this post was submitted on 23 Nov 2024
561 points (99.0% liked)

Technology

60101 readers
2413 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

New research reveals serious privacy flaws in the data practices of new internet connected cars in Australia. It’s yet another reason why we need urgent reform of privacy laws.

Modern cars are increasingly equipped with internet-enabled features. Your “connected car” might automatically detect an accident and call emergency services, or send a notification if a child is left in the back seat.

But connected cars are also sophisticated surveillance devices. The data they collect can create a highly revealing picture of each driver. If this data is misused, it can result in privacy and security threats.

A report published today analysed the privacy terms from 15 of the most popular new car brands that sell connected cars in Australia.

This analysis uncovered concerning practices. There are enormous obstacles for consumers who want to find and understand the privacy terms. Some brands also make inaccurate claims that certain information is not “personal information”, implying the Privacy Act doesn’t apply to that data.

Some companies are also repurposing personal information for “marketing” or “research”, and sharing data with third parties.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 78 points 1 month ago (2 children)

My cars are not modern enough for that, but I always carry a surveillance device in my pocket to make up for it.

[–] [email protected] 11 points 1 month ago (1 children)

At least that one has an off button

[–] [email protected] 10 points 1 month ago (1 children)
[–] [email protected] 1 points 1 month ago (1 children)

Did you read the article? There were a couple cases were very early Android phones were modified to appear to be off but stayed on. This is fairly common knowledge, but it's not particularly hard to defeat.

Everything your phone does requires a deterministic amount of power. Spying on people in particular requires even more power than normal because you need to run the power hungry gps in addition to the modem and cpu.

If you turn off the device it should be significantly cooler to the touch, not a degree above ambient. If it's at 100% charge but a power bank with a read out is showing it still charging, that's a problem. Is the bootloader image different? You can verify that to some extent. When you turn it back on has it been drawing down the battery anyway? Does it require an unlock password instead of biometrics as it normally would (assuming a particularly sloppy setup)?

This isn't rocket surgery, in reality nobody is modding everyone's phone to stay on forever because unless you're an absolute troglodyte (aka the fucking old school mafia bosses they did this to) it's going to be painfully obvious your phone is acting weird.

[–] [email protected] 1 points 1 month ago (1 children)

Nowhere near an expert in this, but I know I've seen in the past that you could set your phone to turn on at a specific time (which means the RTC at a minimum is still running) - could a determined adversary not find a way to take advantage of that?

[–] [email protected] 2 points 1 month ago

Depending on the chipset you can usually set rtc wakeup timers, though that typically implies sleep rather than power off so you'd still have some power draw when the device should be off. Similarly, if you're trying to log GPS you'll have to wake up for enough time to get a GPS lock so even at something like a 10 minute logging interval you'd get some noticable power consumption. Much much more if you're trying to log voice or video.

[–] [email protected] 4 points 1 month ago (3 children)

Eh, my phone is reasonably unlikely to spy on me. I use GrapheneOS with location off, no Google Play services most of the time (I have a separate profile for that BS), and the only app with location access is Organic Maps. My carrier could rat on me, but I don't think Google could.

But I have a smart watch (Pixel 2), but at least it's WiFi only so it can only rat on me when I get home. So I guess there's that.

[–] [email protected] 8 points 1 month ago (1 children)

Your carrier HAS ratted on you. Under the incoming US administration, I've little doubt they will again.

[–] [email protected] 2 points 1 month ago

I wonder if this applies to MVNOs, or if their data is somehow aggregated. I haven't used a major carrier for over a decade.

That said, I can't really do anything about the carrier because I'd like to continue receiving calls and getting mobile data. So I'll cut down as much as I can, and to me that means cutting out Google.

I've considered switching to a VOIP service and running everything over a VPN (doesn't help with location, but cuts everything else out), but I haven't found one that's reliable. I need:

  • SMS/MMS
  • reliable wake when receiving calls/texts
  • reasonable voice quality

Bonus points if I can receive calls on my computer (I'd also love to switch to a Linux phone). If I can find that, I'll switch.

[–] [email protected] 3 points 1 month ago (1 children)

If your phone is connected to the cell network, then you can be tracked.

https://youtu.be/wVyu7NB7W6Y

[–] [email protected] 2 points 1 month ago

Yup, but not by Google, at least not directly.

The problem is I want to be able to receive calls and texts while out and about. My next step is to try switching to a VOIP service and only get 2FA codes on my carrier number. That doesn't stop location tracking from cell towers, but it does reduce how much they know about me, and it makes it easier to switch later (i.e. if making and receiving calls on my computers are good enough).

Privacy is a process, and it's an unfortunately frustrating one as companies sell out their customers more and more.

[–] [email protected] 1 points 1 month ago (1 children)

sorry but that's no longer enough.

[–] [email protected] 1 points 1 month ago (1 children)

It's not, but it's a step in the right direction. Here are some additional steps I'm planning on:

  • switch to VOIP - nice extra feature is being able to call and text from my PC
  • VPN for all data - carrier can't see DNS anymore
  • slowly move friends and family to alternatives to SMS and phone calls

It's a process and I'll probably never be finished, but each step is satisfying.

[–] [email protected] 1 points 1 month ago (1 children)

I was thinking about VOIP, VPN as well, and none of my friends or family would use Facebook or whatsapp

[–] [email protected] 1 points 1 month ago (1 children)

I don't use Facebook or WhatsApp, so that's not an issue, but we do use SMS quite a bit, so I need something that handles that. That's an easier problem to solve than Facebook/WhatsApp, so I'm pretty happy about that.

[–] [email protected] 2 points 1 month ago (1 children)

yeah everyone i know uses SMS and one person uses facebook messenger.

[–] [email protected] 1 points 1 month ago (1 children)

I'm guessing you could get that one person to stop using FB messenger w/ you, the question is, what do you try to get them to move to?

[–] [email protected] 2 points 1 month ago (1 children)

Anytime i bring up any chat application that is privacy friendly i get told i need to "stop watching conspiracy theories"

[–] [email protected] 1 points 1 month ago (1 children)

So, they're not even willing to give it a try? Why? Because it's associated w/ privacy? How is that in any way a bad thing?

I'd understand it if it was missing some features, and depending on what features they're missing, maybe you can find an app that provides those.

[–] [email protected] 1 points 1 month ago (1 children)

The group of people i tell this to give me some varying reasons, but go back to the point that i have severe anxiety and i need to calm down. This group is my parents, my estranged partner and her mother, so its not like it's alot of people.

[–] [email protected] 1 points 1 month ago (1 children)

It's possible you do, I obviously don't know you. But that doesn't change the merits of the software, just your motivations.

Here's a video about options to convince friends to ditch SMS, maybe it'll help.

[–] [email protected] 1 points 1 month ago (1 children)

I mean, i am diagnosed with GAD, but ive been trying very hard to be privacy centric. I don't agree with anyone monitoring my internet traffic, and would like it all anatomized. I tried in the past but i failed, this time i want to try to for good. That means my computer and my phone, im looking to get a linux phone and one without android. Again, i guess you can call me crazy....

[–] [email protected] 1 points 1 month ago (1 children)

I recommend taking it a bit more slow. I've been moving that direction over the past year or so, and these are the changes I've made:

  1. switch to Tuta email from Google
  2. replace phone w/ Pixel phone to install GrapheneOS (needed upgrade anyway)
  3. configure my NAS to eventually replace Google Drive (have NextCloud set up w/ LibreOffice Online)

And some things I'm in the middle of:

  • replace the handful of Google apps I still use w/ my NAS setup - still use Sheets and Keep
  • configure VPN on my WiFi network - have tested it out, just need something more permanent
  • switch to a VOIP number so my calls and texts go over data, which I can encrypt w/ a VPN, as well as take calls/texts on my computers
  • convince SO and other family members to use something other than SMS (probably not happening)

I eventually want a Linux phone, but the current iterations just aren't good enough (battery, audio, etc). So I'm cutting out as much as I can in the meantime, and transitioning slowly.

So far, none of my changes have required any effort from my friends and family. My old gmail address forwards to my current Tuta address, and getting them to switch which email to send to is pretty easy (will do that soon). All the apps I need work fine on GOS, and I'm the only one using my NAS (except for Jellyfin, which my SO and kids use).

I recommend you take a similar path. Prioritize changes that impact your family and friends as little as possible, and then optimize from there.

When trying to get others to switch, don't make it all about privacy, make it about features. For example for Signal, there's a desktop and mobile app, so you'd be more likely to see someone's message vs SMS and FB (esp. if you don't use FB much). It also supports screen sharing on video calls, groups (and group calls), etc. So it combines features from other apps into one so you don't have to juggle apps/devices.

For example, I wanted to switch to Jellyfin so we could cancel our streaming services, and I sold it to my SO and kids by saying we could easily watch all of the movies and shows we already have, and I'm willing to buy whatever shows/movies they want and I'd rip them. So the kids each asked for a specific show, so I bought complete seasons of those and ripped them, and now they're happy, I'm saving money, streaming services can't track me, and things work even when the internet is dead.

[–] [email protected] 1 points 4 weeks ago (1 children)
  • I'll check out tuta for email. ive head of them before.
  • I need a new phone, but it will have to be an older phone, One i can hopefully get graphene
  • i was thinking of using nextcloud. i have a VPS ive been paying for i haven't been using. Might be time to use it?

I've tried selling the other people on signal, but nobody cares about the features and just want to use the stock messaging app their phone comes with. the only one who uses a computer to send messages is my partner and she has a iphone so there's the imessage ecosystem she's into already. When i move out i won't care as much but we still need to communicate because of our kids. It's frustrating but i know there are other things i can do. I do want to install linux on my laptop but i have battery anxiety, so i need to get over that i guess.

[–] [email protected] 1 points 4 weeks ago (1 children)

I do want to install linux on my laptop but i have battery anxiety

Eh, I get pretty good battery life on my laptop, so it may not be as much of an issue as you think.

[–] [email protected] 2 points 4 weeks ago

well i just threw ubuntu on so we will see. its a brand new laptop.