New research reveals serious privacy flaws in the data practices of new internet connected cars in Australia. It’s yet another reason why we need urgent reform of privacy laws.
Modern cars are increasingly equipped with internet-enabled features. Your “connected car” might automatically detect an accident and call emergency services, or send a notification if a child is left in the back seat.
But connected cars are also sophisticated surveillance devices. The data they collect can create a highly revealing picture of each driver. If this data is misused, it can result in privacy and security threats.
A report published today analysed the privacy terms from 15 of the most popular new car brands that sell connected cars in Australia.
This analysis uncovered concerning practices. There are enormous obstacles for consumers who want to find and understand the privacy terms. Some brands also make inaccurate claims that certain information is not “personal information”, implying the Privacy Act doesn’t apply to that data.
Some companies are also repurposing personal information for “marketing” or “research”, and sharing data with third parties.
Yup. Police do that, and I’m guessing it wouldn’t be too hard if you’re persistent (claim to be a private investigator or something).
Found it (In german but we have translators these days…) https://netzpolitik.org/2024/databroker-files-firma-verschleudert-36-milliarden-standorte-von-menschen-in-deutschland/
This is about phone location data, but i dont see any reason why cars would be any different, they create less privacy sensitive data than phones in a way.
The people that wrote this article actually got a huge amount of slightly older data for free just as a sample. But this is the scale these data brokers operate at:
You can buy huge amounts of location data for anyone anywhere that uses a standard google or apple phone. Im not sure if you even need to have some random app, like socials or anything with ads in it, installed that leaks this data or if its just google and apple themselves that sell it. All you need is a single identifying point of confirmed time+location for your target and then you can reconstruct their entire movement from that.
This has very obvious and less obvious horrible implications. Things like tracking victims of abuse, finding out peoples home address after meeting them once, tracking military personnel movement, tracking people going to sex related locations, prisons, abortion clinics, endless potential for abuse.
Awesome!
The difference, though, is I can turn off my phone if I want to, but I can’t really turn off the car tracking unless I tear apart the car to remove the antenna (or at least the power). Some cars make it easy in the fuse box, but others make it a PIA.
I’m planning to switch to a VOIP number and only use my SIM for data and SMS 2FA. Then I can turn off/remove the SIM as needed. Once I don’t need SMS anymore, I can get a data only SIM and hopefully hide among the various iPads and smart watches.
I wish I could trust my carrier, but articles like the one you mentioned remind me that I really can’t.
I would mention de-googling your phone but it doesn’t stop HW backdoors. would flip phones be effected? what the hell do we do?
HW backdoors are probably not something that brokers like these leverage so its a different topic. They just like making easy money from ad tracking systems, they dont wanna work hard and fuck around with zero days.
If you have physical security worries (government trying to kill you) then you either need graphene on a pixel and hope there are no RCE HW backdoors or something else entirely or no phone.
But the “tracking by default” in normal phones, with data being easily available is an issue that affects almost everyone not just high risk individuals.
Oh no absolutely not necessary, this is commercially for sale data that anyone can buy as long as you dont make it obvious that you are up to no good. I will see if i can find the last article i saw about someone testing this themselves.