Ride sharing privacy

Last updated

Ride sharing networks face issues of user privacy like other online platforms do. Concerns surrounding the apps include the security of financial details (which are often required to pay for the service), and privacy of personal details and location. Privacy concerns can also rise during the ride as some drivers choose to use passenger facing cameras for their own security. As the use of ride sharing services become more widespread so do the privacy issues associated with them.

Contents

History

Ride-sharing has been a concept since World War II, but it wasn't until around the 1990s when programs started to digitize. [1] Some of the first telephone-based ride-matching programs were Bellevue Smart Traveler from the University of Washington, Los Angeles Smart Traveler from Los Angeles's Commuter Transportation Services, and Rideshare Express from Sacramento Rideshare. [1] However, in these telephone-based programs the operational costs started exceeding their revenues and an alternative, internet and email driven ride-matches, was proposed. This program was tested on a closed campus (it was only available to people associated with the University of Washington), which proved highly successful. Two other programs, ATHENA and MINERVA were both computerized but faced unsuccessful endings. [1] When the internet was created in the 1990s, online ride-matching was created. Websites originally had lists or forums that people could get information for carpooling options from, but the internet provided the ability to develop platforms, which were more dynamic and interactive. This concept didn't take off because the mechanics were not any different than traditional carpooling, only the ability to find them had been made easier. Since carpooling and ride-sharing were not very popular options, the smaller population who did participate already had set agendas, so timing-wise it was not helpful to those who needed transportation outside of a regular workday commute. Larger scale companies started becoming interested in partnering with ride-matching companies in order to spread the ride-sharing platform. They are gaining more traction as availability of mobile technology and thus accessibility not from a stationary point has become more prominent.

User input/privacy with software data

Software

User input features

Ride-sharing applications have several common user input features:

  • Users can input their pick-up destination.
  • Users can input their drop-off destination.
  • Users can save a home or work address.
  • Users can save unique places if they are visited frequently.
  • Users can also pinpoint their exact location on a map.
  • Users can save their credit card information for easy access.
  • Users can invite their friends which the app pulls from their phone contact information.
  • Users can create their own profile.
  • Users can see the profiles of their potential drivers as well as any reviews that come with it.

Ride-sharing companies also have several tracking features that are unclear in terms of what user information is being collected:

  • The application automatically connects and tracks the user's current location and surrounding areas, so when the app opens, an accurate map is immediately opened as the home page and the location of the user are immediately tracked.
  • Recent addresses that have been set as either pick-up or drop-off locations are kept in the search history.
  • Letting the app connect to personal data that is stored in the phone, such as access to contacts, can let the app access more than just phone numbers (addresses, personal information) which have been stored under the contact in the phone.

Uber privacy

Uber has an option where user privacy can potentially be forgotten and they are aware of what data they are collecting from the user and are being transparent: [2]

  • Ability to share or un-share live location as well as having location settings always on.
  • Ability to receive notifications about your account and trip.
  • Ability to remove stored contacts which adds on another way that can link two people together if someone is tracking someone's information.
  • Ability to share trip details with 911 in case of emergency.
  • Ability to sync personal calendar with the app.

Lyft privacy

According to Lyft's Privacy Policy, [3] the information they collect includes:

  • Registration information provided to them (name, email, phone number)
  • If a social media account is used to register, information from that profile will be used (name, gender, profile picture, friends)
  • Any information the user chooses to put in the profile
  • Payment information to charge riders (although credit card information is not stored by them)
  • Any interactions with the support team
  • Information provided during the driver application (DOB, address, Social Security, license information etc.)
  • Payment information to pay drivers
  • Location information including saved locations
  • Information about the device that the app's being used on
  • Usage data
  • Calls and Texts between riders and drivers
  • Feedback
  • Contacts (if user permits it)
  • Cookies

Hardware

Camera inside the car

Very recently has the presence of physical cameras been implemented in ride-share vehicles. Prior to this, the only time cameras were related to cars were traffic cameras and police cars. However, there has been a rise in the amount of continuous-recording cameras that are not just surveilling the road and keeping track of what happens outside the car. The implementation of cameras inside cars to record interactions between drivers and riders is something new. However, people are concerned about their privacy because this recording goes on during their trip duration, and they do not verbally consent to their recording. However, they consent to being in a person's car, hence they must abide to the driver's rules. There are federal rules about audio recordings, federal laws only requires "one party consent." [4]

Government policies about recording

According to the Omnibus Crime Control and Safe Streets Act of 1968, there are policies regarding recording audio conversations, including clarifications about the "one-party consent" rule that comes with it. Regarding audio conversations, it is illegal to record a conversation for which one is not partaking in. However, they are allowed to record if they are a member of the conversation themselves, without having to receive consent from the other party or having to let them know there is recording happening.

Concerns

The potential abuse of location-tracking

There are several areas where data could potentially be abused by the application knowing the rider's location. Since trip data is collected, if the ride-sharing company has partnerships with corporations, their partners can use the data to predict future locations and be able to pinpoint an individual's interests and market towards them. [5] [6] Corporations can collect information on what types of stores and what brands are most often visited by a user and can build an online profile, which is traceable. This can also relate to advertising companies, which can target personal interests and alter their online interactions to start showing ads that are catered and specific towards where the user has visited. *citation*

There are some cases where bad implications could arise. If the user were to partake in something related to their political standpoints, companies can store this for later information and potentially use it against the user if they come into contact with the company in a professional setting. This can apply to medicinal, religious, or legal affiliations as well, that a user's location and places visited cannot be justified when being looked at from an outside perspective.

Relating more to the online profile created of the user, if a person solely relies on ride-sharing services to get around, one can track how long the user has been away from their home and how far away they are from their home. This becomes an opportunity for people to stalk or rob the user because they know when is the ideal time people aren't home. *citation* Looking on a broader scale, based on the demographics of the area a user interacts with, if they frequently visit the same stores within a certain area, information can be assumed, such as estimated income. *citation*

Users have the option to save a home or work address for easy access. Most often, users put their actual address, but in some cases, users have been known to put an address a couple streets away, just for their safety in case data gets leaked. However, while this is a very basic level of deflection, putting a home address a couple streets away still gives a general location of where the user is stationed.

Location aware applications

Individuals have concerns over how, what, when, and where their location information is being stored as well as to what extent others have access to it. Not only pertaining to ride-sharing applications, but any applications that have sharing enabled of sorts, there are several types of applications that are location aware. Location based searching (LBS) occurs when a user's tracking returns items and buildings around the user's current location in order to be tracked. A map is drawn with the orientation of the surrounding buildings to determine a location. [7] Geo-location services are having the user tracked with an environmental footprint. It's an estimate of a user's location. Mobile sensing is the process of pinpointing the user's physical device, which has sensors and information that can be collected. Location sharing is a voluntary state where the user is in live-time and their location is constantly being updated and tracked.

Making use of user information

Looking more at the applications and how a user accesses the ride-sharing service, once a user inputs data into the app, it will be accessible on the web forever. Even if they delete information or delete their account, the information has been created on an online platform and now exists whether the user consents to it or not. These applications ask for user information such as phone number, email, and profile picture, all features which can be used to trace back to the user's identity. Once this information is in the application's database, it can accessed by the application as well as indirectly by any partners of the app.

Most apps have the payment charged and completed before a user can be connected to their ride. Users have the option to store credit card information for easy access instead of having to repeatedly input payment information. While there is an added level of security, such as passcode or touch ID before every transaction, this does not ensure the safety of this information in the app. It only ensures that the current transaction is made under the consent of the user.

Users are allowed to input a profile picture into their applications. Doing so has the intention of helping drivers spot their intended riders. However, this can cause an issue because if somehow a rider's image is saved and uploaded to the web, connections can be made to personal accounts. For example, with Facebook's face recognition advanced algorithm, it is easier to identify people's identities from outside pictures.

Solutions

Noise distribution

Researchers have come up with a conclusion which introduces a solution for these issues which is a system that helps with both data privacy and user anonymity. [8] The solution is a program that creates a noise distribution so a user's certain location is offset. It is basically putting the location of the user through some encryption and reporting that location that only the system knows how to read, so it is not manipulating the actual location, but just how that data is input into the system. This solution has already been implemented into two major operating systems, Mac OS and Linux. This solution helps with those who are suspicious of using these ride-sharing applications because of the fear of their privacy being invaded or potentially data being stolen, but this software has proven that it can handle securing data as well as keeping the user anonymous. It is more like an extra layer of security that creates another blanket to hide the user.

K-anonymity

K-anonymity serves as an Anonymizing Server, which is a trusted third party server which is in charge of providing anonymous cover for users. K-anonymity is used to preserve the location privacy by creating a location cloak without knowing the actual location of the user. [9] The software attempts to find a number of users close to the actual users because then exact locations could not be correlated back to the original user in question and these several locations which cannot be identified to the users in close proximity would protect the original user. There is no way to distinguish between all the users. [9]

Fuzzy interference systems

Another solution is to try and use fuzzy interference systems when relating to mobile geo-services. [10] This solution would use different details to identify the user that would not be prone to organizations abusing the obtained information. Currently, location based services can reveal several sensitive pieces of information, like closest religious institutions, which can reveal the identity of the user, which organizations utilize for purely commercial purposes. The paper proposes a solution, anonymization, which protects user's data in case of accidental breaches. There is an explanation of the fuzzy inference system and how it works *explain how it works* and then the potential implication method in taxi drivers to see if this is an effective way of protecting people's information because there isn't a concrete design with anonymization that has proven to do well. There are different levels of precision that the location system can narrow down on a user. These systems turn quantitative data into qualitative data which would obscure a user's identity and location. After a trial implementation with taxi drivers, several complications came up, mostly human misinterpretation, but in the future, investing more time into this solution and combining it with already existing solutions could provide a more effective solution. To those who are afraid of their locations being tracked and that being used to trace back to the user, this solution makes user data fuzzy so if they are being tracking, it is not completely precise. There are data tables that show experimental distances of how close a tracking software was to those who had implemented the fuzzy solution. This solution takes on a different approach because it doesn't entirely solve the problem of how to entirely protect the user's privacy, but it is working towards it since the solution has not had enough time to mature, as it is just in introductory stages. It sheds light on the fact that the location tracking software is still not private even when solutions have been taken to try and overcome this solution but leaves an open ending because it ends that with more research and resources put into it (and specifically told what areas could be developed better) it could expand further and be developed better. [11]

Location transformation

One proposed solution is a model that would estimate how difficult it would be for outside sources to get their hands on someone's private information. There are several mechanisms proposed that would be helpful in hiding data including location obfuscation, perturbation, confusion and suppression, and cryptographic techniques. [7]

Location obfuscation

Obfuscating a user's location means to cloud the user's location. A user's location coordinates are still being preserved, however the accuracy is just being degraded. [12] However, this cannot be a complete solution because this would just neglect the entire reason of location-based services. So being selective in what an application is obfuscating, would help with protection. [7]

There is a program, called NRand algorithm, which is the algorithm that determines the amount of obstruction that is put on the user location data. There are a couple issues that arise with this algorithm, including determining how much noise should be implemented and if the changing of the data is enough to alter it to an unrecognizable form from its original state. [13]

Location perturbation

On a map, a location locks onto something in close proximity but not the exact user location because of added noise. With this added layer, if there is another location in a close enough range, a transition will be added to multiple locations and mask all points of interest. [7] [13]

Confusion and suppression

A dummy location is set as the true location. This is done so by pinpointing a user's specific location and transforming it into several other locations, yet keeping the true location. Suppression is a subset of these different applications where for a short period of time, when a user enters an area, the user information is temporarily suspended and the identity of the user is lost, so when they exit back out of the protected area, they have a new identity. [7]

Cryptographic techniques

Original data is unable to be tracked because information goes through some sort of cryptographic interpreter, could be transformed into several different data points. [7]

See also

Related Research Articles

<span class="mw-page-title-main">Carpool</span> Sharing of car journeys so that more than one person travels in a car

Carpooling is the sharing of car journeys so that more than one person travels in a car, and prevents the need for others to have to drive to a location themselves. Carpooling is considered a Demand-Responsive Transport (DRT) service.

<span class="mw-page-title-main">Uber</span> American ridesharing and delivery company

Uber Technologies, Inc., commonly referred to as Uber, is an American multinational transportation company that provides ride-hailing services, courier services, food delivery, and freight transport. It is headquartered in San Francisco, California, and operates in approximately 70 countries and 10,500 cities worldwide. It is the largest ridesharing company worldwide with over 150 million monthly active users and 6 million active drivers and couriers. It facilitates an average of 28 million trips per day and has facilitated 47 billion trips since its inception in 2010. In 2023, the company had a take rate of 28.7% for mobility services and 18.3% for food delivery.

Internet privacy involves the right or mandate of personal privacy concerning the storage, re-purposing, provision to third parties, and display of information pertaining to oneself via the Internet. Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large-scale computer sharing and especially relate to mass surveillance.

<span class="mw-page-title-main">Windows Error Reporting</span> Crash reporting technology

Windows Error Reporting (WER) is a crash reporting technology introduced by Microsoft with Windows XP and included in later Windows versions and Windows Mobile 5.0 and 6.0. Not to be confused with the Dr. Watson debugging tool which left the memory dump on the user's local machine, Windows Error Reporting collects and offers to send post-error debug information using the Internet to Microsoft when an application crashes or stops responding on a user's desktop. No data is sent without the user's consent. When a crash dump reaches the Microsoft server, it is analyzed, and information about a solution is sent back to the user if available. Solutions are served using Windows Error Reporting Responses. Windows Error Reporting runs as a Windows service. Kinshuman Kinshumann is the original architect of WER. WER was also included in the Association for Computing Machinery (ACM) hall of fame for its impact on the computing industry.

<span class="mw-page-title-main">Lyft</span> American ride-sharing company

Lyft, Inc. is an American company offering mobility as a service, ride-hailing, vehicles for hire, motorized scooters, a bicycle-sharing system, rental cars, and food delivery in the United States and select cities in Canada. Lyft sets fares, which vary using a dynamic pricing model based on local supply and demand at the time of the booking and are quoted to the customer in advance, and receives a commission from each booking. Lyft is the second-largest ridesharing company in the United States after Uber.

Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their personally identifiable information (PII), which is often provided to and handled by services or applications. PETs use techniques to minimize an information system's possession of personal data without losing functionality. Generally speaking, PETs can be categorized as either hard or soft privacy technologies.

<span class="mw-page-title-main">Shared transport</span> Demand-driven vehicle-sharing arrangement

Shared transport or shared mobility is a transportation system where travelers share a vehicle either simultaneously as a group or over time as personal rental, and in the process share the cost of the journey, thus purportedly creating a hybrid between private vehicle use and mass or public transport. It is a transportation strategy that allows users to access transportation services on an as-needed basis. Shared mobility is an umbrella term that encompasses a variety of transportation modes including carsharing, Bicycle-sharing systems, ridesharing companies, carpools, and microtransit.

<span class="mw-page-title-main">Zimride</span> American carpool program

Zimride by Enterprise Holdings was an American carpool program that matched inter-city drivers and passengers through social networking services. It was offered to universities and businesses as a matchmaking service. The company was founded in May 2007. After the launch of the Lyft app in May 2012 for intra-city rides, the Lyft app rapidly grew and became the focus of the company. Zimride officially renamed as Lyft in May 2013, and the Zimride service was sold to Enterprise Holdings in July 2013. As of July 2013, the service had over 350,000 users and had partnerships with Facebook and Zipcar.

<span class="mw-page-title-main">Digital privacy</span>

Digital privacy is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in e-services and is typically used in opposition to the business practices of many e-marketers, businesses, and companies to collect and use such information and data. Digital privacy, a crucial aspect of modern online interactions and services, can be defined under three sub-related categories: information privacy, communication privacy, and individual privacy.

Since the arrival of early social networking sites in the early 2000s, online social networking platforms have expanded exponentially, with the biggest names in social media in the mid-2010s being Facebook, Instagram, Twitter and Snapchat. The massive influx of personal information that has become available online and stored in the cloud has put user privacy at the forefront of discussion regarding the database's ability to safely store such personal information. The extent to which users and social media platform administrators can access user profiles has become a new topic of ethical consideration, and the legality, awareness, and boundaries of subsequent privacy violations are critical concerns in advance of the technological age.

<span class="mw-page-title-main">Wingz (company)</span> Vehicle for hire company

Wingz, Inc. is a vehicle for hire company that provides private, scheduled, and fixed-price rides in 30 major cities across the United States via mobile app. The service provides rides anywhere in the cities it serves, with a focus on airports. Wingz offers the ability to request specific drivers for rides and allows users to build a list of their favorite drivers for future bookings.

<span class="mw-page-title-main">Ridesharing company</span> Online vehicle for hire service

A ridesharing company, ride-hailing service, is a company that, via websites and mobile apps, matches passengers with drivers of vehicles for hire that, unlike taxis, cannot legally be hailed from the street.

The legality of ridesharing companies by jurisdiction varies; in some areas they are considered to be illegal taxi operations, while in other areas, they are subject to regulations that can include requirements for driver background checks, fares, caps on the number of drivers in an area, insurance, licensing, and minimum wage.

Cross-device tracking is technology that enables the tracking of users across multiple devices such as smartphones, television sets, smart TVs, and personal computers.

Windows 10, a proprietary operating system released by Microsoft in July 2015, has been criticized by reviewers and users. Due to issues mostly about privacy, it has been the subject of a number of negative assessments by various groups.

Spatial cloaking is a privacy mechanism that is used to satisfy specific privacy requirements by blurring users’ exact locations into cloaked regions. This technique is usually integrated into applications in various environments to minimize the disclosure of private information when users request location-based service. Since the database server does not receive the accurate location information, a set including the satisfying solution would be sent back to the user. General privacy requirements include K-anonymity, maximum area, and minimum area.

A series of general strikes was coordinated on March 25, 2019 by Lyft and Uber drivers in Los Angeles, San Diego and San Francisco, California, United States led by rideshare advocate group Rideshare Drivers United. The strikes aimed to protest low wages, long hours, working conditions, and lack of benefits. The event was planned following Lyft's initial public offering. A second strike took place on May 8, 2019 in anticipation of Uber's initial public offering. The strike in response to Uber's IPO took place in 25 major cities across the United States, and were also joined by drivers in other locations worldwide where Uber operates.

<span class="mw-page-title-main">2020 California Proposition 22</span> Gig economy workers employment status ballot initiative

Proposition 22 was a ballot initiative in California that became law after the November 2020 state election, passing with 59% of the vote and granting app-based transportation and delivery companies an exception to Assembly Bill 5 by classifying their drivers as "independent contractors", rather than "employees". The law exempts employers from providing the full suite of mandated employee benefits while instead giving drivers new protections:

Soft privacy technologies fall under the category of PETs, Privacy-enhancing technologies, as methods of protecting data. Soft privacy is a counterpart to another subcategory of PETs, called hard privacy. Soft privacy technology has the goal of keeping information safe, allowing services to process data while having full control of how data is being used. To accomplish this, soft privacy emphasizes the use of third-party programs to protect privacy, emphasizing auditing, certification, consent, access control, encryption, and differential privacy. Since evolving technologies like the internet, machine learning, and big data are being applied to many long-standing fields, we now need to process billions of datapoints every day in areas such as health care, autonomous cars, smart cards, social media, and more. Many of these fields rely on soft privacy technologies when they handle data.

The Drivers Cooperative or Co-Op Ride is an American ridesharing company and mobile app that is a workers cooperative, owned collectively by the drivers. The cooperative launched in May 2020 in New York City, with the first 2,500 drivers issued their ownership certificates in a media event.

References

  1. 1 2 3 Chan, Nelson D.; Shaheen, Susan A. (January 2012). "Ridesharing in North America: Past, Present, and Future" (PDF). Transport Reviews. 32 (1): 93–112. doi:10.1080/01441647.2011.621557. ISSN   0144-1647. S2CID   131187130.
  2. "Uber Privacy". privacy.uber.com. Retrieved 2019-03-14.
  3. Inc, Lyft. "Lyft Privacy Policy". Lyft. Retrieved 2019-04-21.{{cite web}}: |last= has generic name (help)
  4. "Reporter's Recording Guide". The Reporters Committee for Freedom of the Press. Retrieved 2020-12-01.
  5. Hallgren, Per; Orlandi, Claudio; Sabelfeld, Andrei (August 2017). "PrivatePool: Privacy-Preserving Ridesharing". 2017 IEEE 30th Computer Security Foundations Symposium (CSF). Santa Barbara, CA: IEEE. pp. 276–291. doi:10.1109/CSF.2017.24. ISBN   978-1-5386-3217-8. S2CID   10509617.
  6. Kikuchi, Hiroaki; Takahashi, Katsumi (July 2015). "Zipf distribution model for quantifying risk of re-identification from trajectory data". 2015 13th Annual Conference on Privacy, Security and Trust (PST). IEEE. pp. 14–21. doi:10.1109/pst.2015.7232949. ISBN   978-1-4673-7828-4.
  7. 1 2 3 4 5 6 Damiani, Maria L. (Oct 2014). "Location privacy models in mobile applications: conceptual view and research directions". GeoInformatica. 18 (4): 819–842. doi:10.1007/s10707-014-0205-7. S2CID   1536208. ProQuest   1562335430.
  8. Pingley, Aniket; Yu, Wei; Zhang, Nan; Fu, Xinwen; Zhao, Wei (July 2012). "A context-aware scheme for privacy-preserving location-based services". Computer Networks. 56 (11): 2551–2568. doi:10.1016/j.comnet.2012.03.022. ISSN   1389-1286.
  9. 1 2 Biswas, Pratima; Sairam, Ashok Singh (July 2018). "Modeling privacy approaches for location based services". Computer Networks. 140: 1–14. doi:10.1016/j.comnet.2018.04.016. ISSN   1389-1286. S2CID   47021116.
  10. Hashemi, Mahdi; Malek, Mohammad Reza (July 2012). "Protecting location privacy in mobile geoservices using fuzzy inference systems". Computers, Environment and Urban Systems. 36 (4): 311–320. doi:10.1016/j.compenvurbsys.2011.12.002. ISSN   0198-9715.
  11. Ji, Rui; Yang, Yupu (2013-06-19). "Smooth support vector learning for fuzzy rule-based classification systems". Intelligent Data Analysis. 17 (4): 679–695. doi:10.3233/ida-130600. ISSN   1571-4128.
  12. Zurbarán, Mayra; Wightman, Pedro; Brovelli, Maria; Oxoli, Daniele; Iliffe, Mark; Jimeno, Miguel; Salazar, Augusto (2018-08-17). "NRand-K: Minimizing the impact of location obfuscation in spatial analysis". Transactions in GIS. 22 (5): 1257–1274. doi:10.1111/tgis.12462. ISSN   1361-1682. S2CID   53013020.
  13. 1 2 Hua, Jingyu; Tong, Wei; Xu, Fengyuan; Zhong, Sheng (2017). "A Geo-Indistinguishable Location Perturbation Mechanism for Location-Based Services Supporting Frequent Queries". IEEE Transactions on Information Forensics and Security. 13 (5): 1155–1168. doi:10.1109/tifs.2017.2779402. ISSN   1556-6013. S2CID   25233842.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.