It is so easy to vacuum up private data from vehicles that Andrea Amico taught his daughter how to extract text messages from her mom’s car when she was only eight years old.
Blue-haired and an engineer by training, Amico has a hacker’s mentality, which has manifested in giving drivers a way to protect their data and beat the system at no cost.
Amico is the founder and CEO of Privacy4Cars, the outfit behind a free app that lets individuals erase the astonishing amount of personal data — including text messages, biometrics and geolocation — that many automakers collect, store and often share with law enforcement, insurers and even data brokers.
Privacy4Cars also allows consumers to pull a full report on exactly what data their own car is scooping up, using nothing but a vehicle identification number.
Amico worked on car data privacy for years on what he called a “passion project” basis. After running a large car inspection business, he came to understand the scale of the problem — and the stakes — and founded Privacy4Cars in 2019.
Consumers can use the app to delete data retroactively, but there is no way to block its collection moving forward so those especially concerned about privacy have to regularly wipe the car’s data, which usually primarily resides in the infotainment system, Amico said.
The process for deletion is unique for most car models and types. Amico says the company has amassed step-by-step delete instructions for tens of thousands of vehicles, whose settings often differ by model, make, year manufactured and even how many extras customers pay for to enhance a given model.
The app typically works for four out of five cars. Wiping data can take as few as three commands, or as many as 50, Amico said. If a car owner has not downloaded a given car’s software updates, that can complicate matters.
Data linked to more than a million cars has been deleted using the app to date, Amico said.
Privacy4Cars offers a website feature which allows users to search their vehicle identification number and quickly learn the data their car gathers, pulling and crystallizing information from the small print manufacturers typically disclose in complex, dense and lengthy terms and conditions and privacy disclosures.
A recent search of what Privacy4Cars calls its “Vehicle Privacy Report” showed a variety of automakers disclosing they can or do pull, store and even sell a wide range of data, including:
- Personal identifiers, which can include data as granular as a driver’s signature; Social Security number; passport number; insurance policy number; employment history and medical information, among other things
- Biometrics, which can identify individuals, including through fingerprint mapping, facial recognition and retina scans
- Geolocation data
- Data collected and used to create profiles on drivers
- Consumer data collected from synced phones like text messages and call logs. Often manufacturers don’t disclose whether they also gather data from drivers’ connected smart devices when third-party apps run on or sync with the infotainment system, the report said.
That website doesn’t seem like the sort of place I just want to start entering VIN numbers and zip codes… I clicked one link and it started asking to send my info to local dealers. I feel pretty confident that my 2006 Malibu is not collecting any data, so I think I’ll skip it
Agreed. Anyone offering a service like this that can’t be run locally as an airgapped device and isn’t FOSS so it can be audited sends huge red flags.
“Privacy” services really need to go to great lengths to prove to potential users that the services themselves have taken privacy seriously and show the receipts.
Why does their website get my privacy feelers a-tingling?
It feels spammy.
Edit: what the hell is that Global Privacy Control fear-mongering banner? I didn’t see it at first because I opened it with a script/ad blocking browser setup.
Talk about spam. Nah, I don’t trust this guy. Taught his daughter to pull info from mom’s car? Was he spying on her?
This post, the link to the record.com, and the link to YouTube all stink of marketing.
Wanna convince me, put the info on Github or something.
I entered my VIN (it’s very easy to get from the DMV anyway) and the website didn’t provide any data. For those that are curious but don’t want to put in your vin, it doesn’t work and I saved you the hassle.
Thanks.
As in my other comment, it feels spammy. Not like “we want to help everyone” but “we wanna make a buck on the ‘privacy’ train”
I guarantee you that the people collecting this data are 1) not going to let you just access it freely, and 2) damn sure are not going to let you just delete it at your whim.
deleted by creator
My 1988 station wagon isn’t even harvesting its own data
SPAM