Modern cars are spying on you. Here's what you can do about it
(apnews.com)323 points by MilnerRoute 3 days ago
323 points by MilnerRoute 3 days ago
Yes, and that's very sad. However the solutions are pretty obvious:
Car -> unplug the cellular modem (more or less easy)
TV -> used as dumb monitor with a Linux HTPC
Phone -> GrapheneOS
PC -> Linux
Social media -> /dev/null
Email/DNS/cloud -> my own
The real issue is that most people are not aware of these issues and may even (unintentionally) compromise your own privacy by posting information or pictures of you to Facebook or other similar places.
For most people, it's all irrelevant.
I'm surprised how many people think that keeping a low profile will matter in a society that attacks people for things you could discover from vehicle position data. In that society, you'll get attacked if someone wants to do it and they'll manufacture the pretext.
I think the attack vector most are considering are going to be government-sourced mass-targeting of individuals based on data triggers rather than any particular interest in the individual. The current example being many of the 12,000 annual arrests in the UK for online speech, many based on private messages. For many of those cases, these were private individuals in whom the government had no prior interest.
It's not difficult to imagine something like pandemic restrictions, where a digitally-enabled government could fine/arrest people based on location data, either because they travelled outside an allowed area or into a restricted one. Or they have data showing they were in close-proximity with too many people etc etc.
No doubt about this one. But, how much are the ubiquitous ride-for-hire e-scooters spying on you, and everyone else on the street?
Those e-scooters are a red herring. Ring cameras on everyone's front door and automated license plate readers (ALPR) on police vehicles and Flock cameras throughout cities are bigger concerns in America.
Flock is already known to assist the government surveilling protestors:
- [CBP is monitoring US drivers and detaining those with suspicious travel patterns](https://news.ycombinator.com/item?id=45996860)
- [How Cops Are Using Flock Safety's ALPR Network to Surveil Protesters and Activists](https://www.eff.org/deeplinks/2025/11/how-cops-are-using-flo...)
- [Amazon has a form so police can get my (Ring) data without permission or a warrant](https://www.theverge.com/2022/7/14/23219419/amazon-ring-law-...)
The even worse part of Flock isn't that they cooperate with the government, it's that there is(or was) basically no security in the service. Cops from one state can/could use flock services from other states. A few cops got caught stalking via Flock.
Flock takes the "do nothing until forced to" mentality.
It's where we are. Everything everywhere is collecting data and spying.
If it exists in a database, then the government has access to that database if it ever wants to legally or otherwise. It's been like that since 9:11 and probably before.
All we need now is for the right person to walk in and turn the key. We're lucky that Donald Trump is probably too stupid to understand what he's got under his thumb.
He's a useful president surrounded by smarter people who will figure out ways to use this data rather than sit around tweeting all day.
Not always possible, depending on model, skill level, and/or availability of a mechanic that's willing to try. My own search for a mechanic to mod any of the cars I was looking at buying was fruitless and left me with the decision to hold onto my gas guzzler for a while longer.
so ya!
My house is fairly close((125') to a rural "highway", and only internet here is mobile data that my phone shares with other devices and mornings(anytime) my older desktop with 2.5 ghz wifi gets bumped off with the passing of every car that has glaring supper white headlights,but, not the ones running yellow incandecents, whatever rf signal is comming of these things must be barely, or completly illegal, and could obviously be tracked in any number of ways, so not so much bieng spied on, as just flat out trasmitting everything you do in ridiculously fine grained detail.
> The first thing drivers should do is be aware of what data their car is collecting
> You can opt out
lol
this makes it seem so simple.
I think
- you will never be aware of what data is collected - they want to collect more data and never disclose it
- you will never be able to opt-out. Even if you disconnect from cellular, at service time they will just download what is there.
- car manufacturers will use any and all data to their benefit
You know, here's an interesting story I remember reading:
I will give you a story - buddy owns a shop - buys new M5 - he went out joyriding - warped a rotor - he said it was not from him so he tried a warranty service - BMW printed a page that his car recorded. It had snapped a pic of his face and sent all the data on speed, location, etc every bit of data you can think of to the dealer and his insurance company. He sold the car. That was years ago. Ask any custom tuner today if they can touch a 22 BMW. Nope. It will disable the car if you try and get into the CPU to tune it. This is where the industry is heading
from: https://www.fordtremor.com/threads/disabling-the-modem-pulli...
I don't disagree with you on BMW's data collection capabilities. However, I've read about 2023s being tuned. It's also widely reported that BMW encrypted many of the computers starting in 2024.
This past September, BMW disabled 3rd party access (think Home Assistant) to vehicle data. There are only 2 paid 3rd party companies allowed. 2+ years of me using HA (with some awesome automations) was terminated. I was willing to let them use my data as long as I could too, but now I don't even have access to my own data!
Similar story with a user's earlier Model S - they used to drive it like they were being chased by the cops, and so when it was time to swap the degraded battery under warranty, (as they said) "a nerd" came out of the back of the service center "with a bunch of paperwork from the database" and Tesla denied the claim.
The car data collection story is concerning, but it's part of a broader pattern: credentials and personal data are scattered across dozens of services we interact with daily.
The automotive example shows how even "non-tech" products now collect and transmit data. Each service creates another attack surface, another set of credentials to manage, another potential breach vector.
What's frustrating is that breach response still falls on individuals. When one of these services gets compromised, it's users who have to scramble to change passwords across potentially hundreds of connected accounts. The "change your password" advice is good but wildly impractical at scale.
Cars, your TV, your phone, everything is fucking spying on you. At this moment I am more interested in how I generate a tsunami of more data about me to the powers that be to drown them in a deluge of irrelevant bits.