Slashdot Mirror
Car Manufacturers Are Tracking Millions of Cars (boingboing.net)
Cory Doctorow writes:
Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print.
Slashdot reader Luthair adds that "OnStar infamously has done this for some time, even if the vehicle's owner was not a subscriber of their services." But now 78 million cars have an embedded cyber connection, according to one report, with analysts predicting 98% of new cars will be "connected" by 2021. The Washington Post calls it "Big Brother on Wheels."
"Carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do."
Slashdot reader Luthair adds that "OnStar infamously has done this for some time, even if the vehicle's owner was not a subscriber of their services." But now 78 million cars have an embedded cyber connection, according to one report, with analysts predicting 98% of new cars will be "connected" by 2021. The Washington Post calls it "Big Brother on Wheels."
"Carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do."
The manufacturers are just following the eurocrat's lead, called "eCall".
This does not excuse either, nor makes it either a good idea, of course.
What about second-hand buyers? They don't typically sign a contract with original dealer or manufacturer.
Table-ized A.I.
Either roaming herds of killer cars, stalking prey in the cities.
Or more likely massive data breaches followed by ransomware on your car's display.
Maybe the manufacturers can make some extra money selling the data to their countries security agencies.
I can't find the source any more but any 2018 and later year model vehicle in US must be sold with remote engine kill capability. That's why I bought a 2017 car and will keep it for as long as it runs, and then I'll be digging some old junker with a distributor and carburetor.
I didnâ(TM)t sign any contract related to tracking when I bought my car as far as Iâ(TM)m aware. I did sign up for XM with the built in stereo but I would love to know if I am being tracked. It would be the deciding factor on wether I file a massive law suit.
How is this in any way compatible with the new EU GDPR regulations?
It's relatively simple to unplug the telematics module. Most people will be too afraid to pull the stereo out, but it's an easy hack.
and put "blocks" in. Create your own version of a "host" file.
127.0.0.1 ford.com
127.0.0.1 gm.com
127.0.0.1 onstar.com
etc... LOL!
The Truth is a Virus!!!
I did so intentionally and I've bought older cars and put money into fixing up an older vehicle I already owned from 2005 to avoid this crap. I have a 2002 and a 2005 vehicle. One has 170,000 miles on it and the 2002 I bought has 125,000 miles on it. My intention is to keep these vehicles running for as long as I possibly can. I'm imaging this setup is only going to work for another 5-10 years. At which point I'll have to see what is available on the market which can reasonably replace it that is old. The problem is going to be finding cars with low mileage and in good condition that can continue on and be fixed up. I would buy a new car if this crap wasn't on it.
It was just about saving money but this is a good reason too.
"Science is the power of man"
How'd you get so smart? I wanna be smart.
Yep and we have had black boxes in cars to that record and don't be surprised if they find a way to incorporate those camera's into a form of data gathering for accidents to. In fact many trucking companies have duel facing camera's to record 14 seconds of a accident or any record of a panic action occurring. Guess the paranoid people better just stay home. By the way, you can disconnect OnStar and most of these devices if you wish.
We need a law to require all data collected be anonymized to protect our privacy, and it's not going to be easy because I'd doubt 1 in 10 members of Congress would understand the technology. In addition, Google, Facebook, Verizon, and GM will all lobby Congress to prevent this from happening.
If we're going to recapture our privacy, the data has to be anonymized at the source, we can't leave it up to companies like Apple, just trusting that they're assigning us a token rather than tying the data collected to our actual identity.
Now, I know that requesting a new token is likely to reset what the company knows about our behavior, which is likely to negatively affect the services they're providing us. I just think that each customer should be able to decide whether they want privacy or convenience from each company.
I have a new Camry and they offer Entune as their media/entertainment/communications. And they work really, really hard on getting you to install it. It uses your phone's cellular data plan for communications of course, so they very well may send a lot of personal information over that line. They give you two years for free and then they charge you for it. I never installed it as it's received terrible reviews and you need a wired connection to use it reasonably.
...and she said everything was okay, that nobody was tracking anything.
If you could find the GPS and cell antennas you could cover them with tin foil. Wouldn't surprise me if the black box antenna locations are documented somewhere. Of course you could live like me "with nothing to hide" grrrrrr. If they rigged the car to malfunction after (30 days) of no-ping - remove the cover while near a dealership - that should update the car and send them a message. To even be talking about how to blind your car is insane & necessary.
I suppose since I buy 10yr old cars, I have some time before I have to deal with this crap. :D
L'Idiot
As of 18th May there are strong limits on slurping up data without explicit buy in from the subject.
Now I have to cover my car in tin foil too.
It must have been something you assimilated. . . .
It's pretty easy to yank the onstar box in your vehicle. I recommend doing it just for security reasons. A CAN network should absolutely be air gapped.
Slashdot has become an echo chamber.
What about the benefits of sending data back? Have you ever tried to actually deal with people, especially when money is on the line? I mean I want people to be happy with their product, and I don't enjoy angry accusatory phone calls...
People very often lie when something goes wrong, and even if telling the truth would help us both out (better, longer lasting product) AND get the problem fixed faster, but we spend so much time and effort going over false or completely made-up observations and emotionally charged statements.
So what if the data can say something (hypothetical situation)?
Customer account: "the bearing just failed, you stupid morons and your cheap bearings and your constant cheaping out, also there's a crack in your windshield, what are you cheapening out on your glass you better get those people in line, I want this replaced or I'll never buy again..."
The data says: Your drive is otherwise pretty smooth and you're otherwise treating your car well. BUT, at a regular point every day for the past 3 months, there is this large spike on the acceleration detector.
Customer: oh yeah, damn that Department of Transportation. They won't fix that damn pothole so I just run over it every day at high speed.
(okay, so if you knew we were watching for high-energy events at risk to your warranty, maybe you'd have avoided that pothole?)
((and oh, I'll save so much money not having to ream the bearing vendor and take samples, that I'll probably honor your warranty claim anyway. pfft in real cost what's a wheel bearing set replacement and tire balancing/alignment anyway?))
Okay, dear customer, please proceed to the nearest dealership for your warranty replacement, if you know which one you want I can put them on the line right now, have a nice day.
Does anyone know HOW the data leave the car? If a vehicle doesn't have OnStar, even as an option, then how? WiFi? Special radio band? (Cellular ain't cheap [25 GB?!] and the manufacturers don't own any cellular towers.)
I wonder if government vehicles has this "we know were you are" feature?
http://www.businessinsider.com...
Ford Exec: 'We Know Everyone Who Breaks The Law' Thanks To Our GPS In Your Car
Some important vehicles have a GPS tracking. But they don't do that for your run of the mill post moped delivering letters.
You got me! Mine is at my house.
*Hangs head in shame*
Been obvious to me (ten+ years)
It's nearly 20 years old...Oh wait. I did plug an OBD-II gadget that connects to my phone and there is that dash-cam. Crap. My privacy doesn't exist.
Not that Verizon wasn't already more aware of where I am than I am. And literally like clockwork, my fitness tracker gizmo has just vibrated to tell me I should get off my ass - and I know it talks to servers in China too. I try to stop it. I'm not sure how successful I've been but I did install a firewall on my phone.
I suspect the firewall app is the real spyware. Netflix knows what I watch. Amazon knows what I buy. Even though I don't have a FaceBook account they probably have a profile on me.
Even the liquor store where I buy beer wants my email address. Why should the sale of alcohol involve an e-mail adress? They said they had just partnered with - I cannot even remember what idiotic website. They're outsourcing the tracking!
When I was a kid I thought Radio Shack's Battery of the Month Club card was awesome. I always needed batteries. What did Radio Shack get out of it? I wasn't really sure but I found out later in life that a customer's information was worth 26 cents to my employer at the time. I was shocked, but also felt a bit naive - of course their customer database was valuable...and of course they sold it.
Ford has cell phone modems in their electric (Focus Electric) and PHEV (C-Max and Fusion) cars. According to the service manual a lot of information is provided to that modem but only a small part shows up on the App or website. No way of knowing if the modem just uploads that limited subset of data or if everything is uploaded with the rest kept for Ford use only.
They missed out on my data for the 1st 3.4 years I owned my PHEV because the original modems only did 2G AT&T and our AT&T tower only had 3G (it was installed after the 2G shutdown was announced). Ford finally replaced all the modems at the very very end of 2016 with 3G models.
Would anyone else consider having (or even speccing out) a vehicle that is "Certified" as not interconnected to others in any way?
Things like no Sirius/XM, no internal WiFi, no built in GPS, etc.
Obviously, there is a need for built in Bluetooth for Hands Free phone operation. Beyond that, what else dopes everyone consider truly needed?
Would having such a certified Dumb Vehicle even be a worthwhile selling point?
The article, or at least the summary, is wrong when it call this more intrusive than cell phones. Cell phones definitely track your location, well, the location of the phone, at all times. They contain a lot more personal data. And they are more often broken into and the data widely shared.
That's not saying this additional intrusion isn't evil. But lets not engage in false hyperbole.
I think we've pushed this "anyone can grow up to be president" thing too far.
I'm quite sure that if it's a difference between a commission on a $50K car or turning off this capability (or striking the language), the Sales guy will take the $50k.
It's one thing to give up you're data for "free", quite another when you're paying $50k for the priviledge.
But if people can t even be bothered to read "purchase contracts", I don't know what to say.
Software freedom (a computer owner's freedom to run, inspect, share, and modify published computer software) is a viable cure for this just as it would have been a great way to thoroughly address the recent VW fraud where that company (and many other automakers) cheated emissions checking by having the software control emissions differently during testing than during regular car use. Fines, firings, and forcing automakers to accept returned cars in exchange for money won't fix these problems and they won't help car owners own the vehicles they ostensibly own. Software freedom can by allowing car owners to determine their own limit for how much they're willing to make their cars obey their will (including not leaking data about the car's use without their consent). This is ultimately an ethical issue (how should we treat people with regard to computers?) and yet another spying issue (spying is big business and turning a blind eye to software freedom is indistinguishable from letting abusive proprietors have their way).
Digital Citizen
Systems like OnStar will brick the car if you disable them, but if you cut the antenna leads the system doesn't know that it's just not parked in a tunnel or something. Barring that, if we know the frequency we can install a very low power antenna next to their antenna and jam the signal.
Data plans ain't cheap here.