- cross-posted to:
- privacyguides@lemmy.one
- cross-posted to:
- privacyguides@lemmy.one
Below is the full-text of a Mozilla campaign email I received. Mozilla’s consumer buyer’s guide Privacy not included reviews apps and consumer electronics to help the general public choose products that better respect their privacy, and occasionally organizes petitions & campaigns to push for privacy regulation and accountability.
The bad news: major car companies say they can listen to us in our cars, collect our genetic information, track information about our sex lives, and sometimes even sell our personal information to places we don’t even know.
The good news: major car companies are also listening to our complaints about data privacy.
Last week, [Mozilla] revealed research showing that 25 global car brands are out of control when it comes to collecting, protecting, and even selling our personal information. And [Mozilla] stirred up a hornet’s nest.
Immediately, the auto industry scrambled to defend their disturbing surveillance practices: They spoke to the international press and wrote to the United States Congress, claiming that their car companies are “committed to protecting consumer privacy” and even called for regulation themselves.
As infuriating as this may be, it’s actually good news for our cause. If the auto industry is already getting so defensive, it means they are feeling the pressure from our research and all the bad press. And that means we’re making an impact.
Now is the time to use the momentum, increase public pressure and make car companies stop their intrusive data collection practices. Will you join thousands of Mozilla supporters and become part of the campaign?
You must log in or register to comment.
Like it or not, Mozilla is among the last bastions of sound, honest software.
I have friends there and have sold to their infosec team before. It’s real as fuck. The people are about it. I love them.
If we are talking major software making companies/groups, then I’ll happily agree pretty much 100% with that statement because there are definitely plenty of small groups following their footsteps in one way or another.
deleted by creator
They spoke to the international press and wrote to the United States Congress, claiming that their car companies are “committed to protecting consumer privacy” and even called for regulation themselves.
“Gee whizz we awe vewy sowwy fow doing a pwivacy invasion” 👉👈🥺
I’m beyond sick of corporations knowing they can do whatever they want as long as they run to congress and flagrantly lie.
To be a fair here even though I dislike corporations just as much. In the past I have seen big corporations call for regulations in their own shady tactics. In those cases they felt like they needed those malicious practices to stay competetive with the other companies doing the same shit. Basically they want to stop but feel like they can’t since the competition is doing it too.
I’m not sure this is the case here. But that stuff sometimes happens.
Yeah but those supposed companies that “needed those malicious practices to stay competitive” also could have done the thing Mozilla is now doing. Could even use direct knowledge and proof of those practices in a big ad campaign about how they actively don’t want all your info. This “doing it because everyone is doing it” headspace is one of the many corpo versions of “just following orders.” I understand the point you are making, but it isn’t like any of these companies are too small to fight back. Allowing this kind of thing (beyond just this specific instance) just further gaslights us at a consumer level into continued abuse being normalized and okay. Which makes it even harder to do anything about it.
Just like with how we see that a major amount of voters literally just give up and see everything as pointless in doing anything (and that is assuming that they even know about any information at all). Or how we are trained to only see one or two day polite marches in protest of something as being the whole “fight” and just go home. But when people don’t just go home or “stay out of normal people’s ways” it is seen as those protesters being “unrealistic” or even “assholes in the way.” The whole point of protests is to literally be as in the way of “normal life” as possible to push whatever change they are fighting for.
I actually agree with all your points.
I just think regulation which outlaws the problematic or unethical behavior is one possible way to improve the situation. And I am not against a company calling for these kinds of regulations.
Even with Mozilla as an example. Banning or limiting data collection or web standard warping practices would strengthen Mozilla against their competition.
[…] vewy sowwy fow being cawt doing […] *
Actually it wouldn’t be outrageous for them to call for regulation. Right now they are almost forced to do what everyone else is doing to stay competitive. It there were more regulations they could all compete on a better level.
Every time a corporation or group of corporations ask for regulations to be placed on themselves, that’s a massive red flag that they are going to lobby to cut the legs off of that regulation, or they will make the regulation give them more power.
An optimistic interpretation is that they feel like they can’t stop data collection without being hurt in the marketplace by competitors who will make more money by continuing to collect data, so they want governmentregulations to level the playing field.
That’s being really charitable though…
It’s all about dat $$$ for the shareholders. Not a bad interpretation, though.
I just sent a request to get all info they had on me and my car. Will be interesting
how do cars transmit the data they collect if they don’t have a wifi connection?
Cellular modems.
And of course disabling these modems cause the cars to throw up warnings and potentially put the car in limp mode, so you can’t even turn the damn things off without potentially bricking the car.
Depends on the car. IIRC in newer GM cars you can just pull the fuse for the cellular modem and generally just lose the connected features.
But it is also likely that the car companies have a separate system in the car’s computer that acts independently of the main infotainment system for sending data. Even if you aren’t paying for any of the “extras/add-ons”, it could still get information from your phone just being used with Bluetooth or ping your WiFi if it is on and your phone visible. Also given how much more actively these companies are all trying to get passive income from our data. I wouldn’t be shocked if the other commenter’s point about getting all kinds of “errors” popping up if disabled (especially if a fuse is pulled/modified). We already see that non-car companies like John Deere go to some big levels to remove your control over something you bought and DRM shit that has zero reason outside of forcing us to pay only them for repairs. We as people aren’t allowed to control both our physical devices or our data, and big corps are just allowed to skim everything and sell it to any other parties that pay for it. Hell even our legal system and enforcement are allowed to bypass our rights that prevent search and seizure by just going to these companies instead of us.
No, that isn’t likely. People have fully disassembled these cars. There isn’t a secret second telematics module inside the seat cushions. If you disconnect power from the telematics module it can’t transmit data. If you want to be extra sure you can also wrap the module in faraday material, disconnect the antennas, or remove it completely. Data transmission isn’t magic; it requires hardware.
At that point the most that could happen would be a mechanic dumping the data and uploading it to GM. Big corps are high resource, low motivation adversaries. They’re not going to spend tons of time and effort going after the <0.1% of people who physically disconnect telematics modules.
Every time you take your car to be serviced by tge dealer it’s plugged into a diagnostics computer which reads the ECU, with the price of storage it is entirely possible that disabling the cell connection just causes the ECU to write it to local storage for upload at service read. The diagnostics machines are definitely connected to manufacturer servers.
Doing so is trivially easy the telematics is going to be caching before sending, all you need to do is manufacture that cache storage to be large enough (and it’s flatfiles we’re talking megs not gigs) and tell the software not to delete until it has an an acknowledged receipt of transfer.
If you’ve removed or disabled the telematics module and its antennas then your most sensitive data - your location - can’t be collected. GPS and mobile data technologies don’t work without hardware, antennas, and electricity.
At that point even if there’s a back-up collection system the most a dealer could dump would be general driving and usage data. That’s a non factor for 99.99% of people, but if that is an issue in your threat model then you should avoid dealers and work only with trusted, independent mechanics. And frankly if your average speed or odometer reading is that sensitive you’re probably on the run and have bigger issues to worry about.
I guess they could also dump your contacts or call data if you’ve synced those with your car, but you shouldn’t be doing that in the first place. Data collection isn’t magic. Don’t give the car data and it won’t have it.
Shop for cars that work fine with their telematics modules & antennas disabled or removed, disable/remove them when you buy yours, and you’ll be fine.
