Adam Levin:
Hey, Beau, you remember when Travis did his dissertation on the dangers of QR codes?
Beau Friedlander:
Yeah, it was total tinfoil hat territory.
Adam Levin:
I bet you didn’t know that Caitlin and AKA Cybersecurity Girl did a whole thing this week on quizzing.
Beau Friedlander:
I have no idea who that is.
Travis Taylor:
You don’t? She has a huge following online. She’s kind of a big deal.
Beau Friedlander:
Define huge.
Travis Taylor:
More than us.
Adam Levin:
And with that, welcome to What the Hack, A True Cybercrime podcast. I’m Adam Levin.
Beau Friedlander:
I am Beau Friedlander
Travis Taylor:
And I’m Travis Taylor.
Adam Levin:
Caitlin Sarian, welcome to our show. So where are you coming to us from?
Caitlin Sarian (Cybersecurity Girl):
I’m sitting in Miami, Florida right now.
Beau Friedlander:
Oh my gosh. Is Miami still above the sea level that you can go outside?
Caitlin Sarian (Cybersecurity Girl):
And I mean, barely. We all have. There’s a huge storm right now, so I’m pretty sure we’re about to be underwater and probably at the end of the podcast.
Beau Friedlander:
Well, if that’s the case, we’ll do our best to, if Amazon’s still working, we’ll have them send you a raft. Caitlin, your persona online is Cybersecurity Girl and you have a robust following on Instagram and TikTok. How did you get into it and how long ago? I’m curious.
Caitlin Sarian (Cybersecurity Girl):
So it’s a little over two years now, which is crazy to me. But I was like, what can I contribute to this world that will actually be helpful? And then I started realizing that I always get asked questions about cybersecurity. And so there was three pillars. One was to just demystify what cybersecurity is. The second was to get more people into a career in cybersecurity. And the third was to get more women specifically in STEM field,
Adam Levin:
What topics work best?
Caitlin Sarian (Cybersecurity Girl):
Honestly, the ones that go the most viral are the ones for the general public on how to be safe online. And the way that I tell that story is explain kind of what happens if they don’t do that. If I say, Hey, someone’s in your baby monitors, if you’re not fixing this setup, then it’s more alarming and people realize, oh wait, this does relate to me. Cybersecurity relates to everyone. Privacy relates to everyone, but we’ve never told the story that way.
Adam Levin:
Can your followers follow you when it gets complex?
Caitlin Sarian (Cybersecurity Girl):
To be honest, I can’t follow myself when it gets complex, so that’s why I have to break it down in very, very simple terms.
Beau Friedlander:
I mean, okay, speaking of complex issues, I think open source intelligence was one of those things for me. I understood that the information we share online was out there, but I didn’t fully understand the implications until I was on this telegram channel and our very first episode of what the hack was with a close friend of mine named Roy, it
Was right before the inauguration, I think when Parler got kicked off of their own app was shut down, and it was in the news that everyone from Parler was migrating to Telegram.
Roy and I were like, we’re going to get Q Anon, people we’re going to get ’em to expose themselves.
And we were kind of pretending like we were Trump supporters.
And Roy immediately gets hacked by one of them, and I find myself in a subgroup with this dude who goes, you seem really intelligent. Do you want to do open source intelligence with us? We’re taking down the Democrats. He explained it to me and I was like, so basically Googling,
Caitlin Sarian (Cybersecurity Girl):
So some really cool technical people like to say that Google Dorking and we’re searching and scouring the internet. Google Dorking is another way of just basically saying Googling, but open source intelligence is literally getting intelligence from sources that are open to the public. So a lot of times it really is just glorified Googling honestly. But there are specific websites that you can go to for certain things like data broker websites can get a lot of information. Like the white Pages is huge for a data broker, but there’s hundreds and thousands of data brokers that you can go on and get first name, last name, your parents’ phone numbers, your parents’ names, your parents’ addresses, any address ever affiliated to you. I don’t find myself particularly smart and I can do it. So I feel like anyone could do it if I could do it.
Adam Levin:
I know it’s a term we all use, but when we talk about open source intelligence, aren’t we just talking about privacy or even cybersecurity?
Caitlin Sarian (Cybersecurity Girl):
I think understanding privacy is the gateway drug to understanding cybersecurity and why it’s so important to be completely honest. Because if you start realizing how important you want your privacy to be, you’ll start realizing how important you want your employer’s privacy to be. You want everyone else’s privacy to be, and then that’s also cybersecurity in general. It’s making companies aren’t getting hacked, it’s taking the precautionary measures. And honestly, those precautionary measures are the same whether you’re protecting yourself or you’re protecting your company. So I think I really love privacy. I think that’s the one way that we can get people excited about cybersecurity as a whole. I mean, if you start talking down the road of all cybersecurity aspects, honestly, the reason why people start caring more about cybersecurity is when it pertains to them, and that’s really their data privacy.
Adam Levin:
How did you get into this area?
Caitlin Sarian (Cybersecurity Girl):
I got into cybersecurity about 10 years ago on a whim. I did aerospace engineering in university and they asked if I was interested in cyber, and I was like, that sounds great. And then I got my toe in cyber and pretty much jumped in full throttle at that point and I was like, I want to learn something else. And I just somehow data privacy and data protection. I started data protection specifically. So really understanding company’s crown jewels, what’s most important and how do you protect that? And then I loved the privacy aspect because that was understanding my crown jewels and what am I trying to protect for me personally and how am I protecting myself
Travis Taylor:
When it comes to privacy. I think a lot of the things that people know about are how to be proactive, not giving out your information or lying about your information and so on. How important is it to be reactive with your privacy?
Caitlin Sarian (Cybersecurity Girl):
That’s a great question, Travis. Everyone. When the internet started coming about, we wanted to sign up for everything. We wanted to create every account. We wanted to download every app. We wanted to give everyone our email so we could get the 20% off. And as much as it is for us to start realizing maybe we shouldn’t be giving our email to everyone or creating accounts for everyone, but we also need to realize that we need to be, like you said, reactive, which is, okay, what do people have on me right now and how can I fix that? So I use a company called DeleteMe for data brokers because data brokers have all of our information. Even the government sells our information to data brokers, which I find absolutely hilarious. And so it’s not just like, oh, I signed up for Amazon and now people have my data. Anything that you do online, your digital footprint grows and it goes to the data brokers. Literally, anytime you go online, your digital footprint is growing. So they scan the internet every two months and actively delete information about me, which is a lifesaver. But the other thing that you need to think about and a lot of people don’t is start going through your emails and being like, instead of just pressing unsubscribe, go to that website and ask them to delete your data. So
Adam Levin:
Caitlin, we had Rob Chevelle who’s as you know, the CEO of DeleteMe on a previous episode and we loved it. Can you explain the difference between a site? Have I been pod and a service DeleteMe?
Caitlin Sarian (Cybersecurity Girl):
So delete me, just helps delete your personal information off of those data brokers. And Have I Been Pwned? is literally, it tells you what data breaches you are involved in. So they’re completely separate, both incredible resources to have. I honestly, instead of Googling myself, I look at my, have I been honed many times throughout the month just to see if anything else happened?
Travis Taylor:
Okay. So given the fact that our data is being collected and it’s being collected from more sources than we could ever hope to keep track of what is the best way to manage our digital lives,
Adam Levin:
I’m sure some of our listeners are wondering if they should just go full Luddite. I get offline completely.
Beau Friedlander:
The problem with that is if you want to have privacy nowadays, you kind of have to be super proactive about it because every time it’s like weeding a garden.
Caitlin Sarian (Cybersecurity Girl):
So if you continue to create accounts, if you continue to buy stuff, if you continue to do anything under your email or a username that’s linked to you, there’s so much other information out there. I personally use a few platforms that allow me to spin up real working emails and phone numbers. So if I ever have to sign up for something, I’m not ever putting it towards mine. Or there’s other ways to just kind of detach yourself from your digital footprint and your online identity.
Beau Friedlander:
So Travis, what do you do?
Travis Taylor:
I mean, I use privacy friendly browsers like Firefox. I limit the data I give out. I tend to connect to the internet through A VPN and when possible, I go to brick and mortar stores.
Adam Levin:
I’ve been thinking a lot about it in connection this year with the elections, it really worries me that this is a serious attack vector on a number of levels.
Travis Taylor:
There’s the larger worry about disinformation and foreign meddling, and there are plenty of smaller worries. I mean issues,
Beau Friedlander:
I mean literally micro emails and tons of texts and a lot of communication. So with political emails, that’s the first thing that comes to mind for me. No matter what I do, my email address is getting sold and resold and sold, and no matter what anybody does, that information’s already in a marketplace.
Adam Levin:
Yeah, I have heard now from every human being in every party running for every office, and it happens day after day after
Caitlin Sarian (Cybersecurity Girl):
Day. I think from an email and a personal information perspective, legally if you request for them to delete your data, they have to delete your data. Now, obviously it’s the more that you’re online, the more it gets sold to them. I will say, I mean it is crazy that as a country we allow this to happen. It doesn’t really happen in any other country.
Travis Taylor:
Yeah, I think like 15% of the countries in the world, including us, have zero privacy legislation and something like 70% of the countries in the world do.
Beau Friedlander:
Huh, that’s freaky.
Adam Levin:
What do you do in a situation where you may end up getting your data deleted from one or two brokers, but there are other organizations they’ve already sold the data to who are then reselling the data to someone else. So this is like Whack-a-Mole.
Caitlin Sarian (Cybersecurity Girl):
A lot of people don’t really actually care about that because they actually want the catered ads. So it’s a very interesting situation in a weird web that we weave, and I think that’s what makes privacy so cool because people think privacy is dead right now, but if anything, I think privacy is the most enhanced and it’s needed the most right now than it ever will be because privacy is the ability to say, okay, I want these people to have my data and these people to not have my data. And at this point it’s kind of difficult, like you said, one person selling it together, even if you’ve already requested for them to delete it, it’s really difficult to have that separation, but privacy, hopefully with new privacy laws and regulations that’ll come up, it’ll be a lot easier or better for consumers.
Adam Levin:
Well, that’s a question I have for you. I was in Washington last week. We were talking a little bit about privacy and the whole issue is that there are too many organizations pushing elected officials through lobbyists not to have that kind of privacy.
Caitlin Sarian (Cybersecurity Girl):
So privacy like GDPR or CCPA really empowers us as consumers to have access and control over our data. And I obviously was a consultant and worked at a massive law firm and a massive consulting company as well who helped companies, large companies try to abide by these laws. And it’s very, very difficult. It takes a lot of manpower, a lot of money to actually allow this to happen because when the internet first came to be data was king, so you wanted to collect all the data as much as possible, and now you are still trying to collect that data, but you’re trying to only collect it for necessary purposes. You’re really trying to reel back what you’ve already collected. It’s a very weird time right now for privacy, but I think for me personally as a consumer, I want to be like, yes, we need federal privacy of law, and I think companies should be getting on board with this because it’s harder for companies to abide by random state laws versus one blanket federal law. But yeah, like I said, there’s a lot, it seems really easy to be like, oh, just don’t collect as much data. No, there’s a billion different ways that you can cut it. I mean, it’s not even just collecting data and then there also needs to be documented evidence that you’ve allowed the consumer to do that and that you’ve deleted it correctly.
Adam Levin:
Well, yeah. So let’s talk a little bit about compliance. So from your perspective, why is it so hard?
Caitlin Sarian (Cybersecurity Girl):
So when you’re collecting information, you have to think about all the different teams that are collecting the information and the purposes of collecting information, right? There’s internal information for your employees, health benefits, payroll, all of that stuff. That’s all counts as consumer stuff. And then there’s the actual end-to-end consumer, which is marketing, sales, what they’ve purchased, everything, and it goes to so many different teams. From there you have to figure out if I, Caitlin, were requesting my data, let’s just say from Nike, there’s not a central source for many of these large companies. There’s just not. It’s in so many different teams and it’s being used in so many different ways. And so you have to have a way of validating that I, Caitlyn Am actually who I say am through an email, which is extremely hard. You don’t have to do a phone call or something else.
You’re collecting more data on people because asking for more data to confirm that the identity, once you confirm the identity, then you have to collect and confirm that you’re collecting every single piece of data on me, which let’s be real in Nike or any large business, it’s almost impossible. And then on top of that, you also have the right to be like, Hey, that information is incorrect. So then you have to have a way of confirming that what I say is correct and what you had is incorrect, which is a whole nother process. Or let’s say you have to delete my data or I’m requesting my data. So then you have to have a way of sending me securely all of the data that you have on me, which is a feat in itself, and then also if I request delete it, you have to have a way to officially wipe all of the data off, including the data that’s stored on a backup service. So there is so many steps that you have to take, and that’s just from the consumer or employee side. And the issue is that there’s no central source of data. Really, that’s the main issue.
Adam Levin:
You’ve told me that I have the right to say to Nike once I prove to Nike that I’m really me, that I want this stuff deleted and they have to delete it. Where does that right come from? Is it because of the California Consumer Protection Act? Is that because of the GDPR that every company says, well, if I’m going to function in this world, I have to comply with that?
Caitlin Sarian (Cybersecurity Girl):
A lot of large companies use CCPA and GPR as a baseline, so they’re going to go as if they’re working from them. If you’re in a town in the middle of Texas, they don’t have the same rights or rules. So you as a consumer don’t have the right, and if you live in Texas too, you don’t usually have the right to ask to delete your data unless it’s a large company that uses CCPA as a baseline or GDPR as a baseline. So it makes it very difficult. Like I said, there needs to be a federal law that allows this to happen
Travis Taylor:
While the federal privacy law sounds great. I do have to wonder if laws like the CCPA actually do help pressure other states into providing more privacy legislation. Just for instance, if I’m on a website and it says in the bottom, do not sell my information, I click on that and it says, do you live in California? And you have to say no. Then they say, sorry, we’re selling your information. When I see that, I think I actually want to write my congress person and just say like, Hey, can we get something similar up here?
Caitlin Sarian (Cybersecurity Girl):
I think C-D-C-P-A did an amazing job in leading the way for other states. The issue comes from a company perspective when multiple states are just starting to add privacy regulation to the privacy laws and they’re a little bit different or they’re a little bit skewed, or one is a little bit more stringent in one section. And so it’s going to, from a company perspective, it’s not going to be easy and it’s already not easy. So that’s why I think the federal is the most important, at least to have the baseline, hopefully maybe it make it the most strict that way we don’t have to worry about state by state. Companies won’t have to worry about state by state, but they can really just follow a federal regulation.
Travis Taylor:
Do you think there’s a danger of speaking of having a strict federal law that there’s a danger if we end up passing a federal law that it’ll end up watering down privacy protections in the states that have already established pretty strong one?
Caitlin Sarian (Cybersecurity Girl):
I’m intrigued why you asked that.
Travis Taylor:
We have the California law, which is great, and the Illinois law in terms of biometrics, which is great. And then if you have a federal privacy law coming along and saying, we’re going to water that down. In both cases, what that might mean is you have a rollback of privacy in the states that already sort of at the forefront,
Beau Friedlander:
A hundred percent Travis. I mean, if Trump, for instance, becomes president again, I’m moving to France, but he’s probably going to try and roll out a federal law for guns. And what that’s going to do is it’s going to destroy the really robust gun laws in states like my state, Connecticut.
Adam Levin:
That’s why you have pushback in Congress to any federal law, pretty much anything. So that’s why things just don’t get done. I mean, if my state law is robust and you’re proposing something that’s significantly weaker than my law, I’m going to fight like hell to make sure that your law never gets passed. Well,
Beau Friedlander:
I thought they just fight just because they hate each other.
Adam Levin:
Well, they do too. But that,
Beau Friedlander:
Caitlin, we’ve mostly been talking about one type of information that companies collect, but there’s a whole other industry that has historically kept data on us, and that’s credit cards. Can a company delete me or any other human force on earth get the credit card companies to delete? Can I call up Citibank and say like, Hey, I bought sneakers, guitar strings, a pencil and a tractor, but I don’t want anyone to know that. Can I make you not share that information with anyone? Credit card company?
Caitlin Sarian (Cybersecurity Girl):
This is where the privacy law gets a little wonky because companies can save their data for legal purposes. So I am assuming that most of their credit card company is going to say, well, we need to know that you bought this stuff just in case. I don’t know, in case
Beau Friedlander:
You’re the Unabomber and we want to come get you. Yeah,
Travis Taylor:
Pretty sure he is more of a cash kind of guy.
Caitlin Sarian (Cybersecurity Girl):
Yeah, exactly. Who knows? But there’s kind of ways to go around it. And so a lot of companies were taking a risk-based approach on what data they were allowed to keep before deleting, and I think that the credit card companies have taken a risk-based approach to not actually let you delete anything.
Adam Levin:
Obviously this is not as black and white as any of us would like it to be. I mean, we started today by talking about how complex a lot of this can get even for us. So I’m curious, what advice would you share with our listeners? Where do you start?
Caitlin Sarian (Cybersecurity Girl):
So the first thing is passwords create really strong, unique passwords, and if you’re not creating different passwords for every account, at least group ’em so you have different passwords for banking accounts, those are really important. You don’t want to have the same ones or social media accounts. If social media is a big thing to you and you don’t want to lose them, turn on different passwords for that and then turn on multifactor authentication. That means just two ways of logging in, whether that’s getting a second email or getting a text message. I would definitely turn on multifactor authentication. And then the third is just be mindful of where and who you’re sharing your data with. And that means if you’re getting a phishing email, that gives you some sense of urgency that you have to act now. Be mindful before you give out your information.
I always say, take a deep breath. Is this a company I want to give my information out to? Do I need to have this account? The first question, the second question is, if I absolutely need this account, will I be able to delete it after? The third question is, why are these people asking for my information? And fourth question is, is this urgent? If I’m feeling like a sense of urgency, something’s probably up. And then the fifth is like, what’s my gut saying? So anytime you type in your email, you type in a password, you type in any of your personal details, take a step back, see if it’s actually needed,
Beau Friedlander:
And sometimes it’s not obvious or we’re just used to giving away some of our information.
Caitlin Sarian (Cybersecurity Girl):
There’s also new apps now that allow you to sell your data. You give permission for people to use it and you get money or some monetary value
Beau Friedlander:
Or Oh no, that’s a coupon service. That’s like with the gas. I had that app for a half a second and it was such a ripoff.
Caitlin Sarian (Cybersecurity Girl):
My mom has that app too, and I’m like, please get rid of it.
Beau Friedlander:
I had that for work. I had it. I was like, let’s see how it works and see what it does. Very post-privacy. In my own life, I have everything locked down. That’s how I deal with it. I have all my accounts frozen. I operate as though I’ve been breached all the time. It’s easier that way. I have two safes in the house.
Adam Levin:
We don’t even know your real name.
Beau Friedlander:
No, it’s true. Most people don’t.
Travis Taylor:
That’s what you think, Alphonse.
Adam Levin:
But seriously, why do I have to give my email address when I’m buying something in person?
Beau Friedlander:
By the same token, if they were to hand me a swab and ask me to just rub it in the inside of my mouth and give it back to them, I would also say, no, this is your information, whether it’s your DNA, which seems very personal or your email address, which is very personal,
Adam Levin:
Which brings us to a DNA company that had a breach not too long ago.
Beau Friedlander:
Yeah, okay. Let’s hear you. Cybersecurity Girl. Tell us, what do you think of 23 and me?
Caitlin Sarian (Cybersecurity Girl):
Oh, no. I mean when they first came out, I immediately told my family, do not do this at all. Just no, we know that we’re Armenian. It’s fine. What is the purpose of getting this done? Later on, when 23 and me started saying that we’re going to start matching and seeing what diseases could be in your family, my parents were a little intrigued, but I was just like, nothing good is going to come of
Beau Friedlander:
This. My cousin uses 23andme and all of a sudden my data, which I had no interest in putting out into the world, is sort of out in the world.
Adam Levin:
Well, I did have certain extended members of my family that found out that there were other members of the family that they never knew existed.
Caitlin Sarian (Cybersecurity Girl):
Sometimes ignorance is bliss, don’t you think?
Adam Levin:
Yes, absolutely. It got somebody in a whole lot of trouble.
Travis Taylor:
That is way too much information,
Beau Friedlander:
Adam. You didn’t say who had a child out of wedlock. Exactly, and that’s the thing, because all these websites and apps talk to each other or they share and receive information from these data brokers, suddenly your privacy is a whole lot more difficult to protect.
Travis Taylor:
I’ve gotten annoyed with relatives of mine getting the test done where I’m just sort of like, you are roping me into this,
Beau Friedlander:
And Adam, I remember you found out that you came from a long lost group of whale fishermen from Iceland. Is that right?
Adam Levin:
Actually, they were from Greenland, but no, I’ve never done 23. You never, never will. Because terrified to do it.
Beau Friedlander:
I, but that’s the thing. You are in the business of making people more aware of their information, who might want it and how they can protect it.
Caitlin Sarian (Cybersecurity Girl):
Exactly.
Beau Friedlander:
What do I need to know, Caitlin, about the stuff you teach your followers. So what are the best practices? The easiest way for me to understand that my data matters and it can be protected,
Caitlin Sarian (Cybersecurity Girl):
Basically I’ll just say anytime you go online, you’re creating a digital footprint and the digital footprint, your digital continues to get larger and larger. As you go to different websites and you do download different apps, anything that you click and it’s a money game, the people on the other end are making money every time you click on anything because they’re collecting data and they’re going to be selling your data. So just be mindful of where and where you’re giving your data and what you’re clicking on and who you’re giving your data to. If it’s not someone that you want to give data to, maybe don’t create an account for that website or don’t go on that website, but just again, be very mindful of anytime you are logging into the internet, anytime you go on the internet, you are having a bigger and bigger digital footprint and your information is going more places. So just be extremely mindful of who and where you’re putting and giving your data to.
Adam Levin:
Can you even know at the end of the day where your data is being given?
Caitlin Sarian (Cybersecurity Girl):
I mean, if you don’t log onto the internet, it’s not going anywhere, right?
Adam Levin:
Well, we always like to say if you’re living under a bottle cap at the bottom of Loon Lake, but short of that, you’re out there.
Caitlin Sarian (Cybersecurity Girl):
I would like us to know where it’s going. And this goes back to the privacy laws again, where we need more regulations on what companies are doing with your data, and we need to have transparency from a consumer aspect on what companies have on us. Once we have that, then it’s a lot easier to answer that question hopefully.
Adam Levin:
So you’ve convinced us and all your followers to take privacy seriously, but now what? I mean, I know we’ve mentioned, have I been Pod and Delete me? Have I been pod as free? But what about Delete Me? Are other services that remove your data on your behalf, are they free?
Caitlin Sarian (Cybersecurity Girl):
It is not free.
Beau Friedlander:
So it’s a subscription model.
Caitlin Sarian (Cybersecurity Girl):
HaveIBeenPwned isn’t actively going out and deleting your data. They’re literally just scraping information off the dark web and telling you where your data was breached. DeleteMe is actively going out personally and deleting your data off of data brokers.
Adam Levin:
We have Kashmir Hill on the show talking about Your Face Belongs To Us, her book. We live in a world where facial recognition is becoming more and more part of our daily lives. How do we deal with that
Beau Friedlander:
And biometrics and stuff? Is that something that you try to opt out of
Caitlin Sarian (Cybersecurity Girl):
Or? So I’ve picked my poison. My face is all over the internet unfortunately, so I can’t really do anything about it at this point. I would actively avoid putting my kids online and I would probably try to have as small of a footprint as possible with pictures and stuff. The only reason why I’m on social media is to educate the public.
Adam Levin:
Caitlin, I can’t thank you enough for spending time with us, telling us about what you do and just sharing your life, and we appreciate
Caitlin Sarian (Cybersecurity Girl):
That. Yeah, thanks so much. I really appreciate coming on here. I really appreciate what you’re doing and I think the world needs to hear your podcast.
Adam Levin:
Well, thank you for that. But if someone wants to learn more about you, what you do, where do they find you?
Caitlin Sarian (Cybersecurity Girl):
You can find me on social media, on Instagram at Cybersecurity Girl or on TikTok at Cybersecurity Girl.
Beau Friedlander:
And now it’s time for the Tinfoil Swan,
Adam Levin:
Our paranoid takeaway to keep you safe on and offline.
Travis Taylor:
Did you read in the New York Times about this guy who’s suing over the data his car was collecting on him?
Adam Levin:
I did. It was written by someone who’s been a guest on our show, Kashmir Hill. She’s the author of Your Face Belongs to Us.
Beau Friedlander:
I glanced at it. What’s the short version, Travis?
Adam Levin:
I can do the short version.
Beau Friedlander:
Bet your name isn’t Travis.
Travis Taylor:
So a man in Florida is suing General Motors and LexiNexis for collecting and providing information those used by his insurance provider to double the cost of his coverage.
Beau Friedlander:
Well, I mean this shouldn’t really come as a surprise. We’ve talked about the non-existent privacy policies that come with most new cars. We even dedicated the better part of an episode to it with Jen Cal, rider of Mozilla, the person behind that organization’s privacy not included program.
Adam Levin:
That was a good episode. The whole thing.
Beau Friedlander:
What are you talking about?
Adam Levin:
You said the better part.
Travis Taylor:
Okay, guys,
Adam Levin:
Jen Caltrider is an expert on privacy policies and on data sharing practices of automobile manufacturers. She discovered they collect a shocking amount of data and they can share it.
Beau Friedlander:
Yeah, well, I guess somebody’s going to be winning a Peabody. Our episode created a lawsuit.
Travis Taylor:
We weren’t mentioned in the coverage, but it was pretty interesting. I mean, the guy in the story installed the gm, my Cadillac app, and it enrolled him by default in a program through OnStar,
Beau Friedlander:
Which recorded hard accelerations. Heartbreaking. I’m telling you, we’re going to get a Peabody
Adam Levin:
From your lips to God’s ears. The data was sold to LexisNexis and then again to another data broker, and finally to his insurance company.
Travis Taylor:
It’s the circle of data
Beau Friedlander:
Up. So what’s the takeaway, buy a classic car?
Adam Levin:
There was a clause in OnStar’s privacy statement saying they could share the data with third parties,
Beau Friedlander:
Travis.
Travis Taylor:
I mean, a spokesperson for GM said it was possible to unenroll, but in this guy’s case, and I’m assuming a whole lot of other people, it’s really hard to unenroll from something that you didn’t know you were enrolled in the first place,
Adam Levin:
And at least in this case, the damage was already done. His insurance rate doubled. Opting out of this service isn’t going to lower his rates.
Beau Friedlander:
As we always say, all apps are not created equal. Cadillac predates smartphone apps and most apps, they’re designed to collect sellable data or at least usable data.
Travis Taylor:
Yeah, I mean, we’ve talked a lot about privacy legislation and that to date really just hasn’t worked. At least as we discussed earlier today. Maybe this kind of lawsuit will actually finally help change the behavior of car manufacturers.
Adam Levin:
And that’s our Tin Foil Swan.
Travis Taylor:
What the Hack with Adam Levin is a production of Loud Tree Media. You can find us online at adamlevin.com and on Instagram, Twitter, and Facebook at Adam k Levin.
