it.
I'd like to be clear that I totally agree with you: data given to a service you pay for should remain private.
All I'm saying is that if you enact regulation to try to enforce this, you're going to cause a lot of unintended consequences. It may even prevent the Airbnb's and Dropbox's of the future from forming altogether.
Are you sure adding another law is the right response?
> Are you sure adding another law is the right response?
I'm not sure, but I do think that it would be beneficial to have an overarching framework that could be used to protect information that is commonly believed to be "private." I've thought about it a bit more and instead of simply "transportation companies may do this and not this in situations A, B, and C," I feel like we need a modern day "Bill of Information Rights" and a general reform in how anyone -- government included -- can collect, use, or distribute information without explicit permission.
If the choice were between safeguarding the right to privacy and slowing the rate of innovation, I would pick privacy every time. It's the whole "trading liberty for security" thing: Civil liberties are the prime mover in any society, and losing it has a much more far-reaching impact.
Yesterday, myself and a woman I'm not married to paid for transportation. We are both quite identifiable, being a very tall white guy and a black woman taller than most men (in Delhi we stand out). Do I have a reasonable expectation that my rickshaw driver will not tell his buddies about this?
As far as I know, doctor/patient confidentiality is the exception - you have no expectation of privacy anywhere else.
> Do I have a reasonable expectation that my rickshaw driver will not tell his buddies about this?
No, but what I'm trying to get at is that you have a reasonable expectation that your rickshaw driver will not go out and try to find people to sell that information to or publish it in a newspaper or something.
Why not? That type of thing happens to celebrities all the time. The only reason I have a reasonable expectation that it won't happen to me is because I'm not famous, and not one cares about what rickshaws I take.
So you're happy with the NSA spying on you? I mean, the only reason you've never attracted the NSA's attention is because you're not the kind of famous the NSA is interested in, right? Are you saying that anyone with the capacity or opportunity to invade your privacy is justified in doing so?
I've never bought "I'm ignorant of how the world works" as an argument for "I don't expect X to happen". If X does happen with regular frequency, the fact that you didn't expect it to doesn't really matter.
> If you're giving your data freely to companies, I don't understand what kind of oversight mechanism could or should protect you.
"If you're taking patent medicines freely, I don't understand what kind of oversight mechanism could or should protect you."
"If you're eating tainted meat freely, I don't understand what kind of oversight mechanism could or should protect you."
"If you're driving on roads used by other drivers in poorly maintained cars freely, I don't understand what kind of oversight mechanism could or should protect you."
You suggest three scenarios where death is a far more likely consequence of poor regulation than in the case of surrendering personal data.
We'd rather have drugs that don't kill people more than we want the ability to start drug companies in our garages. The same probably can't be said for software companies and guaranteed total privacy.
Hence the not understanding what a valid mechanism could be that satisfies society.
Depending on the country you live in and what your race/religion/sexual orientation is, a company selling your information to somebody else could also get you killed.
This is dodging the question. Again: What oversight mechanism can possibly protect users from themselves? They're sending this data, whether they understand it or not.
People keep advocating that drug use should be an educational / health issue, not a legal issue. It's ironic that in this situation, people are calling for the opposite: For the government to step in and protect them, when it's unclear how the government can help without causing all kinds of unintended consequences.
This should be an educational issue, not a legal issue. We should educate users about the ramifications of uploading this data.
Remember, if we enforce regulation, users will still upload sensitive data, and the government will still be free to take advantage of it. Whereas if users are educated about what data they upload, then the data won't exist to begin with.
1. Limit what kind of behavioral data websites can store. When I say behavioral data, I mean the kinds of things computers notice about you in passing—your search history, what you click on, what cell tower you're using.
It's very important that we regulate this at the database, not at the point of collection. People will always find creative ways to collect the data, and we shouldn't limit people's ability to do neat things with our data on the fly. But there should be strict limits on what you can save.
2. Limit how long they can keep it. Maybe three months, six months, three years. I don't really care, as long as it's not fifty years, or forever. Make the time scale for deleting behavioral data similar to the half-life of a typical Internet business.
3. Limit what they can share with third parties. This limit should also apply in the event of bankruptcy, or acquisition. Make people's data non-transferable without their consent.
4. Enforce the right to download. If a website collects information about me, I should be allowed to see it. The EU already mandates this to some extent, but it's not evenly enforced.
This rule is a little sneaky, because it will require backend changes on many sites. Personal data can pile up in all kinds of dark corners in your system if you're not concerned about protecting it. But it's a good rule, and easy to explain. You collect data about me? I get to see it.
5. Enforce the right to delete. I should be able to delete my account and leave no trace in your system, modulo some reasonable allowance for backups.
6. Give privacy policies teeth. Right now, privacy policies and terms of service can change at any time. They have no legal standing. For example, I would like to promise my users that I'll never run ads on my site and give that promise legal weight. That would be good marketing for me. Let's create a mechanism that allow this.
7. Let users opt-in if a site wants to make exceptions to these rules. If today's targeted advertising is so great, you should be able to persuade me to sign up for it. Persuade me! Convince me! Seduce me! You're supposed to be a master advertiser, for Christ's sake!
8. Make the protections apply to everyone, not just people in the same jurisdiction as the regulated site. It shouldn't matter what country someone is visiting your site from. Keep it a world-wide web.
> What oversight mechanism can possibly protect users from themselves?
The idea isn't, to me at least, to protect users from themselves, but to restrict the ways that companies can use/distribute data collected from the user.
Personally (and I obviously haven't thought this through/deeply in the last 10 minutes or so), I think something like HIPAA for transportation information might be appropriate. It would apply not specifically to Uber, but to any kind of transportation data collected by any company (say, self-driving cars, public transportation, taxi companies, etc.) and would place restrictions on how they can distribute or publicize that data and what kind of permissions they would need from whom.
I like the way that the EU starts from the positions that users have an ownership interest in their data. People can require services to provide them with copies of all personaldata held upon them, and demand the removal of all their personald ata if they terminate their account on the service; in addition there are limits on how much data firms can store on tehir users without explicit opt-ins.
I'm summarizing heavily here, obviously - I haven't lived there for a while so this is neither a nuanced nor a fully current picture. Yes, it limits commercial upside in significant ways, but I think a lot of people here can relate to the idea of a muscular privacy regulator.
For example, around 2009 the US government introduced an act which mandated that whenever a customer pays against credit card debt, the highest interest balance needs to be considered paid first if there are multiple balances at various interest rates. This reduced costs for consumers.
Remember how competition is supposed to solve everything - it did not, all banks were doing the opposite as there was no regulation.
I upvoted you because a regulatory response is not really appropriate here. This is exactly the sort of thing the government is terrible at and their involvement will do more harm and good.
But that doesn't mean what Uber is doing is appropriate. What we need is a market response. The NY Times is doing it wrong by asking for "oversight" when they should be using their bully pulpit to encourage Uber's customers to demand that Uber stop retaining this information. The press can be as much a check on the market as it is on the government and that's exactly what they need to be here.
Uber isn't Google. You're paying them money. Companies that think they should get your money and your data can go screw.
The market doesn't tend to work that way. Maybe some people will avoid Uber when they are actually having that one night stand....but you think significant numbers will boycott the service altogether on principle? I've never known that to work.
Hence the need for the bully pulpit. Nobody ever even hears about the one guy boycotting a service. But put a story telling customers how Uber is screwing them over in a major media outlet every week until they change their ways and you have yourself a ballgame.
Is this really supposed to be more effective than an enforced legislation? It might work for one or two big names, but only until people get tired with the news of another bully. And you need it to work for all players, not the top one or two.
If the above does not speak sufficiently: think of the efficiency loss caused by everyone having to watch who's the latest culprit in any market they enter... I'd never thought I'd ever advocate compliance & legislation -- but this is just a perfect case for it, also from an economical perspective.
> Is this really supposed to be more effective than an enforced legislation?
The government is like a lion. If you're having trouble with a pack of wolves, let loose the lion and the wolves will be no more trouble. But from then on you won't be able to own any small pets, you're responsible for feeding the lion and you'll spend the rest of your life having to fear that it will turn on you.
When you have serious trouble in the market (like an abusive monopoly or industries causing fatalities) then you call for the lion. When you spot a mouse in your house you put out some traps and get a terrier. And you're asking, wouldn't a lion be more effective at catching the mouse? Maybe it is, but then you've got a lion in your house. Effectiveness is not the sole criterion.
> think of the efficiency loss caused by everyone having to watch who's the latest culprit in any market they enter...
Hate to say it, but too bad. These companies come around bragging about how they are going to disrupt <insert target>, and push off the mess they create on some hapless schlub in most cases.
Well, fuck them. It is always a few bad apples that ruin things for the rest.
Quite a sensationalist headline. Basically what this article is saying is that Uber have all of this info on where you came from, where you are going and that we should not trust them because they do not have processes in place to ensure users information on trips taken is kept private.
While I do not disagree with the amount of data that Uber have, a company like Facebook and Google arguably know more about us than we do ourselves. Why should we distrust Uber more than any other company? However, I STRONGLY believe that companies with data like Uber should be held accountable to very high standards and any breach of privacy of said data would result in severe penalties. This is not just an Uber problem, this is a big data problem and one many companies have.
I recently quit using Uber in favour of other services like Lyft because I do not believe in Uber's lack of ethics and the way they do business. However, I don't think it is fair they are being targeted as much by the media as they currently are. As much as I dislike Uber, I don't think it is fair to single them out as some lone wolf operating in the wild big data wilderness. We need to be reasonable and stick to the facts, not speculation.
This article really tells us nothing, gives us no true reason other than a single incident (as far as I am aware of) of a privacy breach of a journalists trip to the Uber offices for an interview. There have been other reported incidents of data breaches, but without conclusive evidence, it could just be hearsay.
I am not saying that there is not an issue with companies like Uber and improper practices with data. I am also not denying that Uber have not had incidents where data has been viewed by employees or other reasons, however I am saying there is a lot of false reporting going on at the moment. We need to remain reasonable and non-objective, let the truth and facts speak for themselves. Lets not hate on a company just because everyone else is.
As this article points out, this is not specifically an Uber problem, and as such, I think the title is an inaccurate and deliberate click-bait attempt to get more viewers.
> While I do not disagree with the amount of data that Uber have, a company like Facebook and Google arguably know more about us than we do ourselves. Why should we distrust Uber more than any other company?
I believe the point of the article was that we should not distrust Uber more than any other company; we should distrust them all equally, i.e. assume they are all misusing or failing to secure our personal data until an audit by a trusted third party (an "information fiduciary") can prove otherwise.
> However, I do believe that companies with data like Uber should be held accountable to very high standards and any breach of privacy of said data would result in severe penalties. This is not just an Uber problem, this is a big data problem and one many companies have.
The problem is that there is no incentive for the companies to treat customer data responsibly, while there are substantial commercial incentives for them to misuse it, or at best to reduce the amount they spend on securing it to the absolute minimum possible that they can get away with. And since users are poorly informed and have little power, these incentives will continue to be misaligned until third parties exist with the market or legal muscle to create negative incentives around misusing information strong enough to outweigh the positive ones.
>I believe the point of the article was that we should not distrust Uber more than any other company
If that was their point, then the title they selected, "We Can't Trust Uber" does a pretty poor job at explaining that consumers should distrust companies like Uber, Google and Facebook equally. The title insinuates and singles out Uber solely, but then the article does mention other companies like Facebook and the power and data that they have. Seems the title was for click-bait purposes.
There definitely needs to be some kind of change on a regulatory level. I agree, the problem is these companies lack incentives to be responsible and treat data like a bank protecting its consumers money (a poor analogy given the GFC and all, but still).
Targeted? One of their executives publicly threatened a member of the media. Who was also a customer. Again and again their "leadership" makes unethical or morally questionable decisions that impact their customers, their employees and society FOR MONEY. I'm also not exactly a genius but I can at least remember "never pick a fight with a man who buys ink by the barrel."
Certainly we shouldn't trust Google (or other corps) any more than we trust Uber, but I don't see why we can't distrust all of them equally. I don't have any sympathy for Uber.
You seem to be arguing that this isn't the article that you'd like it to be, not that the headline or article is incorrect. You'd like an article on the regulatory environment around Big Data, and this is merely an example of one specific thing one specific Big Data company can do (and has done and is doing).
That doesn't make the article invalid. In fact, this is exactly the sort of article that needs to exist when there isn't a regulatory environment to protect the people - when people have to calculate their interactions with each individual company to ensure it's not going to bite their ass later, they need to know which individual companies are capable of doing what.
> While I do not disagree with the amount of data that Uber have, a company like Facebook and Google arguably know more about us than we do ourselves. Why should we distrust Uber more than any other company?
Facebook and Google give you a product/service for free in exchange for this data, we PAY uber for a service and should be treated differently because of that fact alone.
> I do not believe in Uber's lack of ethics and the way they do business
THIS. They've done so much bullshit that I flat out refuse to use them. Is there a compiled list of all their wrongdoings somewhere? I'd love to refer my friends to it..
Uber have all of this info on where you came from, where you are going and that we should not trust them because they do not have processes in place to ensure users information on trips taken is kept private.
Sadly, the same can be said for Google, Apple, AT&T, and Verizon. At least one of those probably knows where you are right now.
As the article says, this has got almost nothing to do with Uber, and everything to do with a regulatory regime that allows companies to do anything they like with data they collect.
Maybe the USA should start looking at the Data Protection / Privacy laws implemented by Europe and the rest of the world, instead of just dismissing them as socialist welfare-state hippy-dippy bullshit regulation getting in the way of business.
Technology can and will be gamed. So can laws and policies, but but I' think it's naive to assume that social technology that has evolved over thousands of years can be replaced overnight with computer code.
Probably not overnight, but possibly years and decades.
There's no need to eliminate social behavior, that's arguably the entire 'point'. What we likely can do is, identify places where code is more appropriate and use it.
I'm not going to use the service. Everything that keeps coming out about Uber has been super shady.
I'm not the only one. Big Uber proponents who I know have stopped using their service.
It's not going to stop the masses, but if stories like this keep coming out without policy fixes they are going to lose their edge. All they are is a dispatch service.
I used to love Uber. But all the stories made me more and more unhappy with using them, even though the service itself continued to be great. This "we could spend a million dollars" boast was the last straw and got me to delete the app from my phone entirely.
Now I use Lyft. I'm not sure if it's the best service. But I can't recall the last time I saw a bad PR story come out about Lyft, so I feel much more comfortable using them than Uber.
The hardest part of Uber or any sharing-economy company isn't the technology, it's building the two-sided market. This requires boots on the ground and people who are paid to go out into the community and manually sign up drivers; it's hard to do this unless you have the capital to hire these people.
Because the tools are useless unless other people are using them. Someone comes across your open-source Uber alternative on GitHub, says "But what can I do with it?", and the answer is absolutely nothing unless there's a critical mass of drivers in your area.
Basically all of the competitive advantage in Uber's business model is in creating that critical mass of drivers.
I've been noticing that comments advocating P2P replacements of sharing economy apps all get downvotes, and no comments explaining why. I'll assume these downvoters are NSA puppets for now.
Edit: and they do concern themselves with shaping opinion via social media. I imagine they very much enjoy mining ride sharing data. But yeah maybe they don't care about HN comments. Relevant links:
First, internal controls: what can employees do when they access the user database? Beginning startups probably don't have a lot of formal policies and you're relying on good judgement of the founders and first employees. As a company grows, they need to guard user data with access restrictions, restrict root to a few trusted sysadmins, and put in place clear rules about what what employees with legitimate access to the database are allowed to do. (And of course if your database gets owned it's all for nothing, so you can't protect privacy without good security.) It sounds like Uber might be behind on this, relative to their scale.
Second, what can you do with aggregate reports generated from user data? Facebook and OkCupid and Uber posted research articles to their blob summarizing some of their users' overall characteristics. When it's okay to do this sort of research is debatable, but it's a different issue from invading the privacy of individual users.
Unfortunately taking a regular taxi may not help [1]. That was screwup rather than intentionally revealing user data, but by now everyone should know that publishing anonymized records is really hard and probably shouldn't be done at all.
"The problem wasn’t just that a representative of a powerful corporation was contemplating opposition research on reporters..."
The Uber corporation did no such thing, and the executive involved wasn't "contemplating" anything. This individual executive made a colossally stupid, hypothetical statement during a rant at a party about what he would like to do to a self-declared enemy of the company that happened to be a member of the media (a term I use loosely in this case). This rant was reported to Sarah Lacy (the target of the hypothetical), who, smelling opportunity, then wrote a blog post about how Uber had hitmen hunting her children while they slept in their pajamas (seriously, she actually talked about the danger they were in while they slept in their pajamas).
Of course, when interviewed about it on Bloomberg West, Sarah Lacy was certain that this was a "plan" and not a hypothetical, but could produce no evidence of any actions taken or pinpoint any harm that befell her or her sleeping children. NYT is a little late on this one, but given the nice revenue pop that Sarah Lacy's wild exaggeration of the story must have brought, I can see why they are trying to beat this dead horse. Sadly, this story has about as much significance as the original.
They fed negative stories about the personal lives of reporters and their families to the media? If you have proof, I'd love to see it. Because that's what the "threat" and the corresponding publicity were all about. It had nothing to do with being able to show someone where they've been, which is common and should be expected with any app that you authorize your phone to give location data to.
Perhaps you should take your own advice about reading more carefully.
Although I largely agree with the premise, the author assumes that the only way to solve this problem is with government regulation. I think a better way to solve this problem is with decentralization. The problem Uber solves is one of coordination. This does not require a central intermediary like Uber. It could be solved in a decentralized manner with p2p networks. With a decentralized Uber, only you and the driver would know where you started from and where you went. Privacy would be improved.
To provide some context, an Uber driver was arrested on rape charges in Delhi today. Uber allegedly hired a repeat sex-offender driver without a mandatory police background verification. [1]
And, I agree that a decentralized system without any regulation or oversight could probably improve privacy but is definitely not the solution.
It's hysterical reading the drama about Uber because it misses the biggest reason why someone shouldn't use Uber: it's almost always more expensive than Lyft, at least using Line in San Francisco. This morning I got a lyft ride from downtown SF to SFO for $18. The Uber quote was $25-32.
Articles like this one remind me of Baudrillard who once famously said the only way out of this is to unplug and in this "post-modern" society we are the ones unplugged by these apps. I mean why in the world you can't walk 5 blocks and have to "hail" uber or lyft or sidecar or hailo or what have you. I know there are other specific use cases of these apps, too.
They don't seem to care much about their users. I had an account I hadn't used in years, long enough that the credit card associated with it was expired. This resulted in my account being locked in a way that required me to contact their helpdesk. After telling me to do the equivalent of power cycling my machine by going through their password reset screens, which I'd already tried, they told me that to restore my account I'd need to email them a picture of my driver's license. This leads me to believe that their support database is probably a goldmine for identity thieves and generally those databases are not exactly Fort Knox.
The article does well by pointing out that Uber isn't the only company to do these kinds of things, and in fact almost every corporation engages in some variation of these tactics. Everyone knows that corporations have the same psychological profile as sociopaths, but what is fascinating about the recent Uber revelations is how clumsily they play their part. Sociopaths do not understand why society is organized the way it is, yet they do understand that it is important to appear to understand it, to appear to be a good law abiding citizen. Sociopaths and corporations both take great pains to hide their true anti-social and parasitic intentions. Once spotted by the herd the sociopath must restart the painstaking process of making friends, pretending to care about things real people care about, ingratiating themselves with a community and building up trust for the sole purpose of betraying that trust in secret later.
For many reasons, the media is generally content to let the dirty tricks companies engage in pass by without examination, leaving the machinations of the sociopathic corporate spiders mostly in the dark. The media earns it's keep by convincing society that their version of the truth is the best approximation money can buy.
The mistake Uber made was in threatening a reporter, an action which triggered a very personal response, the kind of response that humanizes the parties involved and clearly demonstrates the difference in the kinds of things Uber is willing to do to advance their goal (blackmail a reporter so they can replace more cab rides with Ubers) v.s. the kinds of goals people have (to enjoy Friday night, get home from the airport). Though it likely won't last long, there is a window of time where incensed reporters may ply their trade without the usual over-riding concern for their own career, and benefit society in the process.
Their rate of expansion potentially at risk, Uber will likely respond with a bill of rider's rights and a corporate pledge to uphold the highest ethical standards. In time people will be trained to think of Uber and high moral standards as closely correlated, and all the while the corporate spiders in the shadows have been watching and learning from Uber's mistake. Eventually Uber's case will be used in business schools to teach the dos and don'ts of important subjects like Media Relations (1. never clumsily proclaim your intent to blackmail reporters. 2. always restore a tarnished reputation through a combination of both marketing and policy). Boutique marketing firms will specialize in helping corporations write privacy policies that are made to be marketed, crafted to neutralize negative impressions long enough to lull the sheep back to complacency.
This is getting increasingly clear. A year ago I was pretty positive about Uber, but not anymore. They play dirty. They play dirty wherever they get the chance. I don't trust them not to use their data to blackmail.
Every single recent (and not so recent) item about Uber screams ethically & morally bankrupt scumbags who would soon as throw you under a bus (or an Uber) if it meant making a fast buck.
1) In the New Delhi Uber rape case -they failed to verify the driver who was a repeat offender, they had no call number and no way to access drive logs from India.
2) As others have pointed out - the concept of privacy at Uber is tragically laughable (Rides-of-glory, God Mode, Using riders info for non-ride purposes etc etc)
3) Playing dirty with competitors is encouraged
4) The VP who boasted of hiring a hit team to dig up dirt on Journalists families is still working at Uber after saying this in a very public forum.
And this is just the recent stuff.
Why anyone would patronize this scummy company is really beyond comprehension.
As a New Delhi resident, the latest incident is the last straw.
They advertise that they do background checks and that they are a safe transportation option. But clearly, they don't.
Based on this, I have recommended Uber to several friends of mine. One of them could have easily been the victim in the recent case.
This is inexcusable and unpardonable and betrayal to the point of no return. Sorry Uber, I'm deleting your app and will tell EACH and EVERY person I meet to do the same.
If the Indian government does not cancel your permit (which they should, for flagrantly ignoring laws), I hope the consumers vote with their wallet and drive Uber out of India due to lack of customers.
This is the only way companies will learn that "move fast and break things" is acceptable only if you are a social networking website where breaking things does not result in someone's life being completely ruined.
> The VP who boasted of hiring a hit team to dig up dirt on Journalists families is still working at Uber after saying this in a very public forum.
This point has obviously been through a few rounds of "telephone".
"boasted of hiring a hit team"--he suggested it as a hypothetical idea, he didn't "boast" of already doing it, nor is there any indication he did
"in a very public forum"--he said it at a private dinner party where comments were understood to be off the record, but someone brought a +1 and didn't read him into this so he ran with it.
He was just drunk and made an offhanded joke. Come on people, we make offensive jokes all the time. The difference is that people laugh our jokes off and for him, a reporter picked it up and ran with it.
I'm not trying to defend Uber with any of the other stuff, I just think that one particular thing was blown up a little bit more than was necessary.
If the guy is dumb or arrogant enough to get drunk and make off-the-cuff offensive jokes about the press in front of the press and his boss then he should be fired promptly. That he wasn't speaks volumes.
Senior executives of billion-dollar companies do not accidentally have dinner with reporters. The dinner was part of a PR effort. Maybe the guy's really a rube or a loose canon. But personally, my guess is that he "joked" about harming a journalist whose coverage they didn't like because he wanted other journalists to think twice about giving them bad coverage.
People in positions of power are held accountable when they don't take things they're responsible for seriously.
You could joke about fucking with people's privacy because you don't have a huge database of abortion clinic visits and one night stands and children's daycare locations. As soon as you did, people would start holding you accountable.
I don't really want to restart that whole argument again, I just want to point out that in these firestorms of outrage, the actual truth of the matter can take a lot of the damage.
> "in a very public forum"--he said it at a private dinner party where comments were understood to be off the record, but someone brought a +1 and didn't read him into this so he ran with it.
You know, I never did go back and find out how the Romney 47% leaks actually made it out the door. I wonder if it's public knowledge at this point.
The squealing about the very sane idea of doing some journalism on journalists is very lulzy. I don't trust Uber and have never given them business. I trust the NYTimes even less and will never give them a cent. They are crooks who lied us into war. They are now owned by the monopolist Carlos Slim who lies to us about telecom and immigration issues relevant to his business interests.
In the golden age of American journalism the idea of doing hit pieces on journalists wouldn't even be interesting. Mencken and friends did it to each other constantly. It's hilarious these people think they're part of some unassailable priesthood now.
>Why anyone would patronize this scummy company is really beyond comprehension.
They patronize it because it solves a major problem that people have. People will continue to do so for that same reason. At the end of the day, people are selfish. They care that their problem gets solved; they don't care if a few journalists claim to feel threatened or that a criminal driver goes crazy every now and then (btw this also occurs in taxis, with much higher frequency).
I would say the only item you've brought up that even comes close to "morally bankrupt" is #3. While Uber has definitely used some dirty tricks to go after Lyft, my understanding is they've teamed up with them in going after regulatory issues.
The New Delhi rape case could have just as easily happened to Lyft. The infrastructure for background checks and criminal records in India is more or less nonexistent, so I doubt that Lyft would've been able to catch this driver before he committed a crime any more than Uber would've been able to. The incident is awful, but not Uber's fault. Moreover, would a taxi company be held responsible for a driver raping a passenger?
The examples of Uber violating privacy are sketchy at best. It appears that the god mode app is akin to Google's live search feature which displays thousands of real-time searches for demonstration purposes. The rides-of-glory incident was definitely a PR gaffe, but once again, far from morally bankrupt. If anything it was a play on the OKCupid-style data driven blog posts. I don't see anyone accusing them of being morally bankrupt.
As for the comments on digging up dirt on journalists, based on whats come out from OTHER sources at the private dinner (NOT a "very public forum" as you described it) it was taken out of context.
Its unfortunate that Uber is taking heat for so many things. I use Uber often and trust them with my data. I think anyone that is seriously troubled by the recent onslaught against Uber should take a moment to really think about whether they provide a genuine service or are just scumbags.
"The infrastructure for background checks and criminal records in India is more or less nonexistent"
Duh. Not true. It is not a perfect system, but there is a system of police verification. If someone has gone to jail for rape, (as this driver has) the check would bring it up.
Besides the point isn't whether the system is perfect. The point is that Uber didn't bother using the system or following the laws of the land and plays fast and loose with claims of "verification of drivers".
From Uber CEO Travis Kalanick "We will work with the government to establish clear background checks currently absent in their commercial transportation licensing programs"
He makes it sound like it is the government's fault. No, background checks are not "currently absent" in transportation licensing.
Police verification of taxi/transport drivers is mandated by law. Uber ignored this law (as it ignores many laws, all over the world). Now this lowlife blames the government/Indian laws.
You can't decide not to follow laws because you think them "incomplete", and then not get blamed when such avoidance bites you in the ass.
> The infrastructure for background checks and criminal records in India is more or less nonexistent, so I doubt that Lyft would've been able to catch this driver before he committed a crime any more than Uber would've been able to.
Yes, blame it on the system. Never mind that Uber performed NO checks; never mind that the guy's record was revealed shortly after his arrest, indicating that had Uber performed a check they stood a good chance of finding the same out.
While India's police system is not perfect, Uber's attitude is downright arrogant: "it is you natives and your cops who are to blame". The law mandates a background check, you didn't follow the mandate. The least you can do is to own up to that.
> The New Delhi rape case could have just as easily happened to Lyft. The infrastructure for background checks and criminal records in India is more or less nonexistent,
It's not about non-existent prevention mechanisms. It's about how difficult it is to contact Uber (at least in India), whether they took the responsibility of what happened, and whether they are going to invest time to take preventive measures instead of immorally running after competitors in India. Having a bad automated support at a company like Uber that deals with transporting flesh around is a sign of being morally irresponsible.
> The New Delhi rape case could have just as easily happened to Lyft.
No, not necessarily.
The key here is that each company is ultimately the responsible party for vetting the drivers that come to you.
Uber touts a rigorous background checking process but, as we've seen, time and time again, their background checking has been horrible/not actually existent.
What happened in Delhi is tragic -- and no one would want such a dreadful thing to happen to anyone, anywhere.
Yes, Uber did not vet the driver enough. But "police verification" in India is a big joke. You pretty much go to one station and find out if there are crimes committed by a person in that locality. There really isn't an exchange of information across stations across cities about a person's criminal record. So, you can only do so much in this country, where a lot of such information needs to be made more easily accessible even to law enforcement agencies themselves. In fact, the government itself is mulling doing away with such verification requirements for government jobs as the police reports are often perfunctory (link: http://bit.ly/1lJ1vRy ).
Regarding Uber's service in India, I have taken over 40 rides in the past year and find it to be the most reliable taxi service in town. In fact, I find it to be far safer when the women and kids in my family ride an Uber vis-a-vis other transportation services. I know fully well that endorsing Uber when a lot of folks are outraging about the firm over the latest controversy du jour may not really come across well -- but I personally feel that the alternatives in India are far worse and definitely not 100% crime free.
You are making a claim that because doing a police verification is hard, Uber should not be doing even the most basic checks it is required to do by law. Delhi Taxi laws require police verifications and a non disableable GPS, Uber failed in both. I would expect Uber to do more checks than the minimum required by law, not less.
I am evaluating if I should continue using them now. Its hard as they are so convenient, but if they have to blatant disregard of the basic security procedures, I will find something else.
I am making a claim that "police verification" is hogwash and the government itself knows its futility.
Regarding "non-disableable GPS" - please share details of such "non-disableable GPS" devices that other cab services provide. I assume that these cabs automagically stop moving should the driver disable the GPS?
Waiting for more details on cab services that provide such devices.
Not sure who sought this verification - but the point I wish to make again is that a clean chit by the police in India is bunkum.
Even if any company going forward claims that they are doing "police verification", please realize for your own safety's sake that this is tantamount to nothing.
"His address and background (were) unverified. He was not having (the mandatory) security badge which is given after police verification," Verma said in a separate text message.
If Uber claimed they vetted the driver, but didn't (going by the above), isn't that an issue?
Uber should make a social media website, that way nobody would care. All kind of shady business or lack of ethics are completely forgotten, as long as people get to post selfies and show off their socioeconomic status to other losers lile them.
Email companies (I won't name names here) have _much_ more sensitive data than Uber does. How come the same scrutiny isn't brought to bear on them? We do know that some of the leading ones will mine your emails for targeting. I remember once I was having a little tiff with the GF, and the ads I saw were for marriage counselors and therapists. That was creepy.
That article raises some good points, but the problem here is that Uber is really, genuinely awful, and the ones in power there are terrible people. See their fraudent calls to Lyft, the way they lie to drivers about how much money they'll make, etc.
worries me a lot more than
a 2012 post on the company’s blog that boasted of how Uber had tracked the rides of users who went somewhere other than home on Friday or Saturday nights, and left from the same address the next morning.
Obviously Uber has this sort of data, and it can use it in various aggregated ways. What's more important than demonstrations of what information they could pull out of this is how serious they are about protecting it from access, either from people who want to buy that information or employees simply snooping around. I don't care if someone uses my data in an aggregate way to do something (e.g. facebook) as long as I am not personally identified.