Surveillance of Your Car

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it.

The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few regulations governing its sale or use.

While many of these companies stress they are using aggregated or anonymized data, the unique nature of location and movement data increases the potential for violations of user privacy.

Posted on August 2, 2022 at 6:49 AM11 Comments


TimH August 2, 2022 9:20 AM

Vahtra said that the company does not collect vehicle data. “High Mobility does not collect, store, manipulate or store vehicle data. Our solution instead is designed to securely link services, cars and people.”

In other words, their value add is to de-anonomise the data and sell who is driving what, where, and when.

Bob Paddock August 2, 2022 11:30 AM

With short notice for the conference which was announced today, of how DOT wants all vehicles connected to everything:

“The U.S. Department of Transportation (U.S. DOT) will host a Vehicle-to-Everything (V2X) Communications Summit at U.S. DOT headquarters on August 24 and 25, 2022, from 9:00 am to 5:00 pm EDT. There will also be a virtual option for participation. The summit will include both in-person and virtual breakout sessions for attendees. Advance registration is required.

Safety is paramount to our nation’s transportation system, and the U.S. DOT has long supported the deployment of V2X technologies, which have proven benefits including crash avoidance for travelers and vulnerable road users and reduction in traffic congestion and associated emissions. With the rapid advancement of technologies and emerging alternative communication concepts and approaches, this summit will focus on charting a successful path forward for V2X deployments within the remaining 30 MHz channels of the spectrum.

Title: U.S. Department of Transportation (U.S. DOT) Vehicle-to-Everything (V2X)
Communications Summit

Date(s): August 24 and 25, 2022

Time: 9:00 am to 5:00 pm EDT

Location: U.S. Department of Transportation
1200 New Jersey Avenue S.E.
Washington, DC 20590

Registration: Registration is required.”

Driver Q August 2, 2022 11:33 AM

Next steps:
1. Identify car makes, models, and years, and what data they broadcast.
2. How-to disable cellular and other car tech that enables data collection.

Ted August 2, 2022 12:40 PM

Really good research by TheMarkup. I always wonder who the data brokers are. So I appreciate that Keegan and Ng identified and contacted some of the aggregators.

Among the notable companies in the vehicle data hub space are INRIX, CARUSO, Verisk, LexisNexis, Otonomo, and Wejo.

Honestly, I could see some value in this data, like for traffic management, electric vehicle infrastructure planning, city planning, and so on.

But it’s those really profit hungry companies that scare me.

Otonomo is a publicly traded company based in Tel Aviv. Founded in 2015, it was valued at $1.4 billion at the time of its initial public offering (via a SPAC) in August 2021… Otonomo reported revenue of just over $1 million for the quarter [Q1 2022] with a $15 million loss.

Though the company claims to honor global privacy laws, the class action lawsuit filed against them seems a predictable sequitur.

Aaron August 2, 2022 1:19 PM

Pretty soon your vehicles manufacturer won’t matter, just your license plate.

California AB 984 is attempting to make digital license plates optional.
Speculation: after that it won’t be long until they are mandatory.

It’s not an necessarily a vehicle tracking device, it’s opening a digital gateway that could either nefariously or purposefully, eventually become so.

e.g. – lower your automobile insurance rates… with digital license plate tracking

This is one of those cases where “just because we can, does not mean we should”

Clive Robinson August 2, 2022 8:03 PM

@ ALL,

First I need to make a disclosure,

As I’ve mentioned before I was involved back two decades ago with a company that through a number of Cellphone Service Providers in the EU, US and other countries were collecting vehicle movment data.

This was at a time when “vehicles were not connected” but the “drivers were connected” by their mobile phones.

Back then the “richness of data” now obtained from OEMs was not there, but you could “build it up” despite trying to anonymize it. Including being able to take a guess at just where individuals were going, thus doing.

For instance you knew which end of the journy was “home” from the frequency of visiting the location. Knowing the “area” business map and other visit frequency you could work out when they were regular “food/household” shoping and when they were going to other places.

Other places being amoungst others Churches, Hospitals, Doctors, Dentists, Lawyers, Vets and similar. Because in the main their ofices were not in “shoping centers” or similar areas and were the only offices there.

Something people might want to consider when driving their vehicles.

Also consider what else you do “hand over” to the unregulated OEM via your mobile phone when you “pair it” to the vehicle or entertainment system such as your “phone book”, Who, When, where and how long you call someone, SMS “message content”, and in some cases you “give the audio of those calls”.

Also consider the data from other devices that use WiFi and Bluetooth, within the vehicle. There is the obvious tracking of Internet use meta-data via WiFi, but also all that audio/visual service stuff which goes into the vehicle “entertainment system”.

But what about the real creapy stuff, like those fitness bands/watches, and way worse those new medical devices that give near constant output via Bluetooth of your “vitals” including the likes of blood sugar, heart rate, oxygen saturation, body temprature etc. If it can be measured conveniently in a minimaly or non invasive way their is very probably now a Bluetooth device and mobile phone app being developed or available. Cryptography is CPU cycle and battery power “heavy” as well as difficult to get even close to being right. So as Bluetooth is “personal networking” it’s privacy / security protection is very minimal if non existant.

Now consider the recent issues with the SCOTUS and “Dobbs -v- Jackson” decision, where half a century of women’s fertility rights from “Roe -v- Wade” was struck down. Now ask the question as to how many women know that their fertility cycle can be determined from just their body temprature when monitored on a near daily basis?

All those little “Health and Fitness” gizmos that talk to a mobile phone over Bluetooth with little or no real privacy / security will also be heard by the vehicle’s Bluetooth receiver and backend system. How long before that all gets “vaccumed up” and delivered into the hands of data aggregators? To then be made available to “interested parties” who have a few pennies to put down, such as law enforcment, or just some nut-ball religious group?

After all if religious newsletter[1] can unmask a priest’s “location” and then allege probable “activities” via data purchased from data aggregators and make it public…

As the US has a predeliction for attacking politicians through their family members[2], how long befor such data gets used?

How long before “witch hunts” on women in general start up again by the authorities or others based on the output of privacy destroying data aggregators?

[1] The case just last year of the Reverend Monsignor Jeffrey Burrill. Who was general secretary of the US Conference of Catholic Bishops (USCCB) resigning after “The Pillar” Roman Catholic newsletter alleged it had obtained de-anonymised data which indicated the Monsignor had visited gay bars and used a gay location-based dating app.

[1] Even though it started more than a decade and a half ago, who can forget Alaskan Governor Sarah Palin and those in her immediate and greater family, who were frequently reported world wide for their alleged unlawful or immoral behaviours.

MK August 2, 2022 8:53 PM


The flip side of all that data on your phone:

A friend’s iPhone called Emergency Services for a “hard fall”. Unfortunately, the friend died anyway.

Another friend had his watch tell him he was having an irregular heart rhythm. He had it treated.

Another uses it to watch for Afib.

Maybe we’re just old.

Clive Robinson August 3, 2022 8:13 AM

@ Paul,

“The nut-balls are already after women…”

If it were just nut-balls, I would be less worried.

But it’s not, this are people in positions of power such as the previous US Vice President Michael Pence, and US Attorny General William Barr. Both clearly being backed and heavily involved with what I would call strongly right wing authoritarian religious groups.

These religious groups are on the rise and many find their strongly conservative view point comforting. Unfortunately they are very much neo-con hiding places.

As I’ve pointed out in the past about half a millennia ago the sovereign nation power structure was based on the “Estates of Man” in which the majority had no-say and in fact were a form of property actually worse than being slaves. The only way out and a path to power was through “the church” however in order to keep significant power build up happening “men of god” were baned from having children thus building up the sorts of power structures the Barons and other land holders had in a non industrialized societ.

Many in religion lust after power and modern religions where those who control the power structures can have children are a significant danger.

The founding fathers were well aware of the religion problem which is ehy they enforced a seperation between church and state. Which you might have noticed is being continuously eroded especially in more recent times.

Barr in some of his speaches indicated he wanted to return to the “absolute ruler” system which was what monarchs playing the “King Game” were.

Pence likewise made it clear his church came before the nation and it’s citizens.

The US citizens realy do not want these kinds of people to get their hands on power, because the result will be back to a worse form of “The estates of man” model.

Clive Robinson August 9, 2022 3:14 AM

@ battles, ALL,

Re : Cutting Comms

“I am going to disconnect or short the antenna.”

Sorry I’m going to be the “Debbie Downer” on this idea…

Firstly you have to find the antenna.

To do that, you have to know what it looks like… And that is a hard task these days

Because, any conductor can be an antenna, and it’s flip side is any slot, gap or hole in a conductor can also be an antenna due to that anoying fundemental of physics “symmetry”. Even plastics because they are “dielectrics” can “lens” electromagnetic radiation, and grids of wires can do similar.

The old way of spotting an antenna was to look for “resonant lengths” and then manually test. However there is a new antenna type around known as “Fractal antennas” which tend not to have resonant lengths as part of their features.

But… as there is now a lucrative market for this information, you can be certain that everyone will want to be in on it.

As radio interfaces come built in effectively for no cost on many microcontrolers these days you can expect every bit of electronics from the engine managment through to the window mirror and light controls/de-icers to have them built-in in a way that makes them non removable.

So your quest will with time become like the quest for the Holy Grail, to find a legal road vehicle that has no microelectronics in it.

Micheál McEvoy August 15, 2022 8:36 AM

They missed one of the early one automotive data aggregators, Digital Motorworks.
I worked there before 2007,so I do not know if they tie into the onboard computers, but at the time all their data came from the dealers and authorized repair facilities, including owner demographics.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.