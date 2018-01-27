Please create an account to participate in the Slashdot moderation system

 


Transportation Privacy

Car Manufacturers Are Tracking Millions of Cars

Posted by EditorDavid
Cory Doctorow writes: Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print.
Slashdot reader Luthair adds that "OnStar infamously has done this for some time, even if the vehicle's owner was not a subscriber of their services." But now 78 million cars have an embedded cyber connection, according to one report, with analysts predicting 98% of new cars will be "connected" by 2021. The Washington Post calls it "Big Brother on Wheels."

"Carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do."

  • Used? (Score:5, Interesting)

    by Tablizer ( 95088 ) on Saturday January 27, 2018 @03:05PM (#56015989) Journal

    "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print.

    What about second-hand buyers? They don't typically sign a contract with original dealer or manufacturer.

    • Re: Used? (Score:1)

      by Anonymous Coward

      Well, hack it then. Make the telemetry send back subtly wrong stuff - or even the occational buffer overflow.

      • Make the telemetry send back subtly wrong stuff.

        Like changing your GPS coordinates so you drive in Antarctica or on the Atlantic ocean...

        • Have it say your spending all your time on Rodeo drive, Monaco, Manhattan shopping etc.

          Bet you start getting freebee offers intended for dumb rich people.

          • Re: (Score:2)

            by PPH ( 736903 )

            Every weekday morning, it says I park in a spot at downtown federal building reserved for US Marshals. Go ahead and fuck with me, OnStar.

      • Putout tools to let every freeloader use the car companies access to get free 4G data on their phone.

        Punish the bastards. Fuck them right in the wallet.

        Also disconnect the cars cell/sat antennas. They have no legit use, assuming you weren't fool enough to buy the stock navi.

    • Re:Used? (Score:4, Insightful)

      by mrbester ( 200927 ) on Saturday January 27, 2018 @03:18PM (#56016071) Homepage

      Vague and misleading clauses in contracts tend to be unenforceable. Therefore the use of that data in EU is unauthorised and on breach of data protection laws. It will be interesting to see if any information commissioners decide to prosecute. The UK one certainly has for a lot less.

    • Even better OnStar, uconnect and all others operate on cell phones. Cell phones that don't function if you don't pay the monthly subscription fee. So after a year or so that gets disconnected and that data no longer gets uploaded.

      If you buy used odds are that it is disconnected after the bill stops bieng paid.

      Don't pay for the service and they can't upload data.

      • Re: (Score:1)

        by Anonymous Coward

        From the article

        "even if the vehicle's owner was not a subscriber of their services"
        https://yro.slashdot.org/story/11/09/21/003259/onstar-terms-and-conditions-update-raises-privacy-concerns

      • I'm pretty sure OnStar at least has a backup way of getting data upstream, they've been caught. You have to disconnect the antenna, which they've made progressively harder.

        We just need to extract the keys used and make custom SIMs. Free data forever, it's on GM.

        • Yes, there are endless descriptions on how to really disable these things. Sometimes you have to find and pull more than one fuse. In some vehicles, you basically have to remove the console electronics and short the Onstar stuff out at the antenna connector after cutting the wire to it - enough can just leak to still let them track you. And it's different on every model...so I hear. If they want to track me and my Volt, they're going to be surprised how fast I make it go, but die of boredom otherwise.

      • Even better OnStar, uconnect and all others operate on cell phones. Cell phones that don't function if you don't pay the monthly subscription fee. So after a year or so that gets disconnected and that data no longer gets uploaded.

        If you buy used odds are that it is disconnected after the bill stops bieng paid.

        Don't pay for the service and they can't upload data.

        You would think... But Uconnect has moved to over-the-air updates for their Entertainment systems. This means that the cell service would have to still be active even if the customer isn't paying for the add-on services.

    • Honda knows I bought a used Honda and my name (I assume based on registration, they send me recalls about the airbag every month or so) seems easy enough for them to cancel on transfer if that's the case. Maybe even use direct mail to try n entice me into signing up for whatever monitoring they want to do.

  • Either roaming herds of killer cars, stalking prey in the cities.

    Or more likely massive data breaches followed by ransomware on your car's display.

    Maybe the manufacturers can make some extra money selling the data to their countries security agencies.

    • Re:I think this will end badly (Score:4, Insightful)

      by tinkerton ( 199273 ) on Saturday January 27, 2018 @03:21PM (#56016093)

      Insurers getting their hands on your data and 'optimizing' their policies to it.

      • Way to pick one of the ONLY positive outcomes of this technology to bitch about.
      • In our Saab wagon (GM owned Saab in 92) the Onstar unit is disconnected from the antenna... Wonder who did such a thing? Call me paranoid but I suspected that car manufactures did this, sad to see it confirmed. I just figured, What is the most evil use of such a unit and what are the likely capabilities of the ECU and various systems tied into the CANbus and acted accordingly.

  • Not only this (Score:2, Interesting)

    by Anonymous Coward

    I can't find the source any more but any 2018 and later year model vehicle in US must be sold with remote engine kill capability. That's why I bought a 2017 car and will keep it for as long as it runs, and then I'll be digging some old junker with a distributor and carburetor.

  • and put "blocks" in. Create your own version of a "host" file.
    127.0.0.1 ford.com
    127.0.0.1 gm.com
    127.0.0.1 onstar.com

    etc... LOL!

    • Mine would be more like:
      127.0.0.1 *

      I've seen the idea of simply disconnecting the car's communications antenna(s), but I don't know what the unintended side-effects of this may be, or how complicated that procedure would actually be.

  • I did so intentionally and I've bought older cars and put money into fixing up an older vehicle I already owned from 2005 to avoid this crap. I have a 2002 and a 2005 vehicle. One has 170,000 miles on it and the 2002 I bought has 125,000 miles on it. My intention is to keep these vehicles running for as long as I possibly can. I'm imaging this setup is only going to work for another 5-10 years. At which point I'll have to see what is available on the market which can reasonably replace it that is old. The p

    • The problem is going to be finding cars with low mileage and in good condition that can continue on and be fixed up. I would buy a new car if this crap wasn't on it.

      You're not the only one who's doing this, so you'd best buy your NEXT old car or two within a couple of years, mothball it, and put it on blocks. Otherwise, when the time comes, a viable older car may be unavailable. Then again, by the time your existing old cars die, it may simply be illegal to drive anything that hasn't been pre-pwned by the manufacturer and/or the gubmint.

  • It was just about saving money but this is a good reason too.

  • We need a law to require all data collected be anonymized to protect our privacy, and it's not going to be easy because I'd doubt 1 in 10 members of Congress would understand the technology. In addition, Google, Facebook, Verizon, and GM will all lobby Congress to prevent this from happening.

    If we're going to recapture our privacy, the data has to be anonymized at the source, we can't leave it up to companies like Apple, just trusting that they're assigning us a token rather than tying the data collected to

    • >"I just think that each customer should be able to decide whether they want privacy or convenience from each company."

      I think customers should be able to decide to have BOTH. Right now, there is no choice at all. But I know the choice that WOULD be offered for those who don't want their cars to talk to the mothership- The infotainment system will just not work at all.

    • Re: (Score:2)

      by gtall ( 79522 )

      Yes, and the other 9 in 10 members of Congress will get campaign contributions to punch enough loopholes in any law to make it look like a colander.

  • I have a new Camry and they offer Entune as their media/entertainment/communications. And they work really, really hard on getting you to install it. It uses your phone's cellular data plan for communications of course, so they very well may send a lot of personal information over that line. They give you two years for free and then they charge you for it. I never installed it as it's received terrible reviews and you need a wired connection to use it reasonably.

    • It uses your phone's cellular data plan for communications of course

      Good thing a) I don't connect my phone to my car and b) I can't connect my phone to my car. I have a real radio and my phone is a flip phone.

      • Gm uses the phone they build into the car whether you like it or not, and whether you bought minutes or not. And if it can't find a cell tower, it goes satellite. Yup, more than one band is available.
        I know this is true on my 2012 Volt - because I can still use the car phone in places where cell phones do not have any bars at all, and don't work. But it's expensive and I haven't bought any minutes in years.
  • ...and she said everything was okay, that nobody was tracking anything.
  • If you could find the GPS and cell antennas you could cover them with tin foil. Wouldn't surprise me if the black box antenna locations are documented somewhere. Of course you could live like me "with nothing to hide" grrrrrr. If they rigged the car to malfunction after (30 days) of no-ping - remove the cover while near a dealership - that should update the car and send them a message. To even be talking about how to blind your car is insane & necessary.

  • I suppose since I buy 10yr old cars, I have some time before I have to deal with this crap. :D

  • In Europe GDPR puts a stop to this (Score:4, Interesting)

    by Aliks ( 530618 ) on Saturday January 27, 2018 @04:15PM (#56016371)

    As of 18th May there are strong limits on slurping up data without explicit buy in from the subject.

  • Just great. (Score:5, Funny)

    by fahrbot-bot ( 874524 ) on Saturday January 27, 2018 @04:26PM (#56016445)
    Now I have to cover my car in tin foil too.
  • It's pretty easy to yank the onstar box in your vehicle. I recommend doing it just for security reasons. A CAN network should absolutely be air gapped.

  • How? (Score:2)

    by kackle ( 910159 )
    Does anyone know HOW the data leave the car? If a vehicle doesn't have OnStar, even as an option, then how? WiFi? Special radio band? (Cellular ain't cheap [25 GB?!] [qz.com] and the manufacturers don't own any cellular towers.)

    • Re: (Score:2)

      by AHuxley ( 892839 )
      Lots of data compression, cell phone modems, anything that can make a network in different nations. The car knows what data it will be sending back so that that set can really be compressed. Its not like its sending back real time video, audio, images, conversations in the car at this time.

  • http://www.businessinsider.com... [businessinsider.com]

    Ford Exec: 'We Know Everyone Who Breaks The Law' Thanks To Our GPS In Your Car

  • It's nearly 20 years old...Oh wait. I did plug an OBD-II gadget that connects to my phone and there is that dash-cam. Crap. My privacy doesn't exist.

    Not that Verizon wasn't already more aware of where I am than I am. And literally like clockwork, my fitness tracker gizmo has just vibrated to tell me I should get off my ass - and I know it talks to servers in China too. I try to stop it. I'm not sure how successful I've been but I did install a firewall on my phone.

    I suspect the firewall a

  • Ford has cell phone modems in their electric (Focus Electric) and PHEV (C-Max and Fusion) cars. According to the service manual a lot of information is provided to that modem but only a small part shows up on the App or website. No way of knowing if the modem just uploads that limited subset of data or if everything is uploaded with the rest kept for Ford use only.

    They missed out on my data for the 1st 3.4 years I owned my PHEV because the original modems only did 2G AT&T and our AT&T tower only h

  • Would anyone else consider having (or even speccing out) a vehicle that is "Certified" as not interconnected to others in any way?

    Things like no Sirius/XM, no internal WiFi, no built in GPS, etc.

    Obviously, there is a need for built in Bluetooth for Hands Free phone operation. Beyond that, what else dopes everyone consider truly needed?

    Would having such a certified Dumb Vehicle even be a worthwhile selling point?

  • The article, or at least the summary, is wrong when it call this more intrusive than cell phones. Cell phones definitely track your location, well, the location of the phone, at all times. They contain a lot more personal data. And they are more often broken into and the data widely shared.

    That's not saying this additional intrusion isn't evil. But lets not engage in false hyperbole.

  • Software freedom (a computer owner's freedom to run, inspect, share, and modify published computer software) is a viable cure for this just as it would have been a great way to thoroughly address the recent VW fraud where that company (and many other automakers) cheated emissions checking by having the software control emissions differently during testing than during regular car use. Fines, firings, and forcing automakers to accept returned cars in exchange for money won't fix these problems and they won't

