Consider these keywords first: God View, Heaven View, Hell, Greyball, Rides of Glory. These are neither any Uber cocktail names nor any sleazy red light parlors. But are some codes that could be snooping on you. The biggest online threat today is not from crooks that hide in the deepnet and send out malicious codes to take over your computer, but from seemingly legitimate “white collared” apps. The bandwagon is led by the ride-hailing app, Uber, which promises to solve transportation problems but has continuously been spying on your privacy. We list out, how over time, Uber has been “taking us for a ride.”
1. Heaven View: Data accessible to all
Previously known as God View, the tool was first reported by Buzzfeed as early as November 2014, to have been used to track journalists, who could write critically about the company. Buzzfeed quoted two former Uber employees stating, God View, which shows the location of Uber vehicles and customers who have requested a car, was widely available to corporate employees.
The tool has been used to track politicians, celebrities, ex-boyfriends, and ex-girlfriends, according to an October 2016 court declaration given by Uber’s former forensic investigator Samuel Ward Spangenberg.
Spangenberg stated that Uber changed God View to “Heaven View” and employees caught tracking customer data without permission were fired. Uber acknowledged it had fired “fewer than 10” employees for improper access.
2. Rides of Glory: Name and shame RoGer journalists
Today were going to get a little emotional. You know that Uber loves you and well, gosh, sometimes its nice to think that you love us, too. But we know were not the only ones in your life and we know that you sometimes look for love elsewhere. Well, while youre out loving other human beings, we #UberData nerds are cuddled up with our computers, loving math.
The above text and image are from an Uber blog, dated: March 26, 2012. The blog post has been deleted now from Uber servers but then, nothing actually gets deleted from the world wide web. It still can be accessed on WayBackMachine.
The innocuous blog got attention much much later, when Buzzfeed quoted Uber executive, Emil Michael, outlining the notion of spending ‘a million dollars’ to hire four top opposition researchers and four journalists to “help Uber fight back against the press — they’d look into ‘your personal lives, your families,’ and give the media a taste of its own medicine.”
Let’s fetch more text from the now deleted blog:
Recently, I have come to understand that some of you may have—and Im not pointing any fingers here or anything—on occasion found love that you might immediately regret upon waking up the morning after. Lets talk about that. In times of yore you would have woken up in a panic, scrambling in the dark trying to find your fur coat or velvet smoking jacket or whatever it is you cool kids wear. Then that long walk home in the pre-morning dawn. But that was then.
The world has changed, and gone are the days of the Walk of Shame. We live in Ubers world now.
One of the neat things we can do with our data is discover rider patterns: are there weekend riders that only use Uber post-party? What about the workday commuters who use us every morning? It was while playing around with this idea of (blind!) rider segmentation that we came up with the Ride of Glory (RoG). A RoGer is anyone who took a ride between 10pm and 4am on a Friday or Saturday night, and then took a second ride from within 1/10th of a mile of the previous nights drop-off point 4-6 hours later (enough for a quick nights sleep).
Essentially, that means, Uber wanted to tread the path of naming and shaming RoGer journalists.
3. Greyball: The secret software to dodge law officials
In March, this year, New York Times reported that Uber has for years used a tool called Greyball to systematically deceive law enforcement officials in cities where its service were declared illegal or had been banned.
Uber “greyballed” officials attempting to hail an Uber during a sting operation. They might see icons of cars within the app navigating nearby, but no one would come pick them up. The program helped Uber drivers avoid being ticketed.
Greyball was part of a program called VTOS, short for “violation of terms of service,” which Uber created to root out people it thought were using or targeting its service improperly. The program, including Greyball, according to The New York Times, began as early as 2014 and was predominantly used outside the United States. It was used in Portland, Oregon, Philadelphia, Boston, and Las Vegas, as well as France, Australia, China, South Korea and Italy.
Greyball used geolocation data, credit card information, social media accounts and other data points to identify individuals they suspected of working for city agencies to carry out the sting operations, according to the Times.
Later, the company said that it will stop using the tool. It said on a blog post:
We have started a review of the different ways this technology has been used to date. In addition, we are expressly prohibiting its use to target action by local regulators going forward. Given the way our systems are configured, it will take some time to ensure this prohibition is fully enforced. We’ve had a number of organizations reach out for information and we will be working to respond to their inquiries once we have finished our review.
4. Hell: A spyware to track Lyft drivers
More hell broke loose on the firm, this month, when the news of the ride-hailing company using software dubbed ‘Hell’ to track drivers on its rival Lyft, in the US, broke in. Used between 2014 and 2016, Hell, according to The Information allowed Uber to monitor details on Lyft drivers including how many of them were available, their location and which of them were registered to both Uber and Lyft.
In the latest development, Michael Gonzales, a former Lyft driver has sued Uber in San Francisco, California, alleging the ride-summoning company spied on his movements and violated privacy, competition, and communications laws.
Gonzales alleges that Uber used Lyft driver data to identify which drivers utilized both Uber and Lyft, in order to encourage those drivers to focus on Uber, thereby making Lyft customers wait longer for rides and reducing Lyft’s earnings.
“Uber accomplished this by incentivizing drivers working on both platforms to work primarily for Uber, thereby reducing the supply of Lyft drivers which resulted in increased wait times for Lyft customers and diminished earnings for Lyft drivers,” the lawsuit reads.
5. Fingerprinting: Your iPhone is on the radar
In another privacy breach issue, Uber has been retaining “fingerprinting” of iPhone users, even after the user has uninstalled the app and even wiped the phone. According to The New York Times, Uber CEO Travis Kalanick, stopped short of kicking Uber out of the app store and got a personal reprimand from Apple CEO Tim Cook.
A device fingerprint or machine fingerprint or browser fingerprint is information collected about a remote computing device for the purpose of identification. Fingerprints can be used to fully or partially identify individual users or devices even when cookies are turned off.
In order to prevent Apple engineers from discovering the fingerprinting, Uber allegedly geofenced Apple’s Cupertino headquarters to hide the code used in the process. But Apple engineers based in other offices discovered the trick, according to the New York Times, leading Cook to call Kalanick.
The company still continues to use fingerprinting worldwide. In its defense, it states that it does not track user data and location, and uses fingerprinting on iPhones as a fraud-prevention method in locations like China. Drivers there would register multiple Uber accounts on stolen iPhones and use them to request rides, thereby boosting the number of overall rides — a metric that Uber rewards with bonuses.
Time to Unroll.me Uber
Have you ever used the Unroll.me tool in Gmail or other email services that promises to protect privacy and unsubscribe newsletters and promotional messages for you and send the ones you like as a digest? May be, you should reconsider the “authorization” to the tool. Unroll.me, has been allegedly snooping on your mails and selling the data to Uber.
The same New York Times article that details Tim Cook lambasting Uber CEO Kalanick, makes mention of Unroll.me’s data breach.
Slice Intelligence, the firm that owns Unroll.me, allegedly, snooped over emailed Lyft receipts in users’ Inboxes and sold the anonymized data to Uber. The latter used the data as a proxy for the health of Lyft’s business.
Unroll.me CEO Jojo Hedaya is “heartbroken” but unapologetic. On Sunday, he wrote on a company blog that “it was heartbreaking to see that some of our users were upset to learn about how we monetize our free service.”
Hedaya, from this point forward, promises a “clearer messaging” on Unroll.me website, and app, and in its FAQs. “We will also be more clear about our data usage in our on-boarding process,” he states.
Time that we unroll Uber?