You already know your phone tracks you. That's table stakes at this point. But what about your car? Your smart TV? The robot vacuum quietly circling your living room? These are not hypothetical threats. Real companies have sold real data on real people — sometimes without their knowledge, sometimes without consequence. A robot vacuum captured intimate images inside private homes. A car manufacturer sold driving behavior to insurance companies without telling drivers. A utility company shared power usage data with police that led to raids on innocent households.
1. Your Car
Modern vehicles are sensor platforms that also happen to transport you. They record location history, driving behavior, and — when you connect your phone — your contacts, messages, and call logs. That data doesn't just stay on the car.
In 2025, the FTC took action against GM and OnStar after discovering they were selling detailed driver behavior data — speeding events, hard braking, nighttime driving patterns — to credit agencies and insurers. Drivers had their coverage raised or denied based on information they didn't know was being collected or sold. Mozilla reviewed 25 major car brands and called them the worst product category they had ever evaluated for privacy. More than half indicated they would hand over data to law enforcement on request. Several claimed that being a passenger in the vehicle constituted consent to data collection.
Think about what your car knows: your daily commute, your child's school, your doctor's office, your late nights, your weekend patterns. It's a detailed map of your life. And if you sell the car or return a rental without wiping it, the person who drives it next may have access to everything you synced.
Read Also:
Frank Line Tech
Open your manufacturer's app and opt out of data sharing, trip history, and vehicle improvement programs — the setting is usually buried in Privacy or Connected Services. Don't sync your full contact list or messages unless you have a specific reason to need them in the car. Before selling a vehicle or returning a rental, run a factory reset through the infotainment system. And skip driver monitoring programs and insurance telematics plug-ins — the data they collect follows you long after you cancel.
This is one of the highest-risk items on this list because the data is detailed, it leaves your control, and companies have already demonstrated they will monetize it.
2. Your Smart TV
Your television is watching you back. Most major smart TV brands ship with Automatic Content Recognition (ACR) enabled by default. ACR works by continuously sampling what's displayed on screen — frames of video, seconds of audio — and matching those samples against a database to identify what you're watching. This happens across streaming apps, cable inputs, and HDMI connections. If you plug in a gaming console, the TV can still fingerprint the content.
In 2017, Vizio was caught collecting second-by-second viewing data on millions of televisions and selling it to third parties without disclosure. They settled for $2.2 million. Subsequent research has continued to find ACR running quietly on TVs from major manufacturers, often with data going to advertising networks.
Read Also:
Frank Line Tech
Go into your TV settings immediately and disable ACR — it may be called "Smart Interactivity," "Viewing Data," or "Interest-Based Advertising" depending on the brand. On LG: Settings → All Settings → Support → Privacy & Terms. On Samsung: Settings → Support → Terms & Privacy → Viewing Information Services. Turn off built-in microphones and voice assistants if you don't use them. If you want streaming apps without the tracking, keep the TV itself offline and use a dedicated streaming device — Apple TV is designed without ACR; a Raspberry Pi running Kodi keeps everything local. Advanced users can block known ACR endpoints at the router level using Pi-hole or custom firewall rules.
If you haven't checked these settings yet, assume ACR is on. That's what the defaults say.
3. Your Smart Meter
Analog electricity meters gave utilities one number per month: total consumption since the last reading. Smart meters changed that. Most log usage in 15-minute intervals — some more frequently — and transmit readings automatically. That granularity creates a new kind of data: a detailed activity signature of your home.
A technique called Non-Intrusive Load Monitoring (NILM) can analyze that usage pattern and infer which appliances are running and when. Your coffee maker has a distinct electrical fingerprint. So does your CPAP machine, your EV charger, your TV. With enough resolution, a utility — or anyone with access to the data — can determine when you wake up, when you leave, when you go to sleep, and when the house is empty.
In Sacramento, a lawsuit alleged that a local utility shared detailed consumption data with law enforcement, and police used the patterns to flag households as suspected illegal cannabis growers. Some of the resulting raids targeted innocent people. In 2018, the Seventh Circuit Court ruled that smart meter data collection qualifies as a Fourth Amendment search — but allowed it to continue on the grounds that it was reasonable. Collection kept going.
State-level opt-out options vary widely. California, Texas, Ohio, Maine, Vermont, Maryland, and Massachusetts have statewide policies allowing customers to opt out of frequent readings or radio transmission — other states handle it case by case. Call your utility and ask how often your meter reports, how long they retain detailed usage data, and who they share it with. If an opt-out, monthly-total reading, or non-communicating meter is available, take it.
4. RFID Tags in Clothing
This one gets a lot of attention online, and the concern is partially valid — but the threat is routinely overstated.
Passive UHF RFID tags (the kind sewn into clothing for retail inventory) have no battery and no ability to broadcast. They only respond when a powered reader is close enough to activate them. Your phone's NFC chip reads at 13.56 MHz; most retail inventory tags operate around 900 MHz. Your phone cannot read those tags. Tracking you in the wild would require hidden readers placed at every location you visit — technically possible, but logistically impractical at any meaningful scale.
The closest real example: Kmart Australia tested fitting room screens that displayed the items a customer carried inside, using tag readers mounted at the doorway. That's a legitimate privacy concern inside the store. It's not tracking you on the street.
Low priority compared to the other five items here. If you want certainty, ask the cashier to deactivate or cut the tag at checkout. But don't lose sleep over it.
5. Hotel Key Cards
Every tap of a hotel key card generates a log entry: the card ID, the door, and the timestamp. That creates a timeline of your movements through the property — when you left your room, when you returned, which amenities you accessed.
On the security side, older card systems have documented vulnerabilities. Early Mifare Classic locks and certain hotel safe locks have been shown to be cloneable using inexpensive off-the-shelf hardware. Many properties have upgraded, but not all. If you're in a property you're not confident about, use the deadbolt and security latch when you're inside the room — this blocks mechanical entry regardless of card system vulnerabilities. A portable door jammer adds another layer if you're traveling somewhere you don't fully trust. Leave valuables with you rather than relying on in-room safes where the lock security is unknown.
This is more of a physical security concern than a data privacy one, but it's worth understanding what those card taps are recording.
6. Robot Vacuums
In 2022, iRobot was testing next-generation Roomba models equipped with cameras. Test units used by real families captured images inside their homes. Those images — including one of a woman sitting on a toilet — were handled by contractors in other countries, shared in private online groups, and eventually obtained and published by journalists. These were labeled as development hardware, not retail units. But the incident shows exactly what is at stake when a device that physically navigates your home also sends data to the cloud.
Robot vacuums are one example of a broader pattern. Smart thermostats learn your occupancy schedule with high precision. Doorbell cameras log every arrival and departure. Connected appliances contribute fragments of behavioral data. Individually, each piece seems minor. Together they form a detailed portrait of your private life — when you're home, when you're alone, your routines, your habits. Once that data leaves your network, you have no meaningful control over it.
Open the app for each smart home device and disable cloud uploads, remote mapping storage, and continuous video or image logging where you don't actively need them. Prefer devices with local-first architectures where data stays on your network — Home Assistant is worth looking into for centralizing smart home control without cloud dependency. Before selling, donating, or discarding any connected device, factory reset it and delete any associated cloud account data through the manufacturer's portal.
Your car and your smart TV are the active, documented threats — companies have already been caught monetizing data in ways that harmed people. Smart meters have already been used in law enforcement in ways courts are still sorting out. Robot vacuums illustrate what the next wave of incidents might look like as cameras move deeper into private spaces.
What ties all of this together is a consistent pattern: data is collected because it's technically possible and commercially valuable, defaults are set to share, and disclosure is minimal. The privacy policies that technically cover this collection are written to be agreed to, not read.
This isn't a reason to rip out your smart home. It's a reason to spend thirty minutes going through your device settings and know what you've connected. Every device that touches your network is a potential data source. The incidents above aren't worst-case projections. They already happened.
