Hacker News new | past | comments | ask | show | jobs | submit login
Uber Now Tracks Passengers’ Locations Even After They’re Dropped Off (npr.org)
812 points by doctorshady on Dec 2, 2016 | hide | past | web | favorite | 481 comments



I saw this earlier and had hopes that the update would just let me choose "While Using" in the app settings, like some other apps allow you even if they request access even while not using the app, but the settings only allow for "Always" or "Never" on iPhone. However, you can use Uber without allowing GPS, so it's not all or nothing.

I'm a little disturbed that they need any information after I use Uber though. They know where I was picked up and where I'm going, why do they need to know where I'm at after I get dropped off? That's a little intrusive to me. The proposed argument in the article, "Uber hopes to eliminate the most frustrating part of the experience: the game of phone tag that both the rider and driver play when trying to coordinate the pickup spot," is fine and I'd accept that even though I'm extremely wary of apps that have access to my GPS data while I'n not using the app because I can't see it in fine detail (as far as I know you only can see that some app is accessing your GPS currently, not which one(s) exactly). However, Uber has no need for the data after I am finished. I'm not a fan of being tracked in general, by governments or otherwise, but for a private company to request data after I finish using their services is intrusive and maybe this is conspiracy but I wouldn't be surprised if this data is sent real time and it's possible to see where a user is at any given time after they leave the car (during that 5 minute window).

I'm also curious how this will bump up against EU privacy laws. I'm in the states and this may only be enabled for certain markets, but I wonder if this would cause issues in EU if it's enabled there.


Well it's the same company that creepily gives me a code interview in the app because it knows I go to a software company couple of times a week and pushes a job ad.

Uber has a lot of sensitive information regarding users. Who goes where and when. This in the wrong hand can be very disastrous. E.g Trump to Uber: "gimme list of all people who to to mosques frequently. No tax for you." Uber: "Here you go. Just don't tell anyone. "


While I love this scenario from a "Trump could abuse his power" narrative, have there been any recorded cases of businesses in America getting "Secret" tax breaks? Seems like it'd be pretty hard to pull off with the IRS.

Sure, maybe they "Bundled" that data it in to some ~other~ lobbied tax deal, but I'd imagine someone would whistle blow that pretty quick in this post-snowden world?


>> Seems like it'd be pretty hard to pull off with the IRS.

Unless the IRS itself is the instrument of abuse: https://en.wikipedia.org/wiki/IRS_targeting_controversy


> have there been any recorded cases of businesses in America getting "Secret" tax breaks?

The tax law itself isn't secret, but companies certainly lobby for and receive tax breaks and other benefits passed openly by Congress. That's what lobbying is about, of course.


Post-snowden? We all know about it but the power abuse still happens.


You do know that your phone company already has that info, right?


I've never had the phone company suggest I apply for a job there based on things they know about me.


Your bank has information about your accounts. So it should be ok to make it public, right?


How did you make that leap? But, the card companies do sell your data in "aggregate". The phone companies as well.


In many countries around the world phone companies are highly regulated entities.


Fair point, however just because the phone company/NSA has this information, IMHO that doesn't make unnecessarily intrusive apps OK with me.


To each his own. In my view, the cat's out of the bag, so I might as well get a better product out of it.


Well, to me it's a problem. Here is an example of the kind of thing that is already happening: https://www.techdirt.com/articles/20161130/09293036157/brook...

To me, if 1 is getting caught, it makes me question how many are not getting caught. Or are getting caught and let off the hook because the people around them won't hold them accountable.

If we continue to allow this, we're just going to expand the amount of abuse. And yes I know Uber is tracking location not access to your phone's mic.


Abuse of power is a serious problem. It's hard to imagine that more regulation would stop bad actors like that judge, since he's already breaking the law.

I can't think of a way to keep privacy technologically without sacrificing the modern conveniences I very much appreciate. Uber in particular has dramatically improved my lifestyle. Google Maps as well.

Experiments like justin.tv show one solution to the problem. Justin Kan, during those 8 months he broadcast his life, would not have feared a secret wiretap. It might be a couple decades more, but I expect that eventually it'll be normal to wear a camera on your face. When everyone broadcasts, surveillance is meaningless.


by analogy: When your house is on fire, your normal response shouldnt be "well, lets burn the car too."

The usual response is to stop the fire.


I don't equate loss of privacy to a house fire. To be a good analogy, burning my car would need to be beneficial in some way.

I see what you're trying to get at, but I there's probably better way to make your point.


:(


As far as I know the location data a phone company has is not as fine-grained as GPS. But I agree with your point that a person's call data records are very sensitive information.


So what? They don't use that data for any other reason than for billing. If they do otherwise and they are found out it would be a PR and legal disaster of epic proportions!


Code interview in the app? What do you mean?



Sorry to disrupt your narrative but a theoretical action by Trump is worse than what's already happened under Obama?

http://www.theatlantic.com/amp/article/477921/


> During that time period, state and federal law enforcement requested information on 408 riders and 205 drivers. Uber, however, only fully complied with 32 percent of requests, while partially complying with 53 percent of requests.

Not exactly an epidemic.


But that's not my point. My point is actual exploitation of Ubers data that's already happened, is worse than fear mongering politically biased hypotheticals


If you look at Uber's actual transparency report you'll see the feds only requested 65 records. The governments doing the mass data requests were mostly local, state, airports and courts: https://transparencyreport.uber.com/


That's a dramatic and very silly example.


No tax break needed.


i got one of those, it definitely creeped me out


How come no one is throwing fuss about this for Google's foobar challenge? This is the same exact thing.

In today's time, we give up privacy for convenience. If you use a smart phone, Facebook, windows/google anything you are already giving up privacy. Stop pretending that 5 mins location monitoring is a big deal.


> In today's time, we give up privacy for convenience. If you use a smart phone, Facebook, windows/google anything you are already giving up privacy. Stop pretending that 5 mins location monitoring is a big deal.

I find it quite disturbing to see ridiculous comments where one wrong is made right by pointing to other wrongs. We wouldn't need any laws or law enforcement if such logic were to be followed in every area of life.

"There are full body scanners at airports. Stop pretending that putting curtains at home is going to help."

"There are surveillance cameras in many places. Stop pretending that controlling the privacy of your personal photos really matters."

I'm sure I can imagine many other comebacks if I spend more time on this.


Stop pretending people can't decide for themselves how much privacy they want and from whom


They can decide, they choose by not using the product.


Hmm I got the Uber challenge quite frequently but I've never gotten this Google one. How do I find this?


There's a simple way to send a message: Set the location services setting to "Never" and just enter addresses for now (copy and paste from Maps if it's easier).

The important thing is that their analytics will pick this up, and if enough users do it, hopefully point toward re-enabling "While using."


Or don't accept this app update. If/when Uber stops the current app version (with 3 privacy settings) from working with their server API, switch from Uber to a competitor.

Apple can also change their policy for ride-sharing apps, to force "While Using" as an option, or block Uber's update from the App Store.

Remember that it was only after apps abused the contact database, that permissions were added by Apple to give users control over apps. Apple can step up now and define a new policy that responds to these new abuses of user choice, within the ride-sharing app category.

This is one of the few benefits of Apple's walled garden review of apps. Perhaps we will eventually thank Uber for pushing the boundaries of etiquette, forcing Apple to regulate Uber and their peers.


How can you not accept the update, when they do not even write release notes?


I've learned the hard way to time-delay app updates from over-reaching companies. A week or two is usually sufficient for major issues to surface on HN.

You're right - it would be better if Apple allowed users to rollback to the N-1 version of an app. That would send a real-time signal from users to app vendors, rather than slow complaints via press and social media.


> it would be better if Apple allowed users to rollback to the N-1 version of an app.

Apple should allow users to revert to any older version. There are so many apps that become worse over time, and it's only after an update that the shortcomings are found, with no way to remedy the situation. But Apple really doesn't care about such things on the user experience front. I have provided Apple feedback on this before.

The thing I like in this case is that iOS explicitly warns the user when an app requests for location services permission for use while the app is not running.


It's just another reminder that iOS is a walled garden in which you have no freedom.


You can also continue to call Uber rides with location using Apple Maps, even if you don't give the Uber app location permission.


You can also just switch it back to "Never" when you're done with your trip.


Yeah, that's a dark pattern. It should default to not tracking me after the ride is done.


This is totally impractical.


Put your phone in a Faraday cage for a few minutes after you get out of an Uber. Cases cost less then $10 on Amazon.


And risk being out of reach for everyone else too for that duration? And what if the person forgets to take it out of the case after the five or so minutes? I believe this will cause a lot of panic among people who're trying to reach the Uber rider, especially if the rider is a woman. There have been instances of assault and worse by drivers in some places.


Maybe it isn't practical, but at least it's what I did today.


Violation of privacy laws is one thing and bad enough in itself. But let's not forget that Uber violates various taxi laws as well. In Denmark, just now, the state prosecutor has formally prosecuted Uber for colluding to violate the taxi laws. So far, different Uber drivers have received fines and those fines have now been tried in appellate courts that upheld the fines. Now it's Uber's turn for its part in the violations.

I am not a big fan of those taxi laws, but I am not a fan of billion dollar corporations just doing as they are pleased either. They seem to have no regard for laws.


Didn't the Uber execs exactly state this publicly - that they are willing to brake the laws that they see are hindering innovation and a disruption?

I remember having read something like this but am unable to find it in my archives.



It's to analyse where riders actually go after being dropped off; for example understanding that if you want to go to building XYZ you have to get off here.

Collecting data for self driving cars probably.


Yeah, but why does Uber need/care about that information? If I ask to be dropped off at X and walk a couple blocks to Y, Uber shouldn't care. I can understand the argument that maybe going to certain buildings you have to be dropped off at a specific spot, but that seems like a minor gain for something that's more than just a minor intrusion.


(Uber engineer here)

The data is used for (or can be used for) a number of practical and important purposes. These are some examples of what we do as well as what we could do with such data:

- Fighting fraud

- Improving "suggested pickup" locations

- Improvements around POOL (we'd rather suggest a location that's easy to pick up from than one that's unsafe)

- Figuring out what side of the street you end up on (we can do a better job of choosing a route if we know you're able to get out of the car safely)

- Optimizing pickups and dropoffs around events or certain times of the day or week (Caltrain riders: imagine if we suggested pickups at 5th and Townsend instead of 4th and King during rush hour. Much easier to find your driver and prevents congestion)

- Dropping riders off closer to the "correct" entrance to their building

- Dropping riders off in a location that's easier for the driver to depart from without making the rider walk too far (e.g., instead of getting trapped in a weird road or parking lot)

- Analyze where riders ask drivers to make stops mid-trip and make better experiences around that.

As far as trust and safety goes, we can avoid charging you if your driver was looking for you at the wrong location and gave up. We can better see where you were actually dropped off at, if your driver lies and leaves the app running after you've left the car. Leave your phone in the driver's car, and we can potentially do more than just put you in touch with them.

Individual users' data is very closely guarded internally. It's immensely difficult to look at user data without specific access. Overwhelmingly, this data is queried in aggregate and fed into machine learning systems. The risk of abuse is exceptionally low.


>> The risk of abuse is exceptionally low.

I call bullshit. This coming from the same guys who were mapping one night stands using ride data? What were you guys studying there. Fornicating habits of young adults in large metropolitans?

http://www.whosdrivingyou.org/blog/ubers-deleted-rides-of-gl...

I almost forgot about the time you guys were tracking journalists.

Uber has a reputation and history of being a "shady" company.


This just came out today.

"Uber said it protects you from spying. Security sources say otherwise"

https://www.revealnews.org/article/uber-said-it-protects-you...

I'd ask bastawhiz to comment given his comments above.


Looks to me that even the most specific information in that article is aggregate data over a large number of users, i.e. population statistics, something I wouldn't consider a breach of anyone's privacy.


> Uber has a reputation and history of being a "shady" company.

I'm not going to try to defend our reputation. But it's worth saying that things are locked down _pretty damn tight_ around sensitive data. I've worked in enterprise file storage in the past, and the internal security at Uber is far better (relatively speaking), and continues to mature.


>But it's worth saying that things are locked down _pretty damn tight_ around sensitive data.

Which means absolutely nothing as an assurance. Even if that's the case today, in 5 or 10 years the company could go down, or change CEO and be all about exploiting the data, or selling it to advertisers or whatever. Or it could just be a hack that releases millions of ride information (it has happened to the best of web services).

That's the problem when you store data, making whether you have some "pretty damn tight locks" in place irrelevant.


The whole point is that you are providing an all or nothing choice for no good reason. Why do you FORCE that instead of letting the user choose to allow location while using the app?


> things are locked down _pretty damn tight_ around sensitive data

Commenting, to save this little gem for the inevitable time when Uber gets hacked. Again.


Remember that not all hacks are made public.


Maybe he means the next inevitable public hack.


Would you be willing to share information about what % of Uber's revenue is accrued from monetizing user information?

EDIT: BTW, did you hear from your support that there are users who aren't pleased with the new feature?


> I'm not going to try to defend our reputation [as a shady company].

Someone well above your pay grade probably should. As far as I can tell, Uber's business model is psychopathic levels of regulatory and psychological arbitrage.


What is "psychological arbitrage"?


Stuff like Uber figured out they could charge people more when their battery was low.


So that study is their business model?


There are two sides to this.

One is where we believe, based on your words (or some random person on the Internet who claims to be an employee), Uber employees are restricted from accessing customer data...you know, like LOVINT in the NSA. [1]

The second is where we believe, based on your words (and associated caveats), that Uber does not have a firehose feeding all this information to some other entity that has a much larger capacity for "machine learning", has far lesser actual oversight than what you claim to be in place in Uber, and uses that data for many things we don't know the impact of. This point might sound like I'm talking only about the NSA and trust in the U.S. government, but keep in mind that Uber operates in many countries, and all of their governments have an interest in gaining such data and using it for their own purposes.

Post Snowden, neither of these sides look harmless. I'm talking about the world society as a whole, not just about what one person may consider ("nothing to hide") or what negative experiences that some people may never go through in life.

[1]: https://www.washingtonpost.com/news/the-switch/wp/2013/08/24...


I don't want to disrespect you personally, but why should I trust Uber? Today it's locked down, tomorrow it's not. Is there anything protecting me?


It's not reassuring to hear that lowly engineers can't access the data, but the axe-grinding execs can.


All of our data is actually hidden inside a mountain carved to look like Travis's head, a la Mt. Richmore from the hit 90s movie Richie Rich. There are many layers of security, including a voice recognition algorithm that only responds to Ryan Graves singing Never Gonna Give You Up.

But in all seriousness, I'd imagine the execs need to go through the same process an engineer would.


> But in all seriousness, I'd imagine the execs need to go through the same process an engineer would.

You see. You imagine. You believe. You are told. You do not know. And even if it were so today it would not have to be that way tomorrow. So even todays security isn't enough of a reassurance.

The only secure data is data never collected in the first place. And until the friggin disruptive startups start to recognize this I will try to not support them in making my data more insecure.


Has there been an independent third party audit of Uber's internal data security? Or do we just have to take Uber's word on it?


Your haughty attitude toward privacy is really chilling. If Uber hasn't received a NSL [1] I would be astounded, and your employer doesn't have a great track record [2]. Please think hard about the world you are helping to create.

[1] https://en.m.wikipedia.org/wiki/National_security_letter

[2] http://www.buzzfeed.com/johanabhuiyan/uber-is-investigating-...


You missed my point. I said that if we accidentally started collecting all user locations, you wouldn't have to worry about us getting an NSL because our servers would have crashed and burned and no data would have managed to have been collected. Uber's infrastructure is completely incapable of handling that volume of data, because it was never designed to handle it. As far as software bugs go, accidentally collecting all user locations always would be a disastrous one for Uber, not for user privacy.

Have we gotten an NSL? I don't know, but I'd guess we probably have. It would be foolish to think otherwise.


> Uber's infrastructure is completely incapable of handling that volume of data,

The data volume isn't very big. Let's assume Uber records locations for 20 million users and pings each user every 5 minutes. We're talking about 20 million users * 12 events per hour * 24 hours * 16 bytes (my generous assumption of how much it would cost to store a user id, timestamp, and precise long/lat data) = ~100 GB a day or 3 TB a month. And 20 million / (5 * 60) = 67k events per second.

I could probably build out the infrastructure to process and store a year's worth of user location data for 20k a year on AWS.


Being a bug, though, it would record with the fidelity of the Uber app. Which is a lot more than every five minutes.


It's not a bug I'm concerned about, it's this part of the privacy policy "if you permit the Uber app to access location services through the permission system used by your mobile operating system (“platform”), we may also collect the precise location of your device when the app is running in the foreground or background"

What I'm getting at is that it's pretty straightforward and easy for Uber to maintain a database of every user's locations at all times, even if they aren't active users. This kind of data is valuable. Assuming Uber isn't already doing it, all it takes is one mid-level product manager to initiate a small project to kickstart it.


You're not doing yourself any favors here. People say they don't trust your company because of past behavior of the company itself and history of even ethical companies being bought or changing priorities, and you just keep pushing me further and further toward Lyft or my bike.


Only 12 events per hour? I'd guess you're off by an order of magnitude.


They explicitly stated "Every 5 minutes" - which is 12 records/hour.


> Uber's infrastructure is completely incapable of handling that volume of data, because it was never designed to handle it.

That is completely irrelevant. The powers that be can siphon off the data as it comes in. The danger is in receiving excess data in the first place, making yourself a more enticing target for collection activities.


That Uber could have a bug that sends all location data is irrelevant. Google, Apple, Lyft, Yelp, Foursquare, Microsoft, or any other company that has any app that accesses and transmits location data could have an identical bug that presents an identical problem, and Google and Apple already regularly collect and transmit that data all the time without it being a bug. And being a bug of biblical proportions, it'll get resolved very, very quickly because it would be causing a hugely expensive outage.

Uber also only uses strong TLS for connections, so "the powers that be" will have a heck of a time taking a real heap of gigabits (terabits?) per second of encrypted data and doing anything particularly useful with it.


I'm convinced!

Does uber offer a password/bank information storage service?

With such great security and unhackable storage, those are the next logical upgrade and would make a really great one-stop service for your customers.


No, Uber internally uses OneLogin with mandatory 2FA.


If NSLs are included under its "national security" category, Uber said it has not received any such requests at the time of its last Transparency Report. https://transparencyreport.uber.com


The data is used for (or can be used for) a number of practical and important purposes.

so.. uh.. (eyebrow wag) what else do you use it for that you didn't enumerate?

The risk of abuse is exceptionally low.

Except, of course, events where you and I disagree about what abuse is. Like tracking journalists around for shits and giggles.


Or a romantic interest. Or any one of a million other reasons. Because no one has ever abused a massive trove of data for such trivial reasons before...

https://en.wikipedia.org/wiki/LOVEINT


Yeah, it's not also as if the government (or another government, as Uber is worldwide) can't also take hold of the Uber data...


> Individual users' data is very closely guarded internally. It's immensely difficult to look at user data without specific access. Overwhelmingly, this data is queried in aggregate and fed into machine learning systems. The risk of abuse is exceptionally low.

But so you're saying it's possible? Somebody with high enough access at Uber might be able to stalk an ex-girlfriend and follow her home? Getting into trouble for it of course, but it wouldn't matter after a murder-suicide? Statistically improbable I know, but that's the sort of thing that people worry about


I mean, at the end of the day, there's someone that can SSH into some server if they were really determined. There's logging and auditing that happens, though, so you'd almost certainly get caught. Could you craft some sort of perfect crime to avoid detection? It would be super hard, but there's no universe with perfectly secure software. It's a big system, and there are thousands of moving parts, and the likelihood of you actually getting very far is insanely low.

But that's the same story with that one engineer at Google that has SSH access to the server with the keys to the storage cluster for Gmail. Or the person that writes queries for the Hive cluster that manages Cortana queries at Microsoft. Or the person that writes the API layer that sits in front of the order history service at Amazon.

There's a million ways an engineer at any big company could abuse their powers. But we put safeguards in place, we watch each other, and we do our best to serve our users as best we can. I say this in a general sense, not specifically to Uber. It comes down to trust.


> there's no universe with perfectly secure software

This is why it's important to minimize the attack surface. Yes, there is always going to be risk when you store tracking data. You are choosing to create that risk by storing any data beyond what is specifically necessary. Uses such as "Optimizing pickups and dropoffs" are optional, which you more or less admit when you said it was something "we could do".

Alternatively, you could prioritize the safety of your customers by minimizing the risks they acquire when they use your service. The data collected for the ride could be minimized. You could expunge user data when it is no longer needed. You could find ways to store only aggregate data instead per-user values.

> we put safeguards in place

You also made design and business decisions that created the need for those safeguards. You are protecting your users from a problem that you created.

edit:

> we do our best to serve our users as best we can

You could be indemnifying you users for any damages that derive from the data you are choosing to store.


I don't want to sound like I'm disagreeing with you, but I want to raise some important points. Collecting too much data is definitely a bad thing. But there are things to consider:

> You are choosing to create that risk by storing any data beyond what is specifically necessary.

That's an interesting point and it begs that question of what is "necessary". Does that mean a company should distill its product down the the absolute minimum viable product without collecting any information beyond what is necessary to do its job? Nobody should use Google Analytics because it's not necessary to run a website? "Necessary" isn't black and white.

Pickups and dropoffs are very troublesome parts of an Uber ride (and definitely can't be avoided...the riders need to get in and out of the car without being run over). Uber currently has no way of improving that, without data at least. So what data is "necessary" to make that experience better? How can Uber, or any for-profit company, improve their product if they have no idea what's wrong with it? What kind of data can be collected that falls into the bucket of "necessary"?

> You could expunge user data when it is no longer needed.

Other than when a user leaves the service, how do you know when data is no longer "needed"? How can trends be measured over time if old data is expunged? How can fraud trends be detected if historical payment data is not preserved? How can Uber choose the best restaurants for UberEATS if order history is dropped over time?

When a user leaves a service for a time and returns, do they return to find a completely empty account? Would you expect this from Gmail, or Facebook?

At what point do you draw the line where you say, "I'm sure we'll never need this again."?

> You could find ways to store only aggregate data instead per-user values.

This assumes the data is homogeneous, which it's not. Different people use Uber (and any other service, for that matter) in different ways. Lumping everything together makes it impossible to discern patterns that are substantial but do not represent a majority of your user base: Some folks only ride to and from work. Some folks only ride to and from bars. Some folks only ever use Uber to go to the airport. How do you identify and optimize for these use cases?

It also calls into question how you bucket your data. Location data in California is not relevant to location data in New York. Location data in Rochester is not relevant to location data in New York City. Location data in Brooklyn is not very relevant to location data in Manhattan. At what point do you stop scrubbing your data into an aggregate form? How do you avoid scrubbing too much data away such that you've painted yourself into a corner when you try to solve a problem in the future? How do you avoid scrubbing too little, such that even when the UUIDs are stripped away you can use a big ol' hadoop job against pickup and dropoff locations to figure out which trips belong to which user?

It's worth asking also how much value you can provide to the user if you do all of these things. When I go home for the holidays once a year, I take Uber quite a lot. Should Uber forget my favorite destinations every year because the data gets expunged? Should it only show common destinations because my trip history has been anonymized?

Anyway, this is meant to point out that it's not simply a matter of keeping things as minimal as possible. It's hard to add value while also protecting users, even when the users' best interests are in mind.


"Just because you can, doesn't mean that you should."

I think people could be picked up and dropped off just fine prior to this update so it's not something fundamentally broken. Could things be improved? Sure but the benefits need to be weighed vs. the tradeoff.

Given the many responses that you have gotten so far arguing against your stance, it might be helpful to consider why people are having such a reaction. We have valid concerns and they should be addressed.


Firstly, I just want to take the opportunity to thank you for sticking around and taking part in the conversation. While my own thoughts lie mostly with the other respondents in this thread, it's critical that we have channels somewhere in-between "press release" and "Wikileaks" for getting some insight into the workings of companies like Uber.

Having said all that, it's still creepy. And the examples you gave (Google/Gmail, Microsoft/Cortana) are almost certainly also instances where data collected is being systematically used in what many would consider creepy ways.


I don't want to sound like I'm minimizing the issue, when I say this, because I respect the sentiments expressed here greatly. But there's a very strong stigma around collection of location data, more so than other forms of more sensitive information. Almost every credit card company, bank, insurance company, and more share your every purchase. What you buy, what you eat, how you live. As far as the sensitivity of data goes, location data is serious, but far less serious compared to things that people are mostly okay with.

For me, I go to and from home, the gym, and work. Every day. If someone was looking at that data, I'd be creeped out, but they'd learn almost nothing about me. If someone saw my credit card statements, I'd be mortified. And yet, almost everyone forgets to fill out and mail back that little slip you get with a new credit card that says "hey, actually I don't want you to sell all of my data to everyone on the planet."


> For me, I go to and from home, the gym, and work. Every day. If someone was looking at that data, I'd be creeped out, but they'd learn almost nothing about me.

Ha, this sounds exactly like "I have nothing to hide, so I'm okay with the NSA gathering all of my data".


Some people do have things to hide: they are having affairs, visiting prostitutes, going to Planned Parenthood to have an abortion, going to a cancer center to get treatment,...


I'd suggest you read https://www.wired.com/2013/03/anonymous-phone-location-data/ if you have not previously seen this.

Part of the issue is that location has a lot more "physicality" tied to it. One can't easily change where they live, work etc. whereas it's much easier to switch credit cards.


> I say this in a general sense, not specifically to Uber. It comes down to trust.

Yeah, I suppose this is true. Thanks for sharing your thoughts, I appreciate it.


> But so you're saying it's possible?

People with access to hardware can probably do anything if they really want to. People at the bank can remove all your money in the account by going directly into the database as well.


If data exists inside an organization, it is always, by definition, possible that someone can abuse it.


A person who knows what they're doing can stalk 50 different ways. Saying that it's worth giving up all the improvements this can make to make that impossible through just this one venue is frankly ridiculous.


> Saying that it's worth giving up all the improvements this can make to make that impossible through just this one venue is frankly ridiculous.

It certainly is; it's also something I've never said


> The risk of abuse is exceptionally low.

But there's no oversight whatsoever. We should just take Uber's word for that -- despite the company's public track record of repeated privacy violations in the past?

And even if Uber itself has suddenly converted into an unimpeachable guardian of personal privacy, it could always be hacked (and probably already has, just like the NSA and everyone else.) The hackers are not likely to share the same moral compunctions about privacy.


So a follow up question: which is that data used for and which could it be used for currently, and what's planned?

I also noticed you said that it's queried in aggregate, but that is distinct from it living in aggregate. Does this mean that you actually do keep my individual GPS data and it could be looked up later?

I am still unconvinced that this is necessary, even with those (potential) improvements. I am relatively okay with allowing Uber access to my location outside of the app during the period between me requesting a ride and being picked up, and of course I'm okay with allowing access when I'm physically in the car. But after I get dropped off is a much harder thing to accept. Most of the things you suggested were for before I get picked up, not after. In fact, the only things you suggested were not on that bullet list but in the second to last paragraph ("we can avoid charging you if your driver was looking for you at the wrong location and gave up"; "We can better see where you were actually dropped off at, if your driver lies and leaves the app running after you've left the car").

I understand that Uber itself is trying to be a better company and is trying to move beyond its past life as a cavalier company that suggested looking up information about journalists who write negative things about the company, but it's a really hard image to shake and understandably many people are distrustful of a company whose executives were okay with this. I could very much see a member of Uber's counsel requesting GPS data on some user who filed a lawsuit and giving it to a private investigator (considering that Uber did in fact request information about and that a PI to do investigation into a person who filed a lawsuit against Kalanick).


> which is that data used for and which could it be used for currently, and what's planned?

I don't know specific programs that are in place or upcoming, not my jam.

> Does this mean that you actually do keep my individual GPS data and it could be looked up later?

Trip location data is attached to users. You can look it up yourself on the Uber website (riders.uber.com). With regard to data collected from rider devices, I don't know the technical details but I assume it's not living in aggregate.

At the end of the day, we're an engineering- and data-driven company. Pickups and dropoffs are overwhelmingly the most painful parts of the average Uber ride, and we know startlingly little about them: that's what this initiative is about. We want to make things better for our users, and overwhelmingly, things like this do lead to improvements. Whether you trust what we do with the five minutes of data is up to you. I'm not here to speak about our character, though I certainly wouldn't be around if I thought Uber is a bad company.


Also, why isn't there an option to delete previous trip data?

If Uber was really serious about user privacy, this would be a no brainer feature to offer.


  Also, why isn't there an option to delete previous trip data?
Uber has your data even if you delete your account. I'm not sure if they can be convinced into deleting it, but they don't do that by default.


It's not just your trip data, it's also your driver's. It would be wrong to allow you to delete the record of the trip.

It's also the case that the record of your trip isn't just data. It's the receipt for an actual thing that happened. A transaction between three or more parties takes place. That data needs to be preserved for any number of the reasons, including government compliance. Even just handling credit card disputes makes it invaluable.


I don't buy that at all. Location data certainly is not recorded for (most) taxi rides today.

A receipt is the piece of paper or electronic record showing how much your trip cost.

Show me an example of someone using trip data as a primary form for handling CC dispute. Please also back up your statement that trip data has to be kept forever for government compliance.

Lastly, what if my driver and I both want to delete trip data? Per your argument, is there an existing option to delete trip data then? I didn't think so.


If one side deletes the trip data, you can anonymise it, destroying all possible references to that user ID. The driver still has his history.

A receipt is a proof of transaction and completely separate from whatever data you collected about your customers, your statement makes little sense. That it facilitates disputes doesn't change the nature of data privacy, it is just convenient for you and the bank.


> Individual users' data is very closely guarded internally. It's immensely difficult to look at user data without specific access. Overwhelmingly, this data is queried in aggregate and fed into machine learning systems. The risk of abuse is exceptionally low.

For now. You haven't mentioned how long this data is kept, which means I can assume "forever". This means that a future change of policy, an acquisition, or a merger can expose this data to a variety of third parties (not to mention the obvious possible exposure to governments).

The reasons you have listed for gathering the data are not sufficient to offset the future risk to me. Moreover why should I do unpaid data acquisition for Uber while bearing all the risk in case the data is exposed? If you want higher detail location information, do what Google did and send out cars with sensors.


> If you want higher detail location information, do what Google did and send out cars with sensors.

It's not just about the locations, but about the interactions between the rider(s), driver, the location, and the time. A location might be difficult to pull over at during rush hour, but nearly empty later on. Drivers might be unable to get very close to an event venue. Certain streets might be difficult to drop passengers off safely on, based on traffic conditions (though we wouldn't know that). And of course, there are many applications around customer support that couldn't be solved otherwise.


> Individual users' data is very closely guarded internally. It's immensely difficult to look at user data without specific access. Overwhelmingly, this data is queried in aggregate and fed into machine learning systems. The risk of abuse is exceptionally low.

It is impossible to take your word for it. After so, so many companies have been caught intentionally or unintentionally mishandling user data, there is no reason to believe that Uber is the exception.

An extraordinary claim demands extraordinary proof.


> It is impossible to take your word for it.

I'm not asking you to. If you'd like to come in and interview for a position and eventually see for yourself, though, I'm happy to accept your résumé. :)


jesus, what a bad answer. nice bribe joke amid allegations of unethical behavior.


Why can't you let the feature be opt-in?

Your iOS app effectively turns useless when choosing "Never". You can't do anything other than booking a cab. No access to account information, ride information, anything else.

----

Yeah, I get what it is when you say:

  Improving "suggested pickup" locations
If your app watches me 24x7, then it'd be able to predict pickup locations better. Good job. It can't get creepier.


Suggested pickup locations are a feature we have in SF:

https://techcrunch.com/2015/07/08/uber-suggested-pickup-poin...

All it does is help you pick spots near your pickup location that are more easily accessible to drivers.


In fairness you can access the app, it's just the little hamburger icon is grayed out making it seem like you can't access it. I was able to click it just fine even with the "ENABLE GPS" overlay.


None of these use cases demand "always" to be the only choice, with no way to choose "while using".

Your company is grossly overstepping privacy bounds, and your excuse making post is largely irrelevant. And it's wholly reasonable to be distrustful of a place where execs threaten to blackmail journalists and remain employed. It'd be ridiculous to trust Uber.


Honestly, none of the examples you gave above is good enough for me to give me location information to Uber (or any other company). I'm sure you have the best of intentions as an engineer to improve your service (and so do your co-workers), but I (and a lot of others) don't trust any company with sensitive personal data.

I can understand if you gave the "Always" option in addition to the "While Using" option with this explanation, but strong arming your users to give an all or nothing choice is bad.


Why not just bring back the "while using only" if only to back up your claim that there is nothing nefarious going on.

Giving people choice is good.


Right! Now that we know you are engineer, you can just as well go to your PM and tell him that people do not like this. I have permanently disabled UBER on my device, and will turn it on only and if ever use Uber again. Big step back for the privacy, and many people I know like the traditional cabs because of that. I don't know what you do guys, but recently, uber is becoming an uber bloat. Messy UI, bugs everywhere, shady taxes because driver can't find me (?!?!?), also when I dispute my money, they go to my account and not on my debit card, from where they are stolen from! Yeah, I am pretty pissed. Won't use uber anytime soon. Edit: Oh, and one more thing. Start writing release notes, as the normal apps and people do!


It's a tough one -- I want to be able to opt out, but I still want Uber to drop me off at the front desk not the mailing address... based on knowing that 90% of other users had to walk the same 100 meters immediately.


Then drag the pin a bit further, or even crazier, say "hey can you drop me over there?"


Thanks for the insight into what you (may) actually do with the data! There are so many companies demanding intrusive amounts of personal data that it's easy to become cynical.

All of the points that you've listed here would work just as well with anonymized data. Obviously if users are being picked up or dropped off at their house (for instance) then making every journey truly anonymous would be impossible without damaging the data, but you could still strip out explicitly identifying metadata. Are you able to tell us what sort of measures are taken in this regard?


> Are you able to tell us what sort of measures are taken in this regard?

I don't work on this stuff myself, so I can't say.


All of the examples presented seem like they could be approximated pretty well by tracking only up the the point of drop-off, but tracking location and person history. And there are a lot of unintended consequences available along with the example use cases in watching for five minutes after drop-off. How carefully data is kept only lowers the probability of breach or misuse. Only not keeping data zeroes out the probability of breach or misuse.


If you can't see the potential for abuse then you need to take a step back and look at things in a different perspective. There is a very real possibility that Uber could be hacked in the future, or has already been hacked. Can Ubers infrastructure withstand an Operation Aurora level attack?


You already had that information. I doubt most users switch away from the uber app the instant they leave the car, so the "while using" permissions would allow you to collect all of that.

I also doubt that Uber as a company, and Uber engineers individually, hadn't realized that already.

I'm going to deny permission, and call Uber from Apple maps. No reason for you to track me from M-F if I only use Uber Sa-Su.


For all this safety shit you're talking about, does that mean if I get dropped off in an unsafe manner or unsafe area, I can now sue Uber if I get hurt. Seems like if you're making all these efforts, you're making a promise of warranty that my entire trip is safe, even after I open the car door and step out into traffic.


Thanks for being open and sharing. This all seems really reasonable to me.


Problem is that a lot of people don't trust Uber :)


This has to be a goldmine for divorce lawyers.


Can individual users get access to their own data? Can they take this data with them, similar to Google's takeout?


Check out riders.uber.com


They don't need the information.

They care because they are data driven and not personally culpable for their invasions of privacy. Why not collect everything you can without getting more permissions?


You seem to be implying that they are violating privacy just for the heck of it. That's ignoring the very obvious value (even to customers) of this specific type of data. As the other commenter mentioned, knowing where humans choose to be dropped off when heading to a specific location is of obvious value.


> You seem to be implying that they are violating privacy just for the heck of it.

Why not both? Why not collect all the information you possibly can, whether or not you immediately see obvious value to it, and then find ways to justify it later?


> Why not collect all the information you possibly can, whether or not you immediately see obvious value to it, and then find ways to justify it later?

Because it's non-trivial and it costs a lot of money to do that, in terms of engineers' salaries, storage, etc.


> it costs a lot of money to do that

Well they _have_ raised $15,000,000,000 in cash: http://www.nytimes.com/2016/06/21/business/dealbook/why-uber...


Well-run companies don't waste money just because they are flush with cash -- especially not when that cash represents board members who want their investment to pay off, not be frittered away on something with no business value.


I'm not claiming that they don't collect as much data as possible including data with no immediate use. Perhaps they do. I don't know. I'm claiming that this instance does not appear to demonstrate them doing so.


Data driven and being a giant Hoover isn't the same thing. One is about making decisions rationally. The other is about acquisition for acquisition sake.

Personally, over never seen any evidence that Uber actually knows what it's doing except making a shit-ton of money. Even the self-drivIng car strikes me more as a sideffext of having a bunch of money they needed to spend and it won the rock-paper-scissors contest against rockets.

Doubly so for the "ME TOO!" Doordash / Postmates competitor.


There's no evidence that Uber makes a shit-ton of money. What evidence exists, points the other way:

http://www.nakedcapitalism.com/2016/11/can-uber-ever-deliver...

http://www.nakedcapitalism.com/2016/12/can-uber-ever-deliver...


I stand corrected. It was clear that all these were attempts to extract additional revenue from their existing user base and infrastructure, and weren't very targeted, but for some reason I thought this due to a combination of flattening profits in an grow-at-all-costs VC environment, and being drunk on money. (Google is a company that is drunk on money.)

Well... I still think Uber is drunk on money. Just VC money.

And I'm sure that if Uber does implode, Travis will still come out a hundred-millionare and a reputation of being a business genius, even though he never actually turned the growth into a successful sustainable business. Kind of like Sean Parker and Napster.

https://ftalphaville.ft.com/2016/12/01/2180647/the-taxi-unic...


Great! Why not allow people to opt out of the enhanced location gathering? I'll continue the old fashioned way of telling my driver where I want to go, and retain my small shred of privacy. People who are unable to navigate the big scary world by themselves can allow Uber to collect data and drop them off where they want to go.

Just let me opt out.


> I saw this earlier and had hopes that the update would just let me choose "While Using" in the app settings, like some other apps allow you even if they request access even while not using the app, but the settings only allow for "Always" or "Never" on iPhone. However, you can use Uber without allowing GPS, so it's not all or nothing.

You can force quit the app after using it, so it doesn't get GPS access. "Always" only grants access while the app is open in the background (of foreground of course). Not pretty, but a workaround.

> (as far as I know you only can see that some app is accessing your GPS currently, not which one(s) exactly

Don't have my phone set to English, so wording might be slightly off. Settings -> Privacy -> Location Services. A purple arrow means the app used GPS "recently" (so a few minutes ago)


> why do they need to know where I'm at after I get dropped off?

In China, there's a company that provides a free loyalty point program. The store signs up for it, and users download the app and can use it to collect points when a transaction is made at the store. The points can then be exchanged for discounts and other stuff.

All of this is free. How they make money is by selling the user behavior data.

One of the features is the app tracks where the user goes after a transaction is made, so stores can find patterns and possible ways to cross promote.

For example, it might show a trend that 60% of customers will go to the movie theater after dining at your restaurant. Or will go to the Nike store after visiting yours, so perhaps you want to adjust your prices, etc.


That's all well and good, but I'm turning off Uber's access to my GPS entirely.


Oh yeah, I don't like it either. Just saying this is another revenue stream for companies.


I'm pretty sure in Germany it'll pretty much be "this is illegal as it tracks data at the individual level". Especially since there is no need for this to enable the core service.


> as far as I know you only can see that some app is accessing your GPS currently, not which one(s) exactly

On iOS if you go into [Settings > Privacy > Location Services] you can see which apps have used your location "recently" or in the last 24 hours. There is a legend at the bottom of that page for what the icons mean.


Is there any way to see on Android?


Settings > personal > location (Android 6 at least). You can disable the privilege in Settings > device > apps > Uber > permissions.


>why do they need to know where I'm at after I get dropped off? That's a little intrusive to me

A little?


> I'm also curious how this will bump up against EU privacy laws

Waze has location settings set to Always, so I guess they won't care again.


"little intrusive" are very kind words. i would call it a brazen theft of privacy.


Uber employee here. We were told the reason to track up to 5 mins after the trip is for fraud, ex if a driver doesn't end the trip when she is supposed to. and to figure out where the pick up spots for each address are. A large building may have multiple points where people get picked up or dropped off and knowing those points would be very useful for the drivers and riders.

And just as a side note, take it with a few grains of salt but I know it's not easy to just trust a company with such personal information, and certainly I wouldn't either, but Uber as a company is very ethical and takes the responsibility that we are entrusted with very seriously.

There are a lot of things we do for our customers that isn't reported by the news, but we always try to do the right thing. Ex. When we had a few outages earlier this year, we made sure that the drivers who were active at the time were "made whole" by paying them for the time we were down.

Yes, there were issues a few years ago with statements and actions that were done, but the Uber today and the employees that work here now take a lot of pride in what they do. I would never have worked here if I didn't feel Uber was an ethical company. And neither would my coworkers. There are thousands of engineers now working here and we would be the first ones who would stand up to management if we felt that something nefarious or even careless was being done with user's personal information. Many of the company values revolve around "toe stepping" and "principled confrontation" and this means even against our own management.

So I know it's not easy to believe, and it's easy for me to say since I work here, but nothing nefarious is going on. If there was, we the engineers would be against it completely.


"Uber as a company is very ethical and takes the responsibility that we are entrusted with very seriously."

Probably every company has said that, yet we know how that usually turns out sooner rather than later (I'm looking at you, WhatsApp).

"So I know it's not easy to believe, and it's easy for me to say since I work here, but nothing nefarious is going on. If there was, we the engineers would be against it completely."

For now. What if a new higher manager comes and decides to use this information for other purposes (ad, sale etc.)? Some engineers might quit, but costumers can't take their data back.

My takeaway is: do not trust companies with more data than necessary to provide you a service and this is exactly such case.


> Probably every company has said that

Does your company have a set of values to which it says it holds itself and its employees? Excellent - lets play Enron Bingo! Go through your company values and every time one of them matches or strongly overlaps with the list provided in Enrons 1998 Annual Report[1] - Shout "WOOOO" really loudly.

[1] * - RESPECT - INTEGRITY - COMMUNICATION - EXCELLENCE


This is brilliant! As a fellow skeptic of "corporate values" I'm going to remember this one.

It might be a fun exercise to trawl through the company values of failed / disgraced companies to see if there's any pattern, or compare to genuinely ethical companies (if there is such a thing) to see whether there's a contrast.


> Excellent - lets play Enron Bingo! Go through your company values and every time one of them matches or strongly overlaps with the list provided in Enrons 1998 Annual Report[1] - Shout "WOOOO" really loudly.

Now there are two people who insist on escorting me out of the building.


Whatsapp was ethical, the problem is with the company that bought them. And they didn't necessarily know that when they sold (even if, an offer of that size is hard to decline).


[Harsh words ahead]

Hindsight is 20/20, and based on that I personally would say WhatsApp was not ethical even when it was a standalone company. If it had been so, it wouldn't have allowed Facebook to acquire it in the first place! I realize this sounds harsh and probably implies bad motives on the owners, but whatever WhatsApp wrote in its blogs pre-acquisition were all principles that could be sold at the right price. That's exactly what it has come to now that we know how it's being used.

I would also consider it insulting to human intelligence if the WhatsApp founders had truly believed that they would be able to continue with their stated privacy stance after being bought by Facebook, of all companies (what they wrote on the blog at that time can be seen as public posturing).


You don't need hindsight. You just need to look at the many many times it has happened before.

Cash pressure + lots of valuable assets liquidised legally that just require a change to ToS = said assets for sale + temporary bad PR.


I call bullshit on not knowing that Facebook is a privacy whoring company before WhatsApp sold to them.


Hey, who cares about ethics when there's billions of dollars on the table /s


I mean who wouldn't have realistically accepted literally billions of dollars to sell an app people willingly install on their phones? Ethics is all relative.


Were they profitable before? Were the controlling parties financially comfortable?

If my company is profitable (or has revenue growth and is likely to become profitable) and a scummy company wants to buy it, I'm going to say no.

Hard as it may be for some of the HN/VC crowd to believe, but there are people out there who start companies with their own money, because they believe in something. At no point does "find some fat megacorp to buy us our" enter the game plan.


That's exactly my point. If company is ethical today, it doesn't mean it will be tomorrow, for whatever reasons.


> an offer of that size is hard to decline

Ethics isn't about doing the right thing when it's easy.


> but costumers can't take their data back.

For a US company, yes. For EU companies, the EU privacy law says you can only use the data for the original purposes, and based on what the person consented to. You can't grab all data (since that's overbroad), and "consent" can't just be "click through on legalese".

If you're concerened about privacy, don't use US companies.


In Canada too you can request all of the data that a company has on you. You just have to fill in a form or call the company and if they refuse you can contact the privacy office in your respective province or the federal privacy commision or just plain lawyer up.


bold statement, but actually what they do here would be totally legal in the EU. cause they say it's for fraud detection. Basically EU is not better when it comes to privacy. The law is totally crap and doesn't actually defend against anything.


I thought the drop-off points for large buildings could be a very reasonable justification for extending the tracking window for a few minutes on either side of the drive.

I understand that this could fall into 'data necessary to provide a better service' as opposed to simply providing the service as-is, but it seems like drop-off point locations are quite fundamental.


Why do you imply that I go inside the building I asked Uber driver to stop by? Actually, most of the time I get out on the corner and walk to my destination (which address I did not provide to Uber), because of traffic restrictions in city center.


I am very anti-tracking, but to be fair IF Uber is being above board with their intentions, this is exactly the type of question they could answer.


I'm not sure how this data actually helps. I'll tell Uber where to pick me up, and where I want to go, and I can tell the driver exactly where to stop.

Now, if this is to feed into their plans for autonomous taxis, that's all very well because I am really looking forward to being able to summon an autonomous electric car to take me wherever I want to go, but I still don't understand why they care about more than where I actually get out.


It has to do with collusion between driver and passenger. It protects everyone involved. It prevents a passenger from getting in the vehicle and saying, "I told the app I was going to the bijou duplex but I really need a driver 3 hours to run a bunch of errands. I think we can work out a deal thats beneficial to us both..." that's just one of millions of possible scenarios. Uber can now tell if driver and passenger just drove by the bijou duplex never ending the fare. All of this other squabbling about privacy blah blah blah is senseless. Just ask yourself one question, whom is it that is actually tracking me? For what reason? OK that's two questions. I think once you answer those questions you'll come to the same conclusion time after time, "I'm just not important." On that note one can also conclude, "There's nothing about me, nothing I do, say nor anyplace I go is needed by Zuckerberg. He's doing just fine without my info. The worst thing that's gonna happen is I'll mysteriously get toothpaste coupons or rental car discounts."


I take it you stand behind the "nothing to hide, nothing to fear" argument?


Yes and no. A few years ago I realised my digital bathroom scale's calibration was out of whack so like anyone whom might have lost the instructions I google the make and model of my scale to download them.

Later that evening while on a different computer I noticed in the right-hand margin of facebook an ad for bathroom scales. I was horrified. I felt violated, tracked and spied on. This wasn't spill over from localised cookies. There was a database somewhere keeping track of my online activities and passing that info along to whomever asked for it I guess.

On the one hand nobody cares or is watching what I'm doing. But what if I'm a high school teacher and a female student infatuated with me males advances which after being rebuffed goes public with false accusations of how I tried to rape her, will I be sitting in court watching a prosecutor show a jury the gay monkey porn sites I visit because he or she was able to subpoena this "database" of all my online activity and now because of it I may lose my job or career? I don't know. Maybe that's the whole reason privacy rights are such an issue.

If it means catching bad guys I'm for it but if it means scrutinizing the innocent then yeah of course I don't want my privacy violated.


Earlier this year, WhatsApp implemented platform-wide, end-to-end encryption, based on the Signal Protocol: https://techcrunch.com/2016/04/05/whatsapp-completes-end-to-...

That should be applauded.


I fundamentally agree with you about giving only as much data as necessary. Personally I don't know why we force a binary decision on location tracking. If it were Google or Facebook doing it to me, iI would be distressed.


A few things that speak a lot:

- Algorithmic Labor and Information Asymmetries: A Case Study of Uber’s Drivers https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2686227

- Uber: The Big Data Company http://www.forbes.com/sites/ronhirson/2015/03/23/uber-the-bi...

- How Uber is Selling all Your Ride Data http://www.investopedia.com/articles/investing/030916/how-ub...

- How Uber Profits Even While Its Drivers Aren't Earning Money http://motherboard.vice.com/read/how-uber-profits-even-while...

- Uber claims US regulators collected data from 11m passengers https://www.theguardian.com/technology/2016/apr/12/uber-us-r...


> but Uber as a company is very ethical

If it wasn't for the apparent money laundry[1], drivers exploitation[2], cashing out on desperation[3], and tax evasion[4], maybe I could believe that.

[1]https://www.bloomberg.com/news/articles/2016-08-25/uber-lose... (How can the company survive?)

[1]https://beta.companieshouse.gov.uk/search?q=uber (Closing and reopening with different names in the UK. Apparently 4? times so far... Hmm...)

[2]http://www.dailykos.com/story/2016/5/4/1523310/-UBER-s-Shari...

[3]https://www.thesun.co.uk/news/1805286/uber-accused-of-cashin...

[4]https://www.theguardian.com/technology/2015/oct/20/uber-pays...


You forgot the best ones: using dirty tactics against journalists [1] and Lyft [2],

I don't understand how anyone can with a straight face claim that "Uber as a company is very ethical company". I would rank the company management (not drivers) as ethical as the New York mafia.

[1] http://www.businessinsider.com/an-uber-exec-brought-up-the-i...

[2] http://money.cnn.com/2014/08/11/technology/uber-fake-ride-re...


If only we were able to rate management and they were let go with a 3 or less stars review.


Very rare to have a company this size to be ethical.


Yes. These companies have teams of people spewing out a list of values for PR, and thinking that they have Jedi mind trick powers over the employees (on some people it actually works!). It's the company image, not how the company operates.


I might be with you on the others, but [3] is just media hysteria based on faulty logic.

I've seen this type of story repeatedly after there's been an incident in some city. If it's not Uber it's a hotel chain or similar. It's easy clicks for tabloid newspapers. They probably have a template for this sort of story ready to go. And there will be plenty more ammo for this sort of thing as more companies move to automated pricing models.

Almost everyone who had to pay surge prices that day would not have been directly involved in the explosion (or even seen it). Are companies now supposed to compensate for any bad thing that might be happening in somebody's life? Presumably those who chose to pay surge prices did so because it was still the cheapest/best way of getting home. So even at those prices Uber was better than any alternative.

EDIT: Forgot to mention, it's also possible some people might have only got home that night because of surge pricing, because it increases the number of drivers.

If I had to buy a very expensive airline ticket at the last minute to see a sick relative, would the airline be exploiting me?

Previous HN discussion and article on the Copenhagen Interpretation of Ethics, which is relevant here:

https://news.ycombinator.com/item?id=10367855


I think the parent's point is that there's nothing hidden going on in addition to the known business model and standard company practices. You obviously disagree with that business model, and that's fine. For the millions of people who don't disagree with it, parent says: "we are not cheating or abusing you behind your back".

Those links are also pretty weak: all speculation or opinion pieces about things that are out in the open:

1) this is not even close to money laundering? 1) this is just a list of companies with "uber" in their name? besides, it's very common for companies to structure and re-structure themselves without anything unethical going on. it's also common to do it for tax purposes, see below. 2) quite a bold opinion piece about the driver situation. clearly, with so many drivers and customers taking part, it's a matter of opinion. it's reasonable to call it unethical if that's your view but it's not really what the parent meant. 3) pure media hysteria. good to see The Sun as a source on HN. 4) the tax thing again. as it stands, everyone wants to lower their taxes and almost all large companies do this a lot and do it legally. if your view is that they should just volunteer as much tax as possible, you're welcome to that view - there are signs that the law will start to change to be less forgiving of this. however, the specific case in the article is probably the worst example you could pick: the ability to offset losses from previous years isn't even close to being a grey area.

Do cab drivers come in for the same criticism? I've been scammed and lied to so many times by (official) cab drivers and they are absolute sharks for exploiting desperation and ignorance. There are investigative stories linking taxi cab rings with genuine organised crime. I guess they must do perfect tax returns?



Thank you for your comment, always good to read and learn from other points of view.

I can agree with the weak links. Unfortunately didn't have much time to find better ones. Also, having The Sun as source in HN doesn't give it much of a credibility, but I'm sure there are more reliable sources out there [1]. I can also agree that this point can be made from a bit of a media hysteria. But a company whose business model makes prevail supply/demand rules on a disaster, seems like a bit sick to me. From my point of view, this is not an ethical company behavior. And when I mean company, I mean company as a whole despite believing there are departments within the company where things are done ethically (parent's point maybe?).

Also, again in my opinion, a company shouldn't attempt tax evasion, by any means p.e. tax evasion schemes (most of them arguably legal) as it impacts all country's and overall economy. This said, I classify most big companies as unethical. This can possibly be one of the main reasons the gap between rich and poor is getting bigger every year as big sharks cash out clean out of the exploited marked. If a company disagrees with a country's taxation model, ethically, maybe it shouldn't attempt to get to that market?

Company name changes can be seen as tactical maneuvers used for tax evasion also and debt evasion in case the company goes bust. On previous + [2],[3], altogether, this may present no substantial evidence on money laundry but do you really believe investors would be naively burning billions worth of investment on a company which on 7+ years of existence didn't present, neither is close to presenting, any profit?

I'm not saying cab drivers shouldn't be put through similar criticism, maybe they should. But I think we cannot generalize on that. There are good and bad professionals everywhere. What I can say, based on what I know from my country, is that cab drivers cannot scam you as their fees are regulated. They cannot charge you more that X per Km as their taximeters are regulated by the government to ensure that. They need to have a professional driving license and be identifiable to the customer. And they're also entitled to pay their taxes accordingly. Of course one can always hear a bad experience from time to time, but again, that is subject to happen in every industry.

[1] https://twitter.com/SarahBertolozzi/status/77734731474688409...

[2] https://www.bloomberg.com/news/articles/2016-08-25/uber-lose...

[3] http://qz.com/618022/ubers-ceo-says-the-company-is-burning-1...


I think we have quite a fundamentally different view on morality but thanks for providing a thoughtful response. I disagree with most of it so not sure it's worth going through each part ;) Only point I feel the need to address is the general imbalance in assumptions.

In my experience, taxi drivers hide the meter, claim that hours are off-meter, claim there are special fees for certain journeys which don't exist, refuse to take rides they are obligated to take etc. Absolutely not rare at all in major European cities (and endemic in the developing world). I've lost count of how many times I've had it happen, attempted or seen other people targeted with it. This is mostly in major European cities. Formal complaints with the license number don't work ("we'll remind the driver of his obligations").

I don't find this especially unlikely behaviour - they are relatively unmonitored and unaccountable. They are distributed - no reputation as individuals. They deal with a lot of cash, they deal with people who don't know where they are or what the rules are. It's often one person's word against another's. I have plenty of first hand experience of misbehaviour, and I know regulatory body does little to address it.

I find it odd that you assume the best of them - you even say they cannot do anything because a regulation exists. Obviously this is untrue. Yet with Uber your view is borderline conspiracy (despite them also having regulations!). Do you think all currently-unprofitable startups are laundering money on a large scale? Where did these billions and billions of dirty money come from? Is YC itself laundering dirty money through startups? They changed their org structure a few times recently - are they hiding something with this? I've seen multiple YC people write about tax efficiency too!


You're welcome! :) Thanks for replying back too. Always nice to see different points of view.

Yes, agreed, I could have used better words other than cannot do anything because of regulation, of course they can and I'm sure some do. And I'm sure some Uber drivers out there do the exact same, maybe through different means. As I said before, good and bad professionals, you can find them everywhere. It's not something you can generalize.

What I meant is that what distinguishes them from Uber is the fact they are government regulated. I know it may not stands as much, but if everything works as supposed to, it would work well. I'm also assuming you face a different reality (country) different than mine, so not sure if there's a point in going forward with this. Just to finalize on this, some fun fact: in my country every public passenger transportation needs to have a specific insurance (often expensive) and a professional driving license. This is mandatory for every public transportation (cabs included) but Uber. The list of exceptions goes on, and on...

Regarding tax efficiency we share different views as well. And I'm not saying as part of a conspiracy theory of mine thar all unprofitable startups are laundering money on a large scale. A startup is usually expected to start profiting after 5 years and Uber is just far from that. I also try to put myself on an investor shoes and figure out If I'd invest my money on a company as such. My answer is no.

Regarding this particular question:

> Where did these billions and billions of dirty money come from?

A little bit of conspiracy speculation now: Hidden in tax heavens and needed to be brought to light ;)


> A startup is usually expected to start profiting after 5 years and Uber is just far from that

There's obviously no hard-and-fast rule about 5 years. Other people value companies differently from you and have greater risk appetite. It's pretty normal for people to have different views on such things (like the morality of various tax arrangements!); that's not evidence of corruption.

> A little bit of conspiracy speculation now: Hidden in tax heavens and needed to be brought to light ;)

That's not where it came from, that's where it currently is (according to you). Even so, a tax heaven is not the same as money that needs laundering.


> There's obviously no hard-and-fast rule about 5 years. Other people value companies differently from you and have greater risk appetite. It's pretty normal for people to have different views on such things (like the morality of various tax arrangements!); that's not evidence of corruption.

Agreed. There's no hard rule on that. I just find it hard to believe someone would be up to investing a big chunk of money, for that much amount of time, without having any return. But yes, people choose on what to believe. I prefer to take it this way as I'm past Wonderland a while ago. Let's hope I'm wrong.

> That's not where it came from, that's where it currently is (according to you). Even so, a tax heaven is not the same as money that needs laundering.

I think it can be both actually. And it may need laundering in case there's no justification on where it's coming from. But again, this is all just conspiracy as Panama papers never happened.


[3] why does uber have to go around their prices algorithm because of an attack? I mean, that's how they operate: more demand = more expensive. They could use the marketing to do it but they don't really need to.

I don't understand why people expect corporations to work as a non-profit


There are several counterpoints to your opinion that Uber is a bastion of values and respect. Here are a few (excluding the many incidents involving drivers):

1. Your CEO refers to the impact of his company on his sex life as "Boober". https://pando.com/2014/02/27/we-call-that-boob-er-the-four-m... 2. Uber orders and then cancels thousands of rides of its biggest competitor, Lyft. http://money.cnn.com/2014/08/11/technology/uber-fake-ride-re... 3. Uber exec threatens a journalist Sarah Lacy with a smear campaign. https://pando.com/2016/05/04/npr-proves-once-again-uber-lyin... 4. God mode: Insiders tracked users personal movements and were fined 20k for misusing their access. http://www.theverge.com/2016/1/6/10726004/uber-god-mode-sett...

Your closing statement is spot on: it's not easy to believe "nothing nefarious is going on". For me, it's not even possible.


> but Uber as a company is very ethical

Even if you would believe Uber is an ethical company (there is good reason to believe for-profit companies generally are not and also good reason Uber especially is not), the underlying problem is that the data could fall into other hands. Three letter agencies can ask for that data, someone could leak the data, etc. I know the last one sounds unlikely but stuff like this happens all the time.


Ex-Uber employee here. Ethics and values were roughly 80% of the reason why I chose to walk away from what was ostensibly my dream job after only a few months.

Being clear, my experience never saw misuse of customer info, just some legal but shady-as-shit ways they chose to do business.

EDIT: Sorry, my point being that, while I don't anticipate they'll abuse customer location tracking in the large, I would vehemently dispute the parent poster's supposition that everyone at Uber is super ethical. Rank and file engineer? Yeah, probably fine. Management? I expect TK and his lieutenant bros and bro-ettes will do whatever he can get away with.


> There are thousands of engineers now working here and we would be the first ones who would stand up to management if we felt that something nefarious or even careless was being done with user's personal information. Many of the company values revolve around "toe stepping" and "principled confrontation" and this means even against our own management.

Then how come the "while using" option is not there ? the best way of not being careless with sensitive data is not having them in the first place.


Unfortunately, "We were told the reason to track...is for fraud", does not make me very confident what you believe to be true is really true. And makes me even less confident considering your assertion that "nothing nefarious is going on. If there was, we the engineers would be against it completely." If your knowledge of what ultimately happens with the data relies merely on what you are told, how can it be possible for you to know nothing nefarious is going on?

I was more hoping you'd try to answer the part that addressed the "While Using" option being removed. I'm guessing that one might also be too difficult to answer honestly in a public forum?


Calling bs on "uber as a company is very ethical" and "nothing nefarious is going on":

Spying on a journalist: http://www.businessinsider.com/ubers-new-york-manager-invest...

Tracking celebrities and sharing publicly: http://www.forbes.com/sites/kashmirhill/2014/10/03/god-view-...


Didn't Uber also do tracking of user battery and establish that they can charge more, more reliably when the user has low battery?


That is deliciously evil.



Apparently they have simply observed that users are more likely to pay the surge pricing when low on battery, and they claim not to factor it into the surge algorithm itself.

Makes sense to me, afaik the driver UI shows surge pricing based on an area and not individual users.


- Search Twitter for fraud rides in London .. happens to tons of people a month but they don't care. I got hit up for a 1k ride in London yet im in the US.

- Try canceling your account .. you have to contact their support who will cancel it for you. What i signed up once and you let my account get hacked and dont care and I cant cancel my account myself? I have to wait a week????

- SOmeone I know has leased a car through one of their leasing car companies and it has ruined his life financially with all their nickel and diming and no invoice from them in regards to what he is being charged for. They just brush him off... he works two jobs .. a sales job and Uber to feed his family.

- In a few years all Uber's loyal drivers who use it to get by and feed their families will be screwed over by Uber.

How can anyone call Uber ethical ... it's the epitome of why Hilary Clinton lost as it's all about making huge profits for a very small subset of people at the expense of the majority who Uber is just using to get filthy rich.

Worst company ever run by silicon valley lucky ass unicorn douchebags who don't give a damn about anyone but themselves. Their smug asses need to meet the smack down of govt. regulationS!!!


Best definition of Uber that I read in life! Could not agree more!


You might want to edit or delete most of that later section.


He isnt wrong.


Über is the epitome of why Hilary lost?


Yes, she targeted the non-forgotten man and woman like Uber execs and their employees pulling billions to miollions to 6 figures.


Why should I?


Both articles from 2014. Uber 2014 and Uber 2016 are different companies, probably 5x the number of employees and has matured substantially especially with employee conduct expectations. I would be shocked and angry if something like that happened today.


Have personnel changes happened at the highest levels of the organization since 2014? The abuse discussed in the links came down from the top ranks of Uber.

When did you join Uber? If it was not prior to 2014, what makes you an expert on how the company had mature and, if prior to 2014, why were you not shocked and angry when these events occurred in 2014?


Really? A simple search found me an article from 2016 where a judge lambasted Uber's counsel about hiring a company who did unlicensed background investigation against someone who filed a lawsuit against Kalanick[1].

I've heard from you and multiple employees that you would be "shocked or angry" or believe "Uber is a good company and wouldn't have joined otherwise." But I find this hard to believe because if that was the case, then Uber would have lost most of their engineers in the beginning, pre-2014, when they were doing really shady stuff. Maybe you and your colleagues that use Hacker News that publicly commented on this thread would quit if something unethical happened, but words are empty while actions are not and I haven't heard of a case where a large group of Uber engineers or employees are protesting about their company's unethical nature. Color me unconvinced when I hear your words.

http://fortune.com/2016/07/25/judge-uber-background-check-la...


Uber 2014 and Uber 2016 are different companies

What are you basing this on and point me to supporting evidence of this, failing that I need something more convincing than increased headcount as a motivator to give Uber my trust as a consumer again.


That's not how trust works.


Weak, so weak. This is how the company was founded, and they want us to trust them with their data? Hell no.


I think if you have to explain yourself you have already lost. I always use Uber but uninstalled it 2 seconds after I discovered I couldn't change the location settings to my liking. Literally typing this from a Lyft haha


While Uber may be interested in the "fraud" aspects - and I think that's a harsh word for what is "walk 50m from drop location" - it really ought to be up to the user to decide what the drop pin should be. Especially when it comes to uber-pool rides, riders may not want to disclose their residence or other locations to random passengers. The only thing that should matter is whether the rider got off at the dropped pin, and not whether the rider walks to some other place.


Uber as a company is very ethical and takes the responsibility that we are entrusted with very seriously.

and at the same time plays dirty with city councils and hires a lot of lobbyists and slashes prices without advanced warning to drivers? all of those are unethical practices.


The problem is that you need only one employee without moral concerns but with the necessary data-access and the data you are collecting can be used to abuse your customers. At my former employer I had access to cell-phone usage data and for example I could have tracked the calls and geolocation of my girlfriend. Only becasue database grants were assigned automatically to everyone who required them.

The only secure way of collecting data is not collecting data at all.


> but Uber as a company is very ethical

You've got to understand how directly this clashes with the media coverage re: driver rights.


Yes and as an employee looking from the inside out, I see how negative the press is, and before I joined Uber I was biased by the media coverage as well. But everything I've seen on the inside directly goes against the media coverage I've seen. Take it with a grain of salt obviously.


“It is difficult to get a man to understand something, when his salary depends on his not understanding it.” --Upton Sinclair


Uber has hired drivers in my country who it turns out are medically unfit to hold a driver's license, while running ads claiming they do exhaustive background checks.

That is not "the media". Your employer is totally unethical.


I've seen first-hand uber employees doing things on behalf of the company that are even more unethical than what's being reported in the press.


Member when Uber hired teams to book and ditch rides with their competitors? Member when they hired a private investigator to dig up dirt on a plaintiff who was suing them?

I member.


I member too !

Memberberries for President


They might be ethical towards you. They're not ethical towards me, the person being driven, nor towards the Uber driver who's driving me.


> There are thousands of engineers now working here and we would be the first ones who would stand up to management if we felt that something nefarious or even careless was being done with user's personal information.

How would you even know if "something nefarious or even careless was being done"? If there are thousands of employees, wouldn't it just be difficult for everyone to know what everyone else is working on, other "secret initiatives management has sponsored", etc.? There could be so many things happening right now where the information is "above your pay grade". My point is that even if the CEO or CTO or anyone else makes these statements, it's easy to be skeptical considering Uber's history and ethics.

I know many companies that allow one to report issues much higher in the chain, have "no retaliation" policies, and so on, but it's really a stretch to ask employees to fully trust the system and worse, ask people outside the organization to trust the employees and the system.


My roommate works at Uber as an engineer. He has a pretty high moral bar and I'd bet there are enough like him at Uber that doing shady things systematically would get exposed to the outside world fairly quickly. Notice I said systematically because any company at scale with thousands of employees may have lonewolves doing shady stuff. But that is different than a company culture that endorses or encourages that. I haven't gotten any vibe that Uber does either and if it did, I'm pretty certain my friend and engineers like him would jump in a heartbeat.


So exactly what additional safeguards had he demanded be put into place to protect this data?


You are assuming you (or I) know the safeguards they already have in place. For example, if they have an audit trail for anyone that access this data or if they have independent audits on data access, it could be sufficient. Both of these are norms at major corporations. I am not privy to the specifics of what Uber has in place beyond hearing that they have controls in place that are industry norms.


You and your friend are just too naive. There always will be not so honest engineers and you will never know who exactly.


That is not unique to Uber. It is a possibility for any company and for large companies, it introduces major risk of damage. This is why companies have controls in place. If you are arguing that the norms industry-wide should change, then I can understand. If you are saying any of this is unique to Uber and doesn't apply to Google or Apple etc., I would disagree.


I'm not trying to say it's unique to Uber, of course. It's reality of our life.


The problem is not when a company is suddenly deciding to do something outright evil.

The problem is when the company starts slowly pushing the boundaries in ways that can be justified if you squint right.

E.g. consider this extra tracking. The feature in itself is fine, as long as the data is protected well enough and not abused.

The problem is that staff not used to think about nefarious uses are likely to defend this kind of collection without thinking about all the tiny little privacy implications.

So when a less moral person suggests a little tweak here or a little tweak there and justify it with a seemingly ok reason, it is likely to fly straight past a lot of people.

Another little change here and there, and suddenly things start to fall out of it that wasn't intended.

How many IBM engineers in the 20's and 30's had any inkling that their work on tabulating machines would aid in the Holocaust? Most would presumably have been horrified. Even the IBM execs that negotiated IBMs deals with Hitler would likely have been utterly horrified. Each little step was just one tiny step further from the last, and most had plausible positive spin on them. And the worst was hidden from them.

This is the difficult part of ensuring the morality of corporations, or organizations, or society in general: It is incredibly hard to get a sufficient overview to be able to predict whether any given action will contribute to an immoral outcome. Even when you're right there, "flicking the switch" that finally ties it all together. It's just one more tiny step, that from ground level will often not seem any different than the last step, which turned out ok.

EDIT:

The only way of ensuring the a corporation acts morally, is not to act morally, but to act specifically to take steps that binds the corporation so it is unable to do bad things:

Make sure you don't have data that can be abused, if at all possible, or at least destroy it as soon as possible.

Make sure you have systems that actively prevent staff from accessing data they have no need for.

Consider if you can transform data in ways that makes it less intrusive (e.g. if you don't need the full precision of certain location data, reduce the precision; if you don't need to be able to tie it to a certain individual, anonymise; if you only need aggregate/summary data, aggregate/summarise as early as possible and aggressively purge the raw data).

Ever barrier you remove from access to data, creates opportunities for innocent-sounding requests that turns out to have immoral reasons.

E.g. I've had managers request data from ex-customers that wuld have been in backups except for aggressive policies on purging it, where it turned out that rather than legitimately e.g. wanting to help them recover data, said manager wanted to hand the data to another manager, without realising that said other manager was planning on mining said ex-customers data for sales leads for a new product that would directly compete with them.

Flagrant violation of our contracts, and of UK data protection laws. But the initial request sounded innocent enough, and I only found the reason because I'm extremely paranoid about these things. The manager that made the request didn't suspect a thing, for example.

Actually not having the data made refusing the request a lot easier, and also prevented the manager that wanted the data from trying to find ways around me.


I generally agree with you that not having the data would make it easier to refuse. But not having the data does come at a cost: in this case, poorer user experience.

As a side note, I was mainly talking abt Uber. Your post seems generic and your concerns apply to every large tech company. Most of these companies already have policies in place such as audit trail for data access, access control etc.


I'm not saying that in this specific case it's wrong to collect the data.

I'm saying that to "avoid evil" in the future it is insufficient for current developers to be ethical now.

You need to build systems that actively make it difficult, so that it takes persistence and intent to overcome if you want to do something bad whenever possible. Force people to face that they are putting in effort to bypass restrictions and breaking rules to do what they want to do, instead of "just" accessing data that are readily available to them, and far more will question the justification for requests they are given.


If only need 5 mins after the trip, Uber is in strong position as large user to work with Apple on how to extend the existing background API to cover its use case.


> but Uber as a company is very ethical and takes the responsibility that we are entrusted with very seriously.

Look I'm sure you believe that but there's many many many many data points that show that that's just not the case.


> Uber as a company is very ethical

There are fairly substantial quantities of legal documentation that are evidence against this remarkable claim. They get covered here frequently.


This kind of fraud happened to me three days ago. I filed a complaint with Uber and they resolved the issue. I certainly think something should be done in the product to help with this, but there may be better options, including letting the user click a button to declare that the trip is over.


Thanks for providing your perspective. Did anyone question the decision to remove the option of only allowing Uber to use location while using the app? That would have been a reasonable way to gather data but allow people uncomfortable with background tracking to opt-out.


>trust a company with such personal information, and certainly I wouldn't either, but Uber as a company is very ethical and takes the responsibility that we are entrusted with very seriously.

HAHAHAHAHA Nice try!

> The ride-sharing company said that between July and December 2015, it had provided information on more than 12 million riders and drivers to various U.S. regulators and on 469 users to state and federal law agencies.

http://www.huffingtonpost.com/entry/uber-customer-data-priva...

>the company's blog titled "Rides of Glory." The company examined its rider data, sorting it for anyone who took an Uber between 10 p.m. and 4 a.m. on a Friday or Saturday night. Then it looked at how many of those same people took another ride about four to six hours later – from at or near the previous nights' drop-off point. (...) Uber has deleted the blog post

http://www.marketplace.org/2014/11/18/business/final-note/ub...

>Earlier this month Angie Bird woke up at her home in London to discover she had been billed for a series of minicab journeys she had allegedly made the previous evening … in the Mexican cities of Guadalajara and Aguascalientes, more than 5,500 miles away.

https://www.theguardian.com/money/2016/apr/22/uber-scam-hack...

>Uber is using GPS to punish drivers in China who get too close to protests

http://fusion.net/story/150389/uber-is-using-gps-to-punish-d...

>Study: Uber and Lyft have ‘pattern of discrimination’ against black passengers. Waiting times for black Seattle passengers were 35% longer, and Boston drivers cancelled rides for black passengers more than twice as frequently, study found

https://www.theguardian.com/technology/2016/oct/31/uber-lyft...

>According to internal Uber emails, the investigation began with a note from Uber’s general counsel, Sallie Yoo. The day that Schmidt filed the complaint against Kalanick, Yoo sent an email to Uber’s chief security officer, saying, "Could we find out a little more about this plaintiff?" The request was forwarded to the company’s head of Global Threat Intelligence, Mathew Henley.

http://www.theverge.com/2016/7/10/12127638/uber-ergo-investi...

>Uber as a company is very ethical and takes the responsibility that we are entrusted with very seriously

Please go with your bullshit somewhere else.


A simpler option would be to get the customer to also swipe to end the ride (as an option). This way you get two sources for the end of the ride?


And what if the customer swipes early?


thats an easy thing to validate. If the vehicle is still moving, or if the driver also hasnt confirmed the trip has ended you can work it out.


"easy"

Proceeds to introduce multiple points of failure.


Seems fairly easy: When the customer swipes to end, it notifies the driver. If the driver agrees, the ride ends there. If the driver doesn't agree, he tells the customer to undo the swipe or they will stop driving and the customer can get out.


What if the customer gives her phone to a friend (through a car window) during the ride? Similar thing happened to me abroad. A couple of us used a single phone with a local card, so the phone exchanged hands frequently.


I'm sorry but Uber has broken the law in how many different cities, and you have the gall to call Uber "ethical"? Um, no. Uber is not ethical. Uber willfully breaks laws they don't like when they think they can get away with it.

Why should I EVER trust Uber to obey the law or act ethnically towards me, when they already why as if laws are optional?

Uber can get fucked.


Do you equate law with your society's ethics? Sometimes the two are well-aligned, I think, but not always. In a democratic society, they should be aligned, but the truth is, it isn't the rank-and-file of society making the laws.


> but Uber as a company is very ethical

IPO, new management, all that data to sell. or (more likely) Bankruptcy, all that loss to recoup

Ethics of today don't mean a thing.


Then by all means, track the driver always but the passenger should have the option of "only while using"


> We were told the reason to track up to 5 mins after the trip is for fraud

Yes, sure. There is always some sort of "reason" to "justify" mass surveillance. F that.

It's just NOT acceptable. I'll never use Uber again.


So to paraphrase "I know we had problems in the past - but trust us, we're good guys!"

Put your money where your mouth is - explicitly state in your terms of service specific safeguards of my data and large monetary rewards for a beach of those terms on your part...you never do anything bad with our data right? This should be easy...


Remember: If you're not in the USA, then US law doesn't protect your privacy! And US privacy law is nothing like EU privacy law.

Has Uber considered reforming as a European company, under EU data protection law? That would a nice way to show that you take privacy very seriously.


If Uber tries this in Australia, someone will file a complaint with our privacy commissioner and then Uber will be very, very sorry.


idk if i'd trust anything uber tells me if i worked there.

same would go working at any sufficiently large org


"Large org", that's key here. Even a James Bond villain would require strict compliance of most of his underlings, maybe even more than average, except when not.


Currently, I live in one of those large building complexes and have seen the related changes you bring up. The app has updated to show the different spots commonly used for pickup/drop off and I clicked on one of those instead of moving the pin every time like I used to.


Surely they can get the pick up points from the drivers data, can't they flag where the found the passenger? Why would they need it from the users side too?


That's nice you believe that, except for the fact that only a few years ago Uber tracked the location of a Buzzfeed journalist from God mode, and was accordingly fined for it.[1]

In 2014, senior executive Emil Michael suggested using their service to dig up dirt on reporters.[2]

They further tracked a Buzzfeed reporter when she was late to a meeting with one of their executives, without her permission.[3]

The Uber data science team once used sensitive customer data to find a correlation between their ride data and prostituion, which was highlighted when it was quietly taken down.[4] Lest you think this was a one-off blog, then I refer you to the one entitled "Rides of Glory" [5] that tracked the one-night stands of their riders (you just can't make this shit up).[6]

At Uber's Boston launch party they thought it would be hilarious to track 30 users in what they dubbed "Creepy Stalker View", and one executive, Chris Sims, was shown travelling around in a car - live - causing him to quit the service in outrage.[7]

1. https://www.google.com.au/amp/www.theverge.com/platform/amp/...

2. https://www.buzzfeed.com/bensmith/uber-executive-suggests-di...

3. https://www.buzzfeed.com/johanabhuiyan/uber-is-investigating...

4. https://www.google.com.au/amp/venturebeat.com/2014/11/24/ube...

5. https://web.archive.org/web/20141118192805/http://blog.uber....

6. http://www.marketplace.org/2014/11/18/business/final-note/ub...

7. http://www.forbes.com/sites/kashmirhill/2014/10/03/god-view-...


Can i email to dev for suggestions to eats@uber.com ?


as a fun exercise... I am going to find out how many employees Uber has. From there, who knows. Lol.

#username_might_check_out


Please send this message to management: "fuck off". Thank you.


> Uber as a company is very ethical

Nice try, Travis Kalanick.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: