- Business Insider/Google
Uber’s “Share Your ETA” feature is helpful to let friends or family know you are en route.
Just don’t share that information publicly.
A search of the site “trip.uber.com” returns dozens of trips on the ride-hailing app. Each link pulls up a map of the trip along with the passenger’s name. The driver’s photo, name, license plate, and car model is also easily identifiable.
In the source code of the page, Uber’s trip information contains private data, including exact addresses – though credit card information was not included.
Each trip link logs the exact address for pick up and drop off, along with the times, in the source code. While most of the driver’s information is public facing already, the source code also identifies the driver’s rating – although not the passenger’s.
The only way for these to have turned up in a Google search is for the rider to have deliberately shared it on social media, according to an Uber representative.
“This is not a data leak. We have found that all these links have been deliberately shared publicly by riders. Protection of user data is critically important to us and we are always looking for ways to make it even more secure,” an Uber representative said.
The ride-hailing company added the “Share Your ETA” feature in 2013 to help passengers let an acquaintance stay abreast of their travel progress.
— Mikko Hypponen (@mikko) September 2, 2015
When a rider chooses to share it, a text message pops up that lets them send a link.
It’s only when this link is posted publicly on a site that is cached by Google that it appears in the search results. There’s no way to share the link on social networks from within the application itself, so a rider has to be sharing it deliberately.
Still, riders may not be aware how much information they are sharing.
While the pins show up on a map along with the ETA and driver’s information, there’s no indication that the passenger’s exact address of origin is also included in the source code. Even someone who you text the link to can look in the source code and see the exact address inputted, so only share your ETA with people you trust having that information.