[bastawhiz]

> Uber has a reputation and history of being a "shady" company.

I'm not going to try to defend our reputation. But it's worth saying that things are locked down _pretty damn tight_ around sensitive data. I've worked in enterprise file storage in the past, and the internal security at Uber is far better (relatively speaking), and continues to mature.

[coldtea]

>But it's worth saying that things are locked down _pretty damn tight_ around sensitive data.

Which means absolutely nothing as an assurance. Even if that's the case today, in 5 or 10 years the company could go down, or change CEO and be all about exploiting the data, or selling it to advertisers or whatever. Or it could just be a hack that releases millions of ride information (it has happened to the best of web services).

That's the problem when you store data, making whether you have some "pretty damn tight locks" in place irrelevant.

[babesh]

The whole point is that you are providing an all or nothing choice for no good reason. Why do you FORCE that instead of letting the user choose to allow location while using the app?

[justinator]

> things are locked down _pretty damn tight_ around sensitive data

Commenting, to save this little gem for the inevitable time when Uber gets hacked. Again.

[0xmohit]

Remember that not all hacks are made public.

[brokenmachine]

Maybe he means the next inevitable public hack.

[0xmohit]

Would you be willing to share information about what % of Uber's revenue is accrued from monetizing user information?

EDIT: BTW, did you hear from your support that there are users who aren't pleased with the new feature?

[username223]

> I'm not going to try to defend our reputation [as a shady company].

Someone well above your pay grade probably should. As far as I can tell, Uber's business model is psychopathic levels of regulatory and psychological arbitrage.

[ohwello]

What is "psychological arbitrage"?

[ambicapter]

Stuff like Uber figured out they could charge people more when their battery was low.

[ohwello]

So that study is their business model?

[newscracker]

There are two sides to this.

One is where we believe, based on your words (or some random person on the Internet who claims to be an employee), Uber employees are restricted from accessing customer data...you know, like LOVINT in the NSA. [1]

The second is where we believe, based on your words (and associated caveats), that Uber does not have a firehose feeding all this information to some other entity that has a much larger capacity for "machine learning", has far lesser actual oversight than what you claim to be in place in Uber, and uses that data for many things we don't know the impact of. This point might sound like I'm talking only about the NSA and trust in the U.S. government, but keep in mind that Uber operates in many countries, and all of their governments have an interest in gaining such data and using it for their own purposes.

Post Snowden, neither of these sides look harmless. I'm talking about the world society as a whole, not just about what one person may consider ("nothing to hide") or what negative experiences that some people may never go through in life.

[1]: https://www.washingtonpost.com/news/the-switch/wp/2013/08/24...

[hackuser]

I don't want to disrespect you personally, but why should I trust Uber? Today it's locked down, tomorrow it's not. Is there anything protecting me?

[loqwe]

It's not reassuring to hear that lowly engineers can't access the data, but the axe-grinding execs can.

[bastawhiz]

All of our data is actually hidden inside a mountain carved to look like Travis's head, a la Mt. Richmore from the hit 90s movie Richie Rich. There are many layers of security, including a voice recognition algorithm that only responds to Ryan Graves singing Never Gonna Give You Up.

But in all seriousness, I'd imagine the execs need to go through the same process an engineer would.

[sdoering]

> But in all seriousness, I'd imagine the execs need to go through the same process an engineer would.

You see. You imagine. You believe. You are told. You do not know. And even if it were so today it would not have to be that way tomorrow. So even todays security isn't enough of a reassurance.

The only secure data is data never collected in the first place. And until the friggin disruptive startups start to recognize this I will try to not support them in making my data more insecure.

[rmc]

Has there been an independent third party audit of Uber's internal data security? Or do we just have to take Uber's word on it?