Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Uber Ride Data Publicly Accessible Through Google

Posted by Soulskill on from the so-be-good-for-goodness-sake dept.

itwbennett writes: On Thursday, ZDNet reported that Uber ride data had leaked into Google search results. Zach Minors confirms in this article that a "site-specific Google search for trip.uber.com produced dozens of links to Uber rides that have been completed and cancelled, in countries around the world including the U.S., England, Russia, France and Mexico. Each link leads to a Web site with a map showing the ride's route, with the pickup and destination tagged with markers. A card on the page also shows the first name of the rider and driver, along the driver's photo, make and model of the car, and license plate number." However, what appeared to be a privacy red flag was not a "data leak," according to an Uber spokeswoman: "We have found that all these links have been deliberately shared publicly by riders. Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

28 comments

  1. So ... not really a story? by Anonymous Coward · · Score: 0

    Facebook lets search engines index their public information too.

    1. Re:So ... not really a story? by jakimfett · · Score: 1

      Dice hates Uber, maybe? Anything to make Uber look bad?

      --
      Bits of code, random ramblings: jakimfett.com
    2. Re:So ... not really a story? by Anonymous Coward · · Score: 0

      Uber has done plenty to make it self look bad. No need for help.

      http://finance.yahoo.com/news/...

      I use Lyft. I wouldn't user Uber if it was half the price.

  2. So? by Anonymous Coward · · Score: 0

    So people intentionally share their Uber ride info and Google finds it. That is what search engines do.

    There is mass surveillance going in and hacking of personal information and THIS is what you are worried about? Who cares?

    1. Re: So? by shitzu · · Score: 1

      How does one share an Uber ride? Just curious. Do you know the urls pointing to your drives you can share?

    2. Re: So? by Anonymous Coward · · Score: 0

      you click the "share" button in the uber app.

  3. Ashley Madison correlation? by KatchooNJ · · Score: 2

    Quick! Someone match up this data with the Ashley Madison data to find out what correlates.

    --
    "Never give up, for that is just the time and place when the tide will change." -Harriet Beecher Stowe ^_^
    1. Re:Ashley Madison correlation? by plopez · · Score: 1

      Using an "eventually consistent" database engine!

      --
      putting the 'B' in LGBTQ+
  4. Not an issue. by OverlordQ · · Score: 2

    However, what appeared to be a privacy red flag was not a "data leak," according to an Uber spokeswoman: "We have found that all these links have been deliberately shared publicly by riders. Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

    That's why all the links are 404s now, since it totally wasn't an issue.

    --
    Your hair look like poop, Bob! - Wanker.
    1. Re:Not an issue. by Anonymous Coward · · Score: 0

      Even though the links may have been deliberately shared online, users likely were not aware that they would contain sensitive data in the source code, or that anyone could find them through Google.

      It's perfectly understandable that Uber would remove them.

    2. Re:Not an issue. by Anonymous Coward · · Score: 0

      I don't think you know what sensitive data means. None of the data shared was sensitive. The links were used so that people could share the trip with others, so people could know where they were coming from and when they were supposed to arrive, and what license plate and driver in order to identify the car when it arrived. If you share something, Google will find it. That is what search engines do.

    3. Re:Not an issue. by Anonymous Coward · · Score: 0

      links expire after 48 hours. So expected.

      (this is a relatively new policy https://twitter.com/four/status/639657368486154240)

    4. Re:Not an issue. by 93+Escort+Wagon · · Score: 3, Informative

      It likely wasn't clear to Uber's users that these pages would be linked somewhere public, given the reasons the company states for these pages' existence.

      Let's say I'm setting up a trip, and I'm offered a chance to send a link to someone so they can follow my progress. I would expect that link to be provided only to that individual, probably over email - NOT included on some page anyone can find by clicking around Uber's website. Yet that apparently is exactly what Uber was doing... putting it on such a page.

      Now anyone familiar with Uber's security track record won't be surprised they are doing this; but still this falls on the shoulders of the company, not the users, regardless of Uber's attempts to deflect the blame.

      --
      #DeleteChrome
    5. Re:Not an issue. by Anonymous Coward · · Score: 0

      If only there were some way of declaring that information for very temporary, limited consumption by potential clients looking for a particular service in a particular place shouldn't be stored indefinitely by third parties along with further irrelevant information. Some sort of instruction to the machines - let's call them robots - responsible for collecting that information. A text file, perhaps? It could be placed somewhere really easy to find, and Disallow such collection.

    6. Re:Not an issue. by Anonymous Coward · · Score: 0

      What you describe it not what Uber was doing. They provide a URL. Users sometimes post that URL via Twitter or whatever. Google picks up the user-provided post. At no point to Uber directly put the URL someplace that Google could find it; that was all under user control.

      You can argue that perhaps these should time out faster or something -- maybe disappear a hour after the trip ends -- but let's not make up things in an attempt to prove how bad Uber is.

    7. Re:Not an issue. by Anonymous Coward · · Score: 0

      So you want Facebook to include a robots.txt that somehow excludes Uber URLs that users post to their walls? Uber can ask that Google doesn't index their own site, but they can't control all the other places that users post links, which is where these URLs came from.

  5. Shoulda stored in on Hillary!'s email server by Anonymous Coward · · Score: 0

    No one would find it then.

    Especially when your sysadmin pleads the Fifth Amendment...

  6. yeah, and? by Anonymous Coward · · Score: 0

    If you post something, like an uber link, publicly, it can be indexed by search engine crawlers.

    OoO amazing!

  7. This proves Uber is ruled by Republicans by Anonymous Coward · · Score: 0

    Their kind doesn't grok security. They also don't grok humanity. They hate us.

    1. Re: This proves Uber is ruled by Republicans by Anonymous Coward · · Score: 0

      And most of them are closeted fags even though they preach family values.

  8. You're absolutely fucking wrong. by Anonymous Coward · · Score: 0

    You're completely full of shit, son.

    Even information as seeming minor as a driving trip that somebody took could have devastating consequences for the person involved.

    Let's say that the person involved is a pastor at a large church. He worked for decades to get to where he is. But he's also a closeted homosexual, with a secret boyfriend. If this secret got out, it would likely destroy his career and everything he has worked for.

    Well, it just happens that the pastor's boyfriend lives in the gay district of the city. It's the sort of place that a heterosexual pastor would have no reason to visit, at least in the eyes of his congregation.

    So when info about this pastor's vehicular trips, which was intended to be only available to the pastor and his boyfriend, is accidentally released to the public at large, the congregation quickly notices that the pastor makes many trips from his house to a specific location in the gay district. One night some members of the congregation follow the pastor, and catch him in the 69 position with his boyfriend.

    Now the pastor has to answer to the congregation for why he was caught with another man's penis in his mouth, and his penis in the mouth of another man. His behavior is deemed inappropriate, given his role at the church and how his behavior violates their beliefs and morals. Even if he doesn't lose his job directly, he still loses the respect of the congregation. Some of them move to other churches, and his church fails due to the drop in membership. His life is ruined.

    I know you'll probably say something ignorant like, "Well, he shouldn't have been a faggot in the first place!", but those kind of arguments are irrelevant. The reality is that the unexpected release of information that was expected to be private, even if it may not seem like a big deal to you, can in fact cause a lot of harm depending on the situations of the people involved.

    1. Re:You're absolutely fucking wrong. by CaseCrash · · Score: 1

      What the fuck is wrong with you?

      The trips are only shared if the user explicitly does it, and your crazy rant has nothing to do with this.

      --
      No, that link you posted to a web comic we've all seen a hundred times is not "obligatory."
  9. We need a way to mod stories by Gibgezr · · Score: 1

    I thought the idea behind the fire-hose was that it would prevent non-stories from showing up. Guess not.

  10. Bad headline by xxxJonBoyxxx · · Score: 1

    Headline probably should have been, "Uber accidentally shares more information about 'public' rides than its customers expected"

    The point of TFA seems to be that specific addresses and start/finish times were published, when the public "shared rides" site makes it seem like that information is hidden.

  11. class 101 by Anonymous Coward · · Score: 0

    robots.txt

  12. What about the driver's privacy? by Anonymous Coward · · Score: 2, Insightful

    >> along the driver's photo, make and model of the car, and license plate number.

    Isn't this is a lot to disclose publicly about the driver?

  13. "ways to make it even more secure" by DodgeRules · · Score: 1

    "Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

    Like the use of a simple robots.txt file which should have been in place on day -1?

  14. Cross index by morgauxo · · Score: 1

    I wonder if someone with more time on their hands than I could combine this data with the Ashley Madison dump and identify when and where people met.