New research reveals serious privacy flaws in the data practices of new internet connected cars in Australia. It’s yet another reason why we need urgent reform of privacy laws.

Modern cars are increasingly equipped with internet-enabled features. Your “connected car” might automatically detect an accident and call emergency services, or send a notification if a child is left in the back seat.

But connected cars are also sophisticated surveillance devices. The data they collect can create a highly revealing picture of each driver. If this data is misused, it can result in privacy and security threats.

A report published today analysed the privacy terms from 15 of the most popular new car brands that sell connected cars in Australia.

This analysis uncovered concerning practices. There are enormous obstacles for consumers who want to find and understand the privacy terms. Some brands also make inaccurate claims that certain information is not “personal information”, implying the Privacy Act doesn’t apply to that data.

Some companies are also repurposing personal information for “marketing” or “research”, and sharing data with third parties.

  • lunarul@lemmy.world
    link
    fedilink
    English
    arrow-up
    80
    arrow-down
    2
    ·
    30 days ago

    My cars are not modern enough for that, but I always carry a surveillance device in my pocket to make up for it.

        • potatopotato@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          29 days ago

          Did you read the article? There were a couple cases were very early Android phones were modified to appear to be off but stayed on. This is fairly common knowledge, but it’s not particularly hard to defeat.

          Everything your phone does requires a deterministic amount of power. Spying on people in particular requires even more power than normal because you need to run the power hungry gps in addition to the modem and cpu.

          If you turn off the device it should be significantly cooler to the touch, not a degree above ambient. If it’s at 100% charge but a power bank with a read out is showing it still charging, that’s a problem. Is the bootloader image different? You can verify that to some extent. When you turn it back on has it been drawing down the battery anyway? Does it require an unlock password instead of biometrics as it normally would (assuming a particularly sloppy setup)?

          This isn’t rocket surgery, in reality nobody is modding everyone’s phone to stay on forever because unless you’re an absolute troglodyte (aka the fucking old school mafia bosses they did this to) it’s going to be painfully obvious your phone is acting weird.

          • SanctimoniousApe@lemmings.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            29 days ago

            Nowhere near an expert in this, but I know I’ve seen in the past that you could set your phone to turn on at a specific time (which means the RTC at a minimum is still running) - could a determined adversary not find a way to take advantage of that?

            • potatopotato@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              29 days ago

              Depending on the chipset you can usually set rtc wakeup timers, though that typically implies sleep rather than power off so you’d still have some power draw when the device should be off. Similarly, if you’re trying to log GPS you’ll have to wake up for enough time to get a GPS lock so even at something like a 10 minute logging interval you’d get some noticable power consumption. Much much more if you’re trying to log voice or video.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      29 days ago

      Eh, my phone is reasonably unlikely to spy on me. I use GrapheneOS with location off, no Google Play services most of the time (I have a separate profile for that BS), and the only app with location access is Organic Maps. My carrier could rat on me, but I don’t think Google could.

      But I have a smart watch (Pixel 2), but at least it’s WiFi only so it can only rat on me when I get home. So I guess there’s that.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          29 days ago

          I wonder if this applies to MVNOs, or if their data is somehow aggregated. I haven’t used a major carrier for over a decade.

          That said, I can’t really do anything about the carrier because I’d like to continue receiving calls and getting mobile data. So I’ll cut down as much as I can, and to me that means cutting out Google.

          I’ve considered switching to a VOIP service and running everything over a VPN (doesn’t help with location, but cuts everything else out), but I haven’t found one that’s reliable. I need:

          • SMS/MMS
          • reliable wake when receiving calls/texts
          • reasonable voice quality

          Bonus points if I can receive calls on my computer (I’d also love to switch to a Linux phone). If I can find that, I’ll switch.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          29 days ago

          Yup, but not by Google, at least not directly.

          The problem is I want to be able to receive calls and texts while out and about. My next step is to try switching to a VOIP service and only get 2FA codes on my carrier number. That doesn’t stop location tracking from cell towers, but it does reduce how much they know about me, and it makes it easier to switch later (i.e. if making and receiving calls on my computers are good enough).

          Privacy is a process, and it’s an unfortunately frustrating one as companies sell out their customers more and more.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          29 days ago

          It’s not, but it’s a step in the right direction. Here are some additional steps I’m planning on:

          • switch to VOIP - nice extra feature is being able to call and text from my PC
          • VPN for all data - carrier can’t see DNS anymore
          • slowly move friends and family to alternatives to SMS and phone calls

          It’s a process and I’ll probably never be finished, but each step is satisfying.

          • Infomatics90@lemmy.ca
            link
            fedilink
            English
            arrow-up
            1
            ·
            28 days ago

            I was thinking about VOIP, VPN as well, and none of my friends or family would use Facebook or whatsapp

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              28 days ago

              I don’t use Facebook or WhatsApp, so that’s not an issue, but we do use SMS quite a bit, so I need something that handles that. That’s an easier problem to solve than Facebook/WhatsApp, so I’m pretty happy about that.

                  • Infomatics90@lemmy.ca
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    26 days ago

                    Anytime i bring up any chat application that is privacy friendly i get told i need to “stop watching conspiracy theories”