Tracking has recently become a big bogeyman. The amount of data that an app or operating system (OS) can use to identify you and collect your data is enormous, depending on the tracking method used. While it’s clear why manufacturers and sellers want more data – to tailor products, improve efficiency, attract consumers, drive sales and fuel innovation – it often comes with a hidden cost: our privacy.
Some argue that tracking is a necessary compromise to keep some services free. Very recently, Meta launched a paid option for Facebook and Instagram in the European Union, which aims to avoid unnecessary data tracking in favor of a paid subscription limiting data collection.
But why have such concerns? Well, the amount of personal data exploited by businesses can be enormous, with many marketing companies literally exchange this data with other parties and sellers.
Related: Privacy of fitness tracking apps in spotlight after soldiers’ exercise routes shared online
By focusing again on cars, we recognize their vital role in our lives, enabling us to travel long distances quickly and opening up new jobs and social opportunities, with electric cars offering the added benefit of environmental sustainability. Traditionally, the agreement with car sellers was simple: the purchase price included all the equipment of the car; However, automakers decided to do something very different. Some now offer subscriptionslike applications for smartphone or PC, except that in this case we are paying for a service that was usually included in the price of the car, such as pre-installed equipment.
For example, when BMW chose to offer heated seats as a subscription option – a feature already installed but disabled until activated by payment – consumers were very reluctant. This led the company to drop this plan.
Meanwhile, your car is also doing something else: tracking your behavior. And you should understand why. It’s all about that data and usage metrics.
How your car follows you
Modern cars can be very efficient. Some have screens all around the interior with different functions and quirks, LED lights, and lots of connectivity features.
Their infotainment screens are powered by chips similar to those in your computers or smartphones, except they are designed to be more rugged than powerful because of the way cars are used – they experience more wear and tear, heat and cold, etc. These chips can and do have the same capabilities as smartphones (boosted by features like Android Auto or Apple CarPlay), which means that in addition to allowing you to open your glove box (literally), they also offer you GPS navigation, Internet access, streaming of music and films, calls, or even play on the go (try not to play during your daily commute, please).
(Credit: Jenny Uberberg on Unsplash)
In the same way that your phone monitors your app usage and your apps track what songs you listen to, how long you use them, and what captures your attention the longest, your car’s operating system does likewise. Including the times and location of each trip you take. Depending on the provider’s privacy policy, this information could potentially be consulted by companies and individuals you probably never authorized to track your movements. Without explicit consent, this continuous monitoring puts your privacy at risk.
Most car owners probably have no idea how much data a car can extract. According to a Washington Post studythe brand of the car tested generated up to 25 gigabytes of data per hour, including phone records, driving style, etc., and sent all this data back to the manufacturer. Compare this to Spotifywhich, on average, could use 144 megabytes per hour. The difference is quite striking.
The Washington Post even purchased a used navigation system from the same brand and found that it was able to reconstruct the previous owner’s usage by checking the data stored on the system, learning the addresses of its home and workplace, frequented gas pumps, etc. This strangely resembles a discovery made by ESET research on purchased used routerswhich still housed confidential data.
Does the end justify the means?
Connected cars do many things well. They improve safety by notifying you of road accidents and providing various alerts, such as reminding you to get an oil change, and they also help you locate them in case of theft, thanks to the location information they could share. Car cameras and sensors also help you deal with difficult driving conditions, which is very useful.
Data from smart cars can also be sent to other parties, with many using it to fraud preventionaccident analysis, best insurance ratesor the planning of routes and routes by urban planners.
But all this comes with a caveat significant intrusion into privacy. Even if the data collected is anonymous, as the Washington Post study proves, it can still be used to recreate a driver’s profile, like browser fingerprint, which uses various general data to improve the website experience. Automotive data tracking works on a similar principle, but it also comes at a cost: that of privacy.
All this personal car data is ready to be recovered
Besides the obvious privacy aspect of data tracking, there is also a cybersecurity issue. Since the collected data is also stored on the car’s storage media and then shared with the manufacturer and others, this exposes the car owner to a potential data breach or data leak.
How? Well, it’s no secret that many manufacturers can fall victim to hacks and data leaks. Personal data, such as names, emails, destinations, etc. may be part of these leaksthus giving hackers more means to market this information to other scammers or to attempt to hack into a person’s other accounts with the leaked information.
(Credit: Tero Vesalainen/Shutterstock.com)
The cars themselves can also be hacked; thus, hackers can reveal their location, unlock their doors, learn about their owners, steal stored financial information, or gain access to other Internet of Things devices, leading to all kinds of incidents. There is a famous example of two hackers remotely control an SUV after exploiting it, showing that with the right vulnerabilities, cars and their passengers can face many dangers.
All potentially useful data is ready to be retrieved, bringing the conversation back to privacy, because, in accordance with the General Data Protection Regulation (GDPR), the likelihood of data breaches would be reduced through encryption of personal data. However, the data collected and stored in connected cars is often not encrypted at alland in the United States in particular, there are no laws requiring data anonymization or encryption, with some companies strictly in the business of sell this data to governmentsFor example.
What can you do about vehicle data tracking?
It is increasingly difficult to buy a car that is not connected in some way, which would be the best option.
Even though car manufacturers are legally responsible for protecting your personal data, incidents can still occur. If an automotive system used some form of encryption or a VPN, perhaps a security chip, this would make the data collected much more secure, but not all brands use such a practice.
From an owner’s perspective, factory reset the embedded system before selling it is an obvious way to erase private data. In addition, an automobile maintenance shop could be asked to erase all data of the car, because sometimes a factory reset is not enough. Additionally, after renting a car, disconnect your phone And delete all data related to use before returning it.
By going further, we could also do not connect your phone to your carbut then what would be the point of having all these modern features?
In conclusion, without proper awareness and responsibility from manufacturers, your personal data will be at risk and when it comes to privacy, the fight for increased protection must be ensured. Without this, no one will be safe from some form of tracking. Your data is you, so try to fight for its security the same way you would fight for your most personal possessions.
Before you leave: Connected cars: How to improve their connection to cybersecurity