Car Manufacturers Are Tracking Millions of Cars (boingboing.net) 116
Cory Doctorow writes:
Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print.
Slashdot reader Luthair adds that "OnStar infamously has done this for some time, even if the vehicle's owner was not a subscriber of their services." But now 78 million cars have an embedded cyber connection, according to one report, with analysts predicting 98% of new cars will be "connected" by 2021. The Washington Post calls it "Big Brother on Wheels."
"Carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do."
Slashdot reader Luthair adds that "OnStar infamously has done this for some time, even if the vehicle's owner was not a subscriber of their services." But now 78 million cars have an embedded cyber connection, according to one report, with analysts predicting 98% of new cars will be "connected" by 2021. The Washington Post calls it "Big Brother on Wheels."
"Carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do."
Used? (Score:5, Interesting)
What about second-hand buyers? They don't typically sign a contract with original dealer or manufacturer.
Re: Used? (Score:1)
Well, hack it then. Make the telemetry send back subtly wrong stuff - or even the occational buffer overflow.
Re: (Score:3)
Like changing your GPS coordinates so you drive in Antarctica or on the Atlantic ocean...
Re: (Score:3)
Have it say your spending all your time on Rodeo drive, Monaco, Manhattan shopping etc.
Bet you start getting freebee offers intended for dumb rich people.
Re: (Score:2)
Every weekday morning, it says I park in a spot at downtown federal building reserved for US Marshals. Go ahead and fuck with me, OnStar.
Re: (Score:3)
Putout tools to let every freeloader use the car companies access to get free 4G data on their phone.
Punish the bastards. Fuck them right in the wallet.
Also disconnect the cars cell/sat antennas. They have no legit use, assuming you weren't fool enough to buy the stock navi.
Re: (Score:2)
How are they going to catch you? If they make it part of the autobahn inspection, you just reconnect for the inspection.
Like I do with CARB legal parts before my smog inspection. Takes a few hours every two years (they can't see most of the good parts, being internal to the engine). Gas additives also help.
Those kinds of laws are needed in Europe. Europeans have too much respect for laws, every stupid one they pass is a help.
Re: (Score:2)
Motor vehicle inspections https://en.wikipedia.org/wiki/... [wikipedia.org]
No sending data back to the company and gov, no passing inspection.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re:Used? (Score:4, Insightful)
Vague and misleading clauses in contracts tend to be unenforceable. Therefore the use of that data in EU is unauthorised and on breach of data protection laws. It will be interesting to see if any information commissioners decide to prosecute. The UK one certainly has for a lot less.
Re: (Score:1)
This isn't a "dealt with for all EU in one go" thing like the Qualcomm monopoly case. This falls under the purview of the information commissioners of the member states as it breaks local laws in every one of them, meaning *each one can file separately*, complete with their own level of fines based on the specific legislation of the individual countries.
Re: (Score:2)
Re: Used? (Score:2)
Even better OnStar, uconnect and all others operate on cell phones. Cell phones that don't function if you don't pay the monthly subscription fee. So after a year or so that gets disconnected and that data no longer gets uploaded.
If you buy used odds are that it is disconnected after the bill stops bieng paid.
Don't pay for the service and they can't upload data.
Re: (Score:2, Informative)
From the article
"even if the vehicle's owner was not a subscriber of their services"
https://yro.slashdot.org/story/11/09/21/003259/onstar-terms-and-conditions-update-raises-privacy-concerns
Re: (Score:3)
I'm pretty sure OnStar at least has a backup way of getting data upstream, they've been caught. You have to disconnect the antenna, which they've made progressively harder.
We just need to extract the keys used and make custom SIMs. Free data forever, it's on GM.
Re: (Score:3)
Re: (Score:2)
Do DNS queries work? Then free internet.
Re: (Score:2)
Even better OnStar, uconnect and all others operate on cell phones. Cell phones that don't function if you don't pay the monthly subscription fee. So after a year or so that gets disconnected and that data no longer gets uploaded.
If you buy used odds are that it is disconnected after the bill stops bieng paid.
Don't pay for the service and they can't upload data.
You would think... But Uconnect has moved to over-the-air updates for their Entertainment systems. This means that the cell service would have to still be active even if the customer isn't paying for the add-on services.
Re: Used? (Score:1)
Honda knows I bought a used Honda and my name (I assume based on registration, they send me recalls about the airbag every month or so) seems easy enough for them to cancel on transfer if that's the case. Maybe even use direct mail to try n entice me into signing up for whatever monitoring they want to do.
Re: (Score:2)
What about second-hand buyers? They don't typically sign a contract with original dealer or manufacturer.
The contract forbids second-hand buyers.
I think this will end badly (Score:2)
Either roaming herds of killer cars, stalking prey in the cities.
Or more likely massive data breaches followed by ransomware on your car's display.
Maybe the manufacturers can make some extra money selling the data to their countries security agencies.
Re:I think this will end badly (Score:4, Insightful)
Insurers getting their hands on your data and 'optimizing' their policies to it.
Re: (Score:3)
Re: I think this will end badly (Score:3)
The auto insurance market functions much more closely to a free market than, for example, health insurance. It is viable for most people to switch auto insurers, they aren't stuck with whatever their employer picks. Thats an incentive for auto insurers to offer lower rates where possible, to incite people to switch. Currently they determine who the douches on the road are by proxy - do they drive
Re: (Score:2)
Re: (Score:3)
No need. Just don't pay for that service and the modem don't broadcast anymore.
It is opt in as you have to opt into paying for that service.
You only have to pay if you want them to provide a service to you. I doesn't mean they aren't continuously siphoning telematics and location information off your car for their benefit.
Re: (Score:2, Interesting)
The infotainment system in my 2012 Prius requires a tethered phone for its Internet uplink in order for its dumb little infotainment apps to work. I never set that up so the page full of apps is totally useless.
However! The MP3 player is somehow displaying cover art that is definitely not included in any ID3 tags or anywhere else on the USB flash drive. So it must be sending track title info ... somewhere ... somehow ... and getting JPEG images back.
Which means that someone, somewhere, has a list of all the
Re: (Score:3)
Next step is to require a connected phone before the car will work, to validate the driver as an anti-theft protection of course. Now the telematics can use your data connection!
Re: (Score:3)
Naw. It will end with some hackers knowing how to cut the CAN bus wire to their cellular modem, and 99% of people being sheep, which ultimately (strangely) will benefit society.
And THAT will end with cars whose capabilities are severely restricted, or which simply won't function at all, without regular 'permission packets' from the mothership. Soon an active data connection to your car's manufacturer will be a critical system without which your car won't run. 'SaaS' has already become 'HaaS' in things like fitness watches and thermostats - how long do you think it will be before cars suffer the same fate?
Not only this (Score:2, Interesting)
I can't find the source any more but any 2018 and later year model vehicle in US must be sold with remote engine kill capability. That's why I bought a 2017 car and will keep it for as long as it runs, and then I'll be digging some old junker with a distributor and carburetor.
Hack your own car (Score:1)
and put "blocks" in. Create your own version of a "host" file.
127.0.0.1 ford.com
127.0.0.1 gm.com
127.0.0.1 onstar.com
etc... LOL!
Re: (Score:2)
127.0.0.1 *
I've seen the idea of simply disconnecting the car's communications antenna(s), but I don't know what the unintended side-effects of this may be, or how complicated that procedure would actually be.
Re: (Score:1)
It is depressing how the TCP design standardized hostfiles on Windows, Unix, Apple and derivatives so that hostnames can be blocked, but we're running into intentional crippling
1) No wildcards. You have to know all the domains and subdomains in advance
2) No whitelist-only setup (there are those of us dedicated enough to use block everything and approve every site upon examination --proof? NoScript)
3) No obligation for the OS to obey you, given how Microsoft's Windows 10 setup ignores inconvenient blocks [petri.com] in
Re: (Score:2)
Abusing the hosts file for blocking was never intended and is, still, a stupid and unreliable hack. Also that's got nothing to do with TCP. Please try to be less confused, also the moron who wasted a mod point on you.
Re: (Score:2)
I do want an autonomous car. But that doesn't mean a remotely controlled one.
I bought my cars 2nd hand; no such agreement (Score:1)
I did so intentionally and I've bought older cars and put money into fixing up an older vehicle I already owned from 2005 to avoid this crap. I have a 2002 and a 2005 vehicle. One has 170,000 miles on it and the 2002 I bought has 125,000 miles on it. My intention is to keep these vehicles running for as long as I possibly can. I'm imaging this setup is only going to work for another 5-10 years. At which point I'll have to see what is available on the market which can reasonably replace it that is old. The p
Re: (Score:3)
The problem is going to be finding cars with low mileage and in good condition that can continue on and be fixed up. I would buy a new car if this crap wasn't on it.
You're not the only one who's doing this, so you'd best buy your NEXT old car or two within a couple of years, mothball it, and put it on blocks. Otherwise, when the time comes, a viable older car may be unavailable. Then again, by the time your existing old cars die, it may simply be illegal to drive anything that hasn't been pre-pwned by the manufacturer and/or the gubmint.
Re: (Score:2)
Glad I don't own one even moreso now. (Score:2)
It was just about saving money but this is a good reason too.
Re: (Score:2)
Yeah, but the trucking companies own their trucks and they *want* the coverage for legitimate reasons. I'm all in favor of that.
We need to require anonymized data (Score:2)
We need a law to require all data collected be anonymized to protect our privacy, and it's not going to be easy because I'd doubt 1 in 10 members of Congress would understand the technology. In addition, Google, Facebook, Verizon, and GM will all lobby Congress to prevent this from happening.
If we're going to recapture our privacy, the data has to be anonymized at the source, we can't leave it up to companies like Apple, just trusting that they're assigning us a token rather than tying the data collected to
Re: (Score:2)
>"I just think that each customer should be able to decide whether they want privacy or convenience from each company."
I think customers should be able to decide to have BOTH. Right now, there is no choice at all. But I know the choice that WOULD be offered for those who don't want their cars to talk to the mothership- The infotainment system will just not work at all.
Re: (Score:2)
Yes, and the other 9 in 10 members of Congress will get campaign contributions to punch enough loopholes in any law to make it look like a colander.
Don't use their connected service (Score:1)
Re: (Score:2)
It uses your phone's cellular data plan for communications of course
Good thing a) I don't connect my phone to my car and b) I can't connect my phone to my car. I have a real radio and my phone is a flip phone.
Re:Don't use their connected service (Score:4, Interesting)
I know this is true on my 2012 Volt - because I can still use the car phone in places where cell phones do not have any bars at all, and don't work. But it's expensive and I haven't bought any minutes in years.
Yea but I asked Alexa... (Score:3, Funny)
Re: (Score:2)
...and she said everything was okay, that nobody was tracking anything.
I just asked Alexa what my address was and she said: "That's not supported..... yet..."
So, give her time....
talking about how to blind your car (Score:1)
Not my POS car. :D (Score:1)
I suppose since I buy 10yr old cars, I have some time before I have to deal with this crap. :D
In Europe GDPR puts a stop to this (Score:4, Interesting)
As of 18th May there are strong limits on slurping up data without explicit buy in from the subject.
Just great. (Score:5, Funny)
It's pretty easy to yank the onstar box (Score:2)
Re: (Score:2)
Slashdot has become an echo chamber.
What about the benefits of sending data back? Have you ever tried to actually deal with people, especially when money is on the line? I mean I want people to be happy with their product, and I don't enjoy angry accusatory phone calls...
People very often lie when something goes wrong, and even if telling the truth would help us both out (better, longer lasting product) AND get the problem fixed faster, but we spend so much time and effort going over false or completely made-up observations and emotionally charged statements.
So what if the data can say something (hypothetical situation)?
Customer account: "the bearing just failed, you stupid morons and your cheap bearings and your constant cheaping out, also there's a crack in your windshield, what are you cheapening out on your glass you better get those people in line, I want this replaced or I'll never buy again..."
The data says: Your drive is otherwise pretty smooth and you're otherwise treating your car well. BUT, at a regular point every day for the past 3 months, there is this large spike on the acceleration detector.
Customer: oh yeah, damn that Department of Transportation. They won't fix that damn pothole so I just run over it every day at high speed.
(okay, so if you knew we were watching for high-energy events at risk to your warranty, maybe you'd have avoided that pothole?)
((and oh, I'll save so much money not having to ream the bearing vendor and take samples, that I'll probably honor your warranty claim anyway. pfft in real cost what's a wheel bearing set replacement and tire balancing/alignment anyway?))
Okay, dear customer, please proceed to the nearest dealership for your warranty replacement, if you know which one you want I can put them on the line right now, have a nice day.
You'd have a lot more credibility if you a) hadn't posted as AC, b) could say with a straight face that any savings resulting from installing spyware in people's cars would be reflected in reduced sticker prices, and c) acknowledged that people's privacy concerns are at least as legitimate as your shareholder protectionist stance. If you're gonna shill, at least put some effort and imagination into it.
Re: (Score:2)
What reason do you have to think that the end user (i.e. purchaser of the vehicle) will receive any benefits from this system? Can you point to any benefits so far that don't require extra payment in advance?
I don't drive, so I'm a "relatively" unbiased observer of this debate, but nobody, including you, has mentioned any benefits so far that weren't paid extra for in advance.
Re: (Score:2)
I'll accept the CVT repair as a potential benefit, but before I actually accept as an actual benefit I need to know that those who received the "improvement" considered it an improvement. Searching for "CVT automobile transmission automatic upgrade" (without quotes) didn't return any hits on the first page.
The assertion(2) that it helps make newer cars better is a (potential) benefit to the community, but probably not measurably to the individual driver. It's also not proven. That kind of information is
How? (Score:2)
Re: (Score:2)
Ford Exec: 'We Know Everyone Who Breaks The Law' (Score:1)
http://www.businessinsider.com... [businessinsider.com]
Ford Exec: 'We Know Everyone Who Breaks The Law' Thanks To Our GPS In Your Car
Not in my car (Score:2)
It's nearly 20 years old...Oh wait. I did plug an OBD-II gadget that connects to my phone and there is that dash-cam. Crap. My privacy doesn't exist.
Not that Verizon wasn't already more aware of where I am than I am. And literally like clockwork, my fitness tracker gizmo has just vibrated to tell me I should get off my ass - and I know it talks to servers in China too. I try to stop it. I'm not sure how successful I've been but I did install a firewall on my phone.
I suspect the firewall a
MyFord Mobile (Score:2)
They missed out on my data for the 1st 3.4 years I owned my PHEV because the original modems only did 2G AT&T and our AT&T tower only h
Looks like a case for "Certified Dumb Vehicle" to (Score:2)
Would anyone else consider having (or even speccing out) a vehicle that is "Certified" as not interconnected to others in any way?
Things like no Sirius/XM, no internal WiFi, no built in GPS, etc.
Obviously, there is a need for built in Bluetooth for Hands Free phone operation. Beyond that, what else dopes everyone consider truly needed?
Would having such a certified Dumb Vehicle even be a worthwhile selling point?
Not as bad as cell phones (Score:2, Troll)
The article, or at least the summary, is wrong when it call this more intrusive than cell phones. Cell phones definitely track your location, well, the location of the phone, at all times. They contain a lot more personal data. And they are more often broken into and the data widely shared.
That's not saying this additional intrusion isn't evil. But lets not engage in false hyperbole.
Re:Not as bad as cell phones (Score:4, Funny)
Indeed, false hyperbole is literally the worst thing ever.
We need software freedom. Always. (Score:2)
Software freedom (a computer owner's freedom to run, inspect, share, and modify published computer software) is a viable cure for this just as it would have been a great way to thoroughly address the recent VW fraud where that company (and many other automakers) cheated emissions checking by having the software control emissions differently during testing than during regular car use. Fines, firings, and forcing automakers to accept returned cars in exchange for money won't fix these problems and they won't
How can they even afford this shit? (Score:2)
Re: (Score:2)
Re: (Score:1)
But if people can t even be bothered to read "purchase contracts", I don't know what to say.
There shouldn't BE a purchase contract, just a bill of sale.