Citizens Demand “Uber” Privacy

By Gary S. Miliefsky, CEO, SnoopWall, Inc.

The world is waking up.  Riots in France.  Over Uber, you ask?  Yes, the app you conveniently downloaded on your smartphone to help you get a ride from where you are to where you want to go, usually at a lower cost than a local taxi and more convenient in some cities than hailing a cab, is also a brilliant piece of SPYWARE.  Yes, let’s call it for what it is.  Here’s the permissions it asks for on the Google Play store:

Uber app by Uber Technologies, Inc.

Version 3.55.0 can access:

Identity

•  add or remove accounts
• find accounts on the device
• read your own contact card

Contacts

• read your contacts

Location

• approximate location (network-based)
• precise location (GPS and network-based)

SMS

• receive text messages (SMS)

Phone

• directly call phone numbers

Photos/Media/Files

• read the contents of your USB storage
• modify or delete the contents of your USB storage

Camera

• take pictures and videos
• Wi-Fi connection information
• view Wi-Fi connections
• Device ID & call information
• read phone status and identity

Other

• receive data from Internet
• modify system settings
• use accounts on the device
• view network connections
• full network access
• control vibration
• prevent device from sleeping
• read Google service configuration

In addition, without knowing in detail what’s in them, updates to Uber may automatically add additional capabilities within each group.

Now, while I would agree the riots in France are mostly over UberPop, their French app, with over 400,000 downloads in country, stealing business away from the Taxi industry, violating French law, it’s also been reported that the French are upset with Uber’s data collection and privacy policies.  Like most ‘growing too fast to think straight’ companies Uber joins the ranks of Google, Facebook and Twitter in wanting to know everything they can about everyone.

It’s a growing trend where the Marketing Vice President of these companies convinces the CEO that ‘consumer analytics’ is where it’s at.  Collecting as much information about everyone is just going to make the ‘product better’ they say.  Without concerns for our PRIVACY, they continue to collect and mine data without us knowing when, how and why?  Ultimately, these companies feel if we the people (or in this case ‘sheeple’) are willing to go along with the pack and just give away our right to privacy for convenience, well, shame on us, not them.  It should be the other way around.

Slowly, there is an awakening.  It’s happening now, in France, all over Uber.  It’s happening in New York City, all over Uber.  What did Uber do in NYC to spark this rebellion?  Uber has been using data mining in New York City to attempt to rally public sentiment against the proposed cap on Uber’s drivers in New York City.  They actually send unsolicited political text messages to those in the Geolocation of NYC trying to rally support.  Creepy.  Very creepy.  This is the tip of the iceberg of what Uber can do because of all the data they’ve collected.  Remember last year, when Uber NYC executive Josh Mohrer tracked technology reporter Johana Bhuiyan on two occasions using a feature known as ‘God View’.  What a great internal name for the SPYWARE dashboard of Uber.  God View is available to all employees at the car-sharing service and allows them to see customer activity, such as where a person wants to be picked up.  Marketing VP and Developers at Uber – what were you thinking?  Shame on you for building a SPYWARE network instead of a private car service.

Maybe this is the beginning of a pivotal moment – when consumers start to question companies with God Views that collect data on them and how that violates their privacy. Maybe soon people will demand a PRIVACY ride service and even be willing to pay a slight premium per ride so that their personally identifyable information (PII) won’t be gobbled up into a corporate database that is never secure enough against the next hacker attack and that’s managed by companies with staff willing to use that data in ways consumers would never have approved.

Uber – get out of our contacts list.  Stop tracking us.  Anonymize and encrypt your “God View” system and rename it to what is – Consumer SPYWARE Dashboard.  Your Marketing VP needs to read 1984 and realize that WE – THE – PEOPLE no longer are willing to become a product in your database.  Do a great job.  Offer a great service.  Don’t steal our privacy or creep on us anymore.

About The Author

Gary is the CEO of SnoopWall, Inc. and inventor of the company’s novel Counterveillance technology.  He has been extremely active in the INFOSEC arena, most recently as the Editor of Cyber Defense Magazine and the cover story author and was a frequent contributor to Hakin9 Magazine. He also founded NetClarity, Inc., an internal intrusion defense company, based on a patented technology he invented. He is a member of ISC2.org, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. He also advised the National Infrastructure Advisory Council (NIAC) which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace. Miliefsky is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), serves on the advisory board of MITRE on the CVE Program (http://CVE.mitre.org) and is a founding Board member of the National Information Security Group (http://www.NAISG.org). Email him at: [email protected]