Watch out how you connect to cars.
Here’s something to think about the next time you plug your phone into a rental car: The vehicle may be slurping up and recording all sorts of data, including your location, personal contacts, and even your text messages and web browsing.
That warning comes via a Federal Trade Commission blog post this week, which highlights a downside of so-called “connected cars.” The gist of it is that, today, a strange car is just like a strange computer, and consumers should be careful how them connect to them.
A blog post written by an FTC staff attorney describes how rental cars can not only access and record your cell phone data, but hold on to it for an indefinite period. The risk is obvious.
“Unless you delete that data before you return the car, other people may view it, including future renters and rental car employees or even hackers,” explains the post.
To reduce the risk, the FTC recommends consumers avoid using rentals cars’ USB ports to charge their phones, and rely on the cigarette lighter as a charging device instead. But while this is a nice suggestion, it may not be very practical because some cars don’t have a lighter port. Furthermore, many people don’t own the necessary adapter—meaning it’s much more likely they will just use their phone charger to plug into the USB port.
The FTC also recommends checking out the permissions setting on a car’s infotainment system, and granting access only to your phone’s music but not its contact list. The agency also recommends deleting any data from the system before returning the rental car.
Get Data Sheet, Fortune’s technology newsletter.
The latter ideas are good ones but still beg the question: Why can rental cars collect such information in the first place? If there was ever a case for lawmakers to mandate privacy-by-design, this seems like an obvious case: Congress or state attorneys general should simply forbid car rental agencies (or the phone carriers they partner with) from collecting phone data in the first place.
I reached out to the FTC to get more information about who exactly is collecting this day and why. I’ll update with more details if I hear back.
This new concern over data theft comes as the auto industry frets over other connected car vulnerabilities, including hackers taking control of vehicles.