General

My eyes! It’s fibre! In my road. Right here, right now. Finally. Now just to get Telkom to play ball and install before Christmas. 

Say no more!

A video posted by Jason Elk (@jasonelkdotcom) on Mar 12, 2016 at 12:51am PST

— Two days after uploading this video, Lula – my 5 year old golden retriever and best friend – has died. She suffered from epileptic fits and seems to have fallen into the pool this morning and drowned while having a fit. She was the smartest, sweetest, most supportive, understanding and unconditional friend anyone could ask for. I’ll miss and remember her always. Love you, Lula girl.

RIP Shiva and Roxy. So many happy years. Hope you’re running free now somewhere far away from pain and discomfort. pic.twitter.com/EH16aBzuvn

— Jason Elk (@jasonelk) February 10, 2016

Stretching across my medium thread count sheets in a hotel room in Sydney this morning (it’s about 7am here right now), I grabbed my phone to check the regular updates.

Twitter, Facebook, Insta … woah. Social media immediately takes a back seat to a notification from Uber thanking me for my business and charging me for a trip I had just been charged for in Sandton, Johannesburg.

An impressive feat, given that I’m in a horizontal state, 10 floors up on the east coast of Australia.

I stop breathing. There must be some mistake. Uber’s famous UX means that their magical transaction processing is somehow locked to my phone or mobile number, right? Wrong. Very wrong.

It turns out that anyone with your account details (email address and phone number) could order any Uber trip they like. From anywhere in the world. All while you haven’t even opened your curtains to marvel at the view in a city on the other side of the globe, for instance.

In the last 30 minutes, I’ve changed my password to a ridiculously complex string (that even I have 0% chance of ever remembering), mailed Uber, tweeted the South African crew (@Uber_RSA), heard back from the global support team (@Uber_Support), and paid for a very upbeat passenger’s free trip somewhere in the middle of Sandton. I haven’t, however, been refunded by Uber yet.

Sitting in Sydney and @uber_rsa just charged me R62 for a trip in Sandton! What’s going on, guys? Hacked?! Error?! Contact me urgently pls!

— Jason Elk (@jasonelk) January 31, 2016

Searching Twitter for other conversations about Uber hacking, it seems I’m not the only user to have had a fraudulent transaction come through from Uber in South Africa:

@Uber_Support My account got hacked and used in S Africa, where I've never been, and I've gotten zero response to emails about it. Help.

— Joe Yonan (@JoeYonan) January 30, 2016

Looks like yet another Uber minicab customer in #London has had their #Hacked #Ubered pic.twitter.com/dowm6huTr3

— Uber-X-Files LDN (@Ubered_X_File) January 31, 2016

OK. Now what is Uber going to do about this? This tweet suggests that Uber will only refund users in Uber credits:

#Uber accounts get hacked daily…and you end up paying for journeys you did not take #Uber gives refund in credit pic.twitter.com/xsGFceYmHv

— London Taxi Trade (@londontaxitrade) January 29, 2016

Thanks for that, but no thanks. You took my money from my credit card, so you’ll kindly put it back there, if you don’t mind.

Before I go, here’s a free suggestion for your product backlog, Uber guys:

Allow users to bump up their own security with a toggle that may hinder your trademark friction-free UX, but that would keep me as a user and make it safe for millions of others. Allow me to receive a unique text code with every order, which needs to be entered in the app before you send out your driver and long before you charge me for the ride. Think about it. Bulletproof evidence of ordering, sleepless nights for users storing their credit card details with you, fewer chargebacks, and zero free trips for the bugger in Sandton who scored a free trip tonight.

While I make a less than stellar cup of tea with an in-room hotel kettle, I’m left a little battered and bruised. I’m sure that Uber, as a right minded startup with a history of being on the side of the common man, will do the right thing and refund me in full. And confirm that my account is now (relatively) secure. That would be nice.

*** Update ***

I’ve just heard back with good news from the @Uber_Support peeps. They’ve taken the following actions:

1. Refunded my credit card for the fraudulent trip. High five. The most important immediate response. Thank you.
2. Automatically changed my password, waiting for me to choose a new one that’s more secure.
3. Put a hold on my payment method in the app until I reconfirm the details (requiring step 2 above) before it can be charged again.

I’m impressed by their excellent turnaround time and no-nonsense approach to correcting the situation. I still think my security feature suggestion would be the first prize solution here, and only hope that the right people at Uber find some space for it on their roadmap.

The term ‘stiffy disk’ was a South African thing, apparently. And it made complete sense. I remember bemoaning the installation of Windows 3.1 at school, which took ages not just because you had to wait-and-insert stiffy disk after stiffy disk, but because invariably the installation would fail halfway at least 5 times, meaning starting the whole process all over again. There was no greater victory than arriving at school the next day to proclaim that your installation had completed successfully. And it was sure as hell a lot better than suffering the whiirrrrrriinnggg sound of death that came with 5.25 inch floppy disks! Long live the stiffy disk!

We were pioneers:
http://www.cs.mcgill.ca/~rwest/wikispeedia/wpcd/wp/f/Floppy_disk.htm

P.S. Boo, floppies!

The views from a peaceful morning stroll through Helderberg Nature Reserve.

Cowabunga, dude!