UK you have the concept of black box car insurance that offered a substantial discount for having either a dedicated device installed into the car or an app on your phone that tracks a bunch of stats as you drive. It’s as shit as it sounds as it marks you down for every little infringement such as driving at peak times because that’s more dangerous. Get enough points and you can have your policy cancelled. In the UK there are knock on effects for ever having an insurance policy cancelled and you have to legally declare you did when asked.
While you can uninstall the app good luck making a claim if you don’t have it installed with data for that journey. They’d also be pretty suss with no data over an extended period of a few months.
Worst part of these is that it’s expensive to switch to a non black box policy when you can afford to as you get older and more experienced.
There was a piece on a fairly recent Smashing Security podcast that said that some car manufacturers are sending data to the insurance companies anyway.
Automotive groups, forums, clubs that focus on your individual brand of vehicle, or better your specific vehicle.
Brands generally keep the same style or type of system across their range, so if it works for one car in the brand it is much more likely to work on another.
My Chevy volt, for example, has a separate controller from the engine controller, and I could just airgap(unplug) it.
Others you may have to remove the antenna, replacing with a dummy load to not permanently damage the circuits.
I always thought it was a huge concern to let the insurance company have gps access to my phone because it gives them exact times when I am away from my home.
Insurance companies’ more nefarious employees or employee’s friends have an exact playbook for when it’s safe to break into your home, how much money you have(based on how many and the types of cars you have policies on), how many people could be at home (insured on policy), credit rating… etc. It’s not data that you couldn’t get with a bit of research and time, but having a searchable database full of customer info makes it easy to list out hundreds of targets with little effort.
Insurance companies give people discounts based on driving habits good driving habits, like the lack of speeding and hard braking… which can be determined by gps. They also charge more for people that drive more miles per year because it exposes the vehicle to more possibilities of being involved in accidents.
It’s not unreasonable for them to ask for access to your gps data… it is definitely unreasonable for you to give them access to your gps data.
and we know for a fact that most of these companies have dogshit IT security, doubtless at most of them the janitor can sign in with his corporate ID and access customer data without anyone noticing.
I mean this is dystopian as hell, right?
Part of the payment for this insurance service is the policy holder’s privacy?
They’re having to preempt that people are going to be paranoid that they’re going to be flagged as some kind of ne’er-do-well
UK you have the concept of black box car insurance that offered a substantial discount for having either a dedicated device installed into the car or an app on your phone that tracks a bunch of stats as you drive. It’s as shit as it sounds as it marks you down for every little infringement such as driving at peak times because that’s more dangerous. Get enough points and you can have your policy cancelled. In the UK there are knock on effects for ever having an insurance policy cancelled and you have to legally declare you did when asked.
While you can uninstall the app good luck making a claim if you don’t have it installed with data for that journey. They’d also be pretty suss with no data over an extended period of a few months.
Worst part of these is that it’s expensive to switch to a non black box policy when you can afford to as you get older and more experienced.
They have those in the US too.
Such an obvious scam. “Do this thing that might lower your rates.”*
~in 99.99% of cases rates increased~
There was a piece on a fairly recent Smashing Security podcast that said that some car manufacturers are sending data to the insurance companies anyway.
https://www.smashingsecurity.com/363-stuck-streaming-sticks-tiktok-conspiracies-and-spying-cars/
Yup, this is why in my own vehicles I physically disconnect the system that sends these messages.
Laughs in a 2002 econohatchback
What’s a good resource for someone who wants to do this but doesn’t know much about car computer systems?
Automotive groups, forums, clubs that focus on your individual brand of vehicle, or better your specific vehicle.
Brands generally keep the same style or type of system across their range, so if it works for one car in the brand it is much more likely to work on another.
My Chevy volt, for example, has a separate controller from the engine controller, and I could just airgap(unplug) it.
Others you may have to remove the antenna, replacing with a dummy load to not permanently damage the circuits.
I always thought it was a huge concern to let the insurance company have gps access to my phone because it gives them exact times when I am away from my home.
Insurance companies’ more nefarious employees or employee’s friends have an exact playbook for when it’s safe to break into your home, how much money you have(based on how many and the types of cars you have policies on), how many people could be at home (insured on policy), credit rating… etc. It’s not data that you couldn’t get with a bit of research and time, but having a searchable database full of customer info makes it easy to list out hundreds of targets with little effort.
Why would you give gps access to your insurance company?
I could imagine you get discounts on insurance.
Insurance companies give people discounts based on driving habits good driving habits, like the lack of speeding and hard braking… which can be determined by gps. They also charge more for people that drive more miles per year because it exposes the vehicle to more possibilities of being involved in accidents.
It’s not unreasonable for them to ask for access to your gps data… it is definitely unreasonable for you to give them access to your gps data.
Did they give you a fitbit?
and we know for a fact that most of these companies have dogshit IT security, doubtless at most of them the janitor can sign in with his corporate ID and access customer data without anyone noticing.