No notes. #deepseek #openai image
Monday edition of *Car privacy is an absolute nightmare*: image Subaru's employee portal holds a year's worth of location data for all internet-connected cars. image We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate. image Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations. I seriously doubt any owner has a clear idea that this data is being collected on them. But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link) Literally no car owner has asked for their whip to be turned into a surveillance portal. And yet.. Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money. Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things. Reading list: The Subaru research:
samcurry.net
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to...
 News report on it:
WIRED
Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a ye...
 Mozilla Foundation's key investigation into car privacy:
Mozilla Foundation
*Privacy Not Included: A Buyer’s Guide for Connected Products
All 25 car brands we researched earned our *Privacy Not Included warning label – making cars the worst category of products that we have ever rev...