Smart Car Privacy? VPN or DNS + Firewall?

Theoretically, for privacy, would it better to run VPN, or DNS + Firewall, on the android system of a car?

I do not think what you use is relevant considering when the time comes for scheduled maintenance, it the manufacturer will probably see all the bluetooth beacons and devices it has encountered since its last maintenance and from there try to figure out how to monetize your personal info. See below:

https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/


I find it deeply appaling that the older more analog cars are privacy friendly vs the modern cars. It feels likr its making me choose between my privacy and my choice to be environmentally friendly. From the article above, the least disgusting car, privacy-wise, is Renault, simply because GDPR protects its EU consumers. Outside the EU, I dont think it matters much.

1 Like

On this topic I recommend reading:

https://pluralistic.net/2023/07/24/rent-to-pwn/

Glorious future incoming.

1 Like

Well at least the terrible car privacy landscape incentivizes not using cars, which is very good for the environment.

2 Likes

At least in the US, many cities are designed with cars in mind, so for many that isn’t an option unfortunately.

Thanks for replying! I understand that smart cars are a privacy nightmare, and accept that for what it is currently.

However, I do believe that I have a slight advantage, being able to sideload apps, modify/uninstall system processes/apps such as OTA updates etcetera, remove the SIM card quite easily, and lockdown internet access to only certain apps.

I also understand, that any steps I take will not magically make my car as private or secure as a pixel running GrapheneOS, or as an older car. This thread is more about incremental steps and possibilities, reducing the number of companies that have access to the car’s data and how much, such as the ISP the manufacturer uses, and any third party tracking etcetera.

Perhaps with that, I’ll rephrase my question…

What steps can I take to increase the privacy and potentially the security of my smart car, assuming I have the ability to sideload apps, modify/remove system processes, and physically modify the car (such removing the SIM)?

Thank you. I’m looking forward to engaging with future replies!

I dont think a VPN would be useful here. I am assuming that the dealer has a way to link your personal identity to your car. Your car probably has some kind of identifier when it report your activities online. The dealer or make of the car probably also has something that link you to that identifier. A VPN here may not be useful, because even fought your car would report as being in a different country, it would still be linked to you. Thought this is pure speculation.

Firewall might be useful here. Perhaps you can block some apps to communicate online. You may not be able to block everything, depending on how integrated the data collection has been implemented in the car operating system. I also would recommend to not go too far down this road : car maker might accuse you of hacking the entertainment system, or refuse you troubleshooting if they detect intrusive modification. Just installing an app might not be a big thing, it depend on his it’s done. Full image flash, root, app sideload, google play are all different method to install app, but with very different end result. Most would say installing an app through play store is without repercussions.

As for th data collection made by the dealer/garage, I don’t think it’s an issue. Again, I don’t know how they operate, I don’t think any mechanics has time to loose to connect your car, download data for tracking, and upload back to internet after the end of the maintenance. That data collection need to be fully automated otherwise it’s not going to be done. Sure they may have automated upload whey they physically connect to your car, but at what price ? This is development time of custom software and hardware, which is normally not useful on a always connected car.
Breaking the upload with a local firewall might be good enough.

I chose to remove the sim card to prevent the vehicle from communicating with the vehicle servers, and to use the RethinkDNS app to block undesired network connections, apply an on-device block list, and funnel the Wi-Fi connection through a WireGuard profile in combination with NextDNS.

1 Like

There’s likely an antenna which is responsible for transmitting that data. I’ve read some posts on other forums where users with my model of car think they’ve figured out where the cable for the antenna runs and how to disconnect it. Apparently this comes at the loss of various life safety measures like OnStar (or proprietary options like Subaru’s STARLINK).

Personally, I’ve considered selling my current vehicle because it holds a high resale value and going back to an older, more analog, vehicle - but the fact of the matter is that we shouldn’t have to sacrifice personal privacy to engage in modern amenities or more fuel efficent (“green”) vehicles. Especially those of us in the United States and Canada where society is extremely car centric where car ownership is all but required. We don’t have a viable alternative such as light rail like our European friends.

Cory Doctorow is a great author :+1: There was also this one which was in respect to Toyota’s nonsense.

One Toyota customer CHOICE spoke to, Mathew, spent $68,000 on a Toyota Hilux last year. When the vehicle became available for collection after a few months, he started receiving emails asking him to sign up for Toyota Connected Services - a feature he’d never been told about.

“Mathew told us the more he looked into the policy, the more uncomfortable he felt having this technology in his car. He asked Toyota if the technology could be removed - not simply deactivated - prior to picking up the car, but they said removing it would void the warranty, and his insurance would likely also be at risk,” says Alam.

Mathew cancelled his finance and never picked up the car, but Toyota still refused to refund his $2,000 deposit. It was only after CHOICE sent questions to Toyota Australia that the dealership agreed to return the money.

There isn’t much you can do as there is an locked down onboard computer with it’s own cellular chip set in the Data Communication Module which I mentioned in a post in another thread:

Probably the best thing you can do is buy an older car that doesn’t have all that crap so tightly integrated and buy your own dumb head unit.

What really needs to happen is that government legislation needs to tighten down on what data can be collected, and what can be done with it, and ultimately give the user the option to not supply/upload it anywhere.

1 Like