Hacker News new | ask | show | jobs
by ak2196 3487 days ago
>> The risk of abuse is exceptionally low.

I call bullshit. This coming from the same guys who were mapping one night stands using ride data? What were you guys studying there. Fornicating habits of young adults in large metropolitans?

http://www.whosdrivingyou.org/blog/ubers-deleted-rides-of-gl...

I almost forgot about the time you guys were tracking journalists.

Uber has a reputation and history of being a "shady" company.
3 comments
newman314 3476 days ago
This just came out today.

"Uber said it protects you from spying. Security sources say otherwise"

https://www.revealnews.org/article/uber-said-it-protects-you...

I'd ask bastawhiz to comment given his comments above.

link
mortehu 3487 days ago
Looks to me that even the most specific information in that article is aggregate data over a large number of users, i.e. population statistics, something I wouldn't consider a breach of anyone's privacy.
link
bastawhiz 3487 days ago
> Uber has a reputation and history of being a "shady" company.

I'm not going to try to defend our reputation. But it's worth saying that things are locked down _pretty damn tight_ around sensitive data. I've worked in enterprise file storage in the past, and the internal security at Uber is far better (relatively speaking), and continues to mature.

link
coldtea 3487 days ago
>But it's worth saying that things are locked down _pretty damn tight_ around sensitive data.

Which means absolutely nothing as an assurance. Even if that's the case today, in 5 or 10 years the company could go down, or change CEO and be all about exploiting the data, or selling it to advertisers or whatever. Or it could just be a hack that releases millions of ride information (it has happened to the best of web services).

That's the problem when you store data, making whether you have some "pretty damn tight locks" in place irrelevant.

link
babesh 3487 days ago
The whole point is that you are providing an all or nothing choice for no good reason. Why do you FORCE that instead of letting the user choose to allow location while using the app?
link
justinator 3487 days ago
> things are locked down _pretty damn tight_ around sensitive data

Commenting, to save this little gem for the inevitable time when Uber gets hacked. Again.

link
0xmohit 3487 days ago
Remember that not all hacks are made public.
link
brokenmachine 3487 days ago
Maybe he means the next inevitable public hack.
link
0xmohit 3487 days ago
Would you be willing to share information about what % of Uber's revenue is accrued from monetizing user information?

EDIT: BTW, did you hear from your support that there are users who aren't pleased with the new feature?

link
username223 3487 days ago
> I'm not going to try to defend our reputation [as a shady company].

Someone well above your pay grade probably should. As far as I can tell, Uber's business model is psychopathic levels of regulatory and psychological arbitrage.

link
ohwello 3487 days ago
What is "psychological arbitrage"?
link
ambicapter 3487 days ago
Stuff like Uber figured out they could charge people more when their battery was low.
link
ohwello 3487 days ago
So that study is their business model?
link
newscracker 3487 days ago
There are two sides to this.

One is where we believe, based on your words (or some random person on the Internet who claims to be an employee), Uber employees are restricted from accessing customer data...you know, like LOVINT in the NSA. [1]

The second is where we believe, based on your words (and associated caveats), that Uber does not have a firehose feeding all this information to some other entity that has a much larger capacity for "machine learning", has far lesser actual oversight than what you claim to be in place in Uber, and uses that data for many things we don't know the impact of. This point might sound like I'm talking only about the NSA and trust in the U.S. government, but keep in mind that Uber operates in many countries, and all of their governments have an interest in gaining such data and using it for their own purposes.

Post Snowden, neither of these sides look harmless. I'm talking about the world society as a whole, not just about what one person may consider ("nothing to hide") or what negative experiences that some people may never go through in life.

[1]: https://www.washingtonpost.com/news/the-switch/wp/2013/08/24...

link
hackuser 3487 days ago
I don't want to disrespect you personally, but why should I trust Uber? Today it's locked down, tomorrow it's not. Is there anything protecting me?
link
loqwe 3487 days ago
It's not reassuring to hear that lowly engineers can't access the data, but the axe-grinding execs can.
link
bastawhiz 3487 days ago
All of our data is actually hidden inside a mountain carved to look like Travis's head, a la Mt. Richmore from the hit 90s movie Richie Rich. There are many layers of security, including a voice recognition algorithm that only responds to Ryan Graves singing Never Gonna Give You Up.

But in all seriousness, I'd imagine the execs need to go through the same process an engineer would.

link
sdoering 3487 days ago
> But in all seriousness, I'd imagine the execs need to go through the same process an engineer would.

You see. You imagine. You believe. You are told. You do not know. And even if it were so today it would not have to be that way tomorrow. So even todays security isn't enough of a reassurance.

The only secure data is data never collected in the first place. And until the friggin disruptive startups start to recognize this I will try to not support them in making my data more insecure.

link
rmc 3487 days ago
Has there been an independent third party audit of Uber's internal data security? Or do we just have to take Uber's word on it?
link