Driver data privacy

[SubaruRaptor]

Once again, I'm encountering some erroneous assumptions here.

There are quite a few mitigations for privacy and data sharing concerns.

A few basic examples would be: using something like OSM for nav if routes can't be pre-planned, having purposefully limited mobile devices running something like lineageos or grapheneos, running security hardened and privacy configured operating systems on computers, using vpns and other forms of network isolation, and opting out of data collection from services and when patronizing businesses whenever possible.

While I see that the comment wasn't directed at me specifically, I will assert that am not complaining about data privacy in the slightest. I, along with a growing number of others have a personal interest in not feeding these first, second, and third party data brokers. Obviously, the logic and reasoning varies as it will within a complex cohort, but in the end its our choice and it harms nobody. Reminder also that nothing is perfect in this world so this take of 'if I can't have total data privacy, then nothing about it matters at all anymore' seems a bit self defeating. Some of us care about things others don't.

What I'm not understanding with these tired conversations that I've seen multiple times on various forums is this: Why is there an inherent need to step in and try to diminish, disparage, and otherwise shut down any conversation about this topic?

For example, when I see a thread about someone modifying their vehicle in some way that I am not interested in and maybe even think its a bit ridiculous to go to the trouble, I don't feel the need to clutter up the thread with nonsense responses attempting to tell someone how they are somehow inferior, unintelligent, or otherwise foolish to do whatever it is they're doing. In most instances, those responses aren't well received and rightfully so.

That's a lot of words to say basically nothing. You didn't answer the questions I asked, which is fine, Ford might be scraping your data here, I get it.

Sponsored

 

[SubaruRaptor]

When it is detailed data that can be directly tied to you and bought by your insurance company to increase your rates or even cancel your insurance, it's certainly much different then data being used to try and sell you something....that's the point and you are the one missing it.

Welcome to the internet. All the data already collected can be traced back to you and is personally identifiable lol.

 

[Wayfaring Ranger]

ok so which car makers do YOU think it's is, must be Tesla... or Rivian? ROFL there ALL doing the same thing, because

I don't know and neither do you, because none of the articles you've linked have actually specified which car makers are collecting "photos, browsing history, files and emails".

they all use the same or similar android/carplay permissions...Which of the automakers is the most law abiding?

ford doesn't have access to what's inside carplay and android auto. that is google/apple software and google/apple control that data and the software, not ford. not that big of a deal since they already knew exactly what's on your phone, since it's their hardware.

carplay/android auto is a black box to ford & other car makers. why would google let ford have free reign over that data when google's entire business model is selling that data? that would be lost revenue.

ford has direct access to the phone information that the infotainment system uses natively. the infotainment natively handles calls, texts and music. therefore, that's the data that we are aware ford can access.

here they tested a few vehicles and listed results ... also, don't forget there is a difference between what data is stored on the vehicles computers, and what data is sent to the manufacturer over the air. this is clearly spelled out in the original lawsuit I mentioned.

https://www.wired.com/story/car-data-privacy-toyota-honda-ford/

once again, this article also does not say anywhere that ford is collecting "photos, browsing history, files and emails".

 

[nowayjose]

That's a lot of words to say basically nothing. You didn't answer the questions I asked, which is fine, Ford might be scraping your data here, I get it.

It seems that perhaps you didn't fully comprehend much of what I said in my response.

I gave counter examples to your snarky insincere 'gotcha' questions about nav, computer, phone, and internet usage. I then explained a basic premise for someone not wanting to widely accept nearly all encompassing data collection in their life. Automobile manufacturers would be included in this premise. That obviously includes Ford.

There is no 'might be' when it comes to the fact that Ford and every other auto manufacturer collects personal data with little to no options for a true opt-out. This is well documented by subject matter experts in the fields of infosec and data privacy.

Finally, I also responded to your statement about people 'missing the point' with a rebuttal of your misguided crabs-in-a-bucket mentality regarding people taking action to improve personal data privacy. If you truly believe that 'all of this' sucks, then why do you continue to join in the chorus of naysayers and nihilists on this issue? Are you simply hoping that everyone will just give in to your defeatist 'I don't care' attitude about the various issues that bother them?

 

[SubaruRaptor]

It seems that perhaps you didn't fully comprehend much of what I said in my response.

I gave counter examples to your snarky insincere 'gotcha' questions about nav, computer, phone, and internet usage. I then explained a basic premise for someone not wanting to widely accept nearly all encompassing data collection in their life. Automobile manufacturers would be included in this premise. That obviously includes Ford.

There is no 'might be' when it comes to the fact that Ford and every other auto manufacturer collects personal data with little to no options for a true opt-out. This is well documented by subject matter experts in the fields of infosec and data privacy.

Finally, I also responded to your statement about people 'missing the point' with a rebuttal of your misguided crabs-in-a-bucket mentality regarding people taking action to improve personal data privacy. If you truly believe that 'all of this' sucks, then why do you continue to join in the chorus of naysayers and nihilists on this issue? Are you simply hoping that everyone will just give in to your defeatist 'I don't care' attitude about the various issues that bother them?

Its ok man, just keep using your iphone or android phone, digital assistants, smart fridge, smart stove, smart lamps, smart tv, smart soundbar, video game console, computer, smart garage door opener, obviously your smart truck, facebook, Instagram, you wireless router, any messaging app basically, Amazon, costco, reddit, truth social if you are a huge clown, twitter, streaming services, or just about anything else.

Keep being weird and enjoy blocking your truck. Youll be safe at night knowing Ford wont be able to see your terrible choice in music or that you drive 6 miles over the speed limit in construction zones because Alpha men dont have to read.

 

[T-Rev]

Welcome to the internet. All the data already collected can be traced back to you and is personally identifiable lol.

The classification of the data (details) and it's use across the Internet are all the same? LOL you are the one still missing the point.

 

[nowayjose]

Its ok man, just keep using your iphone or android phone, digital assistants, smart fridge, smart stove, smart lamps, smart tv, smart soundbar, video game console, computer, smart garage door opener, obviously your smart truck, facebook, Instagram, you wireless router, any messaging app basically, Amazon, costco, reddit, truth social if you are a huge clown, twitter, streaming services, or just about anything else.

Keep being weird and enjoy blocking your truck. Youll be safe at night knowing Ford wont be able to see your terrible choice in music or that you drive 6 miles over the speed limit in construction zones because Alpha men dont have to read.

There it is. The true nature of what we're dealing with here. More absurd false assumptions and now some baseless ad hominem attacks included. I'm pleased that we have come to this point in the conversation. It shines a light on the hateful nastiness of your non-position.

That's quite a list of gadgets and platforms that aren't even remotely necessary. The assertions you make here are pretty bizarre and mostly nonsensical. However, they implicate quite a bit about you and your agitated thought process. This seems to be par for the course when attempting to discuss data privacy with those that lean toward self defeating 'just give in' mindsets.

 

[Jason B]

Anyway, here's the link to Ford Privacy Policy so everyone can see exactly what Ford collects and shares. It's several pages, so find time to read it all. Read both parts, Ford US Privacy Policy and Connected Vehicle Policy.

 

[nowayjose]

Anyway, here's the link to Ford Privacy Policy so everyone can see exactly what Ford collects and shares. It's several pages, so find time to read it all. Read both parts, Ford US Privacy Policy and Connected Vehicle Policy.

Thank you for posting this. I had already read it but I think its a good idea for others to do the same. Consumers being more informed at least about what a company says they're going to do helps with purchase decisions. Vague, open-ended boilerplate contract language aside, another data point that is often missed is how the information gathered is stored. Data breaches occur more frequently than most people outside of infosec realize. Often the companies victimized by these attacks decide not to immediately (or sometimes ever) disclose to the public that they have become aware of the problem. Whats more, the same companies will disregard reports and warnings from cyber security researchers. This issue is obviously not isolated to the automotive industry.

The link I posted previously showed data privacy experts reviewing auto manufacturers privacy policies, terms-of-use, and brief history of security incidents resulting in personal data leaks. While our choices for an out-of-the-box privacy oriented automobile are basically nil, there are mitigations and work-arounds for this. The provided opt-out options are meaningless when there's more than adequate reason to distrust these companies. The default option should be to distrust and keep them at arm's length if having them in your life at all.

Tangentially related: I'm a bit perplexed at the notion that we must integrate all of these devices, services, and platforms into our lives. The implication being that there's simply no way to live without them. It was not that long ago that they didn't exist. I don't recall everyone universally suffering without these things. The 'disease of ease' is very real and increasingly pervasive.

 

[SubaruRaptor]

Thank you for posting this. I had already read it but I think its a good idea for others to do the same. Consumers being more informed at least about what a company says they're going to do helps with purchase decisions. Vague, open-ended boilerplate contract language aside, another data point that is often missed is how the information gathered is stored. Data breaches occur more frequently than most people outside of infosec realize. Often the companies victimized by these attacks decide not to immediately (or sometimes ever) disclose to the public that they have become aware of the problem. Whats more, the same companies will disregard reports and warnings from cyber security researchers. This issue is obviously not isolated to the automotive industry.

The link I posted previously showed data privacy experts reviewing auto manufacturers privacy policies, terms-of-use, and brief history of security incidents resulting in personal data leaks. While our choices for an out-of-the-box privacy oriented automobile are basically nil, there are mitigations and work-arounds for this. The provided opt-out options are meaningless when there's more than adequate reason to distrust these companies. The default option should be to distrust and keep them at arm's length if having them in your life at all.

Tangentially related: I'm a bit perplexed at the notion that we must integrate all of these devices, services, and platforms into our lives. The implication being that there's simply no way to live without them. It was not that long ago that they didn't exist. I don't recall everyone universally suffering without these things. The 'disease of ease' is very real and increasingly pervasive.

No one is trusting a company with anything. Cyber security events happen because people demand profits go up for ever for the most part. Yes there is negligence from security IT folks, but that is generally because of direct or indirect directives from the business. Businesses are terrible at cyber security, its just a fact people have to live with.

You dont have to integrate anything, you can just not use the devices. Doesnt mean the data still wont be gathered from you. There are so many systems passively building profiles on people it doesnt exactly matter. If you believe your PII data is secure, you are incorrect. There have been to many breaches and leaks like the Experian hack or the more recent one that leaked every persons socials security number.

The data is so common its now not worth as much as it once was. Medical data is far more expensive and valuable currently. Just because you dont see something happening, doesnt mean it wasnt happening.

 

[Jason B]

The thing about security, Cyper security as well, is that there are people out there that get their kicks by finding a way to break and bypass said security. Sometimes, it's just for fun, most times it's for more nefarious reasons.

 

[nowayjose]

No one is trusting a company with anything. Cyber security events happen because people demand profits go up for ever for the most part. Yes there is negligence from security IT folks, but that is generally because of direct or indirect directives from the business. Businesses are terrible at cyber security, its just a fact people have to live with.

You dont have to integrate anything, you can just not use the devices. Doesnt mean the data still wont be gathered from you. There are so many systems passively building profiles on people it doesnt exactly matter. If you believe your PII data is secure, you are incorrect. There have been to many breaches and leaks like the Experian hack or the more recent one that leaked every persons socials security number.

The data is so common its now not worth as much as it once was. Medical data is far more expensive and valuable currently. Just because you dont see something happening, doesnt mean it wasnt happening.

You're mostly correct in that the average person only implicitly and not directly trusts companies due to their own disinterest or ignorance.

I generally agree with your statements about how the tech side of businesses fail due to negligent top-down initiatives and directives. I've witnessed this many times. That is a major problem and should be considered as another factor for consumers when deciding whether they will purchase or engage with these entities.

Once again, you're mostly correct in that I have the option to not use the devices. In fact, that's exactly what I do. I usually do not have them in my life at all. I suppose I fail to see how something I don't own at all can directly gather information about me.

The point about integration is a social one. One of the common assertions I hear from data privacy detractors is some presumptive statement that I already have this device or that service and therefore just give up and don't try to improve or care at all about the issue. That's not how I operate.

To clarify and answer your statement about thinking my PII is secure: I don't. I have not once stated that any data privacy measures are 100% effective. Once again, we are at odds simply due to a difference in philosophy. I choose to make an effort to reduce or at least counteract this problem, and you seem to have decided that it isn't important to you at all.

The statements you make here don't really tell me anything new nor do they convince me to give up on this issue. Clearly, I understand quite well that just because I'm not privy to every aspect of what data brokers do, in no way means that I'm assuming 'all is well'.

FInally, if what you're saying about data not being as valuable anymore is true, then why do the efforts to collect it not only persist, but continually increase in scope?

 

[SubaruRaptor]

You're mostly correct in that the average person only implicitly and not directly trusts companies due to their own disinterest or ignorance.

I generally agree with your statements about how the tech side of businesses fail due to negligent top-down initiatives and directives. I've witnessed this many times. That is a major problem and should be considered as another factor for consumers when deciding whether they will purchase or engage with these entities.

Once again, you're mostly correct in that I have the option to not use the devices. In fact, that's exactly what I do. I usually do not have them in my life at all. I suppose I fail to see how something I don't own at all can directly gather information about me.

The point about integration is a social one. One of the common assertions I hear from data privacy detractors is some presumptive statement that I already have this device or that service and therefore just give up and don't try to improve or care at all about the issue. That's not how I operate.

To clarify and answer your statement about thinking my PII is secure: I don't. I have not once stated that any data privacy measures are 100% effective. Once again, we are at odds simply due to a difference in philosophy. I choose to make an effort to reduce or at least counteract this problem, and you seem to have decided that it isn't important to you at all.

The statements you make here don't really tell me anything new nor do they convince me to give up on this issue. Clearly, I understand quite well that just because I'm not privy to every aspect of what data brokers do, in no way means that I'm assuming 'all is well'.

FInally, if what you're saying about data not being as valuable anymore is true, then why do the efforts to collect it not only persist, but continually increase in scope?

Teslas cameras record things and images and store them up in the cloud. Many other audio things and various other items cameras and such collect data passively. There is enough processing power to build profiles on people with enough data gathered across various sources and using geo location and other facial recognition tools To give a few examples of how passively you are already being profiled or monitored.

The cost has gone down, because breaches happen so frequently not that the data is necessarily losing its intrinsic value. The data is popular amongst many targets, and companies are paying less and less ransoms to protect it. Supply and demand in the dark market. Groups that want to use that data don't need up to date data to social engineer someone.

My argument is that, a single user is powerless to restrict the data gathering so fighting it is a losing battle in most instances, not all though. The focus needs to be on stronger laws to govern it in general, and that is where the effort should be spent.

 

[nowayjose]

Teslas cameras record things and images and store them up in the cloud. Many other audio things and various other items cameras and such collect data passively. There is enough processing power to build profiles on people with enough data gathered across various sources and using geo location and other facial recognition tools To give a few examples of how passively you are already being profiled or monitored.

The cost has gone down, because breaches happen so frequently not that the data is necessarily losing its intrinsic value. The data is popular amongst many targets, and companies are paying less and less ransoms to protect it. Supply and demand in the dark market. Groups that want to use that data don't need up to date data to social engineer someone.

My argument is that, a single user is powerless to restrict the data gathering so fighting it is a losing battle in most instances, not all though. The focus needs to be on stronger laws to govern it in general, and that is where the effort should be spent.

I know and understand that there is a world of devices that exist beyond my personal control that gather data about me. I know about passive monitoring and how most major cities and even big box retailers are basically panopticons with their relentless and pervasive surveillance. I can choose to avoid those places and situations as much as possible and I generally do since they don't have much that interests me anyway.

The overall estimated value of the dark web markets has supposedly (how do we ever really know) gone down in recent years so your proposed premise is sound. However, I simply can't agree that this is a solid line of reasoning to disregard data privacy altogether.

Your argument here isn't necessarily wrong and I'm not here to convince you of anything to the contrary. That being said, where you see a losing battle, I see another opportunity for me to further simplify my life and remove more of the things that really don't matter.

There's an interesting assumption here that if I advocate for stronger personal infosec, opsec, and data privacy, that somehow negates or is disconnected from any efforts to push for legislative change. In my view, strong (not toothless), well-written laws around data privacy would be a huge win for consumers. Of course, that heavily depends on a different massive untrustworthy entity to do what it's supposed to and not collude with the very companies we spoke about previously.

 

[BigMeatsBronco]

https://hackerone.com/ford?type=team


if there(your) shit is so secure, then why are they paying hackers to fix the shit? they might intended to follow privacy policy, but as we've seen from related lawsuits, big companies don't always follow the rules.

Sponsored