How Bike-Sharing Services And Electric Vehicles Are Sending Personal Data To The Chinese Government

from the why-we-can't-have-nice-things dept

A year ago, Techdirt wrote about the interesting economics of bike-sharing services in China. As the post noted, competition is fierce, and the profit margins slim. The real money may be coming from gathering information about where people riding these bikes go, and what they may be doing, and selling it to companies and government departments. As we warned, this was something that customers in the West might like to bear in mind as these Chinese bike-sharing startups expand abroad. And now, the privacy expert Alexander Hanff has come across exactly this problem with the Berlin service of the world’s largest bike-sharing operator, Mobike:

data [from the associated Mobike smartphone app] is sent back to Mobike’s servers in China, it is shared with multiple third parties (the privacy policy limits this sharing in no way whatsoever) and they are using what is effectively a social credit system to decrease your “score” if you prop the bike against a lamp post to go and buy a loaf of bread.

Detailed location data of this kind is far from innocuous. It can be mined to provide a disconcertingly complete picture of your habits and life:

through the collection and analysis of this data the Chinese Government now likely have access to your name, address (yes it will track your address based on the location data it collects), where you work, what devices you use, who your friends are (yes it will track the places you regularly stop and if they are residential it is likely they will be friends and family). They also buy data from other sources to find out more information by combining this data with the data they collect directly. They know what your routines are such as when you are likely to be out of the house either at work, shopping or engaging in social activities; and for how long.

As Hanff points out, most of this is likely to be illegal under the EU’s GDPR. But Mobike’s services are available around the world, including in the US. Although Mobike’s practices can be challenged in the EU, elsewhere there may be little that can be done.

And if you think the surveillance made possible by bike sharing is bad, wait till you see what can be done with larger vehicles. As many people have noted, today’s complex devices no longer have computers built in: they are, essentially, computers with specialized capabilities. For example, electric cars are computers with an engine and wheels. That means they are constantly producing large quantities of highly-detailed data about every aspect of the vehicle’s activity. As such, the data from electric cars is a powerful tool for surveillance even deeper than that offered by bike sharing. According to a recent article from Associated Press, it is an opportunity that the authorities have been quick to seize in China:

More than 200 manufacturers, including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed electric vehicle start-up NIO, transmit position information and dozens of other data points to [Chinese] government-backed monitoring centers, The Associated Press has found. Generally, it happens without car owners’ knowledge.

What both these stories reveal is how the addition of digital capabilities to everyday objects — either indirectly through smartphone apps, as with Mobike, or directly in the case of computerized electric vehicles — brings with it the risk of pervasive monitoring by companies and the authorities. It’s part of a much larger problem of how to enjoy the benefits of amazing technology without paying an unacceptably high price in terms of sacrificing privacy.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “How Bike-Sharing Services And Electric Vehicles Are Sending Personal Data To The Chinese Government”

Subscribe: RSS Leave a comment
Christenson says:

Anonymized and controlled transmissions

Dear Mr Moody:
The big issue I see with all these IoT devices (bikes, cars, vehicle to vehicle and vehicle to infrastructure communications, etc) is twofold:
a) *nothing* is anonymous — I can’t think of a protocol that doesn’t require some kind of unique address somewhere
b) *complete* loss of control over the datalinks to the endpoints. (not that ALPR isn’t the same issue).

Looking at you Tesla, but I don’t *want* your remote software updates or real-time tracking. And I don’t want the vulnerability surface that the remote RF/Cellular/Internet data link presents. I can bring my own “infotainment”/”smartphone”/whatever for that.

Anonymous Coward says:

Re: Anonymized and controlled transmissions

The bigger issue is that companies and governments just have to keep all the data so that they can build profiles of people. It’s one thing to know where a bike or vehicle is now, and quite another to keep a history of where its been. The first can be a benefit to people in the vent of a crash being detected, the second is what marketeers desire to manipulate people, and governments to control people.

mcinsand (profile) says:

Re: Anonymized and controlled transmissions

My wife just bought a new car that she really likes, but the bells and whistles bother me a lot. She handed me a key fob for me, and the car senses when the fob is in the car to adjust seat and settings for me. That disturbs me, since the car is connected, acts as a wifi hotspot, and also has a blackbox to track the car’s data.

Don’t think I’m not aware that just carrying a smartphone means that I’m tracked. I’m not comfortable with it, though I know that the data would (should) just prove that I’m one of the most boring people in the world and clear me if there were ever in the need. Still, we should have some privacy.

Anonymous Coward says:

Re: no such thing as a free lunch, er cheap bike sharing.

Agreed. In addition I have noticed more businesses who want to scan your drivers license prior to purchase, typically things like booze, pharma, and smoking material where there is an age restriction. They claim it is to address fake ids with wrong info. I find this excuse to be rather weak and a bit dishonest. Surely photo/face id/recognition will soon follow. I doubt anyone is considering the future problems this will cause.

Max (profile) says:


I will NOT. EVER. buy a car that has a data uplink – I’d sooner revert to riding a bike if I must (it’s tons more fun anyway only a helluva lot less convenient). And yes, my phone’s GPS is OFF 99.999% of the time. So are “location services”. And apps that ask for location permissions unceremoniously get the boot. Yeah, my mobile carrier must have a fairly good idea where I go, not much I can do about that – others though… good luck.

So go on, ask me whether I would use this service…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...