The sheer amount of data that an app or an operating system can use to identify you and collect your data is enormous, depending on the method of tracking it uses.
While it's clear why manufacturers and sellers desire more data - to tailor their products, enhance efficiency, appeal to consumers, boost sales, and fuel innovation - this often incurs a hidden cost - our privacy.
Just recently, Meta launched a paid option for Facebook and Instagram in the European Union, which is designed to avoid unnecessary data tracking in favor of a paid subscription that limits data collection.
Most car owners would probably have no idea about just how much data a car can get out of them.
According to a study by The Washington Post, the make of car it tested generated up to 25 gigabytes of data per hour, including phone records, driving style, and more, and sent all that data back to the manufacturer.
The Washington Post even bought a secondhand navigation system of the same make and discovered that it was able to reconstruct the previous owner's usage by checking the logged data on the system, learning their home and workplace addresses, frequented gas pumps, and more.
Smart car data can also get sent to other parties, with many using it for fraud prevention, accident analysis, better insurance rates, or even route and road planning by city planners.
Even if the collected data is anonymous, as evidenced by the Washington Post study, it can still be used to re-create a driver's profile, similar to browser fingerprinting, which employs a variety of general data to enhance website experiences.
Car data tracking operates on a similar principle, but it too comes at a cost - the price of personal privacy.
Apart from the obvious privacy angle to data tracking, there is also a cybersecurity concern.
Since the data that is collected also gets stored on the car's storage medium, plus shared with the manufacturer and others, this opens up the owner of the car to a potential data breach or a data leak.
Any potentially useful data is ripe for the taking, and this leads the conversation back to privacy, since, per the General Data Protection Regulation, the probability of data breaches would be reduced by encrypting personal data.
The data collected by and stored in connected cars is often not encrypted at all, and in the U.S. specifically, there are no laws requiring data anonymization or encryption, with some companies being strictly in the business of selling said data to governments, for example.
While vehicle manufacturers are legally responsible for protecting your personal data, incidents can still happen.
If a car system employed some form of encryption or a VPN, maybe a security chip, that would do much more to ensure the security of the collected data, but not all brands utilize such a practice.
From an owner's perspective, factory resetting the in-car system before selling it is one obvious way to clear private data.
One could ask a car service shop to wipe all data from the car, since sometimes a factory reset is not enough.
After renting a car, disconnect your phone and delete all data related to usage before giving it back.
To close, without proper awareness and accountability by the manufacturers, your personal data will be at risk, and as far as privacy is concerned, the fight for further protection has to be ensured.
Your data is you, so try to fight for its safety the same way you would fight for your most personal belongings.
This Cyber News was published on www.welivesecurity.com. Publication date: Thu, 07 Dec 2023 12:43:07 +0000