Since 2013, Uber has had a handy featured called “Share your ETA” that allows you to link friends and family to your trip information, letting people know when you’re due to arrive safe and sound. If used as intended, that would be fine and well, but it seems that these pages were becoming permanent fixtures found in Google Search results and exposing trip information – including name, home address, destination address, day/time, etc – from as far back as 2013.
The exposed information wasn’t exclusively the fault of Uber. People that shared links using this feature made the links available to Google’s web crawler, thereby indexing the result, and making it publicly available information. Not exactly the Ashley Madison debacle, but I can understand how this could land someone in hot water, or at the very least cause privacy concerns.
Uber has since changed their practices to make sure that all “Share your ETA” links expire within 48 hours. However, they haven’t addressed every concern out there:
A previous search of the site “trip.uber.com” had returned dozens of trips on the ride-hailing app. Each link pulled up a map of the trip along with the passenger’s name. The driver’s photo, name, license plate, and car model was also easily identifiable. These all now return error pages.
Uber didn’t fix the issue in which a user’s address is available and accessible to anyone who has the link during that time window.
Testing this myself, I found only one result, and clicking through ended with a 404. But as explained by Business Insider, even people with whom you share the link can get more information than appears to meet the eye, as viewing source code for the URL will yield a specific destination address, so make sure you’re okay with recipients knowing that exact info.
Most importantly: be careful where and with whom you share this link! Assume anyone you share it with will know all details surrounding your trip and make sure you share it privately and not publicly!
Comments