• gedaliyah@lemmy.world
    link
    fedilink
    arrow-up
    47
    arrow-down
    1
    ·
    1 month ago

    I got one of those “safe driver” transceivers to save money on insurance. It required an app, which I figured would be like a simple bridge that uploads the data from the device to the server.

    Holy mackerel, was it full of additional spyware. I was already a little uneasy sending driving data to a private company, but this would potentially be sending constant phone tracking. No thanks!

    • otacon239@lemmy.world
      link
      fedilink
      arrow-up
      16
      ·
      edit-2
      1 month ago

      Yeah, I tried the same many years ago. Problem was that I had a super tiny car in a big city where everyone speeds all the time, so it never gave me a discount because I was always speeding and breaking harshly.

      How can I be a smooth driver when no one else is? It also dinged me for driving at night when I was doing a volunteer job in the evening while my day job was WFH. Such BS.

    • Troy@lemmy.ca
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      1 month ago

      I mean it uses location and acceleration info for driving habits. What did you expect?

      • MrQuallzin@lemmy.world
        link
        fedilink
        arrow-up
        17
        ·
        1 month ago

        Oh it gets worse than just that. I did the same for a while, and when we first started the permissions that app wanted were reasonable considering what it does.

        We dropped it and took the higher rate earlier this year once the app started asking for a lot more permissions, like biometric and health data to “verify if we’re walking or driving”.

      • tiramichu@sh.itjust.works
        link
        fedilink
        arrow-up
        14
        ·
        edit-2
        1 month ago

        Not OP, but I would want it to be just a black box with GPS, accelerometer, mobile data and everything else it needs for its function to be built right in.

        There’s no need for such a device to pair with your phone, unless they are trying to be greedy and slurp extra data.

        • DarthFreyr@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          1 month ago

          In some ways I agree, but on the other hand, a “box with GPS, accelerometer, mobile data, and everything else it needs to function … built right in” is just a phone, minus a touchscreen and some extra computing power. And unless you know the hardware inside the black box, just blindly passing its data through could be even worse than an app pulling stuff off your phone.

          • tiramichu@sh.itjust.works
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            1 month ago

            It’s not JUST an app on your phone though, what OP was talking about is an app in your phone AND a black box. Both of them. What I’m saying is that I want just the box, with no app and no other connectivity.

            The point of a single purpose device like a driving GPS black box is that it does what it does, and has no capability to do more.

            If I have a black box in the car, I know that my insurance company is getting my GPS location, speed, acceleration, where I go, and when and how. And that’s fine, because that’s the data I explicitly consented for them to have when I signed up.

            But what I also get is certainty they have no aceess to anything else. With no app on my phone I don’t need to be concerned with what they are slurping up on the sly above and beyond what I consented to - which with apps on a smartphone is quite a lot of data, even if you manage your permissions carefully.

            For argument, lets go ahead and assume the black box has “other sensors”(e.g. microphone) and is trying to do something nefarious on the sly like record you talking all the time without consent. That would be easy to prove by tearing down and analysing the device, and much more likely to land them in legal hot water for not disclosing it, given it’s their device which they built for a purpose and in which they included this undisclosed functionality.

            • DarthFreyr@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              1 month ago

              Yeah, you’re right, you can open up a black box in a way you can’t really for a typical phone app/OS stackup. Maybe I argue it’s no longer a black box then, but no matter. I had originally started in on another section about better permissions and data handling and such, so I probably had a more optimistic view of permissions in general when writing, but one of the points was about being able to sniff your own (app’s) packets to be able to monitor what’s collected and sent at any given moment. That’s the sort of thing that I think makes the most sense, to directly interrogate the issue of what data they are sending back about you, rather than making logical connections from other observations.

              Counterpoint: It might be normal for that device to have a WiFi radio or something to communicate wirelessly, but if the software is actually using the antenna to detect and track your heart rate, it might require an extremely (or even impossibly) talented hardware engineer to notice anything fishy from the device’s hardware itself. The WiFi and heart-rate thing specifically might not be a viable vector, dunno, but it can be a lot harder to check for stuff than just seeing if there’s an “ACME Spy Microphone” module plugged into the board somewhere. Though I agree they would probably get a worse reaction from illicitly including a hardware feature vs an app scraping the same data from your phone, even if they’d send back the same info; also that you could at least know a separate device was only tracking your car’s location, and only when you brought it with, not relying on it’s own software to decide when and where to collect data.

              Ultimately, the solution might have to involve not using an OS developed by a company that also wants to slop up as much data as it can, but only so much one can do. At the very least, it’d be nice to get more separation between a “personal space” that you live your life in, e.g. socialize and consume content, and a “functional space” for other stuff that will run on your phone or you access occasionally but isn’t part of you being you, like apps for random companies or services, phone lights/sensors, a driver-insurance-safety app that should just get data pipes in from a specific list of sources and isn’t supposed to be sending data home 24/7, etc.

      • gedaliyah@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 month ago

        Some companies have an accelerometer in the device itself. This one is just a BT chip that pulls the location and acceleration data on your phone itself, as well as a ton of other permissions and invasive data trackers, as well as an agreement that the insurance co can share collected data with third party partners. Unfortunately these days it’s pretty boilerplate stuff.