Very interesting pod cast about how your car might be your worst privacy nightmare.

 
For those that still get a bit more heart beats per minute as they approach their rendezvous . . . well who knows.

I didn't listen to it yet, just read the intro, but I find it hard to believe that car companies can find out anything about you if you're not connecting your phone to the car. I'll have to listen to the podcast when I get a chance.

Not sure on the 2023 Chevy/GMC HD trucks. But I  have had a good source tell me that the 24s are close to being built by Google. Not sure if they build the hardware but they did 90 % of the coding and programing them. I do know if Google is involved they will be tracking you. Scary Times !

I'm listening to it now. It's unknown how they get a lot of the info on you. Much comes from public sources - but the fact that it's, say, a car company, is pretty irrelevant.

 
How can a car company get your biometric data, like fingerprints and retina scans, from your car?? And how is your sex life tied to your car???

 
I find much of this to be ridiculous.

One of the major things was that the privacy policies of the atuo companies basically say we can collect and sell or use or share any of the information we can collect -- and with the sensors, cameras, microphones and connected services related functions, GPS and other things that is a lot of personally identifying information. Plus, they say they can collect from 3rd parties and the data can include things like iris scans, finger prints, voice, face and body, SSN. One even mentioned something about DNA if I remember right.

 
The issue was that the companies are not try to protect the owner, driver or passengers information and privacy but pretty much dump everything they think they might sweep up and putting it in there for legal protection. Basically you're not signing any type of consent form, and I'm sure no one is getting asked to read, have all the terms spelled out, at the time of purchase. Basically, get in the car and you've consented.

 
As I was listening to it I couldn't help but thinking all the clever people who think they are so well hidden behind their burner phone/app are much more exposed than they think. All those that are fearful that any agency getting their information exposes them to risk of extortion/blackmail, well quite likely that if much of the information resides within the car's electronics memory someone with a laptop may well be hacking in soon.

 
Was a few years back but seem that car thieves primary tool has become a laptop. But what happens with the value of the information in car is of more value than the car?

 
Now, the pod cast did not go down that path but it was an interesting listen. Recommended.

in facing cameras that track you eyes to ensure you're paying attention and awake while car is operating in some self-or semi self-driving mode. Some cars have fingerprint readers for unlocking the doors. The microphones can record, and since the things like voice recognition is available already. You can count on newer models, 24 and forward, having some of the generative and predictive AI that goes beyond just driver assist.

 
Cameras and pressure sensors in the seats, as well as the many accelerometers in the car and detect car body movements so would not be difficult to combine the various data inputs, along with camera and mics, and get a conclusion about some type of body to body actions. Certainly with just a camera it would be pretty easy to identify someone getting a blow job.

I would think that these days not that many people fuck in their cars. Car manufacturers making a statement like "we can find out about your sex life" is just pretty absurd.

 
I'm glad I drive an '07 Corolla.

"As I was listening to it I couldn't help but thinking all the clever people who think they are so well hidden behind their burner phone/app are much more exposed than they think. All those that are fearful that any agency getting their information exposes them to risk of extortion/blackmail, well quite likely that if much of the information resides within the car's electronics memory someone with a laptop may well be hacking in soon.
"

 
So I think, considering this isn't the first thread you made on the subject, that the whole idea you seem to be pushing that if you cannot be fully secure/safe, then why do partial security/safeguards. To me it's clear you won't ever be fully secure and safe unless you're very cautious.

 
If the government really wants to spy on you, they probably will. But if you really want to do some hacking job and know how to disguise yourself, how to separate your devices, how to use vpns/proxy servers, how to use botnets, and so forth, you probably will succeed. If you attempt to half assedly hack into a website on the same device you have notifications coming in from all your real world apps that have your real name on it, yeah that's just asking for it.

 
Anyway back to cars. Theres a lot there, and yeah I agree a lot of it can collect data. Personally I dislike everything with a mic that can be turned on remotely. I never used Alexa and any other voice navigation/assistants. I generally don't like to use Bluetooth. I prefer wired connections because as I well know myself (and even have some whitepapers on it ) you can get surprisingly a lot of information by simply catching signals.  

 
But even in cars... things can be turned off. You can drive someone else's car. You can drive your grandma in the same seat you drive a streetwalker. I'm sure that will muddy up the stats a bit.  

You can drive an old bucket with a tape deck as the only available piece of external tech. Finally you can just Uber and bypass the whole thing anyway lol.  

 
Hacking into a car computer also means you have to know where the car is at and whose car it is. It's not as easy or commonplace as hacking into a unix box.  I haven't met many agency lapdogs who would be so good and proficient to hack into people's phones or computers, much less cars. Usually these people if they were so good wouldn't be working for peanuts on org payroll.

 

The one thing I will say is dangerous about cars is tracking - the airtags. That is a very dangerous piece of technology but its not really inherent to cars. It's a potentially infinite battery (if you close to any iPhone) GPS tracker that can be planted anywhere.

If you're on wifi, Google and Apple know your location. They maintain a database of the location of every detectable WiFi router. Every gps smartphone that passes through your area relays the location of any active WiFi router they detect. Eventually all WiFi router locations are catalogued. If you use WiFi they know where you are.

I don't know about iOS but a few months ago a monthly Android update included a tracker scanner which will automatically alert you if it finds a tracker that stays with you when you're moving. You can just let it do its thing but you can also run a scan manually.

 
Usually when I'm on my way to see a lady I'll run a manual scan to be extra safe.

I've gotten into the habit of turning off wifi when I go out.

Point is not you're never fully secure so why bother. It's don't fool yourself into thinking action X made you secure and action X may well introduce other failure points. Burner phones, as the example, tend to introduce the problem of keeping that phone hidden from the persons SO. That only gets mentioned occasionally when people claim it will make them unidentifiable. Common sense about what a persons individual situation and abilities are goes a lot farther than any given tool. So while there are generally some type of work around for most problems then need to be known, within someone's skill set and the implication of the work around need to be consider from that "what risk does this introduce" perspective. You're pretty technical so see it as pretty easy to turn things off in a car others are more limited in their knowledge so might not as easily know how, or be able to figure out how, to do so. You mention remote access mic activation. Well, that can clearly be prevented -- it needs a power source to work. Splice a switch into that line and it will never work unless you want it to. But that is not an easy fix for you I think; just like for most reading here using some bot net is not something they could implement.

 
With regard to the podcast, before I heard it I would never have even thought about the car manufacturer (so we need to also consider the dealership????) having a privacy policy, actually collecting personal information or sharing/selling that information. Certainly not to the extent they seem to be both able to and so probably are doing (or will if it adds to be bottom line).  

 
Anyone else reading this have a "Well no duh! Of course you should be reading the policies on data when you consider buying a new car or getting into someone else's car" moment? (Note the implication here related to just use Uber as a work around.) The solution suggested in the podcast is that everyone should start getting mad as hell and not taking it any more and grilling their state and federal representatives to get off their collective asses and establish so decent privacy protection legislation and standards.

 
While not mentioned in the podcast this is closely related to the larger problem. A few years back a privacy research team performed an analysis on a large, publicly available socio-eonomic data set. The data came from multiple sources, including sources such as IRS tax filings. It was fully scrubbed data and claimed to be 100% anonymized so one on could be personally connected to any of the information. Well, turns out that was a bit of a dream. The collection of data itself allowed the researchers to work backwards, a bit like any good detective or Sherlock Holmes would, to identify the "culprit".

 
All the data that is collected and sold/shared is huge. It's not very expensive to buy and even cheaper to get reports meeting your criteria from specialize data companies who are buying up all the data available -- forget about those generating the data like Google/FB or others. Some specialize in selling to LE, other to anyone that wants to pay.  While I don't think it would be a common occurrence, it would hardly be difficult or every expensive to match a burner phone number to a person with data about where someone car goes -- particularly since both the car and the phone will be using the same cell towers as they go from A to B.

 
Again, that is not to say don't use a burner phone if it makes sense in someone specific case but as your car start providing more and more data for companies to access and then analyze the protection a burner phone provides from some provider/agency/or group faking to be either is diminishing rapidly and has been for some time now. Clearly in cases where a SO can and does access someone's personal phone and snoops around on it a separate phone they don't know about provides a shield for as long as the phone goes undetected.  

 
However, for me, it seems they provide limited, and diminishing, value in preventing those with more than a casual interest in learning who is using the burner phone. And the erosion of that assumed protection is entirely due to the presence of all the data, even if semi-scrubbed/anonymized, allowed to be collected and disseminated, all without the actual person ever really granting permission or in many ways having a good and effective way of opting out. So all you burner phone users should be screaming bloody murder at your representatives about, not only, the car companies' privacy policies but also the general state of privacy protection under our existing law.

Are you sure this is true?  Lol. At the very least you have to have GPS/location ON each time you connect to an access point.  

 
Otherwise there is no physical way. Access points can always be moved (aka hotspot) . Wifi is accessible without a sim card or gps

 
Either way the only times I use wifi is where I get no signal. Wifi drains battery and it always tries to search for access points, exposing unnecessary info.

-- Modified on 10/3/2023 12:15:31 PM

Apple was actually forced to make that android app, lol. Due to  all the bad actors.  

 
And yeah I got it as I'm a bit paranoid. Every time I go to incall and there are some shady people anywhere around my car or I have to park in a designated spot (really hate it) I use it.

END OF MESSAGE

Ah but it needs location services turned on first. And for your device to help populate the db you need both location service and wifi on.

Yeah, I have a problem with this concept lol

 
You'll never be fully secure in general. There is a reason hackers and security experts play a neverending game of catch up.

"don't fool yourself into thinking action X made you secure and action X may well introduce other failure points."  

Well yeah...you need to understand what you're doing. I agree with this general line of thinking, of course. Overconfidence is never good. I'd just think of it as another line of defense with it's own nuances and a set of pros /cons rather than a blanket defense mechanism. You might remember I don't like advertising/marketing, and a lot of.defense mechanisms are advertised and marketed as being super secure and almost omnipotent, when in reality they aren't

 
Random tangent: back when Microsoft went from Windows xp to win 7 it was a huge step up for security in consumer OS, since in xp any processes could be run by any user as a system level process.  
Win 7 employed windows nt permission level system, and suddenly millions of viruses and malware became obsolete. A lot of people suddenly thought they could get away without anti-virus software.... Oh boy was that a mistake. Or Mac users who claimed they couldn't get viruses or malware... it was even a selling point at one time. While of course it was bullshit. The new Macos was always based on Unix and while nix like systems always had robust permission control, they weren't exactly impenetrable.  

 

So I guess my point is, this doesn't mean you should just let your guard down. Now I agree that there's definitely diminishing returns past a certain point, but just doing things like disabling your location/wifi and using VPN can be a huge boost to your privacy.

 
I'm struggling with a good metaphor so here is a meh one. Let's say you walk in your shoes on the beach and you get sand inside. You say why wear shoes at all then. You take them off and then cut your feet on something sharp that you didn't see.  

 
"With regard to the podcast, before I heard it I would never have even thought about the car manufacturer (so we need to also consider the dealership????) having a privacy policy, actually collecting personal information or sharing/selling that information. Certainly not to the extent they seem to be both able to and so probably are doing (or will if it adds to be bottom line).  
 "

That's a good point. But lawyers usually smell class action lawsuits from a mile away, I bet privacy issues will be raised among car makers.

 
" The collection of data itself allowed the researchers to work backwards, a bit like any good detective or Sherlock Holmes would, to identify the "culprit". "

 
Imo that's because data isn't exactly uniform. Different sets of data require different deanonymizing. If you for example see the data anonymously but the data is about your five best friends, you'll easily identify them. This is also how I dissect fake reviews and shills This is how orgs and providers also catch people on here writing reviews, things like patterns and details matter.

 

 
I guess I just don't get how car software privacy issues evolve into "your burner is useless". You always are susceptible. You could use ten different phones and be super secure but your SO hires a private eye to follow you and now you're cooked. Or she puts a GPS tracker on your car without you knowing. There are indeed many places where you can get blindsided with today's technology. Hell... many a crypto thiefs got burned because they used same vpn for their crypto wallets as their regular personal accounts online.

I try to save as much of my disposable income as possible for hobbying.  So I drive a 20 year old vehicle.  No GPS, No cameras, No biometric sensors.  Barely an FM radio for god's sake.

Navigating to an incall also needs location services turned on ... just for example.

Privacy of any type these days is a fallacy many of us like to maintain as a source of comfort.  It simply does not exist, as hard as one might try to maintain it.  If someone wants to know about you and your actions, it is not difficult to find out especially if you are a Fed or local investigating agency.

I occasionally get a stuffy in the car! Do you think the know my size?