
Tracking Electric Scooters in Lisbon - rcarmo
https://sknzl.github.io/posts/tracking-electric-scooters-in-lisbon/
======
sknzl
Author here. What a great surprise to see my article here. Any comments and
suggestions are highly appreciated (since my page has no comment function
yet).

Side note: I’m not using google analytics or anything privacy concerning on
the page. I host my own instance of Ackee. That’s where I found HN as the top
referrer.

~~~
Gys
Nice one. But I was a little confused: this is 'only' about Circ? Did you
consider to investigate the other companies as well? Seems there are at least
four more ;-) To really say something about 'scooters in Lisbon' and 'compare
with other cities' more data is needed.

One could think the hardest part of starting a new scooter company these days
is finding a differentiating color...

~~~
clan
From the article:

Note: I was also trying to retrieve similar information for Lime scooters.
However, the Lime API does not return a unique Scooter ID. For every request
the returned scooter IDs are randomized (and internally they map them to their
real IDs), which makes it impossible to track individual scooters.

------
Scoundreller
Soooo...

> 1793 scooters

> 34671 scooter trips recorded

> 63322 km of scooter movement

over 111 days, at 1 EUR to unlock + 0,25 EUR/minute = 34671 EUR in unlock
fees. Assuming each scooter covers an average of 15km/h, that's 254k minutes
or 63k EUR in revenue.

Assuming each scooter costs 400 EUR, that's 717200 EUR for the scooters.

So about 14% return in ~4 (summer) months, excluding any promos, transaction
costs or maintenance/juicing fees.

~~~
mdorazio
> excluding any promos, transaction costs or maintenance/juicing fees

Plus overhead of customer service and engineers to actually build/maintain the
service and of course data plans to keep the scooters connected. These are
almost certainly more than the 14% gross margin. Long-term profitability of
these companies remains questionable at current activation/per-minute fee
levels.

~~~
Scoundreller
Maybe, but I kinda assume that the same fleet is rolled out across hundreds if
not thousands of cities. It gets divided by a lot.

At least We can establish an upper ceiling on return.

------
sschueller
Using certificate pinning would make using mitmproxy impossible. It would
require someone to decompile the app and attempt to remove the pinning.

------
Gys
I also once rented two for my girlfriend and me, to go on a trip for half an
hour. Considering the distance and the costs for the two of us, an Uber would
have been much cheaper (and faster). So that was my first and last experience.

------
thepete2
How does mitmproxy work? Does it run on the phone or how can you read the
https urls?

~~~
bransonf
The normal chain is app > server.

Mitmproxy acts as a middleman. Typically you’ll run it on another device on
the same network. app > proxy > server

Which means every time the app makes a GET request (for example) the proxy can
log the url/ip as well as the parameters passed to the server.

Then, to get the data yourself, you use a web client like Curl (or Requests in
Python) and send the same headers/auth/parameters as the app did. But now
instead of returning it to the app, it’s in a format you can store/manipulate.

~~~
thepete2
I understand that. My question is since this is https - encrypted http - how
do you decrypt the traffic? Is there something running on the phone too?
Otherwise you would need the server's private key, right?

~~~
nicksantamaria
I haven't done this myself, but I assume you would install the certificate
mitmproxy uses on your phone. That would result in a successful handshake

~~~
sknzl
That's correct. Mitmproxy offers an easy way to install a root certificate:
[https://docs.mitmproxy.org/stable/concepts-
certificates/](https://docs.mitmproxy.org/stable/concepts-certificates/)

~~~
thepete2
ah thanks! I'm definitely going to use that.

