this post was submitted on 23 Nov 2024
554 points (98.9% liked)

Technology

59669 readers
3027 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

New research reveals serious privacy flaws in the data practices of new internet connected cars in Australia. It’s yet another reason why we need urgent reform of privacy laws.

Modern cars are increasingly equipped with internet-enabled features. Your “connected car” might automatically detect an accident and call emergency services, or send a notification if a child is left in the back seat.

But connected cars are also sophisticated surveillance devices. The data they collect can create a highly revealing picture of each driver. If this data is misused, it can result in privacy and security threats.

A report published today analysed the privacy terms from 15 of the most popular new car brands that sell connected cars in Australia.

This analysis uncovered concerning practices. There are enormous obstacles for consumers who want to find and understand the privacy terms. Some brands also make inaccurate claims that certain information is not “personal information”, implying the Privacy Act doesn’t apply to that data.

Some companies are also repurposing personal information for “marketing” or “research”, and sharing data with third parties.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 35 points 3 days ago

~~If this data is misused~~

When this data is misused

[–] [email protected] 14 points 3 days ago

I like the time they implied it would somehow protect people from sexual assault, but just ended up just revealing how personal the data they have can be

[–] [email protected] 78 points 4 days ago (2 children)

My cars are not modern enough for that, but I always carry a surveillance device in my pocket to make up for it.

[–] potatopotato 11 points 4 days ago (1 children)

At least that one has an off button

[–] sugar_in_your_tea 4 points 3 days ago (17 children)

Eh, my phone is reasonably unlikely to spy on me. I use GrapheneOS with location off, no Google Play services most of the time (I have a separate profile for that BS), and the only app with location access is Organic Maps. My carrier could rat on me, but I don't think Google could.

But I have a smart watch (Pixel 2), but at least it's WiFi only so it can only rat on me when I get home. So I guess there's that.

[–] [email protected] 8 points 3 days ago (1 children)

Your carrier HAS ratted on you. Under the incoming US administration, I've little doubt they will again.

load more comments (1 replies)
[–] [email protected] 3 points 3 days ago (1 children)

If your phone is connected to the cell network, then you can be tracked.

https://youtu.be/wVyu7NB7W6Y

load more comments (1 replies)
load more comments (15 replies)
[–] [email protected] 12 points 3 days ago (2 children)

So how can I disconnect my car from the internet?

[–] [email protected] 3 points 2 days ago

In general, don't allow it to connect to wifi. As for specific makes/models that might have their own uplink, look into disconnecting antennas.

[–] [email protected] 3 points 3 days ago (1 children)

Rip out whatever transmitters they put in?

[–] sugar_in_your_tea 2 points 1 day ago

And frustratingly, it's different in each car. Sometimes it's in the center console, sometimes it's behind the infotainment system, and sometimes it's buried under the dash somewhere. Sometimes you'll get lucky and it'll have its own fuse, and other times it'll cause issues depending on which part you disconnect (SIM vs antenna).

It really sucks.

[–] [email protected] 12 points 3 days ago
[–] [email protected] 61 points 4 days ago (8 children)
load more comments (8 replies)
[–] [email protected] 35 points 4 days ago (1 children)

It shouldnt just be called a privacy risk. Its a safety risk because it enables stalking with little to zero effort on the stalkers side.

[–] [email protected] 9 points 4 days ago (1 children)

Please describe this zero-to-little effort attack chain.

[–] [email protected] 22 points 3 days ago (1 children)

You go to a data broker that sells "anonymized" location data and give them money and a region of interest. Done.

[–] sugar_in_your_tea 6 points 3 days ago (2 children)

Yup. Police do that, and I'm guessing it wouldn't be too hard if you're persistent (claim to be a private investigator or something).

[–] [email protected] 5 points 3 days ago* (last edited 3 days ago) (3 children)

Found it (In german but we have translators these days...) https://netzpolitik.org/2024/databroker-files-firma-verschleudert-36-milliarden-standorte-von-menschen-in-deutschland/

This is about phone location data, but i dont see any reason why cars would be any different, they create less privacy sensitive data than phones in a way.

The people that wrote this article actually got a huge amount of slightly older data for free just as a sample. But this is the scale these data brokers operate at:

The data itself comes from the US company Datastream Group. It offers such location data on a monthly subscription basis. According to the offer, it comes from up to 163 countries and is updated hourly.

You can buy huge amounts of location data for anyone anywhere that uses a standard google or apple phone. Im not sure if you even need to have some random app, like socials or anything with ads in it, installed that leaks this data or if its just google and apple themselves that sell it. All you need is a single identifying point of confirmed time+location for your target and then you can reconstruct their entire movement from that.

This has very obvious and less obvious horrible implications. Things like tracking victims of abuse, finding out peoples home address after meeting them once, tracking military personnel movement, tracking people going to sex related locations, prisons, abortion clinics, endless potential for abuse.

[–] sugar_in_your_tea 5 points 3 days ago

Awesome!

The difference, though, is I can turn off my phone if I want to, but I can't really turn off the car tracking unless I tear apart the car to remove the antenna (or at least the power). Some cars make it easy in the fuse box, but others make it a PIA.

I'm planning to switch to a VOIP number and only use my SIM for data and SMS 2FA. Then I can turn off/remove the SIM as needed. Once I don't need SMS anymore, I can get a data only SIM and hopefully hide among the various iPads and smart watches.

I wish I could trust my carrier, but articles like the one you mentioned remind me that I really can't.

load more comments (2 replies)
[–] [email protected] 4 points 3 days ago

claim to be a private investigator or something

Oh no absolutely not necessary, this is commercially for sale data that anyone can buy as long as you dont make it obvious that you are up to no good. I will see if i can find the last article i saw about someone testing this themselves.

[–] spyd3r 12 points 3 days ago (3 children)

My next vehicle is going to be fully mechanical with a carburetor and no computerized bullshit.

[–] [email protected] 1 points 9 hours ago

I did.

I had a 2012 mazda 5, everything completely mechanically sound. Immobilizer failure killed the ECU and 3 different electronics specialist, and 2 dealers couldn't get it working.

I bought a 1963 Ranchero (170ci inline six). You'd be amazed how cheap and widely available pretty much ALL the parts for old Fords are too.

It also cost me less than half of a new Corolla.

[–] [email protected] 11 points 3 days ago

I'm really hoping Aptera is successful. Their main selling point is "solar mobility" basically, they designed a hyper-efficient car that looks sort of odd because efficiency is the main design factors. They hope to gain meaningful charge from solar panels on the vehicle because it's so efficient. They're thinking like 50 miles a day in someplace like California.

But they've also committed to being open with their vehicle and architecture by providing first-party spare parts and supporting open source stuff like open pilot.

If they keep on their consumer-friendly path, I'm hopeful for my data privacy if I get a future car from them

[–] [email protected] 11 points 3 days ago* (last edited 3 days ago) (3 children)

Just get an early OBD 2 car with no internet access and you are good or get an EFI kit for an old car as well. Carbs suck.

load more comments (3 replies)
[–] [email protected] 32 points 4 days ago

Modern cars have been privacy invading for a while. Goes back to the ownership torch thing again. Tesla can disable your car if they want. Why pay so much up front if you're not in control? Old vehicles are the way to go.

How would you even know about any of this stuff? I am not fortunate enough to afford a new vehicle but I imagine when you're at the dealer they're not like "so these cameras will watch you all the time... For safety and security, of course..."

[–] [email protected] 6 points 3 days ago

This is why I'll own older cars for the rest of my life.

load more comments
view more: next ›