Monday edition of *Car privacy is an absolute nightmare*:
Subaru's employee portal holds a year's worth of location data for all internet-connected cars. 
We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.
Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.
I seriously doubt any owner has a clear idea that this data is being collected on them.
But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)
Literally no car owner has asked for their whip to be turned into a surveillance portal.
And yet..
Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.
Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things.
Reading list:
The Subaru research: 
News report on it: 
Mozilla Foundation's key investigation into car privacy: 
Subaru's employee portal holds a year's worth of location data for all internet-connected cars.
We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.
Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.
I seriously doubt any owner has a clear idea that this data is being collected on them.
But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)
Literally no car owner has asked for their whip to be turned into a surveillance portal.
And yet..
Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.
Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things.
Reading list:
The Subaru research: samcurry.net
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to...
WIRED
Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a ye...
Mozilla Foundation
*Privacy Not Included: A Buyer’s Guide for Connected Products
All 25 car brands we researched earned our *Privacy Not Included warning label – making cars the worst category of products that we have ever rev...
