Gavin Green on Nostr: The least they could do is give you the car for free. ...

The least they could do is give you the car for free.

quoting note1sf5…9suh

Monday edition of *Car privacy is an absolute nightmare*:


Subaru's employee portal holds a year's worth of location data for all internet-connected cars.

We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.


Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.

I seriously doubt any owner has a clear idea that this data is being collected on them.

But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)

Literally no car owner has asked for their whip to be turned into a surveillance portal.

And yet..

Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.

Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things.

Reading list:

The Subaru research: https://samcurry.net/hacking-subaru

News report on it: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/

Mozilla Foundation's key investigation into car privacy: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/