Slashdot Mirror
OnStar Terms and Conditions Update Raises Privacy Concerns
PainMeds writes "An article by author Jonathan Zdziarski reveals that OnStar has recently updated their terms and conditions to allow the company to sell customer GPS coordinates, vehicle speed, and other information to third party marketers and analytics companies, where it could be used for a number of nefarious purposes. He says, 'To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling. ... It sounds as though OnStar is poising part of their analytics department to be purchased by a large data warehousing company, such as a Google, or perhaps even an Apple. Do you trust such companies with unfettered access to the entire GPS history of your vehicle?"
It sounds as though OnStar is poising part of their analytics department to be purchased by a large data warehousing company, such as a Google, or perhaps even an Apple.
Nothing like wild baseless speculation that trashes Slashdot's hated mega-corporation du jour...
Anyway, why would they sell such a huge profit center?
If you want news from today, you have to come back tomorrow.
"they will continue collecting and selling this personal information even after you cancel your service"
I wish I were a class-action lawyer, because this is retirement material. I understand that GM has money again.
"National Security is the chief cause of national insecurity." - Celine's First Law
Do you trust such companies with unfettered access to the entire GPS history of your vehicle?
Of course I don't. I don't own a vehicle that has the ability to be shut off remotely either, because I don't trust a company or the systems with something that important. I would not trust the electric company with my refrigerator either. The very fact the control exists with a 3rd party is unacceptable.
If you are worried about being tracked, OnStar is the least of your concerns. It applies to a single source of data that is not always with you.
Anybody that really cares about this should wonder what data is being collected with your smart phones, etc. Verizon can track you better than OnStar ever could.
All of your devices with their own dedicated data connections also track you far better. Sprint HotSpot? Those things can track you just like a cell phone too.
The only thing surprising about this is that OnStar tried slipping it into the TOS, except just selling the data anyways with some legal sleight of hand.
OnStar is just now raising privacy concerns?
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
AT&T violates its customers privacy
AT&T is a telecommunications company
Telecommunication is the transmission of information over significant distances to communicate.
OnStar is a telecommunications company
Therefore, OnStar violates its customers privacy
"Oh, you hate your job? There's a support group for that, it's called everyone, they meet at the bar."
Can you even disconnect it from your car if it comes built in, without paying someone at the least ( or rendering parts of your car non operational at worst )?
---- Booth was a patriot ----
Woo-hoo! This sounds like a sure fire way to get some nice privacy legislation in place.
Submitter asks: "Do you trust such companies with unfettered access to the entire GPS history of your vehicle?"
No.
If you don't use it, just cut the antenna; if you do use it, despite knowing this, you have basically rendered any future complaint you have pointless, since you've already told them it's okay to do this.
There is no XUL, only WebExtensions...
Has anyone hacked their car to spoof OnStar packets and send them assloads of chaff? I don't see anywhere in the contract where it says you can't send them any GPS coordinates you want. Success will be measured by the number of OnStar-equipped vehicles shown to be commuting across the Atlantic Ocean on a regular basis. Why yes, I believe my vehicle is currently somewhere in Afghanistan. The bloke said he had lots of important packages he needed to deliver. He seems like a nice guy and always returns it when he's done doing whatever he does with it. Even rolls back the odometer for me. Why do you ask?
Verizon/AT&T probably do not keep historical data, even if they can pinpoint my location at law enforcement's request.
The problem is that we have traffic laws with unrealistic speed limits in this country, towns that will raise revenue through ticket writing and red light cameras, all now with access to your OnStar data without your consent or a warrant. Drivers that go with the flow of traffic are safer due to a smaller speed differential--but your insurance company may be glad to force you to do 65 on a road designed for 75mph in the 70's (MassPike) or 55 on a newly widened 3-lane widely-divided highway (rt 3 Greater Boston).
towns shorten yellow lights to get more red light tickets--increase in rear-end accidents be damned. Wouldn't it be nice to corroborate that data with the onstar gps log?
Like every other manufacturer, they have good and bad products... Late 90's Chevrolet Lumina/Monte Carlo was a great car (aside from some engine gasket defects)... Hummer H2? You all are welcome to your own opinions, but I'm not a fan... Hyundai/KIA products are definitely competitive these days though...
http://www.google.com/search?q=burning+money&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&tbm=isch&source=og&sa=N&hl=en&tab=wi&biw=1400&bih=921
There is no XUL, only WebExtensions...
The fact that OnStar took pains to alter their ToS in this specific fashion means that they're clearly thinking about it and perhaps even planning to do it. The INTENT is clearly stated, and intent is all that matters. Since OnStar intends to make such a thing legally and technically feasible, they can't be trusted NOT to do it.
Of course this is the reason that the US gov't required GM to make OnStar standard equipment as part of the auto industry bailouts. Anyone who didn't see this coming deserves to be tagged and tracked like the sheeple they are.
"I assumed blithely that there were no elves out there in the darkness"
I just received a notice from State Farm Insurance that if I allow them to collect OnStar data I "MIGHT" get a discount on my insurance. Uhhh... yeah... I'll be sure to do that. (NOT) I'm fairly certain that this is only the tip of the iceberg. How long before the car automatically calls the police when you exceed the speed limit?
My real question in all of this is, Who is asking for this information? It seems to me, that time and time again, Company X or Company Y updates its TOS, or has some flaw in software that reveals that they are gathering personal information, for 'sale to third parties' or the slightly less unsettling 'Company X will in no way make this information available to third parties'.
On the surface, the claim is that it is to provide a better service down the road, or to provide more targeted ad's or in some way improve the customer experience in some bizarre and personal way.
The real problem is, Time and time again when this comes out, We, the Customers, seem to resoundingly land on the side of 'don't watch me!' which begs the question: 'What market research idiot keeps thinking this is a good idea?'
The overwhelming sense i get from public response to this sort of thing is that we are not interested in targeted ad's, we do not want the commercials on our TV to say our names, and we don't want our driving directions to take us past some dry cleaners, just because we googled it last week. Now, I'm not an idiot, and realize that most companies will ignore their customers as long as possible, as long as they still make a profit, but you have to expect there to be some kind of limit, where someone finally steps back and says 'holy shit, people are going to HATE this!'
I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
...we as consumers need an updated and ironclad consumer protection act, period. These companies have us over a barrel and there is virtually nothing we can do about it. IP tracking, cell phone records, OnStar tracking and marketing of consumer data where will it stop? More importantly, if it doesn't stop which is a very real likelyhood, where will it lead? Technology finally, if it hasn't already, is showing it's ugly face.
True enough on that. I'm quite happy with my saturn. Most Canadians that own one are, though oddly most Americans who own one are hit or miss. I could never figure out why. We love them here. If they hadn't closed them down, or sold them off to well shit Penske, or Bombardier or anyone like that I would have kept buying them, even kept buying GM.
But the second they killed the line you ran across a lot of hardcore saturn folks who swore they would never buy another GM product even if hell froze over and they were the only thing keeping them from death and life. Of course GM has come out with some amazing engines too. The 3800 series is probably the most famous of the modern era, and those are still going strong even will a million miles on them.
Om, nomnomnom...
Stalking laws should be amended to include collecting this kind of information by anyone.
See for example: http://news.cnet.com/2100-1029_3-5109435.html
Note the title was a bit misleading, the company was able to deny the FBI 's request, because doing the bugging broke the service the customer was paying for. You can be pretty sure that problem has been fixed by now.
Sorry but if a car or any vehicle has this or something like it built into it,I won't buy it. I can find my own way,thank you for nothing.End of story
Geek Hillbilly
Facebook disease has spread to Slashdot!
The world will soon end.
* Carthago Delenda Est *
From http://wnd.ha-hosting.com/index.php?fa=PAGE.view&pageId=346997
"Sen. Ron Wyden, D-Ore., and Rep. Jason Chaffetz, R-Utah, have introduced the truly patriotic Geolocation Privacy and Surveillance Act, supported by the ACLU, that "requires the government to show probable cause and get a warrant before acquiring the geolocational information of a U.S. person."
This would apply, among other forms of such tracking, to cell phones. It would also require telecommunications companies (including providers of cell phones) to get our consent to collect data from locations where we use them. Where do we go with cell phones in our ears? These companies, without telling us, already convey this location information to the FBI without our knowing we're being tracked as we talk. "
Chaos maximizes locally around me.
I was under the impression that uncle Sam bought quite a bit of controll over GM with the nasty bailout. Is onstar part of GM? This article made me dash to the BMW Assist ToS but it appears to be way more benign. http://cache.bmwusa.com/Pdf_9c359b2b-178f-49bb-8024-a762e5775f7f.arox?v=4feda137-db10-4714-b585-6a19c23f5f64
"This message was sent from an Apple
Do you trust such companies with unfettered access to the entire GPS history of your vehicle?
No, I trust nobody with something like that.
Not only are they making profit from something deeply private, but the data can easily be abused in a number of ways. It might be that you happened to be in an area where something bad happened, and right away you're a suspect just because you were in the area. You stand out because someone can document that you were there. They're not documenting that you did something wrong but the very thing that you were there, makes you a suspect.in particular compared to others who were also there but whose location wasn't documented.
We already see a similar issue with DNA profiles. The initial (quick) profile only uses a handful markers and they're not all that unique. A typical crime scene sample will yield dozens of partial matches, also due to it like being slightly contaminated which lowers the match probability. You then have to seek out all the partial matches and review them, probably interview them and perhaps detain one or two. And you still have the very likely possibility that the perpetrator isn't in the register at all.
After a few weeks the full profile is available and you'll most likely either have the perpetrator or realize that you don't. Now, having spent weeks in jail, suspected of some evil crime, you might get completely exonerated and probably financially compensated, but you'll carry that branding of 'criminal' forever, and that can never be removed. Usually there's nothing to suspect you other than the DNA matching, but DNA is such a strong piece of evidence that it in itself usually is enough to get you thrown in jail.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Could this data be purchased by police departments to issue speeding tickets? Is there any legal impediment to using this data by a government entity for any purpose? If they can use it for enforcement of speed limits it seems like it would be a gold mine for any municipality that had an interstate passing through it. OnStar could even ask for a cut of the fines.
It's a lawsuit until their legal department muscles away/intimidates/settles out the claims, bribes a judge to make it go away, or makes a closed-door deal in a class action lawsuit that gives everyone a free voucher for extended service in exchange for a promise never to sue again.
When the government ruled in favor of the black boxes in cars being the property of the owner and couldn't be used against them in the court of law the use of OnStar after being terminated to monitor them and then to sell the information is blatantly crossing the line. The information stored or sent is considered generated by the vehicle and should be privy to that ruling. I imagine it will go to court if OnStar starts selling info to insurance companies but it seems oddly unlikely right now as Progressive is introducing their own "snapshot discount" unit that does essentially the same thing. Arguably the direction of monitoring our driving for safety is driving us further and further towards an auto-piloted car world where manual control is only used in the event of an emergency or in local (urban or short distances off the grid).
As for the various "government wants to know where you are!" argument, it fails to meet the thought test. What vested interest does the government have in knowing where your car is at any time? They have the police and cameras at their disposal for this reason. The only real value for using OnStar in this way is already done, when the car is stolen the police can access the OnStar system if requested or given a warrant and find where it is located. This data mining is more so about getting the insurance industry to pay for info on you and your driving habits. But I find this whole situation dubious and refer back to my first argument, any information generated by your car is rightfully yours and while they can justify keeping info if you pay for the service but turning it off should prohibit them from keeping the info flow on.
They aren't poising the unit itself to be purchased. What they are doing, is poising all of the data that they have collected or will collect, to be sold to the highest bidder or made available to whichever lawyer or government entity takes an interest in it (for a modest fee of course).
Lexis-Nexis for one, comes to mind as a company who would like this information. Why? Because of the MATRIX (Multistate Anti-Terrorism Information Exchange) system they got when they purchased Seisint. It's still fully operational, even with the system breach they experienced a few years ago that had the data of 310,000 people compromised.
@Mindless Drivel: 100% of Twitter posts ever Tweeted.
I don't think the value of this data is tied to the fact they know a particular car belongs to a certain person, I think their plan is to try and sell traffic congestion information to GPS companies for real-time updates on route times.
While there could be a lot of money in the 'Where did my cheating husband go with his Corvette last night when he said he was working late?' market, I'm not sure how OnStar could advertise such a service and then sell cars to philanderers and criminals. On the other hand, it would make a heck of a lojack alternative!
Ken
Before congressional whores kept by the insurance companies require boxes that collect and transmit all data including speed and position back to corporate and tax HQs. The great migration from the Dust Bowl to California in the 1930s will never happen again, as you (and your debts) will be tracked in real time in perpetuity. #USAUSAUSA
I kind of saw this coming several years ago when On Star was a GM product more or less. It was funny how out of the three American auto companies (GM,Ford, and Chevy) ONLY the one that had an exclusive deal with On Star at the time (GM) had to be pretty much bought by the government. Now all of a sudden they are selling independently and even telling you they will give away your info. 1984 anyone? lol as far as probable cause goes, Patriot Act allows them to get around most that if they think that you're a terrorist or something, which by definition has become easier to fall into. Not meaning to sound like a conspiracy nut, but I believe you should look at everything coincidental or "off" with a huge grain of salt. Never trusted On Star in the first place, and sure as heck won't now.
Touareg? Ugh. What were you thinking?
"When information is power, privacy is freedom" - Jah-Wren Ryel
Haha that's basically a given. Whatever corporations have access to, the government can get, unless it's something that would really ruin the corporation if found.
But customer data is generally a free-for-all to the government, and customers generally don't care. There are a few exceptions of course, like if your customers are made up entirely of a niche that cares greatly about keeping customer data away from the government, in which case the corporation won't be so cooperative. Example: private banking. On the other end of the spectrum, see: cellular location data. There's a freaking web interface for convenient police access.
"When information is power, privacy is freedom" - Jah-Wren Ryel
My uncle has a country place
That no one knows about.
He says it used to be a farm,
Before the Motor Law.
And on Sundays I elude the Eyes,
And hop the Turbine Freight
To far outside the Wire,
Where my white-haired uncle waits.
Jump to the ground
As the Turbo slows to cross the Borderline.
Run like the wind,
As excitement shivers up and down my spine.
Down in his barn,
My uncle preserved for me an old machine,
For fifty-odd years.
To keep it as new has been his dearest dream.
I strip away the old debris
That hides a shining car.
A brilliant red Barchetta
From a better, vanished time.
I fire up the willing engine,
Responding with a roar.
Tires spitting gravel,
I commit my weekly crime...
Wind-
In my hair-
Shifting and drifting-
Mechanical music-
Adrenalin surge...
Well-weathered leather,
Hot metal and oil,
The scented country air.
Sunlight on chrome,
The blur of the landscape,
Every nerve aware.
Suddenly ahead of me,
Across the mountainside,
A gleaming alloy air-car
Shoots towards me, two lanes wide.
I spin around with shrieking tires,
To run the deadly race,
Go screaming through the valley
As another joins the chase.
Drive like the wind,
Straining the limits of machine and man.
Laughing out loud
With fear and hope, I've got a desperate plan.
At the one-lane bridge
I leave the giants stranded at the riverside.
Race back to the farm, to dream with my uncle at the fireside
- Rush, Red Barchetta, Moving Pictures
"I'm just here to regulate funkiness."
So, can a party to a contract unilaterally change the terms and not have to allow the contract to be canceled? Yeah, the thing is trivial to disable (supposedly), but I have long term paid up front, and lotsa minutes on the phone. Would they let me keep the phone but ditch the onstar and tracking? Is that even possible? I suppose I'll have to go out and push the button and ask. Seems like a Netflix moment for them at this point and the only way to get them to say "I messed up" is going to be a lot of cancellations that demand repayment of money already given them.
Why guess when you can know? Measure!
Excellent timing- I was in the market for a new Truck. I've been looking at the LTZ 4x4 crew and the F350 same options, leather etc.. Only problem is now I wouldn't get a ford because of the convoluted Microsoft Sync interface and now Chevy has this? I guess Dodge and Toyota are all thats left. When are these corporate clowns going to get it? I guess there is too many Bobs in the world willing to give all their info and privacy and enough misinformation (read Media Jerks) that having a few informed opinions is usually discounted as foolishness or urban legend (They wouldn't do that ! etc...)
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
Buy a car without OnStar. My Touareg doesn't have it.
Are you sure? A previous post explained that the OnStar functionality has been moved into the drive-train computer, and the antenna is now internal. So it could easily be there now, but without the UI.
We've already read a few descriptions of auto "hackers" doing things like turning cars off via a wireless command, overriding the driver. Most new cars now have onboard computers, which are generally very poorly documented. When you inquire, you get a lot of replies that included phrases like "trade secret" and "no user-servicable parts". So the reasonable assumption should be that there are a lot of things hidden in there that they don't want you to know about (until it's too late for you to do anything about it ;-).
Any reasonable computer/network hacker would now be awaiting the slowly-growing flock of horror stories about auto-computer misbehavior. The history of auto makers' acknowledgement (and publicity) of hardware bugs is quite instructive here. Their nearly-universal approach has been to threaten or prosecute people who publicize information about hardware bugs, and only release information when those evil government regulators order them to do so. The computer industry has reacted similarly to "security" issues. Why would we expect a different approach to automotive software bugs?
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
I purchased a Chevy vehicle equipped with OnStar for my wife and cancelled the OnStar service on day 1 because I don't like the idea of GPS location history of my vehicle's whereabouts sitting in a database somewhere. I also don't like the idea of GM being able to get access to my maintenance history so they can say "Oh, looks like you went 500 miles over on your last scheduled oil change, no warranty for you!".
I was *very* clear with the rep I spoke to that I didn't want my vehicle to send any data to OnStar, but you can never tell with those $10/hr phone monkeys working in the call centers. They probably get a day of training and then are turned loose on the phones. Who knows if they know what they're talking about, and companies make it impossible to actually talk to someone that would have that info.
Is there something I can physically unplug to disable the data connection?
GM has officially announced that it is going to track people with OnStar devices, regardless of whether they have an active account. Which means they are going to sell the data... that is the ONLY plausible motive they have for doing so.
I told you so ^2.
AC = Case not proven lol
There is no XUL, only WebExtensions...