Ming Ding | Information Security and
Privacy Group | Data61, CSIROWorst -case scenario of privacy violation -Death
•The consequences of privacy violation -The Didi P2P Ridesharing Case (an Uber -like
company)
➢Two datasets, linked by Didi usernames, were continuously published by Didi in plain text
➢Travel demand dataset (someone wants to travel alone to a remote place at midnight )
➢Free -text passenger review dataset (gender , age group , physical appearance [height, hair colour,
sexuality])
➢Irresponsible disclosure of data => Two murder cases in May/August 2018
➢The murderers, disguised as ride -share drivers, knew exactly when , where , and whom to hit
➢Crackdown on Didi by its government in July 2021. Stock price plunged. Wiped off $49 billion
market value.
https://www.nytimes.com/2018/08/26/busine
ss/didi -chuxing -murder -rape-women.html