[creeble]

Just to be clear, these are trackers from the web page, not trackers called by your car, correct?

I'm never surprised by the web trackers (which my ad blocker generally filters too), but 3rd-party trackers called from devices/vehicles seems more insidious.

Although the car / IoT companies can just as easily outsource the data once they have it anyway.

[Nextgrid]

They however still have access to the JS context and thus the authenticated session when you are on the website. They can most likely exfiltrate all the data visible on the page and maybe even the auth token for further server-side misuse after you've closed the page.

[sfaxon]

Yes, this is from the web page. Where I can manage my vehicle (see VIN, etc) and has my home address, dealer information, etc.

I would be interested to hear of a way to intercept internet traffic between the vehicle and the internet.

[waterheater]

If you're being extra paranoid, you'd need to spoof a cell tower. Spoofing a Wifi AP and monitoring traffic with Wireshark gets you network traffic, but you can't know if the vehicle sends certain information exclusively over the cell network, short of on-vehicle firmware and software analysis. Also, if you wanted to go with the Wifi approach, you need to force Wifi connectivity, which would probably mean going outside of cell tower coverage or unplugging the vehicle's cellular antenna, both of which may affect what the car transmits.

[hedora]

Our GMC's telemetry showed up on the "list of crap you can delete" in my unused facebook account.