Uber is a staple of the gig economy, for better or worse, and a disruptor that once sent shockwaves throughout the mobility space. Now, however, Uber is being taken for a ride. The company is handling a reportedly far-reaching cybersecurity breach. According to the ride-hailing giant, the attacker has not been able to access sensitive user data, or at least, there is no evidence to suggest otherwise. Whether or not sensitive user data was exposed, this case points to a persistent issue with today’s apps. Can we continue to sacrifice our data — and thereby our privacy and security — for convenience?
Web2, the land of hackable honeypots
Uber’s track record for data breaches is not exactly spotless. Just in July, the ride-hailing giant acknowledged hushing up a massive breach in 2016 that leaked the personal data of 57 million customers. In this sense, the timing of the new incident could not have been worse, and given how long it takes to establish the damage done in such breaches, the full scale of the event has yet to reveal itself.
Uber’s data breach is not anything out of the ordinary — Web2 apps are ubiquitous, ever reaching further into our lives, and many of them, from Facebook to DoorDash, have suffered breaches as well. The more Web2 apps proliferate across the consumer space and beyond, the more often we will get such incidents in the long run.
The issue comes down to the very architecture of apps built on Web2. Through their centralized tech stacks, they naturally create honeypots containing users’ sensitive data from payment details to consumer behavior. As users funnel more and more data through various consumer apps, hackers have more and more honeypots to pursue.
The only true solution to the problem is also the most radical one — consumer apps should embrace Web3, restructure their data and payment architectures to grant users more security and privacy, and welcome this new era of the internet.
What would a Web3 Uber look like?
Web3 does not necessarily mean a change in the app interfaces we interact with. In fact, one could argue that continuity and similarity are key to adoption. A Web3 Uber would look and feel pretty much the same on the surface. It would have the same overall purpose and function as existing Web2 ride-hailing apps. Below the deck, however, it would be a very different beast. All the benefits of Web3 such as decentralized governance, data sovereignty and inclusive monetization models — systems that distribute earnings democratically — are engineered below the surface.
Web3 is all about verifiable ownership. It is the first time that people can verifiably own assets, be it digital or physical, through the Web. This pertains to ownership of value in the form of cryptocurrencies, but in the case of Web3 ride-hailing, it also pertains to retaining ownership of your data and ownership of the apps, underlying networks and the vehicles themselves.
In practical terms, a Web3 Uber will allow users to control how much data they give, to who and when. Web3 Uber would ditch centralized databases in favor of peer-to-peer networks. Self-Sovereign Identities — decentralized digital IDs that you own and control — would allow people and machines alike to have decentralized digital passports which are not dependent on any one central authority for their proper function.
Drivers and passengers would be able to verify themselves on the Web3 ride-hailing app with their SSI in a fully peer-to-peer manner. They would also be able to choose what data they’d like to share or sell and to whom, exercising full ownership over their personal information and digital footprint.
Decentralized governance will make for another monumental shift. It will mean that all stakeholders, be it drivers, passengers, app developers and investors alike, will have the ability to co-own, co-govern and co-earn on all levels – from the infrastructure powering the decentralized application (DApp) to the intricacies of the DApp itself. It would be a ride-hailing app by users, for users.
Imagine for a moment that the fees charged by Uber were voted on by drivers and passengers, not dictated by a boardroom in Silicon Valley. Ask the next Uber driver what they think of that. Users, for their part, will be able to vote things like disaster-time price surges into the bin. For drivers all over the world, Web3 ride-hailing will mean being paid fairly without a third-party corporate intermediary taking a cut.
Web3 also enables a new kind of sharing economy, one where anyone, anywhere is able to own the vehicles being used by ride-hailing apps or any other kind of vehicle-focused app via machine nonfungible tokens (NFTs) — tokens that represent ownership over pools of real-world vehicles. It will be possible for the communities in which these vehicles operate to have ownership rights over those same vehicles, granting the ability to vote on how they’re used and giving them an income stream. The more these increasingly intelligent machines provide goods and services to the community, the more the community earns. Web3 is turning the status quo on its head.
A shift to Web3 in consumer apps will address the root cause of the persistent breaches, removing the very need for centralized data honeypots without necessarily making things more complicated for users. Despite that being an enormous paradigm shift in and of itself, data sovereignty is just one of the advantages a Web3 Uber would have over Web2 Uber.
In the future, blockchain will become something as unseen as the inner workings of Google Pay — just fully accessible to those who wish to view it. It will be something users unknowingly interact with when ordering a pizza or hailing a ride — yet absolutely fundamental to a fairer, more democratic society in the digital age.
Max Thake is the co-founder of peaq, a blockchain network powering the Economy of Things on Polkadot.