Rafi Alam from CHOICE told The World Today: “When we looked at Toyota’s privacy policy, we found that these Connected Services features will collect data such as fuel levels, odometer readings, vehicle location and driving data, as well as personal information like phone numbers and email addresses.”
The program’s policy document says Toyota collects data for various purposes if drivers don’t opt out — including for safety, security, research, product development and data analysis — but the company may also share it with third parties such as finance and insurance companies, debt collection agencies and market research organisations.
In 2023, the Mozilla Foundation reviewed the privacy standards of 25 major car brands, including Toyota. All 25 received failing marks for consumer privacy.
The report found brands such as BMW, Ford, Toyota, Tesla, Kia, and Subaru could “collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive”, which they could potentially sell to third parties.
Nissan was accused of being “the very worst offender”, while Toyota was found to have “a near-incomprehensible galaxy of 12 privacy policy documents”.
Can you trust them with everything about what you do in the car, what you say in the car, who’s in the car, where it goes, your connections to every other online data service?
Wouldn’t end-to-end encryption with, for instance, Signal sidestep some of this data collection? Specifically related to text, telephony, video conferencing? Could one use a masked email to put a layer between oneself and one’s car/ car company?
I’m just ‘brainstorming’ as this is a big issue, and I"m sure there are folks that have done deeper study and thinking on these impacts on our privacy. What about using a VPN?
Government agencies have already been permitted to read notifications, so if it is readable and recordable by the car in any form, then you bet your ass law enforcement can obtain access to it.
Yeah E2EE doesn’t really matter much if your notification service routes through Google or Apple. Which they pretty much all do if you have push notifications enabled.
E2EE does help. Notifications can include the content of the notification but they don’t have to and it’s generally recommended to send a notification telling the device to launch the app in the background to check the server for new content. The app will then decrypt the message and display a plain text notification that is not sent to any servers.
If you’re worried about metadata leaks, you can delay delivery by a random time interval.
A lot of it has to do with things like Android Auto or Apple car play where the software needs access to your text message to read it to you and may need to send it to a more powerful cloud base system to translate your voice to text or the response from text into voice. These are legitimate reasons for using that data despite the taboo nature of how we view privacy and there are workarounds and technological breakthroughs that make it so those things can be done locally without sending it for processing but there’s pros and cons for technical reasons not to. That said does a system need to read every text message on your phone just to read out a text you’ve only just received absolutely not and this is where things get into the grey area.
The problem is that if you want that car you have to agree to these data policies that are very blatantly just trying to to take all of the data they can to monetize either directly from selling or trading or indirectly like improving services. What we need are strong laws in place to protect privacy but that’s an uphill battle when politicians are beholden to capitalism.
So to go back and actually answer your original question, yes, encryption is our only means or privacy assuming in this case signal encrypts data at rest.
Android Auto/Car Play don’t require giving the car access to anything. It should just be a simple video signal output, touch screen coordinates, and audio output/input line.
And I’m pretty sure that is how it works, unless cars are applying screen reader/etc technology (TVs do that, so I wouldn’t put it past car manufacturers…).
I’m pretty sure this article is talking about bluetooth, not Android Auto / Car Play. The bluetooth car protocol sends a copy of your full address database to the car because it’s a low bandwidth protocol that minimises sending data back and forth while the user is interacting with the hardware. I would never pair my phone to a modern car with bluetooth.
It’s a bit more.
The car can communicate to the infotainment whether headlights are on, so AA can set dark/light mode.
The car also communicates whether it’s LHD or RHD, so that it can switch button placement on the screen.
Idk what other data, if any, Apple/Google insist on having
Thanks, that’s helpful. I’m reluctantly considering purchasing a vehicle, possibly even relatively close to new. The ancient beater I drive when the bike won’t do the job isn’t subject to these issues, and might even be proof against an EMP. Tho’ where the hell I’d get petrol in a post apocalyptic landscape is an as yet unanswered question. lol. I like the idea of the ‘bells and whistles’ of modern conveyances, and do so much in other spheres to limit corporate access that it makes sense to consider how to minimize in the case of a more modern car.
As someone who loves the bells and whistles and who recently bought a new vehicle last year a lot of the safety features are really nice to have but of all the tech features I thought I wanted I don’t really use. If I can conveniently stream audio from my phone or have a larger screen than my phone for navigation that’s placed somewhere I can glance at I would be happy. At least that’s what I’d tell my past self.
That said I wouldn’t be too paranoid about the data the car is collecting because your cell phone and everyones phone around you is collecting the same information (edit: not that you shouldn’t be concerned about that either). It’s just that these manufacturers are realizing theres money to be made here, it’s probably why GM wants to stop including Apple Car play or Android Auto so there’s less fingers in the cookie jar.
Could you imagine living somewhere that you could commute locally and just work remotely and not need such a finacial burden in your life? What a fantasy 😔
LoL, I must be living the ‘life of Riley’, then. My commute is less than a mile, and almost always by bike. And most of my errands, etc can be done by bike, as well. And yet the need for a car in our family is indeed extant.
Let me guess - because while your home is ideally located for your daily commute, it’s not ideally located for the rest of your family?
I love travelling by bike, but unfortunately it’s just not possible to find a home that is within cycling distance for everywhere anyone in our household needs to go. Right now it’s pretty much only my kid’s school, but in a couple years he’ll be older and need to move to another school, which won’t be as close. We live about half way in between my work and my partner’s work - which is 30 minutes each way (by car) in opposite directions… it’s not really practical to take a bus either (cycling is faster, because it’s not a direct bus route). So, two cars in our household. I try to cycle to work twice a week or so, whenever I can spare the extra time, but my partner can’t do that since there are no safe cycling paths on her commute.
More or less like that regarding work. And on weekends it’s nice to go places, and/or have a vehicle to haul stuff. But that’s not everyday. So yeah, common ownership of a vehicle for roadtrips, and/or hauling stuff would be an elegant solution.