Wednesday, September 28, 2016

Uber Safety: It gets worse

This report, published by eNCA in May 2016, summarises one of the problems that drivers face in Joburg. But it contains a statement that completely outraged me: "Driver partners have access to an emergency line"
Either this is a blatant lie, or none only some of the drivers have heard of it. I have asked several of them, and only one has admitted he has it on his phone, but not memorised it. Just like none few of the drivers have been told to expect passengers to ask them to open the boot after the recent attacks where the attackers hid in the boot. They gave me and my wife a blank stare when we asked, each on different occasions.
But this statement also begs the question: why is there no emergency line for Uber passengers? Because Uber doesn't care, and they have only recently appointed someone to handle their security.
On Wednesday [Sept 21 2016], Uber also announced the appointment of a new head of security for Africa in the form of Deon Du Toit.
So their statement about ".. Our specially-trained incident response teams are available around the clock to handle any urgent concerns that arise ..." is also questionable. They've been in operation for 3 years but only appointed someone last week?
I also found this gem, hidden away in the "receipt" section of the app (i.e. after the emergency is over and you get the receipt for your rape ordeal). Even their reassurances about their "Rapid Response" team is filed in the "After the trip" section of their Safety page.
Update 30 September 2016: eNCA has posted a longer version of its interview with Alon Lits,
CEOGeneral Manager of Uber for South Africa.
In the interview he refers to the ride receipts Uber sent to the rape victims as "speculation", and claims that the arrested driver was not employed during attacks. This begs the question: which driver generated the ride receipt if not the driver arrested? Alternatively, if the driver was no longer employed, how was he able to access the Uber system and log in as a driver?
My personal experence of Uber is that their software is not particularly stable or well designed. This week they managed to send two vehicles simultanously, and charged me for both "trips". How is that even possible?
In the interview he mentions the "two factor authentication" they like to tout. This consists in sending a random code via SMS to the phone of the driver when "he" logs in on that phone. How does that verify anything other than the phone number being used to log in? It doesn't verify the driver at all! They know this too, but refuse to admit it.
Perhaps I'm misunderstanding what Alon said, but he implied that the ".. specially-trained incident response teams ... available around the clock ..." aren't actually based in Johannesburg at all, but operate from Uber offices in California. Seriously!?
Update Sat 1 October: The incident response team is based in the United Kingdom, not California. Like that makes a huge difference.

No comments:


Warning: The NSA and 4 million other sick weirdos with "security clearance" have intercepted this page and know that you are reading it.