this post was submitted on 23 Nov 2024
426 points (99.3% liked)

Technology

59589 readers
3376 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
426
Modern cars are surveillance devices on wheels with major privacy risks – new report (theconversation.com)
submitted 1 day ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world
37 comments fedilink hide all child comments
 

New research reveals serious privacy flaws in the data practices of new internet connected cars in Australia. It’s yet another reason why we need urgent reform of privacy laws.

Modern cars are increasingly equipped with internet-enabled features. Your “connected car” might automatically detect an accident and call emergency services, or send a notification if a child is left in the back seat.

But connected cars are also sophisticated surveillance devices. The data they collect can create a highly revealing picture of each driver. If this data is misused, it can result in privacy and security threats.

A report published today analysed the privacy terms from 15 of the most popular new car brands that sell connected cars in Australia.

This analysis uncovered concerning practices. There are enormous obstacles for consumers who want to find and understand the privacy terms. Some brands also make inaccurate claims that certain information is not “personal information”, implying the Privacy Act doesn’t apply to that data.

Some companies are also repurposing personal information for “marketing” or “research”, and sharing data with third parties.

you are viewing a single comment's thread
view the rest of the comments
[–] unexposedhazard@discuss.tchncs.de 30 points 19 hours ago (5 children)

It shouldnt just be called a privacy risk. Its a safety risk because it enables stalking with little to zero effort on the stalkers side.

[–] TheKMAP@lemmynsfw.com 7 points 17 hours ago (1 children)

Please describe this zero-to-little effort attack chain.

[–] unexposedhazard@discuss.tchncs.de 16 points 10 hours ago (1 children)

You go to a data broker that sells "anonymized" location data and give them money and a region of interest. Done.

[–] sugar_in_your_tea@sh.itjust.works 2 points 54 minutes ago (2 children)

Yup. Police do that, and I'm guessing it wouldn't be too hard if you're persistent (claim to be a private investigator or something).

[–] unexposedhazard@discuss.tchncs.de 1 points 26 minutes ago* (last edited 15 minutes ago)

Found it (In german but we have translators these days...) https://netzpolitik.org/2024/databroker-files-firma-verschleudert-36-milliarden-standorte-von-menschen-in-deutschland/

This is about phone location data, but i dont see any reason why cars would be any different, they create less privacy sensitive data than phones in a way.

The people that wrote this article actually got a huge amount of slightly older data for free just as a sample. But this is the scale these data brokers operate at:

The data itself comes from the US company Datastream Group. It offers such location data on a monthly subscription basis. According to the offer, it comes from up to 163 countries and is updated hourly.

You can buy huge amounts of location data for anyone anywhere that uses a standard google or apple phone. Im not sure if you even need to have some random app, like socials or anything with ads in it, installed that leaks this data or if its just google and apple themselves that sell it. All you need is a single identifying point of confirmed time+location for your target and then you can reconstruct their entire movement from that.

This has very obvious and less obvious horrible implications. Things like tracking victims of abuse, finding out peoples home address after meeting them once, tracking military personnel movement, tracking people going to sex related locations, prisons, abortion clinics, endless potential for abuse.

[–] unexposedhazard@discuss.tchncs.de 1 points 35 minutes ago

claim to be a private investigator or something

Oh no absolutely not necessary, this is commercially for sale data that anyone can buy as long as you dont make it obvious that you are up to no good. I will see if i can find the last article i saw about someone testing this themselves.

load more comments (3 replies)