You Car's Privacy Data May Not Actually Be All That Private

One company's data is easily accessible, no matter how many times it claims privacy, Motherboard reports.

Image for article titled You Car's Privacy Data May Not Actually Be All That Private
Photo: KAREN BLEIER/AFP (Getty Images)

My husband has a rule: he doesn’t download any app that requires his location data or a direct link between that app and any other social media account or email address. He doesn’t give permissions. He still doesn’t allow Twitter direct access to his phone’s camera app. And his extreme hesitation doesn’t seem all that paranoid now that Motherboard has discovered a wealth of data from car privacy company Otonomo.

Advertisement

Otonomo sources location data from vehicles, Motherboard reports, with one investors’ meeting presentation noting that the company has partnered with 16 OEMS and installed its features on 40 million vehicles. Otonomo has also partnered with “thousands of organizations” that it left unnamed.

All that collected data, though, is available through a free trial which you can later pay for. Here’s a little more from Motherboard:

Otonomo also makes some of its location data available as part of a free trial. The data is supposed to be pseudonymous, linked only to a non-descript identifier for the car, but Motherboard found it is relatively easy to find who a car potentially belongs to and follow their movements. A source pulled data from Otonomo en masse and provided Motherboard with GPS coordinates of drivers in California, Berlin, and other cities, and that data can be mapped to track unsuspecting drivers wherever they go, and to determine their likely home addresses and identities.

[...]

Gaining access to some of Otonomo’s data is fairly straightforward. Motherboard created a free account on Otonomo’s website using a Gmail address, entered a fake company name, and was able to request a spreadsheet of 10,000 location points from a specific U.S. state soon after. This data included a unique identifier Otonomo assigned to the device or vehicle, the recorded latitude and longitude, a hash of the source or provider of the data, and the street the data point related to.

Motherboard’s source repeated this process again and again, despite Otonomo claiming its data should be anonymous.

The kind of tech that Otonomo is offering isn’t going away, either. Our industry-wide push to create smarter cars and smarter cities generally includes this connectivity component. During a recent presentation for the 2022 Lexus NX, for example, Lexus reps consistently assured us journalists that the data it collects from drivers isn’t shared in any nefarious way, and it’s not for sale. Users can even opt out of data collection or look at how their data is being used. But with the NX’s cloud connectivity, it’s hard to guarantee protection. These two forms of tech are being used in tandem, providing no privacy guarantee.

It’s worth checking out the full Motherboard article to get a better sense of what Otonomo is and how similar forms of technology are presenting privacy issues for you in your cars.

DISCUSSION

By
DVDDVDDVD - search ACLU Mobile Justice App

I’d always kind of figured that car data was easily accessible by any actors. My worry has been that the lack of security extends to being able to send commands to moving vehicles.

Basically the first strike, or attempt at a strike against “the West” would be a massive command wave sent over wireless internet or cell service to newer cars, in order to screw up driving in order to cause mass casualties on all roads via wrecks everywhere.