Rafi Alam from CHOICE told The World Today: “When we looked at Toyota’s privacy policy, we found that these Connected Services features will collect data such as fuel levels, odometer readings, vehicle location and driving data, as well as personal information like phone numbers and email addresses.”

The program’s policy document says Toyota collects data for various purposes if drivers don’t opt out — including for safety, security, research, product development and data analysis — but the company may also share it with third parties such as finance and insurance companies, debt collection agencies and market research organisations.

In 2023, the Mozilla Foundation reviewed the privacy standards of 25 major car brands, including Toyota. All 25 received failing marks for consumer privacy.

The report found brands such as BMW, Ford, Toyota, Tesla, Kia, and Subaru could “collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive”, which they could potentially sell to third parties.

Nissan was accused of being “the very worst offender”, while Toyota was found to have “a near-incomprehensible galaxy of 12 privacy policy documents”.

Can you trust them with everything about what you do in the car, what you say in the car, who’s in the car, where it goes, your connections to every other online data service?

    • ForestOrca@kbin.social
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      9 months ago

      Wouldn’t end-to-end encryption with, for instance, Signal sidestep some of this data collection? Specifically related to text, telephony, video conferencing? Could one use a masked email to put a layer between oneself and one’s car/ car company?

      I’m just ‘brainstorming’ as this is a big issue, and I"m sure there are folks that have done deeper study and thinking on these impacts on our privacy. What about using a VPN?

      • Rentlar@lemmy.ca
        link
        fedilink
        English
        arrow-up
        10
        ·
        9 months ago

        Government agencies have already been permitted to read notifications, so if it is readable and recordable by the car in any form, then you bet your ass law enforcement can obtain access to it.

        • thegreekgeek@midwest.social
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          4
          ·
          9 months ago

          Yeah E2EE doesn’t really matter much if your notification service routes through Google or Apple. Which they pretty much all do if you have push notifications enabled.

          • abhibeckert@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            9 months ago

            E2EE does help. Notifications can include the content of the notification but they don’t have to and it’s generally recommended to send a notification telling the device to launch the app in the background to check the server for new content. The app will then decrypt the message and display a plain text notification that is not sent to any servers.

            If you’re worried about metadata leaks, you can delay delivery by a random time interval.

      • extant@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        9 months ago

        A lot of it has to do with things like Android Auto or Apple car play where the software needs access to your text message to read it to you and may need to send it to a more powerful cloud base system to translate your voice to text or the response from text into voice. These are legitimate reasons for using that data despite the taboo nature of how we view privacy and there are workarounds and technological breakthroughs that make it so those things can be done locally without sending it for processing but there’s pros and cons for technical reasons not to. That said does a system need to read every text message on your phone just to read out a text you’ve only just received absolutely not and this is where things get into the grey area.

        The problem is that if you want that car you have to agree to these data policies that are very blatantly just trying to to take all of the data they can to monetize either directly from selling or trading or indirectly like improving services. What we need are strong laws in place to protect privacy but that’s an uphill battle when politicians are beholden to capitalism.

        So to go back and actually answer your original question, yes, encryption is our only means or privacy assuming in this case signal encrypts data at rest.

        • abhibeckert@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          9 months ago

          Android Auto/Car Play don’t require giving the car access to anything. It should just be a simple video signal output, touch screen coordinates, and audio output/input line.

          And I’m pretty sure that is how it works, unless cars are applying screen reader/etc technology (TVs do that, so I wouldn’t put it past car manufacturers…).

          I’m pretty sure this article is talking about bluetooth, not Android Auto / Car Play. The bluetooth car protocol sends a copy of your full address database to the car because it’s a low bandwidth protocol that minimises sending data back and forth while the user is interacting with the hardware. I would never pair my phone to a modern car with bluetooth.

          • TheGrandNagus@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            Android Auto/Car Play don’t require giving the car access to anything. It should just be a simple video signal output, touch screen coordinates, and audio output/input line.

            It’s a bit more.

            The car can communicate to the infotainment whether headlights are on, so AA can set dark/light mode.

            The car also communicates whether it’s LHD or RHD, so that it can switch button placement on the screen.

            Idk what other data, if any, Apple/Google insist on having

        • ForestOrca@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          9 months ago

          Thanks, that’s helpful. I’m reluctantly considering purchasing a vehicle, possibly even relatively close to new. The ancient beater I drive when the bike won’t do the job isn’t subject to these issues, and might even be proof against an EMP. Tho’ where the hell I’d get petrol in a post apocalyptic landscape is an as yet unanswered question. lol. I like the idea of the ‘bells and whistles’ of modern conveyances, and do so much in other spheres to limit corporate access that it makes sense to consider how to minimize in the case of a more modern car.

          • extant@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            9 months ago

            As someone who loves the bells and whistles and who recently bought a new vehicle last year a lot of the safety features are really nice to have but of all the tech features I thought I wanted I don’t really use. If I can conveniently stream audio from my phone or have a larger screen than my phone for navigation that’s placed somewhere I can glance at I would be happy. At least that’s what I’d tell my past self.

            That said I wouldn’t be too paranoid about the data the car is collecting because your cell phone and everyones phone around you is collecting the same information (edit: not that you shouldn’t be concerned about that either). It’s just that these manufacturers are realizing theres money to be made here, it’s probably why GM wants to stop including Apple Car play or Android Auto so there’s less fingers in the cookie jar.

            Could you imagine living somewhere that you could commute locally and just work remotely and not need such a finacial burden in your life? What a fantasy 😔

            • ForestOrca@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              9 months ago

              LoL, I must be living the ‘life of Riley’, then. My commute is less than a mile, and almost always by bike. And most of my errands, etc can be done by bike, as well. And yet the need for a car in our family is indeed extant.

              • abhibeckert@lemmy.world
                link
                fedilink
                English
                arrow-up
                5
                ·
                edit-2
                9 months ago

                And yet the need for a car in our family is indeed extant.

                Let me guess - because while your home is ideally located for your daily commute, it’s not ideally located for the rest of your family?

                I love travelling by bike, but unfortunately it’s just not possible to find a home that is within cycling distance for everywhere anyone in our household needs to go. Right now it’s pretty much only my kid’s school, but in a couple years he’ll be older and need to move to another school, which won’t be as close. We live about half way in between my work and my partner’s work - which is 30 minutes each way (by car) in opposite directions… it’s not really practical to take a bus either (cycling is faster, because it’s not a direct bus route). So, two cars in our household. I try to cycle to work twice a week or so, whenever I can spare the extra time, but my partner can’t do that since there are no safe cycling paths on her commute.

                • ForestOrca@kbin.social
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  9 months ago

                  More or less like that regarding work. And on weekends it’s nice to go places, and/or have a vehicle to haul stuff. But that’s not everyday. So yeah, common ownership of a vehicle for roadtrips, and/or hauling stuff would be an elegant solution.

      • QuadratureSurfer@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        Then they won’t get your messages are any other information specific to your device.

        But cars don’t need that connection to phone home with all of the data that the car itself is picking up on. Cars today all have some sort of cheap connection so that they can pass on your data one way or another.

      • bitwolf@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        Connect your phone but don’t grant the Bluetooth connection rights to your contacts and call logs.

  • Cossty@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    2
    ·
    9 months ago

    I cant wait for the day when I can install Debian on my car. Until then I am not buying new car.

    • laughterlaughter@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      No, man, that’s not even the answer. Why give those fuckers money? That’s like buying a home with cameras that can’t be removed because they’re built into the walls or the columns, and what they capture goes directly to “HousingCorp Inc.” Then you have to go through the trouble of cutting the cables or placing tapes or covers on their lenses. Half way through that task, you should be asking yourself, “why the fuck am I doing this?”

      Car makers should be in the business of selling you cars, that is, a means of transportation, and that’s it. Would you accept a pair of jeans that will track you? What about shoes? Hell, I refuse to buy those fucking toothbrushes with bluetooth!

      I can see a cheaper option that tracks you; sure. But it would be a choice, not something shoved up your nose. I swore off TVs altogether because all of them have “smart” features. Fuck smart features! Sell me a damn TV that is not trying to connect to the internet! If I want it to connect to the internet, then I’ll stick some HDMI device to it, thankyouverymuch.

      And we definitely agree in one thing: I will never buy a new car if it has that tracking bullshit, or disabled features that require a subscription bullshit.

  • rikonium@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    9
    ·
    9 months ago

    if you have a vehicle with 3G like 2019 and earlier 4Runners, ya good already.

    Call in via the car with your VIN to disconnect the radio. You’ll have to navigate the phone menu but I did it while waiting for Costco’s air pressure machine.

    You can also pull the DCM fuse but that’ll take the microphone with it.

    • thegreekgeek@midwest.social
      link
      fedilink
      English
      arrow-up
      6
      ·
      9 months ago

      They see when you’ve been fapping, they know when you’re awake. They know where you are parked at night but there’s no name so it’s okay. OH!

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    ·
    9 months ago

    This is the best summary I could come up with:


    Dr Katharine Kemp, from the Faculty of Law & Justice at the University of New South Wales, says cars can collect information through features like their cameras, sensors and internet-connected systems, but also from drivers’ mobile devices and their dealings with related third parties.

    The program’s policy document says Toyota collects data for various purposes if drivers don’t opt out — including for safety, security, research, product development and data analysis — but the company may also share it with third parties such as finance and insurance companies, debt collection agencies and market research organisations.

    “The more I looked into it, the way that Toyota can log into your car remotely, keep a record of all sorts of bits and pieces, and possibly share your driving behaviour with your insurance company — I just thought the whole lot outweighed the benefits,” he said.

    In a statement to ABC News, the company said customers could opt out of Connected Services, but that doing so would disable other features including Bluetooth and speaker functionality.

    The report found brands such as BMW, Ford, Toyota, Tesla, Kia, and Subaru could “collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive”, which they could potentially sell to third parties.

    CHOICE’s Mr Alam told the ABC’s RN Drive that consumers should be able to have modern connectivity features without car companies sharing their information with third parties.


    The original article contains 1,032 words, the summary contains 240 words. Saved 77%. I’m a bot and I’m open source!