Uber’s U-Turn On User Watching

Uber will stop its controversial practice of tracking users for up to five minutes after a trip has ended, as it attempts to turn around its mired public image.

A change to the Uber app due to roll out will allow users to share location data only when actively using the app, stopping further tracking once a trip is complete, according to Uber’s chief security officer Joe Sullivan.

The change comes as Uber recruits former Expedia chief executive Dara Khosrowshahi to head the company, filling the void left by ousted Uber founder Travis Kalanick and other top executives in June.

Sullivan leads a team of about 500 that has been working to beef up customer privacy at Uber since he joined in 2015. The chief security officer, who is a member of the executive leadership team that has been co-running Uber since Kalanick left, said: “We’ve been building through the turmoil and challenges because we already had our mandate.”

An update to the app made last November eliminated the option for users to limit data gathering to only when the app is in use, instead forcing them to choose between letting Uber always collect location data or never collect it.

Uber said it needed permission to always gather data in order to track riders for five minutes after a trip was completed, which the company said could help in ensuring customers’ physical safety. The option to never track required riders to manually enter pickup and drop-off addresses.

But the changes were met with swift criticism by some users and privacy advocates who called them a breach of user trust by a company already under fire for how it collects and uses customers’ data. Uber said it never actually began post-trip tracking for iPhone users and suspended it for Android users.

Sullivan said Uber made a mistake by asking for more information from users without making clear what value Uber would offer in return. If Uber decides that tracking a rider’s location for five minutes is valuable in the future, it will seek to explain what the value is and allow customers to opt in to the setting, he said.

Sullivan said Uber was committed to privacy but had previously suffered “a lack of expertise” in the area.

The change comes two weeks after Uber settled a US Federal Trade Commission complaint that the company failed to protect the personal information of drivers and passengers, and was deceptive about its efforts to prevent snooping by its employees.

Uber agreed to conduct an audit every two years for the next two decades to ensure compliance with FTC requirements. The location-tracking changes will initially only be available to iPhone users, but Uber intends to bring parity to Android devices, Sullivan said.

The changes are part of a series of updates expected in the coming year to improve privacy, security and transparency at Uber, Sullivan said.

Uber’s stance is expected to change on a number of things under the leadership of the Iranian American Khosrowshahi, who has been vocal in his criticism of Donald Trump. Khosrowshahi will have to reform workplace culture, recruit new executives including chief financial officer and chief operating officer, and deal with various legal wrangles.

Guardian:

You Might Also Read:

Uber Faces A Criminal Probe In The US:

Google Lawsuit Could Be Fatal For Uber:

 

« Businesses Need Cyber Insurance – Now!
Police Spy On Their Own: Twitter Accounts Scrutinised »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

Centripetal Networks

Centripetal Networks

Centripetal Networks was founded with one vision - to protect networks from advanced threats by simplifying intelligence-driven security.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

idappcom

idappcom

idappcom provides unique industry approved software solutions for auditing and enhancing the threat recognition and response capabilities of your corporate security defences.

HYPR

HYPR

HYPR Decentralized Authentication minimizes the risk of enterprise data breaches while providing an enhanced user experience for your customers and employees.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

AppGuard

AppGuard

AppGuard prevents breaches by blocking applications from performing inappropriate processes using our patented dynamic isolation and inheritance technologies.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.

Port-IT

Port-IT

Port-IT is a leading partner in cybersecurity solutions tailored for the maritime industry.

Judy Security

Judy Security

Judy provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.