Monday edition of *Car privacy is an absolute nightmare*:

Subaru's employee portal holds a year's worth of location data for all internet-connected cars.

We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.

Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations. I seriously doubt any owner has a clear idea that this data is being collected on them. But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link) Literally no car owner has asked for their whip to be turned into a surveillance portal. And yet.. Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money. Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things. Reading list: The Subaru research: samcurry.net/hacking-subaru News report on it: www.wired.com/story/subaru-location-tracking-vulnerabilities Mozilla Foundation's key investigation into car privacy: foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy