When does monitoring people like guinea pigs stop

[AdvancedSetup]

When does monitoring people like guinea pigs stop?

 

Oh what a feeling: New Toyotas will upload data to AWS to help create custom insurance premiums based on driver behavior
https://www.theregister.com/2020/08/18/aws_toyota_alliance/

More and more Countries, Nations, States need laws to stop and/or curtail treating humans like a number or just an object to make money from and ignore the fallout from failed security around the world when it comes to stored user data

 

[exile360]

Progressive has had a similar program in place for years.  Their 'Safe Driver' thing that you plug into your car to monitor and report on your [safe?] driving habits in hopes of reducing your insurance premiums.  I refuse to drive a car with GPS (which is convenient since I can't afford a car modern enough to have one built in ) and I don't take my cell phone with me when I leave the house (an old flip phone that I will begrudgingly have to give up once they kill off 3G completely) because I don't like being monitored and tracked in real life.

I guess a lot of people are used to the idea that everything they do is being logged, tracked and quantified, but I've never been comfortable with it.  I understand the benefits to be gained, both for companies/advertisers, as well as for science in monitoring and understanding human behavior and psychology, however the cost is simply too great to be paid, at least in my opinion, and I still consider my privacy to be a thing of great value.

The fact that we're almost constantly bombarded with news of countless data breaches and hacks doesn't inspire confidence in these organizations' ability to protect the data they collect either, so the argument that some would make about it being somehow 'harmless' because those collecting it aren't 'evil' and that they won't do anything harmful with it goes right out the window because of their failures to keep that data out of the hands of those who would use the information to do harm.  It is also a certainty that many data breaches have gone unreported throughout the years because no company or government wants the black eye of irresponsible data handling, and of course there are always the shareholders to consider, and a data breach isn't great for a company's bottom line and stock prices.

[David H. Lipman]

I for one will have an updated "Right of Privacy and Opt-Out" notification for the next automobile purchase. 

The  "Right of Privacy and Opt-Out" notification will have a clause about anonymizing the sale of the auto and place the onus and a cost upon the dealership and manufacturer based upon the numerous Automobile Warranty Extension scam RoboCalls I have received.  How do they know my name and the Year, Make and Model of the automobile I purchased to generate those RoboCalls ?  It will also state that the automobile can not have any GPS and/or Cellular Modem or any form of IoT connectivity.  A clause will be provided that such devices must be removed or physically disabled (not logically disabled).

However if there is an automobile Black Box that records driving data for the past X Minutes prior to a crash, that would be acceptable.

 

[exile360]

Don't forget the credit reporting agencies that the dealer has to check in with for your proposed purchase; I assume their awareness of your purchase/credit etc. is also fodder for sharing with their 'friends' (i.e., financially associated companies and/or subsidiaries which now robocall/spam call you to try and wrest more funds from your hands).

[David H. Lipman]

That would be covered in the standard text about sharing.

Quote

No organization I do business with has my permission to use my name, address, phone number, email address, numerical data, facial prints or any other personal information in any marketing, survey or promotional scheme, nor can any of my information be sold, rented, bartered or distributed. This means that <ENTITY> may not provide, rent, sell, barter, trade or distribute any of my personal or transactional information or Meta Data to affiliated companies or companies <ENTITY> may have joint marketing ventures with. This means that <ENTITY> is barred from “sharing” any/all my information.  This includes barring the sharing of my Internet activity and any forms of electronic “tracking” that may be used. <ENTITY> and its affiliates may not send me marketing or promotional information nor use any part of my information for the purpose of marketing or for promotions which shall include any unsolicited email, postal mail and/or phone calls for surveys.

 

[exile360]

How do you get the credit reporting agencies to agree to your terms though?  The dealership is required by law to perform credit checks which requires that they share your information with the credit reporting agency, but there's nothing to stop the credit reporting agency from then using the info about your purchase (since it also must legally be reported to them, at least as I understand it) for marketing and/or sharing purposes with affiliates/advertisers etc.?

[David H. Lipman]

I see what you are saying.  However a person can limit the sharing of data and the Credit Reporting agencies are only aware if the automobile is financed.

I personally haven't financed a vehicle.  Due to one specific Breach I was in, I may have Credit Monitoring for life.  In the Credit reports I have reviewed, there is no mention of the vehicle I purchased which was not financed.

The text I posted in Post #5 is in a Template.  That Template can be modified and the final document will be modified for text specific to the Entity and the type of account or transaction it is applied to.  It has come to that point where we must take active measures to protect our privacy and while companies have their contracts, we, the public at large, have the right to create our own contracts.

[exile360]

Have you actually used it yet, and did they agree to sign it?  If so, do you have any idea how or if they enforce it?  These days, many (most?) of these companies seem to have automated data systems that handle much of their marketing, data collection and advertising, so getting the company to treat your data as different/special might be more than they are willing to follow through with, at least assuming they have to collect all the same info from you that they would for everyone else and that the data is entered into the same databases.  Unless they actually have contingencies in place for scenarios like this/customers who choose to opt out of data sharing like yourself, I can't see them actually honoring it.

Maybe (hopefully) I'm wrong though.

[David H. Lipman]

Yes.  The majority of text posted in Post #5 was used in my last purchase and the representative of the dealership signed on the Representative of the Dealership line.

Except for the Automobile Warranty Extension RoboCalls (I incidentally received another call at 1321 hrs Today) I have had no issues.

 

[exile360]

Right, but you're receiving the warranty extension robocalls, which is what I would expect after such a purchase these days.  So what is it preventing exactly?  Or are there normally more marketing calls etc. that occur as a result of buying a car?  I don't know as I've only ever purchased cars used from individuals, never from a dealership.

[David H. Lipman]

That's why I stated "...a clause about anonymizing the sale of the auto..." be used in subsequent purchases.  The one I have now, and is the subject of conversation, was purchased in August '09.  The notification did head-off dealership flyers and communication about buying a new car as they can be quite persistent.  I had bought a new car some years prior and I was inundated with Junk Mail.  To-date I have never received Junk Mail related to this purchase.  Back in '09 there was were few IoT connected autos.  OnStar had existed but I believe it was the only player and wasn't in a lot of vehicles.  The landscape has certainly changed!

 

[exile360]

Ah, I gotcha.  Can't you just ask to be put on their 'do not call'/'do not solicit' list though?  I think all companies that do any sort of marketing (at least in the US) have to have one of those, right?

[AdvancedSetup]

I find it well beyond the "normal" that anyone should or would have to personally select, specify, setup, write up a "special" contract in an attempt to prevent monitoring, spamming, etc. The fact that a salesman almost certainly does not have the authority to sign or legally bind either the dealership, automotive owner, or financial operation to any such contract would seem to be true.

My point is that no one should have to be subjected to this, yet we as a society allow it every day. The link I posted that started this topic -- my guess is that this "feature" is probably not an opt-in or opt-out feature or if it currently is it won't be for long.

Once our members of Congress have stopped fighting over the current political environment we're in this is one of the things I think they should start looking into as well (certainly many more pressing and immediate needs this upcoming year) but we need our own Federal level GDPR that makes the EU version pale in comparison.

Placing yourself on a Do Not Call List almost certainly does not work according to statistics brought before the FCC - why, because we have no real laws that truly prevent it.

 

Edited August 26, 2020 by AdvancedSetup
updated information

[exile360]

I have the ultimate tool for avoiding marketing calls and scams.  I have my default ringtone set to 'silent' (no vibration, beeps or alerts of any kind for missed calls either) and only assign an audible tone to numbers in my contacts.  This means that my phone will light up when the marketers call, but I won't hear it, and I certainly won't answer.  If it's an important call from someone I know or someone from a business with a legitimate reason to contact me, I expect they'll leave a message (which they almost always do), at which point I can call them back.  It seriously cuts down on the aggravation, and I've found that after doing things this way for several years now, I receive almost 0 unsolicited calls from anyone.  Of course it also helps that I use a phone number with an out of state area code, so I automatically know that if the number calling has the same area code as my phone, it's not from anybody I actually know or should be contacted by and is either a wrong number, or a marketing call.

[David H. Lipman]

Yes @exile360, but it is not in writing.  And no, not all follow through with verbal statements.

In reference to the same vehicle, it failed NJ Inspection.  Not because there was a physical problem but because the NJ State Motor Vehicle Commission system could not access two sensors.  So I had to take it to be serviced.  When I dropped off he vehicle for service I gave them a verbal "Right of Privacy and Opt-Out" notification.  They fixed the sensor issue and I passed inspection but roughly 5 weeks later I started getting Junk mail. 

I could example another situation where a verbal notification was not adhered to.  Thus a written notification makes it official.

One can not say "I want privacy" and just expect it.  One has to be vigilant and take active measures.  And yes, contact your Congressional Representative and "demand" a higher level of privacy protection.

Edited August 28, 2020 by David H. Lipman
Edited for content, clarity, spelling and grammar

[exile360]

Most of the time I just refuse to give them any info.  It also helps that my mail is forwarded to my PO box, and all the junk still goes to my normal mailbox (which I only rarely check, usually just to empty out the mass of junk that's piled up to throw it in the trash).  It's nice opening up my PO box and only seeing (for the most part, at least) mail I actually want to receive.

[digmorcrusher]

When does trying to be private become more of a pain then just just being on the internet? I don't do social media, buy little online so they don't get my cc number, use fake names on forums, some other stuff. But when is it too much, I use Chrome, because it works the best for me. Basically my opinion is if you want privacy then stay off the internet. Like that is going to happen.😀

Edited August 27, 2020 by digmorcrusher

[exile360]

You could use any number of Chrome alternatives that will provide all the same functionality without Google's spyware and adware embedded in them.  I use SRWare Iron which is based on Chromium and it even benefits from the same Exploit Protection from Malwarebytes due to the fact that it uses the same/default process name (chrome.exe).  All the same themes, extensions and other add-ons that work for Chrome work in Iron, and I could even use the same Google Sync functionality if I really wanted to (though doing so would obviously defeat the purpose, since that would allow Google to monitor/track basically everything I do in the browser).

I don't use social media either, though I do shop a bit online (primarily on Amazon).  I spend most of my time here and on Amazon and Netflix streaming movies and TV so I don't have a very large digital footprint to be tracked.

[digmorcrusher]

One of these days I'm going to try your SRWare browser.

[exile360]

It's great.  There's also Microsoft's offering and Vivaldi which are both based on Chromium.

[AdvancedSetup]

It is not  like any of us chose to be on the Internet. Whether you like it or not most people need to be on the Internet for many things today including Medical, Work, Financial, etc. brick and mortar of yesterday are not what they used to be. It might be possible to be off the grid so to speak but would be very difficult as doing normal things the way we used to do them is not always supported anymore and is done on or over the Internet.

Saying you don't care about privacy. So then you're okay if anyone walks into your home and plops down on your couch and watches TV or rummages through your fridge just looking for something? or they rifle through all the drawers in your home? That is pretty much what they're doing virtually. That really is about the same thing to many people and the Government in the United States needs a court ordered warrant for any thing in your home, but in many cases not for some technology as technology has surpassed our morality long ago and needs to catch up. We should have as strong or stronger laws to protect citizens as we do for our physical homes.

 

 

[digmorcrusher]

Oh I care, just not enough to worry about it, life is too short as they say. 

[AdvancedSetup]

Understood, not everyone needs to or should need to be personally involved in every issue or concern known to man, but luckily there are others that do take up the cross for many issues that face mankind.

Believe me there are many issues that I feel the same way, but I do appreciate that there are those that do work on fixing said issues that ultimately make things better for all

 

[exile360]

6 hours ago, AdvancedSetup said:

That really is about the same thing to many people and the Government in the United States needs a court ordered warrant for any thing in your home, but in many cases not for some technology as technology has surpassed our morality long ago and needs to catch up. We should have as strong or stronger laws to protect citizens as we do for our physical homes.

Agreed, and hopefully we'll see some legislation soon to improve our privacy and data rights.  Here's a few articles on the subject that readers may find informative:

https://lifehacker.com/you-dont-own-your-data-1556088120
https://blog.malwarebytes.com/security-world/2017/04/your-isp-browsing-history-and-what-to-do-about-it/
https://en.wikipedia.org/wiki/Carpenter_v._United_States
https://www.lawyers.com/legal-info/personal-injury/types-of-personal-injury-claims/are-your-text-messages-and-images-private.html
https://gizmodo.com/these-academics-spent-the-last-year-testing-whether-you-1826961188
https://www.cbsnews.com/news/60-minutes-hacking-your-phone/

Here's a news report on just how harmful your phone number alone can be (believe it or not, I actually REFUSE to provide my phone number or an alternative email address to the likes of Google, PayPal, Amazon and others whenever they try to convince me to provide it "just in case I should lose my password" as a 'recovery' option (the way I see it, the less info they have, the better, as it's hard to do any damage with information they don't have).  Besides, I've never gotten locked out of an account due to losing/forgetting my password, so such recovery options are completely unnecessary, at least in my opinion:

 

I'd also like to mention that while I do not expect everyone to go to the somewhat extreme measures that I do (using an out of state phone number, a PO box etc.), it is important to note that doing these things did not require any great effort on my part, so it's not like it is some huge hassle.  It's as simple as making slightly or greatly more secure choices, but implementing these measures was just as easy as doing things as a person normally would; it's just a matter of selecting options that are more geared towards privacy than convenience (though frankly, there is no great inconvenience in doing things this way).  It's also nice to know that none of my critical personal info is sitting in an unlocked mailbox out by the street and having the peace of mind knowing that it is instead being stored in a locked PO box to which only I and the Post Office have the key.  With modern cell networks, I don't have to worry about any additional costs like long distance charges for using an out of state phone number, and with my browser I get all the benefits and extension compatibility of Chrome, just without Google sitting over my shoulder watching everything I do online and trying to force targeted advertisements in my face (that last aspect actually affords me more convenience than using the more popular choice of Chrome since I have none of the baggage of Google's data and marketing efforts to deal with).

The choices are up to the individual, however I personally feel that given the risks and ease with which scammers and criminals can abuse seemingly 'harmless' information and metadata, it's well worth the effort.

[AdvancedSetup]

I got the following link from David earlier today but it too heavily touches on the reasons we need better protections for all Citizens around the World.

https://www.cyber.nj.gov/this-is-security/user-beware-your-smartphone-is-tracking-your-every-move