Underhanded insurance data collection Part 2: Allstate Boogaloo

After a few car manufacturers were found to be secretly selling driving telemetry data from their newer models to some data brokers who then sold the data on to insurance companies, Allstate apparently decided to cut out both the middleman and the need for cars with modern telemetry systems (meaning even those of us driving ancient classics could've been affected!) by paying some app developers to add tracking code to apps to do the deed instead, effectively causing apps such as GasBuddy to also function as disguised insurance tracking apps and using that data to jack up people's rates. Allstate had no control over who would install these apps, so to make the best of that they did two things: They bought driver info from a bunch of car manufacturers to help identify their own customers, and sold the data they collected to other insurance companies since their customers would be among the victims as well.

These apps can't tell whether you're actually driving a car yourself or merely riding in a car with someone who doesn't drive smoothly enough, or according to one user, whether you're riding a rollercoaster in an amusement park, so for our purposes it's safe to say that any on-track activities would be very bad for your street insurance costs.

If you're thinking that the legal agreements that allowed this were buried deep in some EULAs and customer contracts, they weren't even there, this was 100% secret and therefore even more illegal due to getting customer consent for exactly none of it:

https://www.theregister.com/2025/01/14/allstate_accused_of_paying_app/

No, no.  I'm sure you're mistaken.  There is no chance that people or corporations would ever use telemetry data, or other data, or AI for any but the most noble and beneficial purposes.

Appleseed, why don't just put apps on your phone?

And here i am figuring out ahead of time how to disable the telematics in the maverick before I drive it home. 

How do we protect ourselves? Can we? Or are we pretty much rucked if we want to use apps and modern technologies?

Neo-Luddites, unite!

Corporate death penalty. Make an example out of one or two of them, and everyone else will stop doing the surveillance capitalism sthick.

As it stands now, fines are the cost of doing business. Every line-must-go-up dipE36 M3 will get the message if you fine them out of existence or pull their ability to do business.

What a conundrum this potentially creates!  Does one take their phone with them in the car, in case something happens and they need to contact someone to help them out, and run the 'risk' that their insurance carrier is monitoring their driving habits?  Or does one throw caution to the wind, and leave the phone at home and hope they don't breakdown, get in an accident, etc., etc.?  

In reply to The0retical :

But why make an example out of them other than their redundant data?

Making an example of the corporations might make people think we should make an example of the government doing the same berkeleying thing. But nobody seems to care when it's the government.

In reply to einy (Forum Supporter) :

Or you could, you know, turn your phone off and take it with you if you're that worried about it.

RevRico said:

In reply to The0retical :

But why make an example out of them other than their redundant data?

Making an example of the corporations might make people think we should make an example of the government doing the same berkeleying thing. But nobody seems to care when it's the government.

I don't appreciate the feds aggregating, or buying, a ton of data for the sake of aggregating data either. I was pissed as hell when the OPM lost all my data. I get pissed as hell every time the police are caught obviously using some form of parallel construction, and I very much do not appreciate the ongoing PRISM program. The difference is that I have a say, however small, in the way we're governed. I only get that say through my legislators about what corporations do, and even then stuff like this happens with virtually no consequences.

I'll also say I advocated the same thing when Meta got caught violating its consent decree, Google got caught collecting data when they assured users they were not, VW, Hyundai, and Chevy got caught gathering and selling telemetry, and Equifax simply existing before their data leak. If you can't get at the people approving decisions like this because of the corporate veil, and you can't put the corporation in jail, then you need to punish the people who do have exposure or nothing will ever change. In this case it's anyone invested in the company.

I'd be willing to meet halfway if there were actual penalties with teeth like Europe supposedly has which are based on percentages of global revenue. But as it stands now, berkeley anyone who thinks this type of data collection is a good idea.

1988RedT2 said:

No, no.  I'm sure you're mistaken.  There is no chance that people or corporations or governments would ever use telemetry data, or other data, or AI for any but the most noble and beneficial purposes.

FTFY. 

Is allstate the same company that sent spies to an NER event, ran all the plates and cancelled polices?

In reply to Toyman! :

Thank you.  I must have lost my head for a minute. 

Dusterbd13 said:

How do we protect ourselves? Can we? Or are we pretty much rucked if we want to use apps and modern technologies?

I use a rooted phone with an open-source Android distro, use self-hosted services and avoid closed-source apps as much as possible for open-source alternatives. I also use heavily modified browsers with a lot of addons to help control where my data goes. It's a lot of up-front effort though.

Duke said:

In reply to einy (Forum Supporter) :

Or you could, you know, turn your phone off and take it with you if you're that worried about it.

 

They are never "off."

In reply to prowlerjc :

With most phones off is truly off, but they can power back up based on a timer to give you any alarms you set. It's the same kind of feature as the UEFI/BIOS wake-on-timer in a desktop PC. Airplane mode may not be enough though, an app could theoretically still collect and save GPS and accelerometer data etc. and then upload it whenever it reconnects.

The0retical said:

Corporate death penalty. Make an example out of one or two of them, and everyone else will stop doing the surveillance capitalism sthick.

As it stands now, fines are the cost of doing business. Every line-must-go-up dipE36 M3 will get the message if you fine them out of existence or pull their ability to do business.

The problem is the fines are always a pittance compared to the profit. 

The recent Apple settlement regarding Siri eavesdropping was $95 million. Big deal for a company that generates ~$391 Billion in Global Revenue per year. With a gross profit margin in the 43% range.  

The days of symbiotic commerce are long gone. 

"Mobile apps that implemented the SDK Routely (now owned by Allstate), Life360, GasBuddy, and Fuel Rewards – are alleged to have collected:

• mobile phone geolocation data, accelerometer data;
• magnetometer data; gyroscopic data;
• trip attributes (start time, end time, distance; GPS points (accuracy, position, longitude, latitude, heading, speed, GPS time, time received, bearing, and altitude of a consumer’s mobile phone);
• derived events (acceleration, speeding, distracted driving, crash detection, etc);
• and metadata (ad ID, country code, operating system User ID, device type, app version, and OS version).

Those apps initially request permission from users to access location data in conjunction with app features. But after an app integrated the Arity SDK, the user was also unwittingly enabled Arity to collect and resell all of that data.

I had both Gasbuddy and Life360 installed.  Now we know how all those 'free' apps are actually funded.

nderwater said:

I had both Gasbuddy and Life360 installed.  Now we know how all those 'free' apps are actually funded.

And they still run ads....

The simple solution is to stop buying car insurance. Then, everyone who does buy insurance will be stuck paying for YOUR higher rates!

win win!

Dusterbd13 said:

And here i am figuring out ahead of time how to disable the telematics in the maverick before I drive it home. 

How do we protect ourselves? Can we? Or are we pretty much rucked if we want to use apps and modern technologies?

The telematics control unit (TCU) is powered by fuse #11 in the passenger compartment fuse panel. The fuse panel is located under the dash in the passenger side footwell. 

I disabled mine and turned off wireless connectivity after dealing with multiple "deep sleep" events where the battery was low.

Sirius XM recently sent me a letter welcoming me to my trial subscription when I bought a used 2019 F150. I never contacted them or provided my name and address. The fine print said that I could opt out by calling their toll free number or by going online to create a new account so I can opt out of their service. The truck is now telling me that it wants to connect to WIFI so it can update to the most recent data. No thanks, it's fine as is.

I was wondering why I couldn't find any tin foil at the store today.  

In reply to Duke :

Turning your phone off just turns it off for YOU, not the manufacturer/service provider. The data collection rolls on.