Vehicle privacy

So you use GrapheneOS with Organic Maps or whatever other FOSS navigation app, have a Mint eSim that you registered under an alias and pay with a privacy.com card or a gift card, turn on airplane mode before going home - or worse, you bought a Faraday bag in order to store it before going home -, then have all data brokers know your home address and second by second location because Toyota just sold you out to them. It feels like the privacy community is asleep at the wheel (pun unavoidable).

It would be great to have a vehicle section on the site, saying what car manufacturers/models to avoid, what to ask at the dealership, after-purchase guides, etc.
But honestly, do we even have that information today?

4 Likes

Quite possibly: all of them.
I’ve never heard of any privacy respecting connected car, only the opposite.

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

Hey … maybe the rumoured Apple car … :wink:

Under the assumption that all new cars are leaking location data, the workaround is to not drive a new car. Here are some ideas:

  • “Classic” (20+ yo) cars - expensive to maintain, inferior fuel efficiency
  • Motorcycles - IDK from personal experience, but I assume many new motorcycles are still not “smart” and don’t feature any connectivity whatsoever.
  • e-bikes - these are much slower, often topping out around 30 MPH, but AFAICT few bother with connectivity, I guess because they’re so cheap.
  • public transit - only practical in some cities. Pay with cash and cycle transit passes often.
5 Likes

If it’s safe to travel by bike in your area and you truly feel that you need to carry more stuff than a regular bike can hold, also consider a cargo bike/bakfiets:

Youtube: https://youtu.be/rQhzEnWCgHA
Invidious: The Car-Replacement Bicycle (the bakfiets) - Invidious

this is something that came up for me as i was confronted with possibly having to buy a vehicle. i feel like the only possibility i know of for newer cars is disconnecting the antennae they use to communicate, but that seems both difficult and very out of scope for the site.

  1. I’ve been delaying for a while now, too, but will have to face the need to face the need to buy a new car sooner or later.

  2. Yes, getting rid of the car’s SIM should definitely help, but non-connected cars can also record all your data and send it home to the mother ship when you stop it in the shop to get it servicer and;

  3. That’s why we need resources. Only site I could find was https://privacy4cars.com, but that’s only for US & Canada, and I’m not sure what exactly it has.

Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.

If this out of scope for this site their self definition should change to “your central privacy and security resource to protect yourself online, except from your car”.

3 Likes

Off course this is an issue, I have also thought about it. But you (we) really need to focus on our REAL threat model…
I have bought a very cheap phone, I believe 70 or 100€, a burn SIM, and I use that with a specific google account and OSM and done… or the built in Toyota maps… and I use that phone only for that, it remains into de vehicle…

Probably impossible in most cars, as the connectivity is deeply integrated into the engine electronics these days.

1 Like

Removing the SIM card is also probably not enough to prevent location tracking, as it may still connect to cell towers just like cellphones do. The modem needs to be removed.

Anyone knows of a website that has guides on how to do this for different vehicles?

Also, how old would one have to go to be safe when buying an used car, in terms of preventing location tracking?

Probably not out of scope for this discussion forum.

I suspect that disconnecting the antenna or replacing it with a dummy load is the most straight forward way to deal with this. How to do that will vary for every brand and model of car.

How about the situation in Europe ? Does GDPR protects us, or is once again violated ?

I actually disagree. Ultimately, Privacy Guides should cover all aspects of one’s life.

Some vehicles have all of this communications equipment behind a single fuse which can be removed. It is definitely a YMMV situation depending on make and model.

Very much depends on the vehicle. Some luxury vehicles even had this functionality before 2010. OnStar was formed in 1996 after all.

Since @OldGuy said it is not out of scope you are both saying the same thing.

A vehicle section would be a great addition to the site.

If wanting to keep a modern vehicle, one method is to either remove or disable the telematics control unit (TCU). Either get an auto electrician to remove it or DIY if it’s possible (search car forums on your make/model to find location. Not always possible to DIY due to difficult location etc). You can also disable the TCU by removing it’s fuse (follow your owner’s manual to identify which fuse).

Also consider removing or disabling antenna/s, cabin microphones and external cameras.

3 Likes

quote=“jonah, post:12, topic:13688”]
said it is not out of scope
[/quote]

You are right. I misread

The problems run a lot deeper. In the American context, local municipalities install license plate scanners as a form of passive income, to automate sending out tickets for expired registrations. In reality, they don’t personally operate them, they contract them out to private companies… namely, data processing and AI companies based in Israel and founded by ex-Israeli intelligence assets who have a professional background in creating heatmaps of populations.

You cannot legally operate a vehicle in the US without a valid license plate, and you can’t avoid getting your plate scanned and tracked at random, and all of your full personal details are held by the state and accessible to ordinary government workers like police officers and this data is being shared with data processing companies in a foreign government.

It is a disaster and I know of no legal method to avoid this egregious privacy and national security breach.

1 Like

I had recently looked into this issue for my car which I bought a few years ago after I drove my 2004 into the ground. It took me down a rabbit hole without very much reliable information, but fortunately I was able to scrape together enough to accomplish something that I believe was productive and meaningful for my use case.

Initially I thought about getting into the shark fin to see what I could do with the antennae. I came across a post of someone who had done just that but stated that when they get close enough to a cell tower, the car still connected and would be able to transmit information.

This led to looking into disabling the SIM card, which is embedded into a telematics module for my car, and I would venture a guess that other manufacturers have a similar setup. I found the associated fuse and pulled it as the most simple solution I could think of, but found that it knocked out Bluetooth microphone and the passenger side speaker. Digging further I found out that the wiring for these routes through the module, explaining why they were disconnected with the fuse pulled.

This left me with the only other solution I could think of which was to figure out how to physically remove the telematics module from the car and see if I could short the connections for the microphone and speaker. I was able to find the module mounted with the head unit after disassembling the dash and remove it completely. I came across an online vendor that sells a bypass plug which shorts the speaker connection and reroutes the microphone to the head unit itself, which spared me the pain of finding wiring diagrams and attempting the electrical work myself.

The final result is a removed telematics module (ie. SIM card) without the Bluetooth microphone or passenger side speaker affected. The SOS button does nothing now. I don’t use the built in navigation or SiriusXM so can’t comment on that functionality. Bluetooth connection is fully functional for streaming music and hands free phone calls. Wired Android Auto works as well. Car cameras for lane assist, auto collision braking, reverse driving remain functional.


9 Likes

Slightly worse than that actually. There are private firms, car repossession firms in particular, that run their own automated license plate readers. They build up a database of what cars can be found at what locations at what times of day, etc. If/when a finance company gives them a contract to repossess a car they know exactly when and where to find it.

If the local government entities are unwilling to spend for their own automated license plate reader setup and they know a private company is already doing it, they can get the information they desire from that company without spending their own money. So just because your local city or town is not officially running license plate scanners doesn’t mean there may be someone else doing it in your area.

4 Likes

This is really cool to see. If you’re comfortable with it (totally understand if you aren’t), letting people know the year make and model would help others replicate what you did. Probably even with just the same manufacturer.

American laws are held back in an era where technical limitations gave a semblance of privacy and the free-speech/citizen’s oversight interests protected a lot of public recording and photography, but as these technical limitations have slipped, the laws have not been updated to cut back on the more egregious abuses of mass photography, recording, and automatic data processing, and more than that there is a lack of political will to do so, as governments would prefer to spy on their populations and abuse their privacy.

On the screen it still shows cellular connectivity?