I'm a little disturbed that they need any information after I use Uber though. They know where I was picked up and where I'm going, why do they need to know where I'm at after I get dropped off? That's a little intrusive to me. The proposed argument in the article, "Uber hopes to eliminate the most frustrating part of the experience: the game of phone tag that both the rider and driver play when trying to coordinate the pickup spot," is fine and I'd accept that even though I'm extremely wary of apps that have access to my GPS data while I'n not using the app because I can't see it in fine detail (as far as I know you only can see that some app is accessing your GPS currently, not which one(s) exactly). However, Uber has no need for the data after I am finished. I'm not a fan of being tracked in general, by governments or otherwise, but for a private company to request data after I finish using their services is intrusive and maybe this is conspiracy but I wouldn't be surprised if this data is sent real time and it's possible to see where a user is at any given time after they leave the car (during that 5 minute window).
I'm also curious how this will bump up against EU privacy laws. I'm in the states and this may only be enabled for certain markets, but I wonder if this would cause issues in EU if it's enabled there.
Uber has a lot of sensitive information regarding users. Who goes where and when. This in the wrong hand can be very disastrous. E.g Trump to Uber: "gimme list of all people who to to mosques frequently. No tax for you." Uber: "Here you go. Just don't tell anyone. "
Sure, maybe they "Bundled" that data it in to some ~other~ lobbied tax deal, but I'd imagine someone would whistle blow that pretty quick in this post-snowden world?
Unless the IRS itself is the instrument of abuse: https://en.wikipedia.org/wiki/IRS_targeting_controversy
The tax law itself isn't secret, but companies certainly lobby for and receive tax breaks and other benefits passed openly by Congress. That's what lobbying is about, of course.
To me, if 1 is getting caught, it makes me question how many are not getting caught. Or are getting caught and let off the hook because the people around them won't hold them accountable.
If we continue to allow this, we're just going to expand the amount of abuse. And yes I know Uber is tracking location not access to your phone's mic.
I can't think of a way to keep privacy technologically without sacrificing the modern conveniences I very much appreciate. Uber in particular has dramatically improved my lifestyle. Google Maps as well.
Experiments like justin.tv show one solution to the problem. Justin Kan, during those 8 months he broadcast his life, would not have feared a secret wiretap. It might be a couple decades more, but I expect that eventually it'll be normal to wear a camera on your face. When everyone broadcasts, surveillance is meaningless.
The usual response is to stop the fire.
I see what you're trying to get at, but I there's probably better way to make your point.
Not exactly an epidemic.
In today's time, we give up privacy for convenience. If you use a smart phone, Facebook, windows/google anything you are already giving up privacy. Stop pretending that 5 mins location monitoring is a big deal.
I find it quite disturbing to see ridiculous comments where one wrong is made right by pointing to other wrongs. We wouldn't need any laws or law enforcement if such logic were to be followed in every area of life.
"There are full body scanners at airports. Stop pretending that putting curtains at home is going to help."
"There are surveillance cameras in many places. Stop pretending that controlling the privacy of your personal photos really matters."
I'm sure I can imagine many other comebacks if I spend more time on this.
The important thing is that their analytics will pick this up, and if enough users do it, hopefully point toward re-enabling "While using."
Apple can also change their policy for ride-sharing apps, to force "While Using" as an option, or block Uber's update from the App Store.
Remember that it was only after apps abused the contact database, that permissions were added by Apple to give users control over apps. Apple can step up now and define a new policy that responds to these new abuses of user choice, within the ride-sharing app category.
This is one of the few benefits of Apple's walled garden review of apps. Perhaps we will eventually thank Uber for pushing the boundaries of etiquette, forcing Apple to regulate Uber and their peers.
You're right - it would be better if Apple allowed users to rollback to the N-1 version of an app. That would send a real-time signal from users to app vendors, rather than slow complaints via press and social media.
Apple should allow users to revert to any older version. There are so many apps that become worse over time, and it's only after an update that the shortcomings are found, with no way to remedy the situation. But Apple really doesn't care about such things on the user experience front. I have provided Apple feedback on this before.
The thing I like in this case is that iOS explicitly warns the user when an app requests for location services permission for use while the app is not running.
I am not a big fan of those taxi laws, but I am not a fan of billion dollar corporations just doing as they are pleased either. They seem to have no regard for laws.
I remember having read something like this but am unable to find it in my archives.
Collecting data for self driving cars probably.
The data is used for (or can be used for) a number of practical and important purposes. These are some examples of what we do as well as what we could do with such data:
- Fighting fraud
- Improving "suggested pickup" locations
- Improvements around POOL (we'd rather suggest a location that's easy to pick up from than one that's unsafe)
- Figuring out what side of the street you end up on (we can do a better job of choosing a route if we know you're able to get out of the car safely)
- Optimizing pickups and dropoffs around events or certain times of the day or week (Caltrain riders: imagine if we suggested pickups at 5th and Townsend instead of 4th and King during rush hour. Much easier to find your driver and prevents congestion)
- Dropping riders off closer to the "correct" entrance to their building
- Dropping riders off in a location that's easier for the driver to depart from without making the rider walk too far (e.g., instead of getting trapped in a weird road or parking lot)
- Analyze where riders ask drivers to make stops mid-trip and make better experiences around that.
As far as trust and safety goes, we can avoid charging you if your driver was looking for you at the wrong location and gave up. We can better see where you were actually dropped off at, if your driver lies and leaves the app running after you've left the car. Leave your phone in the driver's car, and we can potentially do more than just put you in touch with them.
Individual users' data is very closely guarded internally. It's immensely difficult to look at user data without specific access. Overwhelmingly, this data is queried in aggregate and fed into machine learning systems. The risk of abuse is exceptionally low.
I call bullshit. This coming from the same guys who were mapping one night stands using ride data? What were you guys studying there. Fornicating habits of young adults in large metropolitans?
I almost forgot about the time you guys were tracking journalists.
Uber has a reputation and history of being a "shady" company.
"Uber said it protects you from spying. Security sources say otherwise"
I'd ask bastawhiz to comment given his comments above.
I'm not going to try to defend our reputation. But it's worth saying that things are locked down _pretty damn tight_ around sensitive data. I've worked in enterprise file storage in the past, and the internal security at Uber is far better (relatively speaking), and continues to mature.
Which means absolutely nothing as an assurance. Even if that's the case today, in 5 or 10 years the company could go down, or change CEO and be all about exploiting the data, or selling it to advertisers or whatever. Or it could just be a hack that releases millions of ride information (it has happened to the best of web services).
That's the problem when you store data, making whether you have some "pretty damn tight locks" in place irrelevant.
Commenting, to save this little gem for the inevitable time when Uber gets hacked. Again.
EDIT: BTW, did you hear from your support that there are users who aren't pleased with the new feature?
Someone well above your pay grade probably should. As far as I can tell, Uber's business model is psychopathic levels of regulatory and psychological arbitrage.
One is where we believe, based on your words (or some random person on the Internet who claims to be an employee), Uber employees are restricted from accessing customer data...you know, like LOVINT in the NSA. 
The second is where we believe, based on your words (and associated caveats), that Uber does not have a firehose feeding all this information to some other entity that has a much larger capacity for "machine learning", has far lesser actual oversight than what you claim to be in place in Uber, and uses that data for many things we don't know the impact of. This point might sound like I'm talking only about the NSA and trust in the U.S. government, but keep in mind that Uber operates in many countries, and all of their governments have an interest in gaining such data and using it for their own purposes.
Post Snowden, neither of these sides look harmless. I'm talking about the world society as a whole, not just about what one person may consider ("nothing to hide") or what negative experiences that some people may never go through in life.
But in all seriousness, I'd imagine the execs need to go through the same process an engineer would.
You see. You imagine. You believe. You are told. You do not know. And even if it were so today it would not have to be that way tomorrow. So even todays security isn't enough of a reassurance.
The only secure data is data never collected in the first place. And until the friggin disruptive startups start to recognize this I will try to not support them in making my data more insecure.
Have we gotten an NSL? I don't know, but I'd guess we probably have. It would be foolish to think otherwise.
The data volume isn't very big. Let's assume Uber records locations for 20 million users and pings each user every 5 minutes. We're talking about 20 million users * 12 events per hour * 24 hours * 16 bytes (my generous assumption of how much it would cost to store a user id, timestamp, and precise long/lat data) = ~100 GB a day or 3 TB a month. And 20 million / (5 * 60) = 67k events per second.
I could probably build out the infrastructure to process and store a year's worth of user location data for 20k a year on AWS.
What I'm getting at is that it's pretty straightforward and easy for Uber to maintain a database of every user's locations at all times, even if they aren't active users. This kind of data is valuable. Assuming Uber isn't already doing it, all it takes is one mid-level product manager to initiate a small project to kickstart it.
That is completely irrelevant. The powers that be can siphon off the data as it comes in. The danger is in receiving excess data in the first place, making yourself a more enticing target for collection activities.
Uber also only uses strong TLS for connections, so "the powers that be" will have a heck of a time taking a real heap of gigabits (terabits?) per second of encrypted data and doing anything particularly useful with it.
Does uber offer a password/bank information storage service?
With such great security and unhackable storage, those are the next logical upgrade and would make a really great one-stop service for your customers.
so.. uh.. (eyebrow wag) what else do you use it for that you didn't enumerate?
The risk of abuse is exceptionally low.
Except, of course, events where you and I disagree about what abuse is. Like tracking journalists around for shits and giggles.
But so you're saying it's possible? Somebody with high enough access at Uber might be able to stalk an ex-girlfriend and follow her home? Getting into trouble for it of course, but it wouldn't matter after a murder-suicide? Statistically improbable I know, but that's the sort of thing that people worry about
But that's the same story with that one engineer at Google that has SSH access to the server with the keys to the storage cluster for Gmail. Or the person that writes queries for the Hive cluster that manages Cortana queries at Microsoft. Or the person that writes the API layer that sits in front of the order history service at Amazon.
There's a million ways an engineer at any big company could abuse their powers. But we put safeguards in place, we watch each other, and we do our best to serve our users as best we can. I say this in a general sense, not specifically to Uber. It comes down to trust.
This is why it's important to minimize the attack surface. Yes, there is always going to be risk when you store tracking data. You are choosing to create that risk by storing any data beyond what is specifically necessary. Uses such as "Optimizing pickups and dropoffs" are optional, which you more or less admit when you said it was something "we could do".
Alternatively, you could prioritize the safety of your customers by minimizing the risks they acquire when they use your service. The data collected for the ride could be minimized. You could expunge user data when it is no longer needed. You could find ways to store only aggregate data instead per-user values.
> we put safeguards in place
You also made design and business decisions that created the need for those safeguards. You are protecting your users from a problem that you created.
> we do our best to serve our users as best we can
You could be indemnifying you users for any damages that derive from the data you are choosing to store.
> You are choosing to create that risk by storing any data beyond what is specifically necessary.
That's an interesting point and it begs that question of what is "necessary". Does that mean a company should distill its product down the the absolute minimum viable product without collecting any information beyond what is necessary to do its job? Nobody should use Google Analytics because it's not necessary to run a website? "Necessary" isn't black and white.
Pickups and dropoffs are very troublesome parts of an Uber ride (and definitely can't be avoided...the riders need to get in and out of the car without being run over). Uber currently has no way of improving that, without data at least. So what data is "necessary" to make that experience better? How can Uber, or any for-profit company, improve their product if they have no idea what's wrong with it? What kind of data can be collected that falls into the bucket of "necessary"?
> You could expunge user data when it is no longer needed.
Other than when a user leaves the service, how do you know when data is no longer "needed"? How can trends be measured over time if old data is expunged? How can fraud trends be detected if historical payment data is not preserved? How can Uber choose the best restaurants for UberEATS if order history is dropped over time?
When a user leaves a service for a time and returns, do they return to find a completely empty account? Would you expect this from Gmail, or Facebook?
At what point do you draw the line where you say, "I'm sure we'll never need this again."?
> You could find ways to store only aggregate data instead per-user values.
This assumes the data is homogeneous, which it's not. Different people use Uber (and any other service, for that matter) in different ways. Lumping everything together makes it impossible to discern patterns that are substantial but do not represent a majority of your user base: Some folks only ride to and from work. Some folks only ride to and from bars. Some folks only ever use Uber to go to the airport. How do you identify and optimize for these use cases?
It also calls into question how you bucket your data. Location data in California is not relevant to location data in New York. Location data in Rochester is not relevant to location data in New York City. Location data in Brooklyn is not very relevant to location data in Manhattan. At what point do you stop scrubbing your data into an aggregate form? How do you avoid scrubbing too much data away such that you've painted yourself into a corner when you try to solve a problem in the future? How do you avoid scrubbing too little, such that even when the UUIDs are stripped away you can use a big ol' hadoop job against pickup and dropoff locations to figure out which trips belong to which user?
It's worth asking also how much value you can provide to the user if you do all of these things. When I go home for the holidays once a year, I take Uber quite a lot. Should Uber forget my favorite destinations every year because the data gets expunged? Should it only show common destinations because my trip history has been anonymized?
Anyway, this is meant to point out that it's not simply a matter of keeping things as minimal as possible. It's hard to add value while also protecting users, even when the users' best interests are in mind.
I think people could be picked up and dropped off just fine prior to this update so it's not something fundamentally broken. Could things be improved? Sure but the benefits need to be weighed vs. the tradeoff.
Given the many responses that you have gotten so far arguing against your stance, it might be helpful to consider why people are having such a reaction. We have valid concerns and they should be addressed.
Having said all that, it's still creepy. And the examples you gave (Google/Gmail, Microsoft/Cortana) are almost certainly also instances where data collected is being systematically used in what many would consider creepy ways.
For me, I go to and from home, the gym, and work. Every day. If someone was looking at that data, I'd be creeped out, but they'd learn almost nothing about me. If someone saw my credit card statements, I'd be mortified. And yet, almost everyone forgets to fill out and mail back that little slip you get with a new credit card that says "hey, actually I don't want you to sell all of my data to everyone on the planet."
Ha, this sounds exactly like "I have nothing to hide, so I'm okay with the NSA gathering all of my data".
Part of the issue is that location has a lot more "physicality" tied to it. One can't easily change where they live, work etc. whereas it's much easier to switch credit cards.
Yeah, I suppose this is true. Thanks for sharing your thoughts, I appreciate it.
People with access to hardware can probably do anything if they really want to. People at the bank can remove all your money in the account by going directly into the database as well.
It certainly is; it's also something I've never said
But there's no oversight whatsoever. We should just take Uber's word for that -- despite the company's public track record of repeated privacy violations in the past?
And even if Uber itself has suddenly converted into an unimpeachable guardian of personal privacy, it could always be hacked (and probably already has, just like the NSA and everyone else.) The hackers are not likely to share the same moral compunctions about privacy.
I also noticed you said that it's queried in aggregate, but that is distinct from it living in aggregate. Does this mean that you actually do keep my individual GPS data and it could be looked up later?
I am still unconvinced that this is necessary, even with those (potential) improvements. I am relatively okay with allowing Uber access to my location outside of the app during the period between me requesting a ride and being picked up, and of course I'm okay with allowing access when I'm physically in the car. But after I get dropped off is a much harder thing to accept. Most of the things you suggested were for before I get picked up, not after. In fact, the only things you suggested were not on that bullet list but in the second to last paragraph ("we can avoid charging you if your driver was looking for you at the wrong location and gave up"; "We can better see where you were actually dropped off at, if your driver lies and leaves the app running after you've left the car").
I understand that Uber itself is trying to be a better company and is trying to move beyond its past life as a cavalier company that suggested looking up information about journalists who write negative things about the company, but it's a really hard image to shake and understandably many people are distrustful of a company whose executives were okay with this. I could very much see a member of Uber's counsel requesting GPS data on some user who filed a lawsuit and giving it to a private investigator (considering that Uber did in fact request information about and that a PI to do investigation into a person who filed a lawsuit against Kalanick).
I don't know specific programs that are in place or upcoming, not my jam.
> Does this mean that you actually do keep my individual GPS data and it could be looked up later?
Trip location data is attached to users. You can look it up yourself on the Uber website (riders.uber.com). With regard to data collected from rider devices, I don't know the technical details but I assume it's not living in aggregate.
At the end of the day, we're an engineering- and data-driven company. Pickups and dropoffs are overwhelmingly the most painful parts of the average Uber ride, and we know startlingly little about them: that's what this initiative is about. We want to make things better for our users, and overwhelmingly, things like this do lead to improvements. Whether you trust what we do with the five minutes of data is up to you. I'm not here to speak about our character, though I certainly wouldn't be around if I thought Uber is a bad company.
If Uber was really serious about user privacy, this would be a no brainer feature to offer.
Also, why isn't there an option to delete previous trip data?
It's also the case that the record of your trip isn't just data. It's the receipt for an actual thing that happened. A transaction between three or more parties takes place. That data needs to be preserved for any number of the reasons, including government compliance. Even just handling credit card disputes makes it invaluable.
A receipt is the piece of paper or electronic record showing how much your trip cost.
Show me an example of someone using trip data as a primary form for handling CC dispute. Please also back up your statement that trip data has to be kept forever for government compliance.
Lastly, what if my driver and I both want to delete trip data? Per your argument, is there an existing option to delete trip data then? I didn't think so.
A receipt is a proof of transaction and completely separate from whatever data you collected about your customers, your statement makes little sense. That it facilitates disputes doesn't change the nature of data privacy, it is just convenient for you and the bank.
For now. You haven't mentioned how long this data is kept, which means I can assume "forever". This means that a future change of policy, an acquisition, or a merger can expose this data to a variety of third parties (not to mention the obvious possible exposure to governments).
The reasons you have listed for gathering the data are not sufficient to offset the future risk to me. Moreover why should I do unpaid data acquisition for Uber while bearing all the risk in case the data is exposed? If you want higher detail location information, do what Google did and send out cars with sensors.
It's not just about the locations, but about the interactions between the rider(s), driver, the location, and the time. A location might be difficult to pull over at during rush hour, but nearly empty later on. Drivers might be unable to get very close to an event venue. Certain streets might be difficult to drop passengers off safely on, based on traffic conditions (though we wouldn't know that). And of course, there are many applications around customer support that couldn't be solved otherwise.
It is impossible to take your word for it. After so, so many companies have been caught intentionally or unintentionally mishandling user data, there is no reason to believe that Uber is the exception.
An extraordinary claim demands extraordinary proof.
I'm not asking you to. If you'd like to come in and interview for a position and eventually see for yourself, though, I'm happy to accept your résumé. :)
Your iOS app effectively turns useless when choosing "Never". You can't do anything other than booking a cab. No access to account information, ride information, anything else.
Yeah, I get what it is when you say:
Improving "suggested pickup" locations
All it does is help you pick spots near your pickup location that are more easily accessible to drivers.
Your company is grossly overstepping privacy bounds, and your excuse making post is largely irrelevant. And it's wholly reasonable to be distrustful of a place where execs threaten to blackmail journalists and remain employed. It'd be ridiculous to trust Uber.
I can understand if you gave the "Always" option in addition to the "While Using" option with this explanation, but strong arming your users to give an all or nothing choice is bad.
Giving people choice is good.
All of the points that you've listed here would work just as well with anonymized data. Obviously if users are being picked up or dropped off at their house (for instance) then making every journey truly anonymous would be impossible without damaging the data, but you could still strip out explicitly identifying metadata. Are you able to tell us what sort of measures are taken in this regard?
I don't work on this stuff myself, so I can't say.
I also doubt that Uber as a company, and Uber engineers individually, hadn't realized that already.
I'm going to deny permission, and call Uber from Apple maps. No reason for you to track me from M-F if I only use Uber Sa-Su.
They care because they are data driven and not personally culpable for their invasions of privacy. Why not collect everything you can without getting more permissions?
Why not both? Why not collect all the information you possibly can, whether or not you immediately see obvious value to it, and then find ways to justify it later?
Because it's non-trivial and it costs a lot of money to do that, in terms of engineers' salaries, storage, etc.
Well they _have_ raised $15,000,000,000 in cash: http://www.nytimes.com/2016/06/21/business/dealbook/why-uber...
Personally, over never seen any evidence that Uber actually knows what it's doing except making a shit-ton of money. Even the self-drivIng car strikes me more as a sideffext of having a bunch of money they needed to spend and it won the rock-paper-scissors contest against rockets.
Doubly so for the "ME TOO!" Doordash / Postmates competitor.
Well... I still think Uber is drunk on money. Just VC money.
And I'm sure that if Uber does implode, Travis will still come out a hundred-millionare and a reputation of being a business genius, even though he never actually turned the growth into a successful sustainable business. Kind of like Sean Parker and Napster.
Just let me opt out.
You can force quit the app after using it, so it doesn't get GPS access. "Always" only grants access while the app is open in the background (of foreground of course). Not pretty, but a workaround.
> (as far as I know you only can see that some app is accessing your GPS currently, not which one(s) exactly
Don't have my phone set to English, so wording might be slightly off. Settings -> Privacy -> Location Services. A purple arrow means the app used GPS "recently" (so a few minutes ago)
In China, there's a company that provides a free loyalty point program. The store signs up for it, and users download the app and can use it to collect points when a transaction is made at the store. The points can then be exchanged for discounts and other stuff.
All of this is free. How they make money is by selling the user behavior data.
One of the features is the app tracks where the user goes after a transaction is made, so stores can find patterns and possible ways to cross promote.
For example, it might show a trend that 60% of customers will go to the movie theater after dining at your restaurant. Or will go to the Nike store after visiting yours, so perhaps you want to adjust your prices, etc.
On iOS if you go into [Settings > Privacy > Location Services] you can see which apps have used your location "recently" or in the last 24 hours. There is a legend at the bottom of that page for what the icons mean.
Waze has location settings set to Always, so I guess they won't care again.
And just as a side note, take it with a few grains of salt but I know it's not easy to just trust a company with such personal information, and certainly I wouldn't either, but Uber as a company is very ethical and takes the responsibility that we are entrusted with very seriously.
There are a lot of things we do for our customers that isn't reported by the news, but we always try to do the right thing. Ex. When we had a few outages earlier this year, we made sure that the drivers who were active at the time were "made whole" by paying them for the time we were down.
Yes, there were issues a few years ago with statements and actions that were done, but the Uber today and the employees that work here now take a lot of pride in what they do. I would never have worked here if I didn't feel Uber was an ethical company. And neither would my coworkers. There are thousands of engineers now working here and we would be the first ones who would stand up to management if we felt that something nefarious or even careless was being done with user's personal information. Many of the company values revolve around "toe stepping" and "principled confrontation" and this means even against our own management.
So I know it's not easy to believe, and it's easy for me to say since I work here, but nothing nefarious is going on. If there was, we the engineers would be against it completely.
Probably every company has said that, yet we know how that usually turns out sooner rather than later (I'm looking at you, WhatsApp).
"So I know it's not easy to believe, and it's easy for me to say since I work here, but nothing nefarious is going on. If there was, we the engineers would be against it completely."
For now. What if a new higher manager comes and decides to use this information for other purposes (ad, sale etc.)? Some engineers might quit, but costumers can't take their data back.
My takeaway is: do not trust companies with more data than necessary to provide you a service and this is exactly such case.
Does your company have a set of values to which it says it holds itself and its employees? Excellent - lets play Enron Bingo! Go through your company values and every time one of them matches or strongly overlaps with the list provided in Enrons 1998 Annual Report - Shout "WOOOO" really loudly.
It might be a fun exercise to trawl through the company values of failed / disgraced companies to see if there's any pattern, or compare to genuinely ethical companies (if there is such a thing) to see whether there's a contrast.
Now there are two people who insist on escorting me out of the building.
Hindsight is 20/20, and based on that I personally would say WhatsApp was not ethical even when it was a standalone company. If it had been so, it wouldn't have allowed Facebook to acquire it in the first place! I realize this sounds harsh and probably implies bad motives on the owners, but whatever WhatsApp wrote in its blogs pre-acquisition were all principles that could be sold at the right price. That's exactly what it has come to now that we know how it's being used.
I would also consider it insulting to human intelligence if the WhatsApp founders had truly believed that they would be able to continue with their stated privacy stance after being bought by Facebook, of all companies (what they wrote on the blog at that time can be seen as public posturing).
Cash pressure + lots of valuable assets liquidised legally that just require a change to ToS = said assets for sale + temporary bad PR.
If my company is profitable (or has revenue growth and is likely to become profitable) and a scummy company wants to buy it, I'm going to say no.
Hard as it may be for some of the HN/VC crowd to believe, but there are people out there who start companies with their own money, because they believe in something. At no point does "find some fat megacorp to buy us our" enter the game plan.
Ethics isn't about doing the right thing when it's easy.
For a US company, yes. For EU companies, the EU privacy law says you can only use the data for the original purposes, and based on what the person consented to. You can't grab all data (since that's overbroad), and "consent" can't just be "click through on legalese".
If you're concerened about privacy, don't use US companies.
I understand that this could fall into 'data necessary to provide a better service' as opposed to simply providing the service as-is, but it seems like drop-off point locations are quite fundamental.
Now, if this is to feed into their plans for autonomous taxis, that's all very well because I am really looking forward to being able to summon an autonomous electric car to take me wherever I want to go, but I still don't understand why they care about more than where I actually get out.
Later that evening while on a different computer I noticed in the right-hand margin of facebook an ad for bathroom scales. I was horrified. I felt violated, tracked and spied on. This wasn't spill over from localised cookies. There was a database somewhere keeping track of my online activities and passing that info along to whomever asked for it I guess.
On the one hand nobody cares or is watching what I'm doing. But what if I'm a high school teacher and a female student infatuated with me males advances which after being rebuffed goes public with false accusations of how I tried to rape her, will I be sitting in court watching a prosecutor show a jury the gay monkey porn sites I visit because he or she was able to subpoena this "database" of all my online activity and now because of it I may lose my job or career? I don't know. Maybe that's the whole reason privacy rights are such an issue.
If it means catching bad guys I'm for it but if it means scrutinizing the innocent then yeah of course I don't want my privacy violated.
That should be applauded.
- Algorithmic Labor and Information Asymmetries: A Case Study of Uber’s Drivers https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2686227
- Uber: The Big Data Company http://www.forbes.com/sites/ronhirson/2015/03/23/uber-the-bi...
- How Uber is Selling all Your Ride Data http://www.investopedia.com/articles/investing/030916/how-ub...
- How Uber Profits Even While Its Drivers Aren't Earning Money http://motherboard.vice.com/read/how-uber-profits-even-while...
- Uber claims US regulators collected data from 11m passengers https://www.theguardian.com/technology/2016/apr/12/uber-us-r...
If it wasn't for the apparent money laundry, drivers exploitation, cashing out on desperation, and tax evasion, maybe I could believe that.
https://www.bloomberg.com/news/articles/2016-08-25/uber-lose... (How can the company survive?)
https://beta.companieshouse.gov.uk/search?q=uber (Closing and reopening with different names in the UK. Apparently 4? times so far... Hmm...)
I don't understand how anyone can with a straight face claim that "Uber as a company is very ethical company". I would rank the company management (not drivers) as ethical as the New York mafia.
I've seen this type of story repeatedly after there's been an incident in some city. If it's not Uber it's a hotel chain or similar. It's easy clicks for tabloid newspapers. They probably have a template for this sort of story ready to go. And there will be plenty more ammo for this sort of thing as more companies move to automated pricing models.
Almost everyone who had to pay surge prices that day would not have been directly involved in the explosion (or even seen it). Are companies now supposed to compensate for any bad thing that might be happening in somebody's life? Presumably those who chose to pay surge prices did so because it was still the cheapest/best way of getting home. So even at those prices Uber was better than any alternative.
EDIT: Forgot to mention, it's also possible some people might have only got home that night because of surge pricing, because it increases the number of drivers.
If I had to buy a very expensive airline ticket at the last minute to see a sick relative, would the airline be exploiting me?
Previous HN discussion and article on the Copenhagen Interpretation of Ethics, which is relevant here:
Those links are also pretty weak: all speculation or opinion pieces about things that are out in the open:
1) this is not even close to money laundering?
1) this is just a list of companies with "uber" in their name? besides, it's very common for companies to structure and re-structure themselves without anything unethical going on. it's also common to do it for tax purposes, see below.
2) quite a bold opinion piece about the driver situation. clearly, with so many drivers and customers taking part, it's a matter of opinion. it's reasonable to call it unethical if that's your view but it's not really what the parent meant.
3) pure media hysteria. good to see The Sun as a source on HN.
4) the tax thing again. as it stands, everyone wants to lower their taxes and almost all large companies do this a lot and do it legally. if your view is that they should just volunteer as much tax as possible, you're welcome to that view - there are signs that the law will start to change to be less forgiving of this. however, the specific case in the article is probably the worst example you could pick: the ability to offset losses from previous years isn't even close to being a grey area.
Do cab drivers come in for the same criticism? I've been scammed and lied to so many times by (official) cab drivers and they are absolute sharks for exploiting desperation and ignorance. There are investigative stories linking taxi cab rings with genuine organised crime. I guess they must do perfect tax returns?
I can agree with the weak links. Unfortunately didn't have much time to find better ones. Also, having The Sun as source in HN doesn't give it much of a credibility, but I'm sure there are more reliable sources out there .
I can also agree that this point can be made from a bit of a media hysteria. But a company whose business model makes prevail supply/demand rules on a disaster, seems like a bit sick to me. From my point of view, this is not an ethical company behavior. And when I mean company, I mean company as a whole despite believing there are departments within the company where things are done ethically (parent's point maybe?).
Also, again in my opinion, a company shouldn't attempt tax evasion, by any means p.e. tax evasion schemes (most of them arguably legal) as it impacts all country's and overall economy. This said, I classify most big companies as unethical. This can possibly be one of the main reasons the gap between rich and poor is getting bigger every year as big sharks cash out clean out of the exploited marked.
If a company disagrees with a country's taxation model, ethically, maybe it shouldn't attempt to get to that market?
Company name changes can be seen as tactical maneuvers used for tax evasion also and debt evasion in case the company goes bust.
On previous + ,, altogether, this may present no substantial evidence on money laundry but do you really believe investors would be naively burning billions worth of investment on a company which on 7+ years of existence didn't present, neither is close to presenting, any profit?
I'm not saying cab drivers shouldn't be put through similar criticism, maybe they should. But I think we cannot generalize on that. There are good and bad professionals everywhere.
What I can say, based on what I know from my country, is that cab drivers cannot scam you as their fees are regulated. They cannot charge you more that X per Km as their taximeters are regulated by the government to ensure that. They need to have a professional driving license and be identifiable to the customer. And they're also entitled to pay their taxes accordingly. Of course one can always hear a bad experience from time to time, but again, that is subject to happen in every industry.
In my experience, taxi drivers hide the meter, claim that hours are off-meter, claim there are special fees for certain journeys which don't exist, refuse to take rides they are obligated to take etc. Absolutely not rare at all in major European cities (and endemic in the developing world). I've lost count of how many times I've had it happen, attempted or seen other people targeted with it. This is mostly in major European cities. Formal complaints with the license number don't work ("we'll remind the driver of his obligations").
I don't find this especially unlikely behaviour - they are relatively unmonitored and unaccountable. They are distributed - no reputation as individuals. They deal with a lot of cash, they deal with people who don't know where they are or what the rules are. It's often one person's word against another's. I have plenty of first hand experience of misbehaviour, and I know regulatory body does little to address it.
I find it odd that you assume the best of them - you even say they cannot do anything because a regulation exists. Obviously this is untrue. Yet with Uber your view is borderline conspiracy (despite them also having regulations!). Do you think all currently-unprofitable startups are laundering money on a large scale? Where did these billions and billions of dirty money come from? Is YC itself laundering dirty money through startups? They changed their org structure a few times recently - are they hiding something with this? I've seen multiple YC people write about tax efficiency too!
Yes, agreed, I could have used better words other than cannot do anything because of regulation, of course they can and I'm sure some do. And I'm sure some Uber drivers out there do the exact same, maybe through different means. As I said before, good and bad professionals, you can find them everywhere. It's not something you can generalize.
What I meant is that what distinguishes them from Uber is the fact they are government regulated. I know it may not stands as much, but if everything works as supposed to, it would work well. I'm also assuming you face a different reality (country) different than mine, so not sure if there's a point in going forward with this. Just to finalize on this, some fun fact: in my country every public passenger transportation needs to have a specific insurance (often expensive) and a professional driving license. This is mandatory for every public transportation (cabs included) but Uber. The list of exceptions goes on, and on...
Regarding tax efficiency we share different views as well. And I'm not saying as part of a conspiracy theory of mine thar all unprofitable startups are laundering money on a large scale. A startup is usually expected to start profiting after 5 years and Uber is just far from that.
I also try to put myself on an investor shoes and figure out If I'd invest my money on a company as such. My answer is no.
Regarding this particular question:
> Where did these billions and billions of dirty money come from?
A little bit of conspiracy speculation now: Hidden in tax heavens and needed to be brought to light ;)
There's obviously no hard-and-fast rule about 5 years. Other people value companies differently from you and have greater risk appetite. It's pretty normal for people to have different views on such things (like the morality of various tax arrangements!); that's not evidence of corruption.
> A little bit of conspiracy speculation now: Hidden in tax heavens and needed to be brought to light ;)
That's not where it came from, that's where it currently is (according to you). Even so, a tax heaven is not the same as money that needs laundering.
Agreed. There's no hard rule on that. I just find it hard to believe someone would be up to investing a big chunk of money, for that much amount of time, without having any return. But yes, people choose on what to believe. I prefer to take it this way as I'm past Wonderland a while ago. Let's hope I'm wrong.
> That's not where it came from, that's where it currently is (according to you). Even so, a tax heaven is not the same as money that needs laundering.
I think it can be both actually. And it may need laundering in case there's no justification on where it's coming from.
But again, this is all just conspiracy as Panama papers never happened.
I don't understand why people expect corporations to work as a non-profit
1. Your CEO refers to the impact of his company on his sex life as "Boober". https://pando.com/2014/02/27/we-call-that-boob-er-the-four-m...
2. Uber orders and then cancels thousands of rides of its biggest competitor, Lyft. http://money.cnn.com/2014/08/11/technology/uber-fake-ride-re...
3. Uber exec threatens a journalist Sarah Lacy with a smear campaign. https://pando.com/2016/05/04/npr-proves-once-again-uber-lyin...
4. God mode: Insiders tracked users personal movements and were fined 20k for misusing their access. http://www.theverge.com/2016/1/6/10726004/uber-god-mode-sett...
Your closing statement is spot on: it's not easy to believe "nothing nefarious is going on". For me, it's not even possible.
Even if you would believe Uber is an ethical company (there is good reason to believe for-profit companies generally are not and also good reason Uber especially is not), the underlying problem is that the data could fall into other hands. Three letter agencies can ask for that data, someone could leak the data, etc. I know the last one sounds unlikely but stuff like this happens all the time.
Being clear, my experience never saw misuse of customer info, just some legal but shady-as-shit ways they chose to do business.
EDIT: Sorry, my point being that, while I don't anticipate they'll abuse customer location tracking in the large, I would vehemently dispute the parent poster's supposition that everyone at Uber is super ethical. Rank and file engineer? Yeah, probably fine. Management? I expect TK and his lieutenant bros and bro-ettes will do whatever he can get away with.
Then how come the "while using" option is not there ? the best way of not being careless with sensitive data is not having them in the first place.
I was more hoping you'd try to answer the part that addressed the "While Using" option being removed. I'm guessing that one might also be too difficult to answer honestly in a public forum?
Spying on a journalist: http://www.businessinsider.com/ubers-new-york-manager-invest...
Tracking celebrities and sharing publicly: http://www.forbes.com/sites/kashmirhill/2014/10/03/god-view-...
Makes sense to me, afaik the driver UI shows surge pricing based on an area and not individual users.
- Try canceling your account .. you have to contact their support who will cancel it for you. What i signed up once and you let my account get hacked and dont care and I cant cancel my account myself? I have to wait a week????
- SOmeone I know has leased a car through one of their leasing car companies and it has ruined his life financially with all their nickel and diming and no invoice from them in regards to what he is being charged for. They just brush him off... he works two jobs .. a sales job and Uber to feed his family.
- In a few years all Uber's loyal drivers who use it to get by and feed their families will be screwed over by Uber.
How can anyone call Uber ethical ... it's the epitome of why Hilary Clinton lost as it's all about making huge profits for a very small subset of people at the expense of the majority who Uber is just using to get filthy rich.
Worst company ever run by silicon valley lucky ass unicorn douchebags who don't give a damn about anyone but themselves. Their smug asses need to meet the smack down of govt. regulationS!!!
When did you join Uber? If it was not prior to 2014, what makes you an expert on how the company had mature and, if prior to 2014, why were you not shocked and angry when these events occurred in 2014?
I've heard from you and multiple employees that you would be "shocked or angry" or believe "Uber is a good company and wouldn't have joined otherwise." But I find this hard to believe because if that was the case, then Uber would have lost most of their engineers in the beginning, pre-2014, when they were doing really shady stuff. Maybe you and your colleagues that use Hacker News that publicly commented on this thread would quit if something unethical happened, but words are empty while actions are not and I haven't heard of a case where a large group of Uber engineers or employees are protesting about their company's unethical nature. Color me unconvinced when I hear your words.
What are you basing this on and point me to supporting evidence of this, failing that I need something more convincing than increased headcount as a motivator to give Uber my trust as a consumer again.
and at the same time plays dirty with city councils and hires a lot of lobbyists and slashes prices without advanced warning to drivers? all of those are unethical practices.
The only secure way of collecting data is not collecting data at all.
You've got to understand how directly this clashes with the media coverage re: driver rights.
That is not "the media". Your employer is totally unethical.
Memberberries for President
How would you even know if "something nefarious or even careless was being done"? If there are thousands of employees, wouldn't it just be difficult for everyone to know what everyone else is working on, other "secret initiatives management has sponsored", etc.? There could be so many things happening right now where the information is "above your pay grade". My point is that even if the CEO or CTO or anyone else makes these statements, it's easy to be skeptical considering Uber's history and ethics.
I know many companies that allow one to report issues much higher in the chain, have "no retaliation" policies, and so on, but it's really a stretch to ask employees to fully trust the system and worse, ask people outside the organization to trust the employees and the system.
The problem is when the company starts slowly pushing the boundaries in ways that can be justified if you squint right.
E.g. consider this extra tracking. The feature in itself is fine, as long as the data is protected well enough and not abused.
The problem is that staff not used to think about nefarious uses are likely to defend this kind of collection without thinking about all the tiny little privacy implications.
So when a less moral person suggests a little tweak here or a little tweak there and justify it with a seemingly ok reason, it is likely to fly straight past a lot of people.
Another little change here and there, and suddenly things start to fall out of it that wasn't intended.
How many IBM engineers in the 20's and 30's had any inkling that their work on tabulating machines would aid in the Holocaust? Most would presumably have been horrified. Even the IBM execs that negotiated IBMs deals with Hitler would likely have been utterly horrified. Each little step was just one tiny step further from the last, and most had plausible positive spin on them. And the worst was hidden from them.
This is the difficult part of ensuring the morality of corporations, or organizations, or society in general: It is incredibly hard to get a sufficient overview to be able to predict whether any given action will contribute to an immoral outcome. Even when you're right there, "flicking the switch" that finally ties it all together. It's just one more tiny step, that from ground level will often not seem any different than the last step, which turned out ok.
The only way of ensuring the a corporation acts morally, is not to act morally, but to act specifically to take steps that binds the corporation so it is unable to do bad things:
Make sure you don't have data that can be abused, if at all possible, or at least destroy it as soon as possible.
Make sure you have systems that actively prevent staff from accessing data they have no need for.
Consider if you can transform data in ways that makes it less intrusive (e.g. if you don't need the full precision of certain location data, reduce the precision; if you don't need to be able to tie it to a certain individual, anonymise; if you only need aggregate/summary data, aggregate/summarise as early as possible and aggressively purge the raw data).
Ever barrier you remove from access to data, creates opportunities for innocent-sounding requests that turns out to have immoral reasons.
E.g. I've had managers request data from ex-customers that wuld have been in backups except for aggressive policies on purging it, where it turned out that rather than legitimately e.g. wanting to help them recover data, said manager wanted to hand the data to another manager, without realising that said other manager was planning on mining said ex-customers data for sales leads for a new product that would directly compete with them.
Flagrant violation of our contracts, and of UK data protection laws. But the initial request sounded innocent enough, and I only found the reason because I'm extremely paranoid about these things. The manager that made the request didn't suspect a thing, for example.
Actually not having the data made refusing the request a lot easier, and also prevented the manager that wanted the data from trying to find ways around me.
As a side note, I was mainly talking abt Uber. Your post seems generic and your concerns apply to every large tech company. Most of these companies already have policies in place such as audit trail for data access, access control etc.
I'm saying that to "avoid evil" in the future it is insufficient for current developers to be ethical now.
You need to build systems that actively make it difficult, so that it takes persistence and intent to overcome if you want to do something bad whenever possible. Force people to face that they are putting in effort to bypass restrictions and breaking rules to do what they want to do, instead of "just" accessing data that are readily available to them, and far more will question the justification for requests they are given.
Look I'm sure you believe that but there's many many many many data points that show that that's just not the case.
There are fairly substantial quantities of legal documentation that are evidence against this remarkable claim. They get covered here frequently.
HAHAHAHAHA Nice try!
> The ride-sharing company said that between July and December 2015, it had provided information on more than 12 million riders and drivers to various U.S. regulators and on 469 users to state and federal law agencies.
>the company's blog titled "Rides of Glory." The company examined its rider data, sorting it for anyone who took an Uber between 10 p.m. and 4 a.m. on a Friday or Saturday night. Then it looked at how many of those same people took another ride about four to six hours later – from at or near the previous nights' drop-off point. (...) Uber has deleted the blog post
>Earlier this month Angie Bird woke up at her home in London to discover she had been billed for a series of minicab journeys she had allegedly made the previous evening … in the Mexican cities of Guadalajara and Aguascalientes, more than 5,500 miles away.
>Uber is using GPS to punish drivers in China who get too close to protests
>Study: Uber and Lyft have ‘pattern of discrimination’ against black passengers. Waiting times for black Seattle passengers were 35% longer, and Boston drivers cancelled rides for black passengers more than twice as frequently, study found
>According to internal Uber emails, the investigation began with a note from Uber’s general counsel, Sallie Yoo. The day that Schmidt filed the complaint against Kalanick, Yoo sent an email to Uber’s chief security officer, saying, "Could we find out a little more about this plaintiff?" The request was forwarded to the company’s head of Global Threat Intelligence, Mathew Henley.
>Uber as a company is very ethical and takes the responsibility that we are entrusted with very seriously
Please go with your bullshit somewhere else.
Proceeds to introduce multiple points of failure.
Why should I EVER trust Uber to obey the law or act ethnically towards me, when they already why as if laws are optional?
Uber can get fucked.
IPO, new management, all that data to sell.
or (more likely)
Bankruptcy, all that loss to recoup
Ethics of today don't mean a thing.
Yes, sure. There is always some sort of "reason" to "justify" mass surveillance. F that.
It's just NOT acceptable. I'll never use Uber again.
Put your money where your mouth is - explicitly state in your terms of service specific safeguards of my data and large monetary rewards for a beach of those terms on your part...you never do anything bad with our data right? This should be easy...
Has Uber considered reforming as a European company, under EU data protection law? That would a nice way to show that you take privacy very seriously.
same would go working at any sufficiently large org
In 2014, senior executive Emil Michael suggested using their service to dig up dirt on reporters.
They further tracked a Buzzfeed reporter when she was late to a meeting with one of their executives, without her permission.
The Uber data science team once used sensitive customer data to find a correlation between their ride data and prostituion, which was highlighted when it was quietly taken down. Lest you think this was a one-off blog, then I refer you to the one entitled "Rides of Glory"  that tracked the one-night stands of their riders (you just can't make this shit up).
At Uber's Boston launch party they thought it would be hilarious to track 30 users in what they dubbed "Creepy Stalker View", and one executive, Chris Sims, was shown travelling around in a car - live - causing him to quit the service in outrage.
Nice try, Travis Kalanick.