« Dispute over analysis of school quality and home prices shows social science is hard | Main | Ramp metering magic »

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Adam Schwartz

Regarding the "persistent identity" I suspect this is done using something about the device that is persistent beyond the erasure of software. For example, the MAC address (it's similar to the IP address) of the network card is persistent and I believe unique. The operating system allows a developer to query that number for a variety of reasons. Obviously it also has the effect of uniquely identifying the device, even if wiped of software.

It may be that Uber isn't so much writing software that persists beyond wiping the device as it is possible for them to associate a certain device with having previously had an Uber account. When the device is wiped and the Uber app reinstalled, they can still query the hardware for that number and then re-associate that phone with a prior Uber account because of that persistent number.

Cody L. Custis

As other posters have pointed out, Uber did not all unique code to the device that is persistent when erased, instead, it accessed a unique device ID (such as the IMEI) in violation of Apple's Terms of Service.

Richard Penny

From experience I have found that I have to do some work to find out what is meant by "anonymized". For many it's "We deleted anything that directly identifies you e.g. names, address, SSN and phone number". Of course, as you explained above, it doesn't take much data to identify you. I prefer "confidentialised" myself.

Kaiser

AS, CC: Thanks for clarifying. Then, they probably had the ID saved in their databases which they could reference later, as opposed to having some persistent "code" (something like a cookie) installed on the phone itself.

RP: Yes, anonymized typically means no PII, which has a legal definition. However, the reporters clearly stated that Slice uses anonymized to mean no customer names. And yes, users can take actions themselves.

Ken

I expect the reason they didn't work something with credit cards is that it would break the card companies terms which would be even more fatal. It is possible that they don't even see the card details or are required not to record them in certain forms. I do have a little bit of sympathy for Uber, it is going to be difficult for any company running this type of business if once they detect a phone being used in a fraudulent way there is nothing they can do because the phone is simply rebirthed.On the other hand anyone who has done software development on Apple computers knows that their rules are not allowed to be broken whether or not there is a good reason.

Kaiser

Ken: Given that most second users of an iphone will be legitimate people and not scammers, how does this fraud detection method work?

Ken

Kaiser: I don't think the aim of Uber was to block every rebirth iPhone. The method would be simple. Extract the phone identifier using a method that wasn't officially allowed and associate that with the customer details. Then if the customer is blocked also block their phone which prevents them repeating the scam at least with that phone. It tends to make it poorer value for the driver to cheat. The problem is that Apple check for this type of unofficial access so Uber turned off the checks whenever the IP address was within the blocks allocated to Apple. Apple have realised that this might happen and will have just rerouted blocks of IP addresses from elsewhere.

The comments to this entry are closed.

Get new posts by email:
Kaiser Fung. Business analytics and data visualization expert. Author and Speaker.
Visit my website. Follow my Twitter. See my articles at Daily Beast, 538, HBR, Wired.

See my Youtube and Flickr.

Search3

  • only in Big Data
Numbers Rule Your World:
Amazon - Barnes&Noble

Numbersense:
Amazon - Barnes&Noble

Junk Charts Blog



Link to junkcharts

Graphics design by Amanda Lee

Community