In the past few years, we have witnessed a rise in the popularity of ride-hailing services (RHSs), an online marketplace that enables accredited drivers to use their own cars to drive ride-hailing users. Unlike other transportation services, RHSs raise significant privacy concerns, as providers are able to track the precise mobility patterns of millions of riders worldwide. We present the first survey and analysis of the privacy threats in RHSs. Our analysis exposes high-risk privacy threats that do not occur in conventional taxi services. Therefore, we propose PrivateRide, a privacy-enhancing and practical solution that offers anonymity and location privacy for riders, and protects drivers’ information from harvesting attacks. PrivateRide lowers the high-risk privacy threats in RHSs to a level that is at least as low as that of many taxi services. Using real data-sets from Uber and taxi rides, we show that PrivateRide significantly enhances riders’ privacy, while preserving tangible accuracy in ride matching and fare calculation, with only negligible effects on convenience. Moreover, by using our Android implementation for experimental evaluations, we show that PrivateRide’s overhead during ride setup is negligible. In short, we enable privacy-conscious riders to achieve levels of privacy that are not possible in current RHSs and even in some conventional taxi services, thereby offering a potential business differentiator.
If the inline PDF is not rendering correctly, you can download the PDF file here.
 http://rideshareapps.com/2015-rideshare-infographic/. Last visited: May 2016.
 http://www.dailydot.com/technology/uber-female-driver-harassment/. Last visited: May 2016.
 http://www.reuters.com/article/uber-tech-lyft-probe-exclusive-idUSKBN0U12FH20151219. Last visited: May 2016.
 http://www.bbc.com/news/business-35888352. Last visited: May 2016.
 http://www.engadget.com/2015/03/18/uber-outnumbers-taxis-in-nyc/. Last visited: May 2016.
 https://github.com/gdanezis/petlib. Last visited: May 2016.
 http://www.businessinsider.com/blake-jareds-50000-uber-credit-free-rides-for-life-2014-4. Last visited: May 2016.
 http://fortune.com/2015/03/30/uber-stolen-account-credentials-alphabay/. Last visited: May 2016.
 Cryptographic key length recommendation. http://www.keylength.com/en/. Last visited: May 2016.
 G. Arfaoui J.-F. Lalande J. Traoré N. Desmoulins P. Berthomé and S. Gharout. A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing. Proc. of the 15th Privacy Enhancing Technologies Symposium 2015.
 Y. Aumann and Y. Lindell. Security against covert adversaries: Efficient protocols for realistic adversaries. In Theory of cryptography. Springer 2007.
 J. Balasch A. Rial C. Troncoso B. Preneel I. Verbauwhede and C. Geuens. PrETP: Privacy-Preserving Electronic Toll Pricing. In Proc. of USENIX Security Symposium 2010.
 F. Baldimtsi and A. Lysyanskaya. Anonymous credentials light. In Proc. of the 2013 ACM SIGSAC conference on Computer & communications security 2013.
 http://www.bloomberg.com/news/articles/2015-06-28/one-driver-explains-how-he-is-helping-to-rip-off-uber-in-china. Last visited: May 2016.
 www.bostonglobe.com/business/2015/01/13/uber-share-ridership-data-with-boston/4Klo40KZREtQ7jkoaZjoNN/story.html. Last visited: May 2016.
 S. Brands. Electronic cash systems based on the representation problem in groups of prime order. Proc. of the 13th Cryptology Conference 1993.
 J. Camenisch J. Piveteau and M. Stadler. An efficient payment system protecting privacy. Proc. of the 9th European Symposium on Research in Computer Security 1994.
 https://newsroom.uber.com/updated-cancellation-policy/. Last visited: Nov. 2016.
 R. Canetti. Studies in secure multiparty computation and applications. PhD thesis The Weizmann Institute of Science 1996.
 D. Chaum. Blind signatures for untraceable payments. In Proc. of the 3rd Cryptology Conference 1983.
 D. Chaum A. Fiat and M. Naor. Untraceable electronic cash. In Proc. of the 10th Cryptology Conference 1990.
 L. Chen A. Mislove and C. Wilson. Peeking Beneath the Hood of Uber. In Proc. of the ACM Conference on Internet Measurement Conference. ACM 2015.
 http://www.cnet.com/news/taxi-dispute-gets-physical-in-france-with-attack-on-uber-car/. Last visited: May 2016.
 https://developer.android.com/tools/sdk/ndk/index.html. Last visited: May 2016.
 http://nypost.com/2016/09/10/fake-uber-drivers-are-scamming-tourists-at-us-open/. Last visited: Nov. 2016.
 http://flask.pocoo.org/. Last visited: May 2016.
 http://www.forbes.com/sites/kashmirhill/2014/10/03/god-view-uber-allegedly-stalked-users-for-party-goers-viewing-pleasure/. Last visited: May 2016.
 www.forbes.com/sites/ellenhuet/2014/09/08/uber-lyft-cars-arrive-faster-than-taxis/#3f819c3c5f73. Last visited: May 2016.
 http://www.forbes.com/sites/ronhirson/2015/03/23/uber-the-big-data-company/. Last visited: May 2016.
 J. Friginal S. Gambs J. Guiochet and M.-O. Killijian. Towards privacy-driven design of a dynamic carpooling system. Trans. on Pervasive and Mobile Computing 2014.
 https://gigaom.com/2014/11/21/if-youre-worried-about-uber-and-privacy-dont-forget-lyft-and-sidecar/. Last visited: May 2016.
 https://github.com/dima42/uber-gps-analysis/blob/master/gpsdata/. Last visited: May 2016.
 P. Golle and K. Partridge. On the anonymity of home/work location pairs. In Proc. of the Conference on Pervasive Computing pages 390–397. Springer 2009.
 M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In Proc. of the 1st international conference on Mobile systems applications and services. ACM 2003.
 http://www.theguardian.com/technology/2015/may/23/us-investigates-phantom-cab-rides-on-british-uber-accounts. Last visited: May 2016.
 T. S. Heydt-Benjamin H.-J. Chae B. Defend and K. Fu. Privacy for public transportation. In Proc. of the 6th Privacy Enhancing Technologies Symposium 2006.
 G. Hinterwälder C. T. Zenger F. Baldimtsi A. Lysyanskaya C. Paar and W. P. Burleson. Efficient e-cash in practice: NFC-based payments for public transportation systems. In Proc. of the 13th Privacy Enhancing Technologies Symposium 2013.
 A. P. Isern-Deyà A. Vives-Guasch M. Mut-Puigserver M. Payeras-Capellà and J. Castellà-Roca. A secure automatic fare collection system for time-based or distance-based services with revocable anonymity for users. The Computer Journal 2013.
 http://jetsettershomestead.boardingarea.com/2015/01/08/ways-passengers-can-cheat-uber/. Last visited: May 2016.
 M. Li N. Cao S. Yu and W. Lou. Findu: Privacy-preserving personal profile matching in mobile social networks. In Proc. of the Conference on Computer Communications. IEEE 2011.
 S. Meiklejohn K. Mowery S. Checkoway and H. Shacham. The Phantom Tollbooth: Privacy-Preserving Electronic Toll Collection in the Presence of Driver Collusion. In Proc. of the 20th USENIX Security Symposium 2011.
 http://money.cnn.com/2014/08/11/technology/uber-fake-ride-requests-lyft/. Last visited: May 2016.
 P. Murphy E. Welsh and J. P. Frantz. Using bluetooth for short-term ad hoc connections between moving vehicles: a feasibility study. In Vehicular Technology Conference 2002. VTC Spring 2002. IEEE 55th volume 1 pages 414–418. IEEE 2002.
 M. Naveed S. Kamara and C. V. Wright. Inference attacks on property-preserving encrypted databases. In Proc. of the ACM Conference on Computer and Communications Security 2015.
 http://newsroom.uber.com/2014/09/inferring-uber-rider-destinations/. Last visited: May 2016.
 https://news.yahoo.com/warning-uber-account-might-sale-black-market-164144470.html. Last visited: May 2016.
 http://www.newsweek.com/uber-taxi-e-hailing-riding-app-travis-kalanick-emil-michael-josh-mohrer-uber-285642. Last visited: May 2016.
 https://www.olamoney.com/. Last visited: May 2016.
 http://www.oregonlive.com/today/index.ssf/2014/11/sex_the_single_girl_and_ubers.html. Last visited: May 2016.
 www.owasp.org/index.php/OWASP_Risk_Rating_Methodology. Last visited: May 2016.
 A. Pham K. Huguenin I. Bilogrevic and J.-P. Hubaux. Secure and Private Proofs for Location-Based Activity Summaries in Urban Areas. In Proc. of the 16th ACM International Joint Conference on Pervasive and Ubiquitous Computing 2014.
 R. A. Popa H. Balakrishnan and A. J. Blumberg. VPriv: Protecting Privacy in Location-Based Vehicular Services. In Proc. of the 18th USENIX Security Symposium 2009.
 R. A. Popa C. M. S. Redfield N. Zeldovich and H. Balakrishnan. Cryptdb: Protecting confidentiality with encrypted query processing. In Proc. of the ACM Symposium on Operating Systems Principles 2011.
 https://pypi.python.org/pypi/pycrypto. Last visited: May 2016.
 http://research.neustar.biz/2014/09/15/riding-with-the-stars-passenger-privacy-in-the-nyc-taxicab-dataset. Last visited: May 2016.
 http://sfist.com/2014/07/30/uber_still_illegally_working_sfo_al.php. Last visited: May 2016.
 http://thehub.lyft.com/blog/2014/10/15/cancelations-join-acceptance-rate-equation. Last visited: May 2016.
 http://therideshareguy.com/uber-deactivated-a-bunch-of-drivers-as-an-intimidation-tactic/. Last visited: May 2016.
 http://www.thewire.com/technology/2014/08/uber-accused-of-booking-thousands-of-fake-rides-with-rival-lyft/375936/. Last visited: May 2016.
 http://toddwschneider.com/posts/analyzing-1-1-billion-nyc-taxi-and-uber-trips-with-a-vengeance/. Last visited: May 2016.
 C. Troncoso G. Danezis E. Kosta J. Balasch and B. Preneel. Pripayd: Privacy-friendly pay-as-you-drive insurance. Trans. on Dependable and Secure Computing (5) 2011.
 https://uofi.app.box.com/NYCtaxidata. Last visited: May 2016.
 http://www.usatoday.com/story/tech/2014/11/19/uber-privacy-tracking/19285481/. Last visited: May 2016.
 M. Wernke P. Skvortsov F. Dürr and K. Rothermel. A classification of location privacy attacks and approaches. Personal and Ubiquitous Computing 2014.
 http://wspa.com/2016/01/18/uber-driver-off-the-job-after-he-charged-for-fake-puke-2/. Last visited: May 2016.