Connected vehicles & privacy of data
Connected vehicles are here.
So are the privacy questions surrounding them.
With the phenomenal amount of data that they generate, each connected vehicle is a big source of PII.
In some jurisdictions, the police are using data from autonomous driving cars for surveillance. Meanwhile, electric scooter manufacturer Ola released the telemetry data of a user to make a point during a dispute and suddenly found themselves staring at privacy issues:
Take Action:
If you are collecting customer data in any form (even if it is driving telemetry data), consider the privacy implications. Privacy Impact Analysis (PIA) is not just about data in computer systems, but also data generated from ‘smart’ devices your company manufactures and shares.
Know someone who might find this useful? Share this post.
What happens when you click on the ‘submit’ button might be a moot point now…
The reasonable assumption when you see a ‘submit’ button on a website is that the data is sent to the site only if you click it. Reseachers have shown that many websites collect data as you type, and not after you click the submit button.
Anyone who has used a web proxy tool (like burp suite) will know that the number of connections that are made to various websites even before the submit button is pressed.
Well, in itself it seems benign, till you dig a little deeper. The data collected as you type can contain passwords as well (and it does). All of this BEFORE you submit the form.
The main culprit, says the paper, is third party advertising and marketing services. Read the paper to know more.
Take Action:
Check if your sites are using third party advertising and marketing services that collect this information. Identify all the trackers you have enabled on your websites and stop the ones that collect data before form submission.
Useful? CyberInsights is a weekly post about two new items in cybersecurity which helps the cybersecurity professional think. Subscribe to it here.