How ridesharing services can take your privacy for a ride
Authored by a Symantec employee
In cities around the globe, using ridesharing services has become a way of life. Just as “Google” has become a verb, so have “Uber” and “Lyft,” to name just two of the better-known ridesharing companies.
Safety for every device.
Security is no longer a one-machine affair. You need a security suite that helps protect all your devices – your Windows PC, Mac, Android smartphone or your iPad.
The convenience of always-available cars and drivers paired with easy-to-use apps, plus a selection of ride and pricing options makes for a great blend of technology and transportation. However, because these services require riders’ information, such as real-time location data and a form of payment, they could pose risks to riders’ information and privacy if that information is mishandled.
Ridesharing: the good and the bad
Traditional car services like taxis have fallen in popularity1 in part because ridesharing services offer more conveniences: instantaneous confirmation of ride requests, less-expensive rates, and typically a newer and more varied “fleet” of cars since they employ individual contracted drivers who use their personal cars.
While a popular concept, ridesharing services do have their issues, because they’re not regulated. They still need to comply with local driving regulations; however, it is still within each service’s purview to decide how to conduct background checks for applicants or what type of insurance is needed. Luckily, there’s a human “safety check” system that a lot of these companies use. Each rider can rate their driver, and the driver can rate the passengers in the same manner. If a driver falls below a certain rating, they are unable to drive for the company.
What types of data do ridesharing companies collect?
Ridesharing services like Uber and Lyft rely on GPS-enabled smartphones, since their apps need to know the location of both drivers and ride requestors. However, if riders don’t turn off location access after completing their rides the app could potentially track and collect data around the clock on where the user is, where they go, and, sometimes, even how long they stay there.
In addition to location data, a lot of these services require the user to link to a social networking account, usually Facebook, as a way of verifying identity. By doing so, the user then grants that company access to the personal information that is in their Facebook account.
These services are also cashless, so in order to use them, the user must store a valid credit card in their account.
What can be done with your data?
How’s this for a cautionary tale? A ridesharing company once had a launch party in a new city where they displayed in real-time the full names and destinations of their riders. Luckily, nothing but some extreme heat from the press came from that privacy gaffe. But it did raise the issue of how these ridesharing companies store, handle, and even safeguard riders’ privacy.
Data breaches are increasing as cybercriminals find company databases to be treasure houses of personal information. These breaches can happen during the transmission of this data or even through the third parties once they receive the data. In 2015, Uber suffered one such data breach that exposed the personal information of 50,000 drivers. 2
Before you install that app …
No two companies are alike, and ridesharing services are no exception. Before you commit to choosing a company by installing their app, follow these suggestions:
- Research each company for any online reviews or news stories about them to get a better sense of the company charter, culture, attitudes, and any worrisome issues that customers may be discussing.
Data and privacy shouldn’t be mutually exclusive
In today’s technology-driven world, data collection, privacy, and protection should be at the forefront of everyone’s minds, from consumer to developer. We now live in a world where the paradigm has shifted from bank robberies to data breaches, simply because all of our personal information can be easily accessed in one place from companies that store that data. Uber, for one, is beginning to address this issue.
On July 13, 2017, Uber released an open-source differential privacy tool nicknamed Elastic Sensitivity. Differential privacy means that the identity of individuals is stripped out of user data before it is analyzed, helping to anonymize and protect a person’s privacy. Uber’s new tool alerts their data analysts of the likely privacy implications of any queries they make on Uber data before it can be analyzed. 3
Until all companies, ridesharing or otherwise, are held accountable for how they collect, store, and protect our data, responsibility ultimately falls to consumers to be aware of the companies they conduct business with and to be diligent, educated, and aware of how their data is handled when using services and apps.
Don’t wait until a threat strikes.
Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device – like most of us do – you need an all-in-one security suite. Meet Norton Security Premium.
Enjoy peace of mind on every device you use with Norton Security Premium.
1 Fortune.com, “Uber and Lyft have absolutely gutted L.A.'s taxi industry.”
2 Chicagotribune.com, “Uber data breach exposes information of 50,000 drivers.”
3 Gizmodo, “Uber unveils new privacy tool that protects individual user data.”
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.