In some ways I agree, but on the other hand, a “box with GPS, accelerometer, mobile data, and everything else it needs to function … built right in” is just a phone, minus a touchscreen and some extra computing power. And unless you know the hardware inside the black box, just blindly passing its data through could be even worse than an app pulling stuff off your phone.
It’s not JUST an app on your phone though, what OP was talking about is an app in your phone AND a black box. Both of them. What I’m saying is that I want just the box, with no app and no other connectivity.
The point of a single purpose device like a driving GPS black box is that it does what it does, and has no capability to do more.
If I have a black box in the car, I know that my insurance company is getting my GPS location, speed, acceleration, where I go, and when and how. And that’s fine, because that’s the data I explicitly consented for them to have when I signed up.
But what I also get is certainty they have no aceess to anything else. With no app on my phone I don’t need to be concerned with what they are slurping up on the sly above and beyond what I consented to - which with apps on a smartphone is quite a lot of data, even if you manage your permissions carefully.
For argument, lets go ahead and assume the black box has “other sensors”(e.g. microphone) and is trying to do something nefarious on the sly like record you talking all the time without consent. That would be easy to prove by tearing down and analysing the device, and much more likely to land them in legal hot water for not disclosing it, given it’s their device which they built for a purpose and in which they included this undisclosed functionality.
Yeah, you’re right, you can open up a black box in a way you can’t really for a typical phone app/OS stackup. Maybe I argue it’s no longer a black box then, but no matter. I had originally started in on another section about better permissions and data handling and such, so I probably had a more optimistic view of permissions in general when writing, but one of the points was about being able to sniff your own (app’s) packets to be able to monitor what’s collected and sent at any given moment. That’s the sort of thing that I think makes the most sense, to directly interrogate the issue of what data they are sending back about you, rather than making logical connections from other observations.
Counterpoint: It might be normal for that device to have a WiFi radio or something to communicate wirelessly, but if the software is actually using the antenna to detect and track your heart rate, it might require an extremely (or even impossibly) talented hardware engineer to notice anything fishy from the device’s hardware itself. The WiFi and heart-rate thing specifically might not be a viable vector, dunno, but it can be a lot harder to check for stuff than just seeing if there’s an “ACME Spy Microphone” module plugged into the board somewhere. Though I agree they would probably get a worse reaction from illicitly including a hardware feature vs an app scraping the same data from your phone, even if they’d send back the same info; also that you could at least know a separate device was only tracking your car’s location, and only when you brought it with, not relying on it’s own software to decide when and where to collect data.
Ultimately, the solution might have to involve not using an OS developed by a company that also wants to slop up as much data as it can, but only so much one can do. At the very least, it’d be nice to get more separation between a “personal space” that you live your life in, e.g. socialize and consume content, and a “functional space” for other stuff that will run on your phone or you access occasionally but isn’t part of you being you, like apps for random companies or services, phone lights/sensors, a driver-insurance-safety app that should just get data pipes in from a specific list of sources and isn’t supposed to be sending data home 24/7, etc.
In some ways I agree, but on the other hand, a “box with GPS, accelerometer, mobile data, and everything else it needs to function … built right in” is just a phone, minus a touchscreen and some extra computing power. And unless you know the hardware inside the black box, just blindly passing its data through could be even worse than an app pulling stuff off your phone.
It’s not JUST an app on your phone though, what OP was talking about is an app in your phone AND a black box. Both of them. What I’m saying is that I want just the box, with no app and no other connectivity.
The point of a single purpose device like a driving GPS black box is that it does what it does, and has no capability to do more.
If I have a black box in the car, I know that my insurance company is getting my GPS location, speed, acceleration, where I go, and when and how. And that’s fine, because that’s the data I explicitly consented for them to have when I signed up.
But what I also get is certainty they have no aceess to anything else. With no app on my phone I don’t need to be concerned with what they are slurping up on the sly above and beyond what I consented to - which with apps on a smartphone is quite a lot of data, even if you manage your permissions carefully.
For argument, lets go ahead and assume the black box has “other sensors”(e.g. microphone) and is trying to do something nefarious on the sly like record you talking all the time without consent. That would be easy to prove by tearing down and analysing the device, and much more likely to land them in legal hot water for not disclosing it, given it’s their device which they built for a purpose and in which they included this undisclosed functionality.
Yeah, you’re right, you can open up a black box in a way you can’t really for a typical phone app/OS stackup. Maybe I argue it’s no longer a black box then, but no matter. I had originally started in on another section about better permissions and data handling and such, so I probably had a more optimistic view of permissions in general when writing, but one of the points was about being able to sniff your own (app’s) packets to be able to monitor what’s collected and sent at any given moment. That’s the sort of thing that I think makes the most sense, to directly interrogate the issue of what data they are sending back about you, rather than making logical connections from other observations.
Counterpoint: It might be normal for that device to have a WiFi radio or something to communicate wirelessly, but if the software is actually using the antenna to detect and track your heart rate, it might require an extremely (or even impossibly) talented hardware engineer to notice anything fishy from the device’s hardware itself. The WiFi and heart-rate thing specifically might not be a viable vector, dunno, but it can be a lot harder to check for stuff than just seeing if there’s an “ACME Spy Microphone” module plugged into the board somewhere. Though I agree they would probably get a worse reaction from illicitly including a hardware feature vs an app scraping the same data from your phone, even if they’d send back the same info; also that you could at least know a separate device was only tracking your car’s location, and only when you brought it with, not relying on it’s own software to decide when and where to collect data.
Ultimately, the solution might have to involve not using an OS developed by a company that also wants to slop up as much data as it can, but only so much one can do. At the very least, it’d be nice to get more separation between a “personal space” that you live your life in, e.g. socialize and consume content, and a “functional space” for other stuff that will run on your phone or you access occasionally but isn’t part of you being you, like apps for random companies or services, phone lights/sensors, a driver-insurance-safety app that should just get data pipes in from a specific list of sources and isn’t supposed to be sending data home 24/7, etc.