Ride sharing privacy

Ride sharing networks face issues of user privacy like other online platforms do. Concerns surrounding the apps include the security of financial details (which are often required to pay for the service), and privacy of personal details and location. Privacy concerns can also rise during the ride as some drivers choose to use passenger facing cameras for their own security. As the use of ride sharing services become more widespread so do the privacy issues associated with them.

History
Ride-sharing has been a concept since World War II, but it wasn't until around the 1990s when programs started to digitize. Some of the first telephone-based ride-matching programs were Bellevue Smart Traveler from the University of Washington, Los Angeles Smart Traveler from Los Angeles's Commuter Transportation Services, and Rideshare Express from Sacramento Rideshare. However, in these telephone-based programs the operational costs started exceeding their revenues and an alternative, internet and email driven ride-matches, was proposed. This program was tested on a closed campus (it was only available to people associated with the University of Washington), which proved highly successful. Two other programs, ATHENA and MINERVA were both computerized but faced unsuccessful endings. When the internet was created in the 1990s, online ride-matching was created. Websites originally had lists or forums that people could get information for carpooling options from, but the internet provided the ability to develop platforms, which were more dynamic and interactive. This concept didn't take off because the mechanics were not any different than traditional carpooling, only the ability to find them had been made easier. Since carpooling and ride-sharing were not very popular options, the smaller population who did participate already had set agendas, so timing-wise it was not helpful to those who needed transportation outside of a regular workday commute. Larger scale companies started becoming interested in partnering with ride-matching companies in order to spread the ride-sharing platform. They are gaining more traction as availability of mobile technology and thus accessibility not from a stationary point has become more prominent.

User input features
Ride-sharing applications have several common user input features:


 * Users can input their pick-up destination.
 * Users can input their drop-off destination.
 * Users can save a home or work address.
 * Users can save unique places if they are visited frequently.
 * Users can also pinpoint their exact location on a map.
 * Users can save their credit card information for easy access.
 * Users can invite their friends which the app pulls from their phone contact information.
 * Users can create their own profile.
 * Users can see the profiles of their potential drivers as well as any reviews that come with it.

Ride-sharing companies also have several tracking features that are unclear in terms of what user information is being collected:


 * The application automatically connects and tracks the user's current location and surrounding areas, so when the app opens, an accurate map is immediately opened as the home page and the location of the user are immediately tracked.
 * Recent addresses that have been set as either pick-up or drop-off locations are kept in the search history.
 * Letting the app connect to personal data that is stored in the phone, such as access to contacts, can let the app access more than just phone numbers (addresses, personal information) which have been stored under the contact in the phone.

Uber privacy
Uber has an option where user privacy can potentially be forgotten and they are aware of what data they are collecting from the user and are being transparent:


 * Ability to share or un-share live location as well as having location settings always on.
 * Ability to receive notifications about your account and trip.
 * Ability to remove stored contacts which adds on another way that can link two people together if someone is tracking someone's information.
 * Ability to share trip details with 911 in case of emergency.
 * Ability to sync personal calendar with the app.

Lyft privacy
According to Lyft's Privacy Policy, the information they collect includes:


 * Registration information provided to them (name, email, phone number)
 * If a social media account is used to register, information from that profile will be used (name, gender, profile picture, friends)
 * Any information the user chooses to put in the profile
 * Payment information to charge riders (although credit card information is not stored by them)
 * Any interactions with the support team
 * Information provided during the driver application (DOB, address, Social Security, license information etc.)
 * Payment information to pay drivers
 * Location information including saved locations
 * Information about the device that the app's being used on
 * Usage data
 * Calls and Texts between riders and drivers
 * Feedback
 * Contacts (if user permits it)
 * Cookies

Camera inside the car
Very recently has the presence of physical cameras been implemented in ride-share vehicles. Prior to this, the only time cameras were related to cars were traffic cameras and police cars. However, there has been a rise in the amount of continuous-recording cameras that are not just surveilling the road and keeping track of what happens outside the car. The implementation of cameras inside cars to record interactions between drivers and riders is something new. However, people are concerned about their privacy because this recording goes on during their trip duration, and they do not verbally consent to their recording. However, they consent to being in a person's car, hence they must abide to the driver's rules. There are federal rules about audio recordings, federal laws only requires "one party consent."

Government policies about recording
According to the Omnibus Crime Control and Safe Streets Act of 1968, there are policies regarding recording audio conversations, including clarifications about the "one-party consent" rule that comes with it. Regarding audio conversations, it is illegal to record a conversation for which one is not partaking in. However, they are allowed to record if they are a member of the conversation themselves, without having to receive consent from the other party or having to let them know there is recording happening.



The potential abuse of location-tracking
There are several areas where data could potentially be abused by the application knowing the rider's location. Since trip data is collected, if the ride-sharing company has partnerships with corporations, their partners can use the data to predict future locations and be able to pinpoint an individual's interests and market towards them. Corporations can collect information on what types of stores and what brands are most often visited by a user and can build an online profile, which is traceable. This can also relate to advertising companies, which can target personal interests and alter their online interactions to start showing ads that are catered and specific towards where the user has visited. *citation*

There are some cases where bad implications could arise. If the user were to partake in something related to their political standpoints, companies can store this for later information and potentially use it against the user if they come into contact with the company in a professional setting. This can apply to medicinal, religious, or legal affiliations as well, that a user's location and places visited cannot be justified when being looked at from an outside perspective.

Relating more to the online profile created of the user, if a person solely relies on ride-sharing services to get around, one can track how long the user has been away from their home and how far away they are from their home. This becomes an opportunity for people to stalk or rob the user because they know when is the ideal time people aren't home. *citation* Looking on a broader scale, based on the demographics of the area a user interacts with, if they frequently visit the same stores within a certain area, information can be assumed, such as estimated income. *citation*

Users have the option to save a home or work address for easy access. Most often, users put their actual address, but in some cases, users have been known to put an address a couple streets away, just for their safety in case data gets leaked. However, while this is a very basic level of deflection, putting a home address a couple streets away still gives a general location of where the user is stationed.

Location aware applications
Individuals have concerns over how, what, when, and where their location information is being stored as well as to what extent others have access to it. Not only pertaining to ride-sharing applications, but any applications that have sharing enabled of sorts, there are several types of applications that are location aware. Location based searching (LBS) occurs when a user's tracking returns items and buildings around the user's current location in order to be tracked. A map is drawn with the orientation of the surrounding buildings to determine a location. Geo-location services are having the user tracked with an environmental footprint. It's an estimate of a user's location. Mobile sensing is the process of pinpointing the user's physical device, which has sensors and information that can be collected. Location sharing is a voluntary state where the user is in live-time and their location is constantly being updated and tracked.

Making use of user information
Looking more at the applications and how a user accesses the ride-sharing service, once a user inputs data into the app, it will be accessible on the web forever. Even if they delete information or delete their account, the information has been created on an online platform and now exists whether the user consents to it or not. These applications ask for user information such as phone number, email, and profile picture, all features which can be used to trace back to the user's identity. Once this information is in the application's database, it can accessed by the application as well as indirectly by any partners of the app.

Most apps have the payment charged and completed before a user can be connected to their ride. Users have the option to store credit card information for easy access instead of having to repeatedly input payment information. While there is an added level of security, such as passcode or touch ID before every transaction, this does not ensure the safety of this information in the app. It only ensures that the current transaction is made under the consent of the user.

Reverse image search
Users are allowed to input a profile picture into their applications. Doing so has the intention of helping drivers spot their intended riders. However, this can cause an issue because if somehow a rider's image is saved and uploaded to the web, connections can be made to personal accounts. For example, with Facebook's face recognition advanced algorithm, it is easier to identify people's identities from outside pictures.

Noise distribution
Researchers have come up with a conclusion which introduces a solution for these issues which is a system that helps with both data privacy and user anonymity. The solution is a program that creates a noise distribution so a user's certain location is offset. It is basically putting the location of the user through some encryption and reporting that location that only the system knows how to read, so it is not manipulating the actual location, but just how that data is input into the system. This solution has already been implemented into two major operating systems, Mac OS and Linux. This solution helps with those who are suspicious of using these ride-sharing applications because of the fear of their privacy being invaded or potentially data being stolen, but this software has proven that it can handle securing data as well as keeping the user anonymous. It is more like an extra layer of security that creates another blanket to hide the user.

K-anonymity
K-anonymity serves as an Anonymizing Server, which is a trusted third party server which is in charge of providing anonymous cover for users. K-anonymity is used to preserve the location privacy by creating a location cloak without knowing the actual location of the user. The software attempts to find a number of users close to the actual users because then exact locations could not be correlated back to the original user in question and these several locations which cannot be identified to the users in close proximity would protect the original user. There is no way to distinguish between all the users.

Fuzzy interference systems
Another solution is to try and use fuzzy interference systems when relating to mobile geo-services. This solution would use different details to identify the user that would not be prone to organizations abusing the obtained information. Currently, location based services can reveal several sensitive pieces of information, like closest religious institutions, which can reveal the identity of the user, which organizations utilize for purely commercial purposes. The paper proposes a solution, anonymization, which protects user's data in case of accidental breaches. There is an explanation of the fuzzy inference system and how it works *explain how it works* and then the potential implication method in taxi drivers to see if this is an effective way of protecting people's information because there isn't a concrete design with anonymization that has proven to do well. There are different levels of precision that the location system can narrow down on a user. These systems turn quantitative data into qualitative data which would obscure a user's identity and location. After a trial implementation with taxi drivers, several complications came up, mostly human misinterpretation, but in the future, investing more time into this solution and combining it with already existing solutions could provide a more effective solution. To those who are afraid of their locations being tracked and that being used to trace back to the user, this solution makes user data fuzzy so if they are being tracking, it is not completely precise. There are data tables that show experimental distances of how close a tracking software was to those who had implemented the fuzzy solution. This solution takes on a different approach because it doesn't entirely solve the problem of how to entirely protect the user's privacy, but it is working towards it since the solution has not had enough time to mature, as it is just in introductory stages. It sheds light on the fact that the location tracking software is still not private even when solutions have been taken to try and overcome this solution but leaves an open ending because it ends that with more research and resources put into it (and specifically told what areas could be developed better) it could expand further and be developed better.

Location transformation
One proposed solution is a model that would estimate how difficult it would be for outside sources to get their hands on someone's private information. There are several mechanisms proposed that would be helpful in hiding data including location obfuscation, perturbation, confusion and suppression, and cryptographic techniques.

Location obfuscation
Obfuscating a user's location means to cloud the user's location. A user's location coordinates are still being preserved, however the accuracy is just being degraded. However, this cannot be a complete solution because this would just neglect the entire reason of location-based services. So being selective in what an application is obfuscating, would help with protection.

There is a program, called NRand algorithm, which is the algorithm that determines the amount of obstruction that is put on the user location data. There are a couple issues that arise with this algorithm, including determining how much noise should be implemented and if the changing of the data is enough to alter it to an unrecognizable form from its original state.

Location perturbation
On a map, a location locks onto something in close proximity but not the exact user location because of added noise. With this added layer, if there is another location in a close enough range, a transition will be added to multiple locations and mask all points of interest.

Confusion and suppression
A dummy location is set as the true location. This is done so by pinpointing a user's specific location and transforming it into several other locations, yet keeping the true location. Suppression is a subset of these different applications where for a short period of time, when a user enters an area, the user information is temporarily suspended and the identity of the user is lost, so when they exit back out of the protected area, they have a new identity.

Cryptographic techniques
Original data is unable to be tracked because information goes through some sort of cryptographic interpreter, could be transformed into several different data points.