That Story About Uber Tracking People After They Deleted The App? Yeah, That's Not Really Accurate
from the let's-try-this-again dept
Have you heard the story about how Uber was tracking ex-users even after they had deleted the app from their phone? You’d have to be living under a rock to have missed it. It came from a fascinating NY Times profile of Uber’s CEO/founder Travis Kalanick and is the opening anecdote, and then it started spreading like wildfire across social media.
Travis Kalanick, the chief executive of Uber, visited Apple?s headquarters in early 2015 to meet with Timothy D. Cook, who runs the iPhone maker. It was a session that Mr. Kalanick was dreading.
For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple?s engineers. The reason? So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased ? a fraud detection maneuver that violated Apple?s privacy guidelines.
But Apple was onto the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared. ?So, I?ve heard you?ve been breaking some of our rules,? Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber?s app would be kicked out of Apple?s App Store.
This has created lots and lots of headlines all over the place, claiming that Apple kept tracking ex-Uber users after they’d deleted the app. And some even whining that Apple “let” Uber get away with this with no more than a verbal scolding. The most egregious of these is Andrew Orlowski, over at the Register, who has never found a story about a tech company he couldn’t totally misreport to make the company look worse. Here, he claims: Uber cloaked its spying and all it got from Apple was a slap on the wrist. Others just claimed that Uber was “tracking users even after they deleted the app.”
Except, if you actually read what the NY Times said it notes that what the company was doing was an anti-fraud detection. Did it break Apple’s rules and go too far? Yes, absolutely. Was it bad? Probably. Was it tracking users who deleted the app? No, not at all. Again, there are plenty of legitimate reasons to dislike Uber or to dislike its business practices or its management. But that’s no excuse to oversell a story that already looks bad. Uber clearly broke the rules and used a fairly sketchy maneuver to track phones to prevent fraud — but that’s not the same as tracking users who deleted the app. Wired has a pretty clear summary of what actually happened:
Fingerprinting, in and of itself, has plenty of non-invasive uses. Uber, for example, deployed it to help prevent fraud. Being able to identify when a device reinstalls a particular app helps developers spot phones that are, say, bouncing around the black market. In Uber?s case, fingerprinting kept drivers, especially those in China, from gaming a promotion that rewarded them for maximizing ride volume. The company discovered that some drivers were buying stolen phones, creating dummy Uber accounts, and using those phones to call for rides.
When someone uninstalls an app that uses fingerprinting, it leaves behind a small piece of code that can be used as an identifier if the app is ever reinstalled on the device. For the iOS App Store, Apple originally permitted developers to keep track of their users over time using a broad Unique Device Identifier (UDID). Beginning with iOS 5, though, Apple scaled this back, because of the potential privacy implications of giving developers permission to individually ID users even after their app had been uninstalled. Instead, Apple turned to more limited mechanisms, like advertising IDs and vendor IDs. These still give developers the ability to do fraud defense, but with less leeway for potential privacy abuse.
Uber took it one step further, which is to say, one step too far, using application program interfaces designed to access data like an iPhone?s device registry and Apple-assigned serial number.
Again: this is not excusing what Uber did. It clearly broke Apple’s rules, and using this kind of fingerprinting can have some problematic consequences for privacy. And, yes, because everything Uber does seems to come included with some secondary component that makes even reasonable actions look bad, the company geofenced Apple’s headquarters to try to try to hide the fact that it was doing this. That seems like a pretty blatant admission that the company knew it was breaking Apple’s rules. It just doesn’t mean that the company was tracking you after you deleted its app.
I certainly understand that there’s a long list of actions by Uber that make people not trust the company. And that’s completely valid. But if you’re going to attack the company, it should be for the bad actions that the company actually did, rather than the exaggerated and misleading descriptions that start spreading across social media.
Filed Under: deleted, fraud, press coverage, tracking, travis kalanick
Companies: apple, uber
Comments on “That Story About Uber Tracking People After They Deleted The App? Yeah, That's Not Really Accurate”
CLickbait
I used ot wonder why people didn’t like you, Mike… but you’re losing your mind. Get some help, please.
“But if you’re going to attack the company, it should be for the bad actions that the company actually did, rather than the exaggerated and misleading descriptions that start spreading across social media.”
Re: CLickbait
I thinks it’s obvious why people don’t like you.
"Non-invasive"
The actions are invasive or not, regardless of the reason behind them. It doesn’t matter whether they prevented fraud. That might justify some invasiveness but doesn’t nullify it.
What the company (should) provide is actually beneficial for everybody and has one hell of a disruptive potential. But the way Uber has been behaving isn’t helping the cause. Sadly.
So, who are we gonna lock up for the fake news spreading around? (just to remind how bad these fake news laws would be)
I don't quite understand
It seems more of a semantic argument. When they say “track” what they really mean is “keep track of” and it’s not the USERS but the PHONE ITSELF that they are “keeping track of” via fingerprinting, which was against Apple’s ToS and therefore most users assume that it was not being done, therefore it violated their privacy.
But as you pointed out, there are many reasons to dislike them.
Re: I don't quite understand
It seems more of a semantic argument. When they say "track" what they really mean is "keep track of" and it’s not the USERS but the PHONE ITSELF that they are "keeping track of" via fingerprinting, which was against Apple’s ToS and therefore most users assume that it was not being done, therefore it violated their privacy.
I think it goes beyond the semantic argument. There’s a wide canyon of difference between "Uber was spying on ex-users" and "Uber had an anti-fraud technique that made sure people weren’t gaming their system by deleting the app and reloading it." One looks a lot worse than the other.
But as you pointed out, there are many reasons to dislike them.
Yup. And thus it’s completely fair to argue the company deserves no benefit of the doubt. But, silly me, I like to focus on a company’s actual actions, rather than the hyped up versions that take things out of context. I understand the anti-fraud argument, though the company should have found a way to do that without violating Apple’s ToS.
But the story here should just be Uber’s anti-fraud efforts violated Apple’s terms, not that it was "tracking users after they deleted the app" which sounds much worse.
Re: Re: I don't quite understand
You’re using the phrase anti-fraud as a euphemism for tracking users after they deleted the app, which according to reports is what happened. Or are you ok with this type of surveillance just because it was directed at people who’s actions meet Uber’s idea of potentially fraudulous?
Re: Re: Re: I don't quite understand
Well, if I understand it correctly, it would only matter if they deleted and then reinstalled the app, and the only thing it would track would be that it was previously installed on that phone. It’s pretty limited "tracking".
On the other hand, if I was Apple, I’d ban them forever. Not for tracking users, but for geofencing Apple HQ. That’s not something done accidentally.
Re: Re: Re:2 I don't quite understand
“It’s pretty limited “tracking”.”
Yet you concede it is tracking and thus factual.
Re: Re: Re:3 I don't quite understand
It bears no resemblance to what people generally mean when they refer to “tracking”, so attempting to reduce it to such is misleading at best.
It also does not “track users after they have uninstalled the app”. That is what we call “a lie”.
If they reinstall the app, does the system know the app had been installed and uninstalled before? Yup.
So the images of Uber surreptitiously installing a glowing red ball up the noses of users who are simply trying to get their asses to Mars are wholly fictional.
Re: Re: Re:3 I don't quite understand
I think that if your argument depends on arguing over which specific definition of the word “track” makes this look unacceptable over the ones that make it look OK, then the argument is pretty weak to begin with. I mean, come on, most programs in Windows leave remnants of themselves on your PC that can be picked up by a reinstall. Does that mean every developer is tracking your PC? If so, why is Uber singled out for attacks? If not, what’s the difference?
Uber seem to have a lot of other issues worth attacking them for without delving into this kind of pettiness.
Re: Re: I don't quite understand
Words are important. Words can be used to lie in subtle ways
When articles use the words “track” or “tracking” in this context, it is a lie. It could be argued (semantically) that “track” has multiple meanings. However, in this case “track” was deliberately chosen to mislead because, to most people, being told they are “being tracked” implies their location is being reported.
The article writers in The Register, The Verge, and other websites know that most people will not full read and understand the article to know that, in this case “track” doesn’t mean what they think it does. They know that most people will go away believing it is far worse than it is.
THAT is why it’s lie, even though the semantic meaning isn’t strictly untrue. It’s a lie because the intent of the authors was to deceive.
It’s a bit like when Microsoft accused Google of “Reading” your gmail, which implies actual people snooping through the contents of your inbox. The reality is it means automated scanning (pretty essential for search, antivirus, etc.) which Microsoft’s own email services have done for far longer than Gmail has been about.
Re: Re: Re: I don't quite understand
“However, in this case “track” was deliberately chosen to mislead because, to most people, being told they are “being tracked” implies their location is being reported.”
You’re clouded by your own bias. There is nothing false in the reporting.
Re: Re: Re:2 I don't quite understand
“There is nothing false in the reporting”
This would be the point where you explain why…
Re: Re: Re:3 I don't quite understand
Physical location tracking is mentioned nowhere in the OP or source articles. It only exists as an implication put forward by commenters here. People are creating an implication based on perceived bias against Uber where none exists.
Re: Re: Re:4 I don't quite understand
“It only exists as an implication put forward by commenters here”
…and pretty much everywhere else if you read the comments there and the opinions stated. But we’re wrong here for pointing out the implication that’s led to people jumping to the conclusion that it’s about location. Got it.
Re: Re: Re:2 I don't quite understand
And you aren’t being clouded by yours?
Yes, the phrasing is technically correct, if you look at it coldly and semantically.
But what is the intent? Do you really believe that these writers, when they used the word “tracking” used it to inform and that there was no intent to mislead their readers into believing this is worse than it is, and to cause outrage based on this?
If you believe that then I have a bridge to sell you.
I should point out I’m not defending Uber here: even if it’s not as terrible as most people assume, it still was pretty dreadful.
I’m attacking bad, click-bait journalism that values misleading articles and shock tactics over reporting of the facts. And I get the impression that the author of the article above is too.
Cheers,
Keith
Re: Re: Re: I don't quite understand
This isn’t tracking, but there’s also not a really great word to describe it. Metaphor time!
Let’s say you had a friend who has a bad habit of borrowing your stuff and not bringing it back, but he’s still your friend.
Now, let’s say one day he asks if he can borrow your baseball glove. Knowing the odds you’ll ever see this glove again are not great, you take an invisible marker pen – the kind that can only be seen by YOUR OWN super-special blacklight – and write a simple “x” on the back of the glove. You lend your friend the glove.
Years later, you’re over at your friend’s house, and notice the glove. You remind him that you loaned it to him, and you’d like to have it back. Your friend claims that he got that glove from someone else.
Now you tell him you wrote an invisible X on the glove, whip out your blacklight, and show him the X. You get your glove back.
That’s what this is. It’s a simple marker that “hey, this phone used to have the Uber app installed” that ONLY the Uber app can read. Yes, technically, someone ELSE could check the phone. They might see a strange little piece of code sitting there – code that means absolutely nothing to them – and with that knowledge, they could do what, exactly? Nothing, that’s what.
Like many things related to privacy, this is a case of “privacy for privacy’s sake.” There is NO way to abuse this. Much like the video game development game which, instead of DRM, punishes you with rampant piracy in-game if you pirate the game itself (or a half-dozen other examples here on TechDirt) this is a problem for the user ONLY if said user is abusing Uber’s app in the first place.
Nothing to see here, guys. Move along.
Let’s remember Uber’s idea of “fraud” includes regulators trying to do their job.
Re: Re:
So, you attack Uber for having their own definition of the word “fraud” that may be misleading, but deny that the use of the word “track” can be done in misleading ways so that you can attack TD for pointing that out? Interesting tactic.
Uber’s history has shown it cares nothing of the law, rules, or common decency. Intonating that we should view these claims of “pursuing fraud” as legitimate is a joke. Uber only cares about making as much money as possible, devoid of ethics or morality.
It’s a shame to see writers stoop to this level to defend corporate surveillance and misconduct.
Re: Re:
Try reading again, slowly.
“Again: this is not excusing what Uber did. It clearly broke Apple’s rules, and using this kind of fingerprinting can have some problematic consequences for privacy. And, yes, because everything Uber does seems to come included with some secondary component that makes even reasonable actions look bad, the company geofenced Apple’s headquarters to try to try to hide the fact that it was doing this. That seems like a pretty blatant admission that the company knew it was breaking Apple’s rules. It just doesn’t mean that the company was tracking you after you deleted its app.”
Re: Re: Re:
I don’t understand this meme to imply that commenters didn’t read the post. If you have a legitimate counterpoint, make it.
Re: Re: Re: Re:
I cannot speak for the previous AC, but it would appear that you did not read the post.
I cannot speak for the previous AC, but my counterpoint would be: what exactly in this article do you consider to be "defending corporate surveillance and misconduct"? IMHO, the article is saying "please be accurate in your attacks on corporate surveillance and misconduct".
Re: Re: Re:2 Re:
Re: Re:
Gotta pay the bills somehow. It seems Masnick has chosen the “defend corporations at all times” approach to monetizing.
Re: Re: Re:
snort
Re: Re: Re:
I’m sure you’ll keep this impression next time he criticises a **AA member corporation or an ISP/cable company? Right?
Call Mike whatever you want, but he seems to have a lot more consistency in his views than the AC brigade.
Unrelated to this particular issue, it seems that lately mr. Orlowski’s sole raison d’etre at the Register is to churn out vitriolic rants as damning as possible on any one of his many pet peeves (mainly Wikipedia, Uber or “freetards”), regardless of the actual news that prompts the latest missive.
I don’t think he realizes the amount of damage he and his blind “crusade” alone does to a news outfit already heading in a rather questionable direction…
At least they can delete their Uber app. My non-rooted Android (LG + AT&T) Only lets me “disable” the bloatware lile Uber, Twitter, etc.
Advertising Tracking ID
What’s amusing about people getting so upset about this is that Apple already has an unique ID that advertisers can use to ID devices. The catch is that it can be turned off (or reset) whenever the user wants so obviously it wouldn’t be any use to Uber. But I bet 9/10 people don’t even know about it and have it turned on.
I am outraged and will never use Uber again!
Until the next time I need a cheap, fast and convenient ride.
Re: I am outraged and will never use Uber again!
Is Uber the only option where you live?
Re: Re: I am outraged and will never use Uber again!
In some places, they are, at least if you want the “cheap, fast and convenient” parts to be true. The reason why they were so disruptive to begin with is that traditional taxi services were often none of these.
Two news sources that are suspect.
Sort of the usual suspects of news in my experience.
The Register of course, some of their coverage is good, but they do seem revel in their bad apples. Who knows, maybe they are only click focused?
As to the NYT they have a dingy reputation regarding tech, IMO/experience. They routinely have ‘deep’ articles on tech issue (the trouble with normally) and while they are biased as expected they also base some of their original viewpoint on a misreading of vital data. As in, nobody in tech thinks that it means what they do. Also they like to use old, and I mean up to a decade old, facts to base their tech industry bashing on.
Of course, the Register takes the prize in this particular misrepresentation of reporting.
Re: Two news sources that are suspect.
The Register are essentially a tabloid that occasionally does some decent journalism. But their biases are often very clear and their editing style often suspect (Andrew Orlowski particularly used to be notorious for writing trollish articles with obvious lies and comments turned off so people couldn’t correct the bullshit). They can be trusted to write interesting articles, but the underlying facts and the spin should always be questioned.
NYT are relatively respectable, but they’re not particularly tech focused, and so are perhaps a little more easily misled.
*looks over comments arguing over implications of tracking* Nope… Not touching that one…
Though I must ask. Normal computers (i.e. Laptops and Desktops, What is traditionally thought of as a computer in the mind of a user.) have loads of software that do this exact thing all the time, so why is this suddenly an outcry when it comes to mobile phones?
A bit hypocritical, don’t you think? People will accept it on their computer, but not their phone?
Re: Re:
Yes. I suppose it may come down to a mere feeling that they could conceivably scrub their general-purpose OS if they ever cared to bother, but phones are a bit more locked up. (Potential rationale for some. Most probably just like their moral outrage every morning regardless of whether it is true or not or if they would ever have cared otherwise.)
Attack for the right reasons
But if you’re going to attack the company, it should be for the bad actions that the company actually did, rather than the exaggerated and misleading descriptions that start spreading across social media.
I’m becoming of the opinion that the exaggerated and misleading descriptions are created by people who don’t believe that the actual actions are all that bad. If I’m right, that’s a problem. It means that the people creating and broadcasting the exaggerations and misleading descriptions don’t trust people to make their own minds up.
This is the problem I have with paternalistic authoritarians. They don’t know what’s best for us. While I’m on the subject, how does that hack Orlowski still have a job?
Re: Attack for the right reasons
“While I’m on the subject, how does that hack Orlowski still have a job?”
I asked myself that numerous times in years past, but then I checked here:
https://www.theregister.co.uk/about/company/contact/
According to a Google search, “Executive Editor” basically means he’s the boss, sadly. I still go there occasionally, but I back out when I spot his name. Usually not hard, his posts tend to be the ones with comments disabled so that nobody can correct him.
Re: Re: Attack for the right reasons
Thank you. So an egotist has decided to make our minds up for us. How kind of him!
I understand why you gave this the headline you did.
I think a more accurate one would be “Shady shit done by company that has been constantly in trouble for doing really shady shit is not quite as shady as previously reported” but that’s just not nearly as catchy.
I mean… do you see why people (myself included) wonder whether your reporting about Uber is fully neutral? There are probably a half-dozen news stories a day that get a major tech item wrong. And most of them involve something more significant than a downgrade from “shady” to “less shady.” But you chose this one. And at its absolute best interpretation, this story still shows Uber doing the thing that is most problematic about Uber – Uber breaking rules/regulations and doing whatever it wants. I’m not saying the correction isn’t real – it clearly is – but… so what?