Smart Car Privacy? VPN or DNS + Firewall?

Theoretically, for privacy, would it better to run VPN, or DNS + Firewall, on the android system of a car?

I do not think what you use is relevant considering when the time comes for scheduled maintenance, it the manufacturer will probably see all the bluetooth beacons and devices it has encountered since its last maintenance and from there try to figure out how to monetize your personal info. See below:


I find it deeply appaling that the older more analog cars are privacy friendly vs the modern cars. It feels likr its making me choose between my privacy and my choice to be environmentally friendly. From the article above, the least disgusting car, privacy-wise, is Renault, simply because GDPR protects its EU consumers. Outside the EU, I dont think it matters much.

1 Like

On this topic I recommend reading:

https://pluralistic.net/2023/07/24/rent-to-pwn/

Glorious future incoming.

Well at least the terrible car privacy landscape incentivizes not using cars, which is very good for the environment.

2 Likes

At least in the US, many cities are designed with cars in mind, so for many that isn’t an option unfortunately.

Thanks for replying! I understand that smart cars are a privacy nightmare, and accept that for what it is currently.

However, I do believe that I have a slight advantage, being able to sideload apps, modify/uninstall system processes/apps such as OTA updates etcetera, remove the SIM card quite easily, and lockdown internet access to only certain apps.

I also understand, that any steps I take will not magically make my car as private or secure as a pixel running GrapheneOS, or as an older car. This thread is more about incremental steps and possibilities, reducing the number of companies that have access to the car’s data and how much, such as the ISP the manufacturer uses, and any third party tracking etcetera.

Perhaps with that, I’ll rephrase my question…

What steps can I take to increase the privacy and potentially the security of my smart car, assuming I have the ability to sideload apps, modify/remove system processes, and physically modify the car (such removing the SIM)?

Thank you. I’m looking forward to engaging with future replies!

I dont think a VPN would be useful here. I am assuming that the dealer has a way to link your personal identity to your car. Your car probably has some kind of identifier when it report your activities online. The dealer or make of the car probably also has something that link you to that identifier. A VPN here may not be useful, because even fought your car would report as being in a different country, it would still be linked to you. Thought this is pure speculation.

Firewall might be useful here. Perhaps you can block some apps to communicate online. You may not be able to block everything, depending on how integrated the data collection has been implemented in the car operating system. I also would recommend to not go too far down this road : car maker might accuse you of hacking the entertainment system, or refuse you troubleshooting if they detect intrusive modification. Just installing an app might not be a big thing, it depend on his it’s done. Full image flash, root, app sideload, google play are all different method to install app, but with very different end result. Most would say installing an app through play store is without repercussions.

As for th data collection made by the dealer/garage, I don’t think it’s an issue. Again, I don’t know how they operate, I don’t think any mechanics has time to loose to connect your car, download data for tracking, and upload back to internet after the end of the maintenance. That data collection need to be fully automated otherwise it’s not going to be done. Sure they may have automated upload whey they physically connect to your car, but at what price ? This is development time of custom software and hardware, which is normally not useful on a always connected car.
Breaking the upload with a local firewall might be good enough.