Decoding the $400 Billion Secret Hiding Inside Your Car
Connected cars generate billions in data, yet drivers get nothing. Can DIMO rewrite the rules?
Part I: The Illusion of Privacy
Do you also get frustrated trying to claim your car insurance and end up paying out of pocket anyway?
You’re not alone.
Most people assume that having insurance means peace of mind, but when time comes to use it, they’re hit with complex paperwork, vague policies, endless calls, and more often than not, rejected claims.
I’ve seen it myself. My father once had to justify how a minor accident happened, complete with pictures and a written explanation. The result? He preferred to directly pay without claiming insurance. Not because the damage wasn’t real but because the process is designed to make it easier for companies to say no than to pay up.
Until now, like most of you, I thought turning off my smartphone's location meant no one could track me. But that’s not the case.
Your car is tracking you too. And unlike your phone, you don’t get a push notification asking for permission. Most modern vehicles are equipped with telematics systems that automatically record your location, driving behavior, and even when and where you brake often without your explicit consent.
General Motors, for instance, was recently banned by the FTC (USA) from selling user data for five years after it was caught secretly sharing precise geolocation data through its OnStar service even after users unsubscribed. But they were already profiting from it for years.
They Steal Your Data. Then Sell It Back to You
Driving patterns, acceleration behavior, routes, average speed, battery usage, it's all being captured. And the worst part? You never knowingly agreed to share most of it.
While you wrestle with insurance claim forms, automakers and insurers are quietly buying and selling your driving behavior.
Are you a cautious driver?
Do you brake late?
Do you drive in high-risk zones?
These patterns are bundled, analyzed, and sold to insurers to set your premiums. It is also sold to other third parties like -
Developers use it to build in-car apps, powered by your behavior and preferences.
Advertisers use it to track footfall patterns near retail locations.
Fleet managers use it to optimize logistics.
Urban planners use aggregated vehicle data to design smart traffic systems.
You and I generate a gold mine of driving data every time the wheels turn, yet we’re cut out of its value. McKinsey projects the connected-vehicle data market could reach $400 billion by 2030. Today that value travels through a long, opaque chain depicted below, leaving no value for the true data owner.
Exhibit: Current Vehicle Data Value Chain
Who Really Owns Your Driving Data?
What makes this chain so complex is that a car isn’t made by just one company.
Take the Toyota Innova Crysta, for instance. While Toyota designs and assembles it, the actual parts come from hundreds of suppliers around the world. Bosch might build the braking system. Denso could provide the air conditioning controller. Harman might handle your infotainment setup, while a company like Continental supplies the electronic parking sensors and cameras.
In short: your car is a network of computers and components built by dozens of different manufacturers.
Yet somehow, Toyota or any carmaker becomes the sole owner of the data.
All these modern vehicles are equipped with multiple sensors, radars, LiDARs, GPS modules, and cameras to monitor everything from tire pressure, motor load, and fuel levels to collision detection and battery health.They also understand the environment and assist in real-time driving decisions like when you’re using the back-gear or parking your car. So all of these devices generate raw data every second as you drive.
This data travels through your car’s internal communication network called the CAN bus (Controller Area Network) to the Telematics Control Unit (TCU), which acts as the car’s external communicator. The TCU transmits this information including behavioral, diagnostic, and location data directly to the automaker’s cloud via 4G, 5G, or Wi-Fi connectivity making them the owner of your vehicle data. So while dozens of companies build your car, it’s the OEM that holds the keys to your data. They control how it's stored, who can access it, and most importantly how to make money from it.
How It All Started?
Source: GMR, DAIR System
When automakers first introduced these connected features, the goal wasn’t to spy on you, it was to protect you.
As early as 1966, General Motors envisioned something called DAIR - Driver Aid, Information and Routing System. It was a bold idea, a system that could help drivers navigate, avoid traffic, and stay safe. But the world wasn’t ready yet. Wireless infrastructure was primitive. Satellites were yet in their infancy. And cell networks? Barely existed.
Fast forward to 1996, and GM’s dream finally took shape, OnStar. Initially rolled out in Cadillac models, it was a revelation. With just the press of a red button, drivers could call for help in an emergency. A blue button connected them to a real-time human assistant (OnStar Call Centre) to locate restaurants, reroute travel, or help with flat tires. And if you got into a crash and the airbags deployed? The car called 911 before you could even reach your phone.
It worked.
Source: Onstar
In 2001, a Cadillac stolen in Los Angeles was recovered within hours thanks to OnStar's GPS tracking. The thief had no idea he was broadcasting his location straight to the cops. Real-time tracking, remote diagnostics, emergency response - these weren’t gimmicks. They were changing lives.
It didn’t take long for others to follow.
BMW rolled out BMW Assist in 1997-98. Mercedes launched TeleAid by 1999. Honda brought Internavi to Japan. Ford introduced Rescue, which later evolved into SYNC with Microsoft. Each new version came with better navigation, improved crash alerts, and real-time vehicle health monitoring.
And with every leap in wireless and satellite infrastructure, the possibilities multiplied.
Cars could now send automatic crash reports, diagnose engine problems remotely, and remind you of service schedules. GPS-based navigation replaced paper maps. Lost cars could be tracked. Stranded drivers rescued. Over time, your car became more than a vehicle- it became a connected computer on wheels.
For a while, it all felt like magic.
You could speak to your car. Get real-time support. Be safer on the road.
But then something subtle happened.
The same systems that were designed to protect you quietly evolved into systems that monitored you.
That very GPS signal that helped police recover stolen vehicles? It didn’t turn off when the car was returned to you.
That emergency microphone that listened for your voice? It wasn’t always muted.
At some point, the narrative shifted. The car stopped serving you. It started observing you.
Today, that once-revolutionary “blue button” is just one part of a much larger, invisible surveillance machine.
You probably never noticed when it crossed the line. But your car did.
Today, your vehicle doesn’t just know where you drive. It knows who you are. A recent investigation by the Mozilla Foundation, which reviewed 25 major car brands, called modern vehicles the “worst product category for privacy” they had ever reviewed. Yes, worse than smart TVs, worse than your voice assistant that listens 24/7 or even social media apps.
So what’s actually being collected? Everything. They often tap into your phone, access your contact list, read your messages, and track your in-car conversations. They know when you're home, what route you take to work, what restaurants you frequent, and how aggressively you drive. They can even access your sexual activity, health diagnosis, and genetic information.
Yes, you read that right.
Nissan explicitly states in its privacy policy that it may collect data related to your "sexual activity," "health diagnosis," and "genetic information." It doesn’t end there, Nissan also states it reserves the right to share this data with law enforcement, advertisers, and data brokers. Tesla, BMW, Kia, Ford, Toyota, nearly every major carmaker Mozilla reviewed was found collecting sensitive user data.
And it’s not just the driver being watched. Any passenger who steps into your car could unknowingly be swept into the data dragnet. And if they connect their phone to charge or stream music, the car gains access to their contacts, call logs, calendar entries, browsing history, and app data, without ever asking them directly. Today, sitting in someone’s car is a lot like handing your phone over to the automaker.
All of this information is collected on the pretext of business purposes, providing better & improved services and relevant marketing. Early this year, Honda proudly presented a feature where an AI-powered assistant talks to you in the car and says: “Tell me more about yourself.” They marketed it as a step toward deeper user connection but it’s really a chatbot disguised as a data miner.
How are they getting away with this?
By hiding behind vague, bloated fine print and consent forms no one reads and you unknowingly clicked "Agree" to when buying the car. Most automakers have five to six different privacy documents, each tens of pages long. Toyota has 12. They’ll say something like this on the top popup: “To enable safety features or theft protection, certain vehicle data may be transmitted.” But what they don’t say out loud is that they will also collect all the personal information even what is nowhere related to the car or its features and have a right to sell it to third parties.
Exhibit: Comparison of discoverability of privacy terms for connected cars
(A green symbol in the second column does not mean the brand’s terms provide high-quality privacy protection, but only that the terms could be discovered using reasonable efforts.)
Source: UNSW Sydney Research
What’s the worst part is that automakers collecting this sensitive data often fail at protecting it. There have been multiple data breach incidents reported by Mercedes-Benz, Tesla, Volkswagen, and Audi among others. Millions of records names, addresses, driving data left exposed on insecure servers. In one case, two security researchers were able to access Subaru’s internal systems and retrieve full location history, vehicle control functions, and personal details like names, phone numbers and addresses of consumers. So not only are they watching, they’re failing to lock the doors.
And if you try to disable it? Good luck. Some automakers will disable basic features like crash detection, stolen vehicle recovery, or remote lock/unlock access unless you “consent” to data collection. They say it’s for your safety. But it’s really for their profit.
Source: Tesla Privacy Policy
We’ve been made to believe that driving is our me time. You sing along to old songs. You vent after a bad day. You cry quietly. You make calls you wouldn’t in public. It’s where you rehearse speeches, confess secrets, or just enjoy silence.
But what feels private… isn’t.The car feels like an extension of our personal space, but now, that sacred space has become a listening post. And unlike your phone, there’s no “Airplane Mode” for your car’s tracking system. You can’t simply switch it off. You can’t opt out. Because the system isn’t built for you. It’s built for them. So next time you enter your car, remember: You’re not alone in there. Someone is always listening. Watching. Logging. And you never even got to say no.
Part II: The $750 Billion Irony
Now here’s where it gets ironic.
Despite having exclusive access to all your data, automakers have barely scratched the surface when it comes to actually monetizing this data. Back in 2016, McKinsey estimated that connected vehicle data could unlock a $750 billion market by 2030. A goldmine waiting to be tapped. Two years later, that forecast was slashed to $450 billion. Today? The value actually captured sits closer to $95 billion.
That’s less than 15% of what was originally projected.
So not only do carmakers track you without your permission, but they’ve also spent the last decade sitting on one of the most underutilized datasets in the world. The problem isn’t that cars don’t produce enough data. In fact, modern vehicles can generate upto 25 GB per hour, far more than a smartphone. But while tech companies like Apple, Google, and Meta built entire service ecosystems around data - app stores, cloud backups, targeted ads, payment systems, automakers largely failed to evolve beyond their manufacturing DNA.
They were hardware companies trying to win in a software world.
The biggest friction? Control.
Instead of opening up data ecosystems, they clung to the old model: control everything, build it in-house, don’t let outsiders in. They feared losing data ownership to Silicon Valley. Letting Apple or Google inside the car wasn’t just about software integration - it was about power. Who controls the dashboard, controls the user relationship. And who controls the user, controls the data so initially most automakers resisted to integrate these systems into the vehicles.
This mindset led to years of delays, limited user features, and an unwillingness to collaborate with software-native companies. Google Maps, for instance, had long established itself as the gold standard in navigation. But most OEMs refused to adopt it. Instead, a consortium of major automakers (Audi, BMW, and Daimler) bought and backed a competing service, HERE Maps, spending billions trying to build a walled garden yet none of it matched the simplicity, speed, or relevance of Google Maps. The goal wasn't a better experience. The goal was control.
The same resistance played out across every connected feature.
While your iPhone could update overnight with over the air updates, your car’s infotainment system might take years to receive a basic UX improvement, if at all. Features were rolled out slowly, regionally, and often poorly. Automakers lacked the agile software teams, DevOps cultures, or rapid update pipelines that defined the consumer tech giants.
And that wasn’t the only hurdle.
Many legacy carmakers still operated in fragmented organizational silos. Engineering teams didn't talk to data science teams. Business development had no idea what product teams were building. Cloud data sat unused because no one knew how to turn it into actionable services. Meanwhile, regulatory uncertainty especially around privacy made legal departments even more risk-averse.
This wasn’t just an organizational problem. It was deeply technical.
Each OEM collected data in its own siloed ecosystem - different formats, data types, and structures. A developer building a mobility app couldn’t simply “plug into cars’, for example: an insurer couldn’t access real-time risk data unless it negotiated separate agreements with every brand. A city planner couldn’t use connected vehicle data to optimize traffic lights because no two OEMs shared standardized feeds. The lack of interoperability crippled any ecosystem-level innovation.
The Battle to Unlock Car Data
If automakers couldn’t figure out how to unlock the value of connected vehicle data, maybe someone else could. That was the hope behind a new wave of Web2 startups that emerged between 2015 and 2022, flush with venture capital and ambition. The idea was simple: act as a bridge. Gather data from OEMs, standardise the broken data and sell it to developers, insurers, mobility services, anyone who could build meaningful applications using real-time vehicle data.
Each took a different path.
Startups like SmartCar and High Mobility partnered directly with automakers, securing access to official APIs that exposed telemetry like battery level, fuel range, and lock/unlock status. Mojio, on the other hand, bypassed OEMs entirely using cellular-connected hardware dongles plugged into the OBD-II port in vehicles to fetch live data. Others like Wejo went deeper still, accessing raw, high-frequency real time data every few seconds directly through OEM partnerships.
It felt like a data renaissance for mobility tech. But this promise was short-lived.
Regardless of whether they used cloud APIs, hardware dongles, or real-time OEM integrations, the core problems never went away.
Even the most well-funded platforms could partner with only a handful of automakers. Without wide-scale OEM participation, the data sets were always limited, not one startup had 100% data of all the cars. You can’t build smart traffic systems if you’re only seeing data of 12–15% of the vehicles on the road. That’s exactly what happened to Wejo, which partnered primarily with GM and Mercedes but ultimately filed for bankruptcy in 2023 due to high operational costs and burning over $100 million.
Otonomo, once seen as the go-to vehicle data marketplaces, fared no better. Despite raising money from top-tier investors and onboarding over 20 OEMs, it reported just $7 million in revenue in 2022 against a net loss of $130 million. Cloud costs, OEM royalty agreements, and moreover, poor data quality proved fatal. It was acquired by Urgently in 2023, its brand quietly absorbed.
Even Mojio struggled to scale beyond a certain point. It still relies on dongles, which limits future scalability as OEMs shift to cloud-connected services. Smartcar, on the other hand, fetches data through OEMs but since the data flows via their servers, some points may be withheld. It cannot assure 100% data coverage or real-time availability leading to inefficient data quality.
As these startups stumbled, OEMs also began selling data themselves. But the numbers were almost laughable.
Between 2020 and 2024, Hyundai reportedly earned just 61 cents per car from monetizing vehicle data. Honda earned 26 cents. After years of data collection, privacy controversies, and engineering investment, this was the output.
When automakers tried monetizing directly to the consumer, the backlash was swift. BMW's decision to charge $18/month to activate heated seats already installed in the car became a global PR disaster. It wasn’t about the money. It was about the principle: no one wants to pay for what they already own.
GM tried a different trick mandating a $1,500 “Connected Services” fee on certain vehicles, even if the buyer had no use for it. It was framed as a feature but felt like a tax.
So even after decades of harvesting data, automakers still don’t understand what consumers actually want or how to build business models around it. And until that shift happens, the connected car data goldmine will remain mostly untapped.
Exhibit: Organization Struggles in Accruing Connectivity Value
Source: McKinsey
Part III: When the Driver Becomes the Stakeholder
OEMs had the infrastructure. Web2 startups built the rails. But neither gave value to the one entity generating the most important signal in the entire system, the driver.
That’s where DIMO comes in. Instead of just solving data access for third parties, it flips the data value chain by keeping vehicle owners in control of their own data and lets them decide who gets access to it. It goes a step further by ensuring complete privacy, all data shared through DIMO is anonymized at the source. Their mission: to let users control, share, and monetize their car’s data directly with businesses and developers and get paid for it.
But how exactly does this model work?
To bring vehicle data online, DIMO, similar to Mojio, uses a hardware dongle plugged into the car’s OBD-II port. This LTE-enabled dongle streams real-time data such as trip logs, fault codes, fuel/battery levels, and engine diagnostics. To encourage adoption, DIMO distributed its native token ($DIMO) to users who bought and connected the device and shared their vehicle data. With the DePIN and passive income hype, the network grew rapidly, today over 180,000 vehicles are connected.
On the developer side, DIMO offers SDKs and APIs that allow third parties to build apps on top of this data. These can range from fleet management tools for ride-sharing companies to EV maintenance apps or usage-based insurance platforms.
Once your vehicle is connected, you can choose from apps built using DIMO’s SDK and grant access only to the ones you trust. Just like your phone prompts you to approve location or camera access when installing a new app, DIMO lets users decide which data to share and with whom. In return, those apps pay the user directly. For instance, ROIL, an EV-focused carbon offsetting app, claims it can pay up to $200 per year to all Tesla users who share EV charging data via DIMO. That’s real value for something drivers were already producing, but never rewarded for.
To further strengthen its value chain, DIMO is now actively building demand-side channels as well. It partnered with Grupo Kaufmann, one of the largest automotive dealership networks (Mercedes-Benz & others) in Latin America, to deploy its devices for data collection and product development. In Japan, DIMO has launched a joint venture with HAKUHODO KEY3, to expedite partnerships with key automakers in the region, as Japan currently produces close to 10% of the world's vehicles, including brands such as Toyota, Suzuki, and Honda.
But Here’s the Catch: The Data Layer Isn’t Perfect
To build high-utility apps, developers need deep, reliable, real-time data. And DIMO despite its user-centric model faces many of the same constraints that previous Web2 startups couldn’t overcome.
The OBD-II port, while useful, only exposes a limited data set, things like speed, mileage, fault codes, and fuel level. It can’t access richer behavioral or infotainment data needed for more advanced services like:
Usage-based insurance (where your premium adjusts based on real driving behavior)
Predictive maintenance (which forecasts issues before they occur to avoid costly repairs)
These applications typically require deeper diagnostics and driving behavior signals stored in OEMs’ cloud systems.
To bridge this gap, DIMO initially integrated Smartcar’s API, which offered direct access to OEM cloud data from newer, connected vehicles, especially EVs that don’t need dongles. But Smartcar’s API had limitations: it was slow (delays of up to 10 minutes) and lacked reliability for real-time applications. As a result, DIMO is discontinuing Smartcar API access from July 10, 2025.
The next step? Building direct integrations with OEMs.
But that’s a long road. Every automaker has its own cloud infrastructure, commercial terms, and data access policies. Tesla, for example, opened its official third-party API only in October 2023, and the estimated cost of using that API at scale is $60 million per year. With no unified standard, replicating this across multiple OEMs would be enormously expensive. So, in many ways, DIMO is still beholden to the very silos it aims to disrupt.
To address these gaps and make its ecosystem more open, DIMO now allows other third parties like companies and developers to bring in their own data sources to the platform. They call these parties, “Oracles”. That means DIMO is not limiting its source of data to the dongles/APIs access by them but anyone with access to useful vehicle data, like an automaker (say BMW) or a developer with a access to like an RTK antenna ( real-time, precise positioning location data), can link their data into the DIMO network. Vehicle owners can then choose to activate these new data sources and start sharing their data. Developers can use this enriched data through DIMO’s APIs to build apps. Since each data stream is different, DIMO takes care of cleaning and standardizing it, so app developers don’t have to. In return, both the vehicle owner and the Oracle earn a share of the data revenue whenever it’s used. It’s a way to grow the network faster by letting others contribute data and create more value for users.
Exhibit: Feature Gaps: OBD-II vs OEM Cloud Access
While DIMO has sold 470 developer licenses so far, most apps are still in development. At present, the DIMO app only provides users with basic telemetry data, information that most OEM apps like Tesla, Toyota, or Ford already provide. While users have granted consent to share their data with future apps, none of them are currently delivering value
DIMO’s vision of a fairer data economy is commendable, but fairness alone doesn’t cover operating costs.
Initially, DIMO subsidized LTE connectivity (via the SIM in its dongle) for three years. It also distributed base token rewards to drive adoption and bootstrap the network. Many early users recovered their device costs and made a small profit thanks to token incentives.
But things have changed.
As the token price dropped, so did returns. And in June 2025, DIMO announced that users would now have to pay a subscription, $2/month for basic connectivity (cellular and data storage) or $9/month for premium to stay connected and receive data insights. Both tiers would attract earning rewards from selling data. But the backlash was immediate.
Twitter and Discord lit up with complaints. Users, most of whom joined expecting passive income, now threatened to unplug or resell the device. Some misunderstood DIMO’s model entirely, assuming the company would pay for their data directly. In reality, only the apps (once built) will compensate users for data, not DIMO itself. The company had always indicated that cellular costs would eventually shift to users, but this nuance was lost on many. That misunderstanding speaks volumes about the gap in communication.
The real issue? Most users haven’t even recovered the hardware cost. And now they’re being asked to pay more in subscriptions than they earn in rewards. DIMO’s token incentives helped grow the network, but now user expectations are misaligned with actual utility.
To make the model work, DIMO must deliver apps that offer real, differentiated value, features that users can’t already get from OEM apps or popular third-party services like Tessie (Tesla ecosystem) or Bouncie (real-time GPS tracker) and Geotab (fleet management). So far, it hasn’t.
Most of the promised apps like ROIL (EV charging incentives ), Ownli (insurance), and Beacon (driving analytics) are still under development. The core DIMO app offers limited insight, and nothing compelling enough to justify ongoing subscriptions.
Exhibit: Vehicles consent to different apps on Dimo
In theory, developers will someday flock to DIMO to build apps, similar to how the iOS App Store flourished after the iPhone. But we’re not there yet.
Users expect earnings, but apps aren’t live.
Apps don’t launch because users aren’t active.
DIMO faces rising LTE costs and stagnant ecosystem growth.
Even Tesla, the most connected automaker, only launched its developer API in late 2023, and Tesla controls every layer: hardware, software, OS, and cloud.
DIMO doesn’t.
It depends on fragmented OEMs, consumer dongles, and developer goodwill. And as Wejo’s downfall showed, even real-time LTE-powered telematics data isn’t enough to build a sustainable business. Wejo raised $160M+, but couldn’t overcome the infrastructure costs and limitations of OEM cooperation. It went bankrupt in 2023.
DIMO is walking a similar tightrope.
The question now is: can it build enough consumer-facing utility apps users actually want before user patience and capital run out?
Beyond Dimo’s Control
But even with DIMO’s guardrails, a deeper problem persists, one they can’t solve alone.
Even after you connect your car to DIMO and give your consent to data sharing, your vehicle may still be communicating with your automaker’s cloud through its own embedded SIM, collecting and uploading your data entirely outside of your consent.
This “OEM shadow pipeline” is hard to disable. And unless legislation intervenes, there’s little stopping automakers from continuing to collect and monetize that data.
Some regions are waking up.
California’s CCPA and EU’s GDPR already recognize vehicle data as personally identifiable information (PII), giving users stronger rights to restrict access and request deletion.
But in most countries including India, Brazil, and several U.S. states, car data still floats in a legal grey zone.
Until global regulations evolve to protect vehicle owners by default, DIMO’s privacy promise remains one-sided, secure on the app layer, but still vulnerable at the OEM core.
My Opinion: A Bold Idea Still in Beta
For all the hype around connected vehicles, the truth is far more sobering: we’re years into a data gold rush where the miners still don’t know what to do with the gold.
DIMO, in that sense, is both a necessary rebellion and a brutal reminder. It challenges the status quo by putting users at the center, not as products, but as participants. And yet, for all its ideological clarity, DIMO still finds itself tangled in the same structural limitations that crippled the Web2 generation of vehicle data startups.
You can’t build a consumer app ecosystem on idealism alone. You need real-time data. Reliable pipelines. Developer incentives. And most of all, user utility that doesn’t just feel good, but works better than what already exists.
DIMO might be early. Or it might be a stepping stone. But the real takeaway is this: until regulators force OEMs to comply with privacy policies, unlock the data they hoard, and until someone makes car data as easy to use as a smartphone API, no model - Web2 or Web3 - will scale as fast as the market projections pretend.
The future of connected vehicle data doesn’t just need innovation. It needs access, accountability, and alignment. DIMO is trying. But trying might not be enough.