Uber’s U-Turn On User Watching

Uber will stop its controversial practice of tracking users for up to five minutes after a trip has ended, as it attempts to turn around its mired public image.

A change to the Uber app due to roll out will allow users to share location data only when actively using the app, stopping further tracking once a trip is complete, according to Uber’s chief security officer Joe Sullivan.

The change comes as Uber recruits former Expedia chief executive Dara Khosrowshahi to head the company, filling the void left by ousted Uber founder Travis Kalanick and other top executives in June.

Sullivan leads a team of about 500 that has been working to beef up customer privacy at Uber since he joined in 2015. The chief security officer, who is a member of the executive leadership team that has been co-running Uber since Kalanick left, said: “We’ve been building through the turmoil and challenges because we already had our mandate.”

An update to the app made last November eliminated the option for users to limit data gathering to only when the app is in use, instead forcing them to choose between letting Uber always collect location data or never collect it.

Uber said it needed permission to always gather data in order to track riders for five minutes after a trip was completed, which the company said could help in ensuring customers’ physical safety. The option to never track required riders to manually enter pickup and drop-off addresses.

But the changes were met with swift criticism by some users and privacy advocates who called them a breach of user trust by a company already under fire for how it collects and uses customers’ data. Uber said it never actually began post-trip tracking for iPhone users and suspended it for Android users.

Sullivan said Uber made a mistake by asking for more information from users without making clear what value Uber would offer in return. If Uber decides that tracking a rider’s location for five minutes is valuable in the future, it will seek to explain what the value is and allow customers to opt in to the setting, he said.

Sullivan said Uber was committed to privacy but had previously suffered “a lack of expertise” in the area.

The change comes two weeks after Uber settled a US Federal Trade Commission complaint that the company failed to protect the personal information of drivers and passengers, and was deceptive about its efforts to prevent snooping by its employees.

Uber agreed to conduct an audit every two years for the next two decades to ensure compliance with FTC requirements. The location-tracking changes will initially only be available to iPhone users, but Uber intends to bring parity to Android devices, Sullivan said.

The changes are part of a series of updates expected in the coming year to improve privacy, security and transparency at Uber, Sullivan said.

Uber’s stance is expected to change on a number of things under the leadership of the Iranian American Khosrowshahi, who has been vocal in his criticism of Donald Trump. Khosrowshahi will have to reform workplace culture, recruit new executives including chief financial officer and chief operating officer, and deal with various legal wrangles.

Guardian:

You Might Also Read:

Uber Faces A Criminal Probe In The US:

Google Lawsuit Could Be Fatal For Uber:

 

« Businesses Need Cyber Insurance – Now!
Police Spy On Their Own: Twitter Accounts Scrutinised »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Infosec (T) Ltd

Infosec (T) Ltd

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

Baffin Bay Networks

Baffin Bay Networks

Baffin Bay Networks operates globally distributed Threat Protection Centers™, offering DDoS protection, Web Application Protection and Threat Inspection.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

Quantstamp

Quantstamp

Quantstamp are experts in Smart Contract Security Audits. We provide verification that your decentralized system works as intended.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.