How to contact Uber about a rider safety exploit being used in the wild?

I'm sorry but they will not do a single thing about it. Just recently in Brazil a pregnant, transgender man was almost killed by an Uber driver and he didn't even get so much as a response back from the platform. There are public videos of the man threatening to kill them (he was with his girlfriend) while they were still in the car and Uber did nothing.

On a more similar note, my girlfriend last year called an Uber, and after 30 minutes of waiting for it to arrive, the person simply canceled the ride claiming she wasn't wearing a mask (they never even came close to my girlfriend, and she was definitely wearing a mask). We tried contacting support to at the very least refund us the ridiculous fee, but nothing was ever done.

Avoid Uber like the plague.

You don't call Uber, you call 911. Being locked in a car and assaulted or extorted is crime, not a software exploit. Get the license plate if you can, but even after the fact, file a police report with as much info as you can remember.

But they probably sell your marketing data so if this guy, the driver, was previously googling football (soccer) gear, and now Uber has a record of your phones being in proximity for 10 minutes, now they will add your info to a list of people interested in football (soccer) gear by association, and Uber can reap a reward by selling this info to ad companies. But track down a bad driver??? Oh no, can’t do that.

Uber's new tactic now is that simply continually close my case with no response. Does anyone actually work at Uber and understand the seriousness of this exploit? Surely someone who watches hacker News also works at Uber

I’m really sorry this happened to you, and I hope you’re safe now (and that it stays that way).

One possible safety precaution for the future might be to make it a personal habit to always photograph the car with plate and driver when they show up, if possible, before you get in. This isn’t the “right” fix for the problem, but it’s potentially something you can do to at least create the theory of consequences/evidence, in hopes that it’ll be enough of a deterrent.

Two other things come to mind, though I don’t know how feasible they’d be outside the US. Still, might be worth a shot:

1. Contract an attorney and see if you can file a private suit against Uber in court, or maybe even against local law enforcement. That MIGHT open up the possibility of forcing Uber to turn over data to comply with a subpoena depending on how the law might work there. Not great, I know, but it might be enough to get their attention at least.

This next one requires faith in humanity, and I fully recognize that fact damn near kills it at the outset, but here goes…

2. ASK OTHER UBER DRIVERS AND PASSENGERS TO FILE SUPPORT REQUESTS ABOUT THE ISSUE. If enough people raise enough hell about it, maybe someone capable of independent thought, someone who can do more than copy and paste canned responses, will become aware of this and have “the feels” as they DAMN WELL SHOULD. And maybe then something can get done.

Like I said, requires faith in humanity so it’s probably the longest of long shots. But right now it sounds like a long shot might be the only shot ya got.

Good luck to you, and stay safe out there!

PS - Fellow hackers o’ the news, if you can do this without major consequences, maybe voice some concern for your fellow (hu)man, over Twitter, or whatever. Not much we can do individually by ourselves, but with enough voices, maybe we can form a chorus loud enough to help. It’s a small ask, IMO, and we can hopefully save future victims from harm.

Just want to add an update. I finally got a call from someone at Uber who was interested in taking this seriously. So far it's been a positive experience. They listened and understood the mechanics of this exploit that drivers can use. They are working to assist me, but also it seems they do grasp that there is an an ongoing exploit here that drivers are using in the field.

While my incident involved assault, there are other incidents that do not. For example, I've had several drivers message me before they picked me up asking for additional money or my destination. This is explicitly against the driver's terms of service to be an Uber contractor. Just uses the same exploit mechanism of when the driver cancels the ride you can no longer report inappropriate driver behavior. The driver failing to pick you up is annoying behavior but still is the exact same exploit mechanism.

I believe now that Uber has the information to validate that this exploit is going on currently. It may not be used in the US as I've never seen it there but it is definitely happening in the Dominican Republic.

For everyone who's insisting this is 100% of police matter I think you're missing the greater point here. You need to get outside of your local bubble and deal with police and other countries and other locales they do not operate on the same set of ideals and principles as they do in most of the United States. Also that argumentation ignores Uber's responsibility in this matter which is to provide an efficient mechanism to report bad drivers. That mechanism was completely missing here and is cause for the exploit that I was trying to report here on hacker News. It's important that this exploit be made known and that Uber finds a way to address it because if it can happen to me it will happen to other people and it has happened to other people. It may just be the annoyance of canceled rides so far for others but at least in one instance it did rise to the level of assault.

Uber should have a vested interest in ensuring that their drivers are of the highest caliber. Since I had at least three rides where the driver accepted and then canceled after a message where I refused to pay them additional I would think it would be trivial for Uber to use monitoring on messages between riders and drivers and detect this kind of thing. After all detecting a driver demanding a tip prior to pick up or requesting a destination prior to pick up is a much easier prospect than a self-driving car.

I wish it didn't take 3 days to get to this point but I'm currently very satisfied with how Uber is handling this now.

It's very hard to do something after the event. But it is important that this is a warning to others. Perhaps taking some precautions is a good idea. Take a photo of the Uber, including the plate number. If you can, a photo of the driver and screenshots of the booking, etc. Then you have some evidence to file with the police.

That's truly a blindspot for everyone - you'll have to assume they have logs of accepted & canceled rides.

The only thing I can think about for now is taking screenshot of accepted rides as a record.

You're definitely going to want to make a police report.

The rider goes to law enforcement/security services, they take the appropriate measures to get the data from Uber even if it's not possible to do so from the app.

Reverse scenario:

- Rider requests a ride

- Rider meets driver

- Rider assaults and extorts driver

- Rider cancels the ride.

Go to the media, you're not doing anything @'ing Uber or filing a police report.

If Uber PR has to deal with a growing news story being put in front of potential customers, they'll do something about it.

If you have Android, can you check your notification history? There might be the driver's name on one of them, like "xyz is on route" or sth.

Going to the police, they might have access to security cameras in that neighborhood to check the car's plate.

If they touched your belongings and you still have them, it might be worth giving them to the police to run finger print tracing.

Hopefully someone here can hack the data stored in the Uber app (in storage) or site (json responses) and see if the registration number is in there somewhere. It wouldn’t surprise me if the meta data is in there even if inaccessible via normal means. The data would have flowed through the app to show you the name of the driver and plate number at the point they agreed to the pickup.

Obviously they can only hack their own app but then once successful they could publish how they did it so you can repeat it for yourself.

Also try this https://help.uber.com/riders/article/request-a-copy-of-your-... and see what they send.

A long shot perhaps.

Another long shot - was there any nest cams in the near vicinity? Do your own police work, but a silver platter, and hand it all over to the police.

They did this to me for three years, including after I talked to humans.

In 2017, a policy change meant that when a rider reported a driver, the driver rating stayed. Prior to that, things were being handled. Afterwards, a five year five star account dropped to 2.6 in two months.

The only solution was to stop using Uber.

I've been gone for four years.

What I learned is that Uber is needed in tiny towns, but in every decent sized city, I have better experiences with lyft and flywheel anyway.

What originally brought me to Uber was faster, lower hassle rides with fewer scams.

No loss, it turns out

Doesn't Uber show the car model and licence plate when the ride is accepted?

Looks useful to make a screenshot and have it uploaded to the cloud in case such a driver steals your phone on top of harassing you.

Hope you are safe now.

Which market are you in and who did you end up getting in touch with in support? Did you try the Safety Incident Support Line? At least in the US that is 1 (800) 285-6172.

Without getting into specifics they absolutely do have a way to track down the driver regardless of the state of the trip / who cancelled.

Get a driver willing to help you simulate the situation. Record it, put it on YouTube/TikTok.

If the ride has been accepted, there most certainly is a log on Uber’s side. It may not show up in your history, but it is there. I hope you are safe now and your health is intact, but please consider filing a police report. Even if you did not note the license plate, location, time, vehicle info, description and name of the driver, etc - this all can help identify the driver. On top of that, your state may have a consumer protection agency or even contacting a state’s attorney office maybe useful, if it is a systematic issue. Also, see if it is worth filing a civil lawsuit. Maybe even in a small claims, depends on the damage.

Even if they have the history, they will generally do nothing about complaints against riders or drivers more than review data and possibly cancel account

have you brought this incident to the polices attention?

If they actually want to, most databases keep some kind of history. The problem is that they don't want to be able to deal with it.

Tweet at them?