Consumer group finds ‘Connected Services’ feature can send personal and vehicle data to third parties, with drivers told removing components risks voiding warranty
I recently read that data collection/sale as an “edge service” has been a part of Toyota’s strategy for a hot minute.
“You may not be surprised that a company like Toyota uses technology it installs in all the cars it sells in Japan to produce data that powers its onboard GPS service. You may be more interested to know that Toyota recognized that the value of this data was not uniquely associated with its primary use. As we will discover in chapter 8, this insight enabled Toyota to successfully launch a new business offering traffic telematics services to businesses and municipalities across Japan using the same data.”
Edge Strategy: A New Mindset for Profitable Growth by Dan McKone
I understand that they can share my location, but what personal information will they share? Are they photographing me inside my car? Are they recording me and sending it to the company? How do they know who my grandmother is unless I said her name out loud?
As the other comment says, they can do a lot more than just location.
But even with just location, they can figure out where you work, what stores you visit, what protests you attend, what hobbies you have, who your friends and family are, and so much more. If you regularly drive someone else in your car, a child for example, they’ll also know all these things about them too.
They can know all of your children by buying that data from others. If one of your children is in middle school and one in elementary, they know which one is in the car by which location and time you picked them up.
If you regularly go to a soccer field after picking up the kid in middle school, they now know that that kid is interested in soccer. They can sell this data to advertising companies who will use it to show your family soccer ball ads, cleats ads, tickets to soccer games, etc.
Whenever you connect your phone to any car with a handsfree system via any means (BT, USB, App) you have the option to allow it to access and store your contacts, phone call log, and text messages. If you install the companion app should your car have remote features, this app can collect even more data this way. If you say “call grandma” to handsfree or select her via the infotainment system, the car knows this and the manufacturer does too. The manufacturer can then save her number according to their policy and locate her. As a company they can perform a data sale/trade with their third parties and find out her real name if you don’t have it saved (Yes this is how companies have profiles on you even if you never used them.) Depending on the manufacturer, yes your car does actively send recordings back to the manufacturer from the microphone built in the cabin.
The Mozilla Foundation found that in late 2023, 92 percent of the automakers reviewed provided drivers with little to no control over their personal data. Additionally, 84 percent shared user data with third parties.
Why isn’t there more consumer outrage over this? And why haven’t lawmakers addressed this on a national level, given the potential dangers posed by this data collection?
Toyota has insisted it takes customer privacy “extremely seriously”, but has acknowledged the data communication module (DCM) – known as the “Connected Services” feature – can only be disabled but not removed from its cars, or else drivers could void their warranty and render Bluetooth and speakers non-functional.
Following an investigation, Choice has found Toyota’s “Connected Services” feature “collects information such as vehicle location, driving data, fuel levels, and even phone numbers and email addresses”.
A Choice investigation found one customer, Matthew, claimed he only learned about the Connected Services feature a few months after buying his $68,000 Toyota HiLux when he began receiving emails asking him to register for it.
Feeling uncomfortable about the feature, the Queensland father asked the dealership to remove – not just deactivate – the technology from his car, but claimed he was told this would void the warranty and risk his insurance.
He called on the federal government to bolster safeguards and introduce prohibitions on the collection and use of personal data as a matter of urgency.
The spokesperson said that while disconnecting the sim card would not void the warranty, a customer who elected to physically remove the DCM with a third party – because Toyota won’t – “does so at their own risk”.
The original article contains 507 words, the summary contains 211 words. Saved 58%. I’m a bot and I’m open source!
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
I recently read that data collection/sale as an “edge service” has been a part of Toyota’s strategy for a hot minute.
“You may not be surprised that a company like Toyota uses technology it installs in all the cars it sells in Japan to produce data that powers its onboard GPS service. You may be more interested to know that Toyota recognized that the value of this data was not uniquely associated with its primary use. As we will discover in chapter 8, this insight enabled Toyota to successfully launch a new business offering traffic telematics services to businesses and municipalities across Japan using the same data.”
Can they share personal information if you don’t connect to Android Auto?
They have their own cellular modems
I understand that they can share my location, but what personal information will they share? Are they photographing me inside my car? Are they recording me and sending it to the company? How do they know who my grandmother is unless I said her name out loud?
Aside from everything else, you’re describing a world where you don’t feel safe in your own car
As the other comment says, they can do a lot more than just location.
But even with just location, they can figure out where you work, what stores you visit, what protests you attend, what hobbies you have, who your friends and family are, and so much more. If you regularly drive someone else in your car, a child for example, they’ll also know all these things about them too.
I suppose they could mine data about the vicinity of the machine to find out more, but how would they know the specific child with me in the car?
They can know all of your children by buying that data from others. If one of your children is in middle school and one in elementary, they know which one is in the car by which location and time you picked them up.
If you regularly go to a soccer field after picking up the kid in middle school, they now know that that kid is interested in soccer. They can sell this data to advertising companies who will use it to show your family soccer ball ads, cleats ads, tickets to soccer games, etc.
It’s insane how coordinated companies are when it comes to this.
Thanks for the explanation.
Whenever you connect your phone to any car with a handsfree system via any means (BT, USB, App) you have the option to allow it to access and store your contacts, phone call log, and text messages. If you install the companion app should your car have remote features, this app can collect even more data this way. If you say “call grandma” to handsfree or select her via the infotainment system, the car knows this and the manufacturer does too. The manufacturer can then save her number according to their policy and locate her. As a company they can perform a data sale/trade with their third parties and find out her real name if you don’t have it saved (Yes this is how companies have profiles on you even if you never used them.) Depending on the manufacturer, yes your car does actively send recordings back to the manufacturer from the microphone built in the cabin.
https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
Anyone pull the SIM card on one of these? Any interesting consequences?
Can’t pull an esim, and even if you could the modem is integrated with the rest of the electronics
You can snip the antenna but it will just upload the data whenever you get it serviced.
The Mozilla Foundation found that in late 2023, 92 percent of the automakers reviewed provided drivers with little to no control over their personal data. Additionally, 84 percent shared user data with third parties.
Why isn’t there more consumer outrage over this? And why haven’t lawmakers addressed this on a national level, given the potential dangers posed by this data collection?
Question 1 answers question 2
It’s too exhausting. Everything is bad in one way or another and I just want to live my life.
My car is old, but I don’t feel a great need to change it, wonder why…
All cars with android auto do that as well.
This is the best summary I could come up with:
Toyota has insisted it takes customer privacy “extremely seriously”, but has acknowledged the data communication module (DCM) – known as the “Connected Services” feature – can only be disabled but not removed from its cars, or else drivers could void their warranty and render Bluetooth and speakers non-functional.
Following an investigation, Choice has found Toyota’s “Connected Services” feature “collects information such as vehicle location, driving data, fuel levels, and even phone numbers and email addresses”.
A Choice investigation found one customer, Matthew, claimed he only learned about the Connected Services feature a few months after buying his $68,000 Toyota HiLux when he began receiving emails asking him to register for it.
Feeling uncomfortable about the feature, the Queensland father asked the dealership to remove – not just deactivate – the technology from his car, but claimed he was told this would void the warranty and risk his insurance.
He called on the federal government to bolster safeguards and introduce prohibitions on the collection and use of personal data as a matter of urgency.
The spokesperson said that while disconnecting the sim card would not void the warranty, a customer who elected to physically remove the DCM with a third party – because Toyota won’t – “does so at their own risk”.
The original article contains 507 words, the summary contains 211 words. Saved 58%. I’m a bot and I’m open source!