The idea sounds simple enough: replace your metal license plate with a digital screen that automatically updates your registration, displays personalized messages, and looks futuristic on your bumper. But digital license plates — connected IoT devices bolted to the back of your car — introduce privacy and security risks that go far beyond anything a stamped piece of metal ever could. From real-time GPS tracking to a confirmed data breach that exposed vehicle locations and owner information, here is what you need to know before going digital.
What Are Digital License Plates?
Digital license plates are electronic displays that replace traditional metal plates. The leading manufacturer is Reviver, whose RPlate product connects to cellular networks to transmit registration data, display your plate number on an e-ink or LCD screen, and offer features like automatic registration renewal and stolen vehicle alerts.
The cost is significant: roughly $700 for the plate hardware plus a $19.95 monthly subscription to maintain connectivity and features. Digital plates are currently legal in California, Arizona, and a growing number of other states — though Michigan terminated its contract with Reviver in 2023, forcing approximately 1,700 drivers to revert to traditional metal plates.
The Privacy Problem With Connected Plates
A traditional metal license plate is a passive object. It displays a number and does nothing else. It does not know where you are, it does not phone home, and it does not store data about your movements.
A digital license plate is fundamentally different. It is a networked computer with a cellular connection, GPS capability, and a persistent link to a company's servers. This architecture creates several categories of privacy risk:
Persistent Location Tracking
Digital plates can transmit GPS location data in real time. This means a complete record of everywhere your vehicle goes — your home, your workplace, your doctor's office, your place of worship, the homes of people you visit — could be collected, stored, and potentially shared or subpoenaed.
The Electronic Frontier Foundation (EFF) fought against GPS tracking in digital plates when California first considered legalizing them. The original legislation, AB 984, would have explicitly allowed GPS trackers in the plates. A compromise was eventually reached to prohibit GPS in passenger vehicle plates, but Reviver later pushed new legislation to enable GPS tracking in commercial vehicle plates — a category that includes many pickup trucks and SUVs.
Movement Pattern Analysis
Even without continuous GPS, the cellular connection in a digital plate reveals location data every time it communicates with a cell tower. Over time, this creates a detailed pattern of your daily movements — when you leave home, where you go during the day, how often you visit certain locations, and what routes you take. This data is extraordinarily revealing and valuable to advertisers, insurers, law enforcement, and data brokers.
Registration and Identity Data
Your digital plate is directly linked to your vehicle registration, which connects to your name, address, and other personally identifiable information. Unlike a metal plate that simply displays a number, the digital plate's backend systems hold your identity data in a connected database — creating a single point of failure if that database is breached.
Warning: The Reviver Data Breach
In late 2022, security researchers discovered that Reviver's systems had been compromised. Hackers were able to track vehicles via GPS in real time, access users' personal information, alter the text displayed on plates, and even mark vehicles as stolen — potentially triggering law enforcement stops of innocent drivers. The breach demonstrated that the risks of connected license plates are not theoretical. They are real, confirmed, and have already been exploited.
The Reviver Breach: A Case Study in IoT Risk
The Reviver breach deserves closer examination because it illustrates the unique dangers of connecting a government-mandated identification device to the internet.
Security researchers found they could access Reviver's backend systems and gain "super admin" privileges. With that access, they could:
- Track any digital plate in real time via GPS, revealing the exact location of every Reviver-equipped vehicle
- Access personal information of plate owners, including names and addresses tied to vehicle registrations
- Change the plate display text remotely — meaning an attacker could alter your plate number or display arbitrary messages
- Flag vehicles as stolen in the system, which could cause law enforcement to conduct a felony traffic stop on an innocent driver
Shortly after this breach became public, Michigan terminated its contract with Reviver entirely, requiring all 1,700 drivers with digital plates to return to metal plates. The timing was notable: the breach occurred shortly after Reviver had secured approval for GPS-enabled plates on commercial vehicles — the very capability privacy advocates had warned about.
Function Creep: Where This Could Lead
One of the most concerning aspects of digital license plates is the potential for function creep — the gradual expansion of a technology's use beyond its original purpose. A plate that today displays your registration number could tomorrow:
- Display targeted advertisements based on your location or driving patterns
- Share driving behavior data with insurance companies to adjust your premiums
- Provide real-time location data to law enforcement without a warrant
- Feed movement data to data brokers who sell it to marketers, private investigators, or anyone willing to pay
- Enable geo-fencing that restricts or monitors vehicle access to certain areas
None of these scenarios require new hardware. The plate already has a screen, a cellular connection, and GPS capability. It only requires a software update and a change in policy — or a change in who owns the company.
Digital Plates Add to Your Data Broker Footprint
Your vehicle registration is already one of the data points that data brokers use to build profiles on you. A digital license plate adds real-time location data, movement patterns, and connected-device metadata to that profile. If you are working to reduce your digital footprint, PrivacyOn helps from the other side — removing your personal information from 100+ data broker and people-search sites so that less of your identity is available to be cross-referenced with vehicle tracking data.
Cybersecurity Risks Beyond Privacy
Digital license plates are IoT devices, and IoT devices have a well-documented history of poor security practices. The risks extend beyond privacy:
- Plate spoofing: If an attacker can change the displayed plate number, they can commit crimes that are attributed to someone else's vehicle.
- Denial of service: Disabling or blanking a plate remotely could make a vehicle appear unregistered, leading to traffic stops or impoundment.
- Firmware attacks: Malicious firmware updates could turn plates into surveillance devices or entry points for attacking other vehicle systems.
- Supply chain risks: If the manufacturer goes out of business, is acquired, or changes its privacy policy, all existing plates are affected simultaneously.
What You Can Do
If you are considering a digital license plate or already have one, here are practical steps to protect yourself:
Think Twice Before Adopting
The convenience features of digital plates — automatic registration renewal, stolen vehicle alerts, personalized messages — are genuinely appealing. But the privacy and security trade-offs are substantial. A traditional metal plate provides the same core function (legal vehicle identification) with zero cybersecurity risk and zero data collection. The Reviver breach proved that the risks are not hypothetical.
If You Already Have a Digital Plate
- Review the manufacturer's privacy policy carefully and understand what data is collected, how it is stored, and who it is shared with
- Disable GPS tracking if the option is available in your account settings
- Use a unique, strong password for your plate account — the Reviver breach showed that account compromise gives attackers control over your plate
- Monitor for news about security vulnerabilities affecting your plate manufacturer
- Consider whether the convenience benefits justify the ongoing privacy risks
Reduce Your Broader Digital Footprint
Your digital license plate is one node in a much larger network of personal data. Vehicle registration records, driving history, location data from your phone, and information from data brokers all combine to create a comprehensive picture of your movements and identity. Reducing the data that brokers hold on you limits what can be cross-referenced with vehicle tracking data.
PrivacyOn continuously monitors over 100 data broker and people-search sites for your personal information, submits removal requests, and watches for reappearance. The less personal data that exists in broker databases, the harder it is for anyone — advertisers, hackers, or bad actors — to combine vehicle tracking data with your identity to build a complete surveillance profile.
Support Privacy-Protective Legislation
The EFF's fight against GPS in digital plates shows that advocacy works — the original California legislation was amended to remove GPS from passenger vehicle plates. Support organizations and legislation that push for strong privacy protections in vehicle technology, including requirements for data minimization, breach notification, and explicit opt-in consent for any tracking features.
Digital license plates represent a broader trend: the transformation of everyday objects into connected, data-collecting devices. Understanding the privacy implications before adopting these technologies — not after a breach makes headlines — is the most effective way to protect yourself.