I understand your concerns and feel exactly the same. But I think at a certain point you can only care so much and dedicate so much time to it. With a home network you can obfuscate so much with little know how, and further you ultimately are "aware" of all packets being sent via examining your own traffic.
The real problem is cars, IoT Devices. Do you drive a vehicle newer than model year ~2015? That thing is sending all kinds of telemetry to OEM manufacturer and their entire supply line of OEM suppliers. That data is firstly used to audit and evaluate functions in the vehicle for future iterations....but then that data is sold as many times as they can to research firms, advertisers, gov't planning boards etc.
Taking ownership of the vehicle is you signing away any investigation or litigation rights, or even access to those data/data systems.
I think THIS is where data privacy awareness needs to be pivoted to, Geolocating "iot" devices like vehicle CPU that no one, not even service techs can ever access.
> Do you drive a vehicle newer than model year ~2015?
No, I don't, for that exact reason. Some things are important enough for me to go to the effort to find a way to mitigate the security threat they pose. Other things, like relatively modern cars and IoT devices that I can't control, aren't important enough to do that. Instead, I just don't use them.
I applaud your dedication. 2015 is almost ten years ago, this ain’t work for ever and at some all used vehicles that are in a dependable condition will be 2015 or newer. What then, if telemetry can’t be disabled by the user?
I'm old enough that I seriously doubt the world will run out of suitable used cars within my lifetime. My current car is from 2005 and still runs like new.
But if that day comes, I'll figure out how to disable the radio. If that's not possible, then I'll stop owning a car.
Do you recognize the drastic changes the world would have to see to prevent a dedicated individual from driving what they want in any half-way liberal legal environment?
The US, for example, allows one to build a kit car totally by ones-self, and the waitlist for VIN certification is fairly short. If you want to shortcut the VIN certification you can build a car on a car that has at least 30% of the original frame in tact and piggy-back onto that VIN number with proper certification. If that frame is older than the mid 70s, go hog-wild; you can operate it with a coal engine if you want to.
If you're a 'dedicated individual' that is concerned with having a modern car that is engineered well for safety's sake, then go buy a kit from the hundreds of companies that do nothing but engineering work.
If you're afraid that there will be electrification mandates, no worries -- there are hundreds of startups focused on the conversion of existing ICEs into EVs.
What I'm trying to say : a world locked down to prevent all forms of vehicular autonomy is a lot different than the one we exist in today; it's not something easily predictable to assume when that will end, given the many different venues one can explore to express vehicular autonomy and individualistic choice.
Your GPS/radio head unit is likely not at all the one reporting data maliciously to OEM/Vendor integrators etc. GPS is an open standard at least until the US Military says "this is no longer open."
Auto OEMs as a rule have more "data points" for inference than any other hardware platform/software integration. IE; actions you take in the car and the info gleamed from those actions ar more valuable to marketers than data from your cell phone. None of this needs a gps signal, there are dozens of speed,time,weight,weather,delta, sensors..
Ford for example can brag that it, more than any other manufacturer on the planet, knows exactly how often you go to gas station X from location Y, if you get gas, and where you go after. They can tell where you look, how much you weigh, your common routine, even your contacts PID. You type of "personality" can be determined trivially (IE buying/travel habits).
Your vehicle is 100 percent complicent in building a marketing/safety profile for you.
Is this^ even "bad"? I think so. But I am not an expert and have yet to have an issue with it in my life.
> But I think at a certain point you can only care so much and dedicate so much time to it.
That is most likely what _Linksys_ did.
Please! Lets not just accept this poor state of security and somehow try to be apologetic for this issue. The BAR IS SO LOW .. Do not send unencrypted PII over the internet. And bonus points for not sharing someone's WiFi password with a third party. A third party in the US. We can probably assume that some three letter US government agency has intercepted all these requests.
The bar is really low. This is basic stuff. Zero need to be nice to Linksys.
>> Taking ownership of the vehicle is you signing away any investigation or litigation rights, or even access to those data/data systems.
I'm waiting for more of the post-2015 models to hit the secondary markets before the legal system sorts this out. When someone buys a used car for cash from a independent dealership, I seriously doubt they have sufficiently signed off on such data collection.
> With a home network you can obfuscate so much with little know how, and further you ultimately are "aware" of all packets being sent via examining your own traffic.
While I do still encourage people to do this as any security is better than no security, it is worth noting that you can entirely bypass things like a DNS block (i.e. pihole). For example, your browser probably does. Idk where it is in Chrome, but in Firefox you can go to Settings > Privacy & Security[0] and down at the bottom is "Enable DNS over HTTPS using:". Which, in general, I'd also encourage people to use. Cloudflare suggests this feature is available in Brace, Chrome, Edge, and Firefox[1]
So I'm saying there's an extra step to be aware of because if you rely on only DNS to perform the blocking, then it may not catch everything because there might just be a host file with the IPs manually specified. Which isn't unlikely.
I think the bigger problem is the complexity of all of this and how we're all being spied on unknowingly and in unexpected ways (you might know that you're being spied on in some ways but I'm willing to bet there's also ways you don't know). It's pervasive, invasive, and quite difficult to escape for even technologically adept people. And we shouldn't have a society where people are victims of things just because they do not have domain expertise in that subject matter. No one is a domain expert in all domains and it would be ludicrous to suggest one could be in even several of the critical ones.
The real problem is cars, IoT Devices. Do you drive a vehicle newer than model year ~2015? That thing is sending all kinds of telemetry to OEM manufacturer and their entire supply line of OEM suppliers. That data is firstly used to audit and evaluate functions in the vehicle for future iterations....but then that data is sold as many times as they can to research firms, advertisers, gov't planning boards etc.
Taking ownership of the vehicle is you signing away any investigation or litigation rights, or even access to those data/data systems.
I think THIS is where data privacy awareness needs to be pivoted to, Geolocating "iot" devices like vehicle CPU that no one, not even service techs can ever access.