Slashdot Mirror
OnStar Terms and Conditions Update Raises Privacy Concerns
PainMeds writes "An article by author Jonathan Zdziarski reveals that OnStar has recently updated their terms and conditions to allow the company to sell customer GPS coordinates, vehicle speed, and other information to third party marketers and analytics companies, where it could be used for a number of nefarious purposes. He says, 'To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling. ... It sounds as though OnStar is poising part of their analytics department to be purchased by a large data warehousing company, such as a Google, or perhaps even an Apple. Do you trust such companies with unfettered access to the entire GPS history of your vehicle?"
It sounds as though OnStar is poising part of their analytics department to be purchased by a large data warehousing company, such as a Google, or perhaps even an Apple.
Nothing like wild baseless speculation that trashes Slashdot's hated mega-corporation du jour...
Anyway, why would they sell such a huge profit center?
If you want news from today, you have to come back tomorrow.
"they will continue collecting and selling this personal information even after you cancel your service"
I wish I were a class-action lawyer, because this is retirement material. I understand that GM has money again.
"National Security is the chief cause of national insecurity." - Celine's First Law
Do you trust such companies with unfettered access to the entire GPS history of your vehicle?
Of course I don't. I don't own a vehicle that has the ability to be shut off remotely either, because I don't trust a company or the systems with something that important. I would not trust the electric company with my refrigerator either. The very fact the control exists with a 3rd party is unacceptable.
If you are worried about being tracked, OnStar is the least of your concerns. It applies to a single source of data that is not always with you.
Anybody that really cares about this should wonder what data is being collected with your smart phones, etc. Verizon can track you better than OnStar ever could.
All of your devices with their own dedicated data connections also track you far better. Sprint HotSpot? Those things can track you just like a cell phone too.
The only thing surprising about this is that OnStar tried slipping it into the TOS, except just selling the data anyways with some legal sleight of hand.
OnStar is just now raising privacy concerns?
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
Buy a car without OnStar. My Touareg doesn't have it.
to the fact that they are one of the least evil companies out there. Yes, they're big. But they always treat their customers fairly. When they make a mistake, they come clean quickly. I highly doubt they would buy thus company.
Arguments that they are evil always boils down to pure speculation or their size.
Apple, on the other hand regularly screws everyone over and then get applauded for it because they're "hip".
AT&T violates its customers privacy
AT&T is a telecommunications company
Telecommunication is the transmission of information over significant distances to communicate.
OnStar is a telecommunications company
Therefore, OnStar violates its customers privacy
"Oh, you hate your job? There's a support group for that, it's called everyone, they meet at the bar."
Can you even disconnect it from your car if it comes built in, without paying someone at the least ( or rendering parts of your car non operational at worst )?
---- Booth was a patriot ----
Woo-hoo! This sounds like a sure fire way to get some nice privacy legislation in place.
There is no privacy, until it's legislated... get over it!
Alexis d' Toqueville was right when he surmised that everything in the U.S. style democracy would ultimately become a matter of legislation. I just wish we had an electorate that had the influence commanded by the moneyed interests of Mitt Romney's corporate people, so that when issues like this came up I saw news coverage with more detail than the trivial treatment given to privacy and security issues surrounding tracking and behavior analysis. I'm so tired of hearing about "innovation" or about how regulation is "too cumbersome" and how it "costs jobs!"
As if there's a plethora of corporate execs dreaming up better ways to put more people to work with all the offshored money that's been amassed in corporate tax dodges since the last tax holiday they were gifted by Congress.
Submitter asks: "Do you trust such companies with unfettered access to the entire GPS history of your vehicle?"
No.
If you don't use it, just cut the antenna; if you do use it, despite knowing this, you have basically rendered any future complaint you have pointless, since you've already told them it's okay to do this.
There is no XUL, only WebExtensions...
They cost more than a high end luxury car and they have less quality and features than a fucking KIA, get a ford, get a dodge I wouldnt wipe my ass with a GM
http://www.google.com/search?&q=how+to+disable+onstar
Fuck you onstar. I should have gotten a rebate for having your crap installed. Not paid more...
Or perhaps even the federal government under a martial law situation.
Has anyone hacked their car to spoof OnStar packets and send them assloads of chaff? I don't see anywhere in the contract where it says you can't send them any GPS coordinates you want. Success will be measured by the number of OnStar-equipped vehicles shown to be commuting across the Atlantic Ocean on a regular basis. Why yes, I believe my vehicle is currently somewhere in Afghanistan. The bloke said he had lots of important packages he needed to deliver. He seems like a nice guy and always returns it when he's done doing whatever he does with it. Even rolls back the odometer for me. Why do you ask?
Verizon/AT&T probably do not keep historical data, even if they can pinpoint my location at law enforcement's request.
The problem is that we have traffic laws with unrealistic speed limits in this country, towns that will raise revenue through ticket writing and red light cameras, all now with access to your OnStar data without your consent or a warrant. Drivers that go with the flow of traffic are safer due to a smaller speed differential--but your insurance company may be glad to force you to do 65 on a road designed for 75mph in the 70's (MassPike) or 55 on a newly widened 3-lane widely-divided highway (rt 3 Greater Boston).
towns shorten yellow lights to get more red light tickets--increase in rear-end accidents be damned. Wouldn't it be nice to corroborate that data with the onstar gps log?
The fact that OnStar took pains to alter their ToS in this specific fashion means that they're clearly thinking about it and perhaps even planning to do it. The INTENT is clearly stated, and intent is all that matters. Since OnStar intends to make such a thing legally and technically feasible, they can't be trusted NOT to do it.
Of course this is the reason that the US gov't required GM to make OnStar standard equipment as part of the auto industry bailouts. Anyone who didn't see this coming deserves to be tagged and tracked like the sheeple they are.
"I assumed blithely that there were no elves out there in the darkness"
I just received a notice from State Farm Insurance that if I allow them to collect OnStar data I "MIGHT" get a discount on my insurance. Uhhh... yeah... I'll be sure to do that. (NOT) I'm fairly certain that this is only the tip of the iceberg. How long before the car automatically calls the police when you exceed the speed limit?
My real question in all of this is, Who is asking for this information? It seems to me, that time and time again, Company X or Company Y updates its TOS, or has some flaw in software that reveals that they are gathering personal information, for 'sale to third parties' or the slightly less unsettling 'Company X will in no way make this information available to third parties'.
On the surface, the claim is that it is to provide a better service down the road, or to provide more targeted ad's or in some way improve the customer experience in some bizarre and personal way.
The real problem is, Time and time again when this comes out, We, the Customers, seem to resoundingly land on the side of 'don't watch me!' which begs the question: 'What market research idiot keeps thinking this is a good idea?'
The overwhelming sense i get from public response to this sort of thing is that we are not interested in targeted ad's, we do not want the commercials on our TV to say our names, and we don't want our driving directions to take us past some dry cleaners, just because we googled it last week. Now, I'm not an idiot, and realize that most companies will ignore their customers as long as possible, as long as they still make a profit, but you have to expect there to be some kind of limit, where someone finally steps back and says 'holy shit, people are going to HATE this!'
I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
...we as consumers need an updated and ironclad consumer protection act, period. These companies have us over a barrel and there is virtually nothing we can do about it. IP tracking, cell phone records, OnStar tracking and marketing of consumer data where will it stop? More importantly, if it doesn't stop which is a very real likelyhood, where will it lead? Technology finally, if it hasn't already, is showing it's ugly face.
The invasion of privacy this entails is staggering. As is stated in the article, this "anonymous" data is not anonymous when the vehicle is sitting at your house, coming to and from your house, and so on. But, this may not be actionable -- just don't agree to the new agreement.
HOWEVER, I see no possible way they can possibly say they have the right to CONTINUE collecting information when you have terminated services with them. That is absolutely unconscionable and I see a big fat lawsuit coming about from this. I also bet they (either accidentally or "accidentally") end up collecting from people who have terminated service already, perhaps for years. This is an even bigger big fat lawsuit.
Then the government tracks you...how long before that telemetry data is used to send you a speeding ticket? All in the name of reduced government costs / increased revenue. Then again they have been talking about taxing vehicle use by the mile, this would certainly be an effective way to do so...
Stalking laws should be amended to include collecting this kind of information by anyone.
See for example: http://news.cnet.com/2100-1029_3-5109435.html
Note the title was a bit misleading, the company was able to deny the FBI 's request, because doing the bugging broke the service the customer was paying for. You can be pretty sure that problem has been fixed by now.
In other news, child born with birthmark in the shape of barcode.
OnStar executives too busy twirling moustache to comment.
Sorry but if a car or any vehicle has this or something like it built into it,I won't buy it. I can find my own way,thank you for nothing.End of story
Geek Hillbilly
Facebook disease has spread to Slashdot!
The world will soon end.
* Carthago Delenda Est *
Even if the service was free.
From http://wnd.ha-hosting.com/index.php?fa=PAGE.view&pageId=346997
"Sen. Ron Wyden, D-Ore., and Rep. Jason Chaffetz, R-Utah, have introduced the truly patriotic Geolocation Privacy and Surveillance Act, supported by the ACLU, that "requires the government to show probable cause and get a warrant before acquiring the geolocational information of a U.S. person."
This would apply, among other forms of such tracking, to cell phones. It would also require telecommunications companies (including providers of cell phones) to get our consent to collect data from locations where we use them. Where do we go with cell phones in our ears? These companies, without telling us, already convey this location information to the FBI without our knowing we're being tracked as we talk. "
Chaos maximizes locally around me.
Looks like they took a lesson from Tom Tom and added the overly american gravy train to take this navigation data collection to the next, american-sized level.
I was under the impression that uncle Sam bought quite a bit of controll over GM with the nasty bailout. Is onstar part of GM? This article made me dash to the BMW Assist ToS but it appears to be way more benign. http://cache.bmwusa.com/Pdf_9c359b2b-178f-49bb-8024-a762e5775f7f.arox?v=4feda137-db10-4714-b585-6a19c23f5f64
"This message was sent from an Apple
Do you trust such companies with unfettered access to the entire GPS history of your vehicle?
No, I trust nobody with something like that.
Not only are they making profit from something deeply private, but the data can easily be abused in a number of ways. It might be that you happened to be in an area where something bad happened, and right away you're a suspect just because you were in the area. You stand out because someone can document that you were there. They're not documenting that you did something wrong but the very thing that you were there, makes you a suspect.in particular compared to others who were also there but whose location wasn't documented.
We already see a similar issue with DNA profiles. The initial (quick) profile only uses a handful markers and they're not all that unique. A typical crime scene sample will yield dozens of partial matches, also due to it like being slightly contaminated which lowers the match probability. You then have to seek out all the partial matches and review them, probably interview them and perhaps detain one or two. And you still have the very likely possibility that the perpetrator isn't in the register at all.
After a few weeks the full profile is available and you'll most likely either have the perpetrator or realize that you don't. Now, having spent weeks in jail, suspected of some evil crime, you might get completely exonerated and probably financially compensated, but you'll carry that branding of 'criminal' forever, and that can never be removed. Usually there's nothing to suspect you other than the DNA matching, but DNA is such a strong piece of evidence that it in itself usually is enough to get you thrown in jail.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Could this data be purchased by police departments to issue speeding tickets? Is there any legal impediment to using this data by a government entity for any purpose? If they can use it for enforcement of speed limits it seems like it would be a gold mine for any municipality that had an interstate passing through it. OnStar could even ask for a cut of the fines.
Such data provided by TomTom was also used by the Dutch government to plan their speeding checkpoints
When the government ruled in favor of the black boxes in cars being the property of the owner and couldn't be used against them in the court of law the use of OnStar after being terminated to monitor them and then to sell the information is blatantly crossing the line. The information stored or sent is considered generated by the vehicle and should be privy to that ruling. I imagine it will go to court if OnStar starts selling info to insurance companies but it seems oddly unlikely right now as Progressive is introducing their own "snapshot discount" unit that does essentially the same thing. Arguably the direction of monitoring our driving for safety is driving us further and further towards an auto-piloted car world where manual control is only used in the event of an emergency or in local (urban or short distances off the grid).
As for the various "government wants to know where you are!" argument, it fails to meet the thought test. What vested interest does the government have in knowing where your car is at any time? They have the police and cameras at their disposal for this reason. The only real value for using OnStar in this way is already done, when the car is stolen the police can access the OnStar system if requested or given a warrant and find where it is located. This data mining is more so about getting the insurance industry to pay for info on you and your driving habits. But I find this whole situation dubious and refer back to my first argument, any information generated by your car is rightfully yours and while they can justify keeping info if you pay for the service but turning it off should prohibit them from keeping the info flow on.
They aren't poising the unit itself to be purchased. What they are doing, is poising all of the data that they have collected or will collect, to be sold to the highest bidder or made available to whichever lawyer or government entity takes an interest in it (for a modest fee of course).
Lexis-Nexis for one, comes to mind as a company who would like this information. Why? Because of the MATRIX (Multistate Anti-Terrorism Information Exchange) system they got when they purchased Seisint. It's still fully operational, even with the system breach they experienced a few years ago that had the data of 310,000 people compromised.
@Mindless Drivel: 100% of Twitter posts ever Tweeted.
I don't think the value of this data is tied to the fact they know a particular car belongs to a certain person, I think their plan is to try and sell traffic congestion information to GPS companies for real-time updates on route times.
While there could be a lot of money in the 'Where did my cheating husband go with his Corvette last night when he said he was working late?' market, I'm not sure how OnStar could advertise such a service and then sell cars to philanderers and criminals. On the other hand, it would make a heck of a lojack alternative!
Ken
What's one more company?
Before congressional whores kept by the insurance companies require boxes that collect and transmit all data including speed and position back to corporate and tax HQs. The great migration from the Dust Bowl to California in the 1930s will never happen again, as you (and your debts) will be tracked in real time in perpetuity. #USAUSAUSA
Wire-cutters + GPS/Transmitter antenna cable = Problem solved.
Thanks, I was just looking for some cheap Chinese shoes. Keep it classy, Slashdot.
I kind of saw this coming several years ago when On Star was a GM product more or less. It was funny how out of the three American auto companies (GM,Ford, and Chevy) ONLY the one that had an exclusive deal with On Star at the time (GM) had to be pretty much bought by the government. Now all of a sudden they are selling independently and even telling you they will give away your info. 1984 anyone? lol as far as probable cause goes, Patriot Act allows them to get around most that if they think that you're a terrorist or something, which by definition has become easier to fall into. Not meaning to sound like a conspiracy nut, but I believe you should look at everything coincidental or "off" with a huge grain of salt. Never trusted On Star in the first place, and sure as heck won't now.
Big brother is selling you out for a few measly shekels. My system in gone effective immediately.
My uncle has a country place
That no one knows about.
He says it used to be a farm,
Before the Motor Law.
And on Sundays I elude the Eyes,
And hop the Turbine Freight
To far outside the Wire,
Where my white-haired uncle waits.
Jump to the ground
As the Turbo slows to cross the Borderline.
Run like the wind,
As excitement shivers up and down my spine.
Down in his barn,
My uncle preserved for me an old machine,
For fifty-odd years.
To keep it as new has been his dearest dream.
I strip away the old debris
That hides a shining car.
A brilliant red Barchetta
From a better, vanished time.
I fire up the willing engine,
Responding with a roar.
Tires spitting gravel,
I commit my weekly crime...
Wind-
In my hair-
Shifting and drifting-
Mechanical music-
Adrenalin surge...
Well-weathered leather,
Hot metal and oil,
The scented country air.
Sunlight on chrome,
The blur of the landscape,
Every nerve aware.
Suddenly ahead of me,
Across the mountainside,
A gleaming alloy air-car
Shoots towards me, two lanes wide.
I spin around with shrieking tires,
To run the deadly race,
Go screaming through the valley
As another joins the chase.
Drive like the wind,
Straining the limits of machine and man.
Laughing out loud
With fear and hope, I've got a desperate plan.
At the one-lane bridge
I leave the giants stranded at the riverside.
Race back to the farm, to dream with my uncle at the fireside
- Rush, Red Barchetta, Moving Pictures
"I'm just here to regulate funkiness."
So, can a party to a contract unilaterally change the terms and not have to allow the contract to be canceled? Yeah, the thing is trivial to disable (supposedly), but I have long term paid up front, and lotsa minutes on the phone. Would they let me keep the phone but ditch the onstar and tracking? Is that even possible? I suppose I'll have to go out and push the button and ask. Seems like a Netflix moment for them at this point and the only way to get them to say "I messed up" is going to be a lot of cancellations that demand repayment of money already given them.
Why guess when you can know? Measure!
Excellent timing- I was in the market for a new Truck. I've been looking at the LTZ 4x4 crew and the F350 same options, leather etc.. Only problem is now I wouldn't get a ford because of the convoluted Microsoft Sync interface and now Chevy has this? I guess Dodge and Toyota are all thats left. When are these corporate clowns going to get it? I guess there is too many Bobs in the world willing to give all their info and privacy and enough misinformation (read Media Jerks) that having a few informed opinions is usually discounted as foolishness or urban legend (They wouldn't do that ! etc...)
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
http://www.linuxfordevices.com/c/a/News/OnStar-Mobile-for-Android/
"Version 2.0 of the app will add a navigation tab that shows the current location of the owner's Volt pinpointed on Google Maps, as well as their location relative to it, says GM. Google voice search can be used to both search for a destination via Android or discover the destination relative to the Volt's current location, says the company. "
and
"According to a Wall Street Journal story last week, Google and GM are planning a broader partnership to integrate Android with OnStar. According to the publication's unnamed source, plans are in the works for performing tasks such as automatically alerting emergency officials about accidents from their Android phone remotely from the car. OnStar information alerts about vehicle maintenance needs, derived from GM's built-in diagnostics software, may also become available through Android phones, says the story."
and
A video demonstration is available here: http://media.gm.com/content/product/public/us/en/volt/home.detail.html/content/Pages/news/us/en/2010/May/0518_onstar
As much as Red Barchetta presents the world of the automotive future, I fear 2112 may be presenting a future much nearer than 100 yeas from now: http://www.youtube.com/watch?v=znXsJVGc5cQ&feature=related
'I lie awake, staring out at the bleakness of Megadon. City and sky become one, merging
Into a single plane, a vast sea of unbroken grey. The Twin Moons, just two pale orbs as
They trace their way across the steely sky. I used to think I had a pretty good life here,
Just plugging into my machine for the day, then watching Templevision or reading a Temple
Paper in the evening.
'My friend Jon always said it was nicer here than under the atmospheric domes of the Outer
Planets. We have had peace since 2062, when the surviving planets were banded together under
The Red Star of the Solar Federation. The less fortunate gave us a few new moons.
I believed what I was told. I thought it was a good life, I thought I was happy. Then I found
Something that changed it all...'
[I. Overture]
And the meek shall inherit the earth...
[II. Temples of Syrinx] ...'The massive grey walls of the Temples rise from the heart of every Federation city. I
Have always been awed by them, to think that every single facet of every life is regulated
And directed from within! Our books, our music, our work and play are all looked after by
The benevolent wisdom of the priests...'
We've taken care of everything
The words you hear, the songs you sing
The pictures that give pleasure to your eyes
It's one for all and all for one
We work together, common sons
Never need to wonder how or why
We are the Priests of the Temples of Syrinx
Our great computers fill the hallowed halls
We are the Priests, of the Temples of Syrinx
All the gifts of life are held within our walls
Look around at this world we've made
Equality our stock in trade
Come and join the Brotherhood of Man
Oh, what a nice, contented world
Let the banners be unfurled
Hold the Red Star proudly high in hand
We are the Priests of the Temples of Syrinx
Our great computers fill the hallowed halls
We are the Priests, of the Temples of Syrinx
All the gifts of life are held within our walls
[III. Discovery]
'...Behind my beloved waterfall, in the little room that was hidden beneath the cave, I
Found it. I brushed away the dust of the years, and picked it up, holding it reverently in
My hands. I had no idea what it might be, but it was beautiful...'
'...I learned to lay my fingers across the wires, and to turn the keys to make them sound
Differently. As I struck the wires with my other hand, I produced my first harmonious sounds
And soon my own music! How different it could be from the music of the Temples! I can't wait
To tell the priests about it!...'
What can this strange device be?
When I touch it, it gives forth a sound
It's got wires that vibrate and give music
What can this thing be that I found?
See how it sings like a sad heart
And joyously screams out it's pain
Sounds that build high like a mountain
Or notes that fall gently like rain
I can't wait to share this new wonder
The people will all see it's light
Let them all make their own music
The Priests praise my name on this night
[IV. Presentation]
'...In the sudden silence as I finished playing, I looked up to a circle of grim,
Expressionless faces. Father Brown rose to his feet, and his somnolent voice echoed
Throughout the silent Temple Hall...'
'...Instead of the grateful joy that I expected, they were words of quiet rejection!
Instead of praise, sullen dismissal. I watched in shock and horror as Father Brown ground
My precious instrument to splinters beneath his feet...'
I know it's most unusual
To come before you so
But I've found an ancient miracle
I thought that you should know
Listen to my music
And hear what it can do
There's something here as strong as
I have been using Google's My Tracks to record my commute. One morning I got quite a shock. My max speed was in excess of 11,980MPH! In less than an hour, I apparently traveled almost 3000 miles, with elevations ranging from 406ft (about 300 feet below ground here) to 38,458ft with an average moving speed of 7,387.56MPH. The actual distance I traveled was more like seven miles. When I looked at the waypoints, it seems that for some reason my location was bouncing way down into Mexico and back. In addition, it appears that I went almost 300 feet below ground level at one point and as high as 38,000 feet at another. What do you think this would have done to my insurance if I was on one of those pay per mile and rate as you drive plans? Do you think that they would have ever admitted that the input data could be that bad?
I purchased a Chevy vehicle equipped with OnStar for my wife and cancelled the OnStar service on day 1 because I don't like the idea of GPS location history of my vehicle's whereabouts sitting in a database somewhere. I also don't like the idea of GM being able to get access to my maintenance history so they can say "Oh, looks like you went 500 miles over on your last scheduled oil change, no warranty for you!".
I was *very* clear with the rep I spoke to that I didn't want my vehicle to send any data to OnStar, but you can never tell with those $10/hr phone monkeys working in the call centers. They probably get a day of training and then are turned loose on the phones. Who knows if they know what they're talking about, and companies make it impossible to actually talk to someone that would have that info.
Is there something I can physically unplug to disable the data connection?
GM has officially announced that it is going to track people with OnStar devices, regardless of whether they have an active account. Which means they are going to sell the data... that is the ONLY plausible motive they have for doing so.
I told you so ^2.