- cross-posted to:
- privacyguides@lemmy.one
- cross-posted to:
- privacyguides@lemmy.one
Below is the full-text of a Mozilla campaign email I received. Mozilla’s consumer buyer’s guide Privacy not included reviews apps and consumer electronics to help the general public choose products that better respect their privacy, and occasionally organizes petitions & campaigns to push for privacy regulation and accountability.
The bad news: major car companies say they can listen to us in our cars, collect our genetic information, track information about our sex lives, and sometimes even sell our personal information to places we don’t even know.
The good news: major car companies are also listening to our complaints about data privacy.
Last week, [Mozilla] revealed research showing that 25 global car brands are out of control when it comes to collecting, protecting, and even selling our personal information. And [Mozilla] stirred up a hornet’s nest.
Immediately, the auto industry scrambled to defend their disturbing surveillance practices: They spoke to the international press and wrote to the United States Congress, claiming that their car companies are “committed to protecting consumer privacy” and even called for regulation themselves.
As infuriating as this may be, it’s actually good news for our cause. If the auto industry is already getting so defensive, it means they are feeling the pressure from our research and all the bad press. And that means we’re making an impact.
Now is the time to use the momentum, increase public pressure and make car companies stop their intrusive data collection practices. Will you join thousands of Mozilla supporters and become part of the campaign?
Depends on the car. IIRC in newer GM cars you can just pull the fuse for the cellular modem and generally just lose the connected features.
But it is also likely that the car companies have a separate system in the car’s computer that acts independently of the main infotainment system for sending data. Even if you aren’t paying for any of the “extras/add-ons”, it could still get information from your phone just being used with Bluetooth or ping your WiFi if it is on and your phone visible. Also given how much more actively these companies are all trying to get passive income from our data. I wouldn’t be shocked if the other commenter’s point about getting all kinds of “errors” popping up if disabled (especially if a fuse is pulled/modified). We already see that non-car companies like John Deere go to some big levels to remove your control over something you bought and DRM shit that has zero reason outside of forcing us to pay only them for repairs. We as people aren’t allowed to control both our physical devices or our data, and big corps are just allowed to skim everything and sell it to any other parties that pay for it. Hell even our legal system and enforcement are allowed to bypass our rights that prevent search and seizure by just going to these companies instead of us.
No, that isn’t likely. People have fully disassembled these cars. There isn’t a secret second telematics module inside the seat cushions. If you disconnect power from the telematics module it can’t transmit data. If you want to be extra sure you can also wrap the module in faraday material, disconnect the antennas, or remove it completely. Data transmission isn’t magic; it requires hardware.
At that point the most that could happen would be a mechanic dumping the data and uploading it to GM. Big corps are high resource, low motivation adversaries. They’re not going to spend tons of time and effort going after the <0.1% of people who physically disconnect telematics modules.
Every time you take your car to be serviced by tge dealer it’s plugged into a diagnostics computer which reads the ECU, with the price of storage it is entirely possible that disabling the cell connection just causes the ECU to write it to local storage for upload at service read. The diagnostics machines are definitely connected to manufacturer servers.
Doing so is trivially easy the telematics is going to be caching before sending, all you need to do is manufacture that cache storage to be large enough (and it’s flatfiles we’re talking megs not gigs) and tell the software not to delete until it has an an acknowledged receipt of transfer.
If you’ve removed or disabled the telematics module and its antennas then your most sensitive data - your location - can’t be collected. GPS and mobile data technologies don’t work without hardware, antennas, and electricity.
At that point even if there’s a back-up collection system the most a dealer could dump would be general driving and usage data. That’s a non factor for 99.99% of people, but if that is an issue in your threat model then you should avoid dealers and work only with trusted, independent mechanics. And frankly if your average speed or odometer reading is that sensitive you’re probably on the run and have bigger issues to worry about.
I guess they could also dump your contacts or call data if you’ve synced those with your car, but you shouldn’t be doing that in the first place. Data collection isn’t magic. Don’t give the car data and it won’t have it.
Shop for cars that work fine with their telematics modules & antennas disabled or removed, disable/remove them when you buy yours, and you’ll be fine.