It is so easy to vacuum up private data from vehicles that Andrea Amico taught his daughter how to extract text messages from her mom’s car when she was only eight years old.

Blue-haired and an engineer by training, Amico has a hacker’s mentality, which has manifested in giving drivers a way to protect their data and beat the system at no cost.

Amico is the founder and CEO of Privacy4Cars, the outfit behind a free app that lets individuals erase the astonishing amount of personal data — including text messages, biometrics and geolocation — that many automakers collect, store and often share with law enforcement, insurers and even data brokers.

Privacy4Cars also allows consumers to pull a full report on exactly what data their own car is scooping up, using nothing but a vehicle identification number.

Amico worked on car data privacy for years on what he called a “passion project” basis. After running a large car inspection business, he came to understand the scale of the problem — and the stakes — and founded Privacy4Cars in 2019.

Consumers can use the app to delete data retroactively, but there is no way to block its collection moving forward so those especially concerned about privacy have to regularly wipe the car’s data, which usually primarily resides in the infotainment system, Amico said.

The process for deletion is unique for most car models and types. Amico says the company has amassed step-by-step delete instructions for tens of thousands of vehicles, whose settings often differ by model, make, year manufactured and even how many extras customers pay for to enhance a given model.

The app typically works for four out of five cars. Wiping data can take as few as three commands, or as many as 50, Amico said. If a car owner has not downloaded a given car’s software updates, that can complicate matters.

Data linked to more than a million cars has been deleted using the app to date, Amico said.

Privacy4Cars offers a website feature which allows users to search their vehicle identification number and quickly learn the data their car gathers, pulling and crystallizing information from the small print manufacturers typically disclose in complex, dense and lengthy terms and conditions and privacy disclosures.

A recent search of what Privacy4Cars calls its “Vehicle Privacy Report” showed a variety of automakers disclosing they can or do pull, store and even sell a wide range of data, including:

  • Personal identifiers, which can include data as granular as a driver’s signature; Social Security number; passport number; insurance policy number; employment history and medical information, among other things
  • Biometrics, which can identify individuals, including through fingerprint mapping, facial recognition and retina scans
  • Geolocation data
  • Data collected and used to create profiles on drivers
  • Consumer data collected from synced phones like text messages and call logs. Often manufacturers don’t disclose whether they also gather data from drivers’ connected smart devices when third-party apps run on or sync with the infotainment system, the report said.
  • VolunTerry
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Agreed. Anyone offering a service like this that can’t be run locally as an airgapped device and isn’t FOSS so it can be audited sends huge red flags.

    “Privacy” services really need to go to great lengths to prove to potential users that the services themselves have taken privacy seriously and show the receipts.