Ask HN: Is OBD-II telematics data more private than mobile app tracking?

I've been digging into the privacy policies of major auto insurers who offer UBI (Usage-Based Insurance). There seems to be a consensus that mobile apps are 'easier,' but they require broad OS-level permissions (Location, Motion) that can technically track you 24/7.

In contrast, the OBD-II dongles are hardware-limited to the vehicle's operation. They know how the car is driven, but not necessarily where you walked after you parked.

Is there a technical reason to prefer one over the other from a data security perspective? I wrote up a comparison of the hardware trade-offs here: https://suretyinsights.com/blog/dongle-vs-app-the-hardware-of-usage-based-insurance I'm curious if anyone has reverse-engineered the actual data packets these dongles send.

> Is there a technical reason to prefer one over the other from a data security perspective?

The rule of thumb would be to prefer the OBD data. The most secure data is the data that is never even exposed, and OBD exposes less than a smartphone does.

> I'm curious if anyone has reverse-engineered the actual data packets these dongles send.

Yes, but you don't even have to do that. The OBD protocol is readily available, so you can see what data is surfaced, and you should just assume that anything that can be read through OBD will be sent to the insurance company.

If you want to really see what data your particular car surfaces through OBD, OBD readers are very inexpensive and readily available. Pick one up and explore.

From my personal perspective, I can't imagine a circumstance where I'd be OK sharing any of this data at all, particularly not with insurance companies.

16 days agoby JohnFen