Slashdot Mirror
OnStar Terms and Conditions Update Raises Privacy Concerns
PainMeds writes "An article by author Jonathan Zdziarski reveals that OnStar has recently updated their terms and conditions to allow the company to sell customer GPS coordinates, vehicle speed, and other information to third party marketers and analytics companies, where it could be used for a number of nefarious purposes. He says, 'To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling. ... It sounds as though OnStar is poising part of their analytics department to be purchased by a large data warehousing company, such as a Google, or perhaps even an Apple. Do you trust such companies with unfettered access to the entire GPS history of your vehicle?"
Do you trust such companies with unfettered access to the entire GPS history of your vehicle?
Of course I don't. I don't own a vehicle that has the ability to be shut off remotely either, because I don't trust a company or the systems with something that important. I would not trust the electric company with my refrigerator either. The very fact the control exists with a 3rd party is unacceptable.
If you are worried about being tracked, OnStar is the least of your concerns. It applies to a single source of data that is not always with you.
Anybody that really cares about this should wonder what data is being collected with your smart phones, etc. Verizon can track you better than OnStar ever could.
All of your devices with their own dedicated data connections also track you far better. Sprint HotSpot? Those things can track you just like a cell phone too.
The only thing surprising about this is that OnStar tried slipping it into the TOS, except just selling the data anyways with some legal sleight of hand.
OnStar is just now raising privacy concerns?
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
Yeah.....Hell, I bet they'll make a fortune selling the information to your car insurance's marketing department so that they'll know how to target you to sell you more insurance and raise your premium.
Can you even disconnect it from your car if it comes built in, without paying someone at the least ( or rendering parts of your car non operational at worst )?
---- Booth was a patriot ----
Has anyone hacked their car to spoof OnStar packets and send them assloads of chaff? I don't see anywhere in the contract where it says you can't send them any GPS coordinates you want. Success will be measured by the number of OnStar-equipped vehicles shown to be commuting across the Atlantic Ocean on a regular basis. Why yes, I believe my vehicle is currently somewhere in Afghanistan. The bloke said he had lots of important packages he needed to deliver. He seems like a nice guy and always returns it when he's done doing whatever he does with it. Even rolls back the odometer for me. Why do you ask?
Time to get a screwdriver and cut out the cancer that OnStar has become.
I believe you can just pull a dedicated fuse, actually.
The fact that OnStar took pains to alter their ToS in this specific fashion means that they're clearly thinking about it and perhaps even planning to do it. The INTENT is clearly stated, and intent is all that matters. Since OnStar intends to make such a thing legally and technically feasible, they can't be trusted NOT to do it.
Of course this is the reason that the US gov't required GM to make OnStar standard equipment as part of the auto industry bailouts. Anyone who didn't see this coming deserves to be tagged and tracked like the sheeple they are.
"I assumed blithely that there were no elves out there in the darkness"
I just received a notice from State Farm Insurance that if I allow them to collect OnStar data I "MIGHT" get a discount on my insurance. Uhhh... yeah... I'll be sure to do that. (NOT) I'm fairly certain that this is only the tip of the iceberg. How long before the car automatically calls the police when you exceed the speed limit?
I used to work in the IT end of the insurance industry, and believe me, data is their bread and butter. Insurance companies would love to have something like this.
I also have to agree with the other posters: as we have seen in recent years with TOS from Facebook, Google and others, if it's in there, they're probably going to do it. They don't hire lawyers to put that stuff in there for no reason... it isn't worded in such a way that it would really cover their asses for any liability, if they DON'T do it. So then... why else is it there?
Third, "anonymized" data, as we know very well by now, does not guarantee privacy. Especially location data. If you know where somebody lives, it should be easy to follow their movements with that data, anonymized or not.
And finally: after all these years, I get to say "I told you so" to the people who got OnStar. After all, it's not as though this wasn't foreseen by a lot of people.
My real question in all of this is, Who is asking for this information?
Google would like to know where the traffic jams are. Stores would like to know who drives by and does not stop. Your insurance company would like to know how fast you are driving. The police would like to know who was driving away from the bar at closing time. And your wife's divorce lawyer would like to know where you were late Tuesday night.
His viewpoint is basically "if you're not breaking the law, what do you have to worry about?"
People who say this always seem to forget that, one day, there might be laws that are well worth breaking; that in order to keep your humanity, you will have to break.
Just to rifle through the last few months of news: what if you were Libyan under Gaddafi or Egyptian under Mubarak? I would be glad, were I in that situation, not to have a fucking device in my car reporting my whereabouts in a governmentally accessible manner.
I think the whole idea of protecting rights is to do so for the future, not necessarily for the present.
From http://wnd.ha-hosting.com/index.php?fa=PAGE.view&pageId=346997
"Sen. Ron Wyden, D-Ore., and Rep. Jason Chaffetz, R-Utah, have introduced the truly patriotic Geolocation Privacy and Surveillance Act, supported by the ACLU, that "requires the government to show probable cause and get a warrant before acquiring the geolocational information of a U.S. person."
This would apply, among other forms of such tracking, to cell phones. It would also require telecommunications companies (including providers of cell phones) to get our consent to collect data from locations where we use them. Where do we go with cell phones in our ears? These companies, without telling us, already convey this location information to the FBI without our knowing we're being tracked as we talk. "
Chaos maximizes locally around me.
Do you trust such companies with unfettered access to the entire GPS history of your vehicle?
No, I trust nobody with something like that.
Not only are they making profit from something deeply private, but the data can easily be abused in a number of ways. It might be that you happened to be in an area where something bad happened, and right away you're a suspect just because you were in the area. You stand out because someone can document that you were there. They're not documenting that you did something wrong but the very thing that you were there, makes you a suspect.in particular compared to others who were also there but whose location wasn't documented.
We already see a similar issue with DNA profiles. The initial (quick) profile only uses a handful markers and they're not all that unique. A typical crime scene sample will yield dozens of partial matches, also due to it like being slightly contaminated which lowers the match probability. You then have to seek out all the partial matches and review them, probably interview them and perhaps detain one or two. And you still have the very likely possibility that the perpetrator isn't in the register at all.
After a few weeks the full profile is available and you'll most likely either have the perpetrator or realize that you don't. Now, having spent weeks in jail, suspected of some evil crime, you might get completely exonerated and probably financially compensated, but you'll carry that branding of 'criminal' forever, and that can never be removed. Usually there's nothing to suspect you other than the DNA matching, but DNA is such a strong piece of evidence that it in itself usually is enough to get you thrown in jail.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
I used to work for a company that makes and is marketing a GPS tracking system exactly for this purpose. It includes their proprietary GPS tracking device and firmware, and server side software to store the data and do preliminary analysis (but the insurance companies mostly just care about the raw data and will do their own processing). And the insurance companies are very interested in buying data on where and how you drive. So this is pretty much a sure bet. I have to say that I wasn't very comfortable working for a company making 'big brother' devices.
Another use for this kind of data is for road charging programs for the government. Governments get a lot of their money for upkeep of the roadways from fuel taxes. But as fuel economy goes up, the relative tax revenue for miles driven (which translates to wear and tear on the roads) goes down. So many governments are looking to charging for road use. i.e. pay for the amount of miles/kilometers driven, based on the type of road (expressway, interstate/motorway, two lane blacktop, city cores, etc), time of day (peak/off peak hours), and type of vehicle. Something like Onstar technology fits in nicely with this too.
-- I ignore anonymous replies to my comments and postings.
My uncle has a country place
That no one knows about.
He says it used to be a farm,
Before the Motor Law.
And on Sundays I elude the Eyes,
And hop the Turbine Freight
To far outside the Wire,
Where my white-haired uncle waits.
Jump to the ground
As the Turbo slows to cross the Borderline.
Run like the wind,
As excitement shivers up and down my spine.
Down in his barn,
My uncle preserved for me an old machine,
For fifty-odd years.
To keep it as new has been his dearest dream.
I strip away the old debris
That hides a shining car.
A brilliant red Barchetta
From a better, vanished time.
I fire up the willing engine,
Responding with a roar.
Tires spitting gravel,
I commit my weekly crime...
Wind-
In my hair-
Shifting and drifting-
Mechanical music-
Adrenalin surge...
Well-weathered leather,
Hot metal and oil,
The scented country air.
Sunlight on chrome,
The blur of the landscape,
Every nerve aware.
Suddenly ahead of me,
Across the mountainside,
A gleaming alloy air-car
Shoots towards me, two lanes wide.
I spin around with shrieking tires,
To run the deadly race,
Go screaming through the valley
As another joins the chase.
Drive like the wind,
Straining the limits of machine and man.
Laughing out loud
With fear and hope, I've got a desperate plan.
At the one-lane bridge
I leave the giants stranded at the riverside.
Race back to the farm, to dream with my uncle at the fireside
- Rush, Red Barchetta, Moving Pictures
"I'm just here to regulate funkiness."