Slashdot Mirror
Car Manufacturers Are Tracking Millions of Cars (boingboing.net)
Cory Doctorow writes:
Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print.
Slashdot reader Luthair adds that "OnStar infamously has done this for some time, even if the vehicle's owner was not a subscriber of their services." But now 78 million cars have an embedded cyber connection, according to one report, with analysts predicting 98% of new cars will be "connected" by 2021. The Washington Post calls it "Big Brother on Wheels."
"Carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do."
Slashdot reader Luthair adds that "OnStar infamously has done this for some time, even if the vehicle's owner was not a subscriber of their services." But now 78 million cars have an embedded cyber connection, according to one report, with analysts predicting 98% of new cars will be "connected" by 2021. The Washington Post calls it "Big Brother on Wheels."
"Carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do."
What about second-hand buyers? They don't typically sign a contract with original dealer or manufacturer.
Table-ized A.I.
Either roaming herds of killer cars, stalking prey in the cities.
Or more likely massive data breaches followed by ransomware on your car's display.
Maybe the manufacturers can make some extra money selling the data to their countries security agencies.
I can't find the source any more but any 2018 and later year model vehicle in US must be sold with remote engine kill capability. That's why I bought a 2017 car and will keep it for as long as it runs, and then I'll be digging some old junker with a distributor and carburetor.
I did so intentionally and I've bought older cars and put money into fixing up an older vehicle I already owned from 2005 to avoid this crap. I have a 2002 and a 2005 vehicle. One has 170,000 miles on it and the 2002 I bought has 125,000 miles on it. My intention is to keep these vehicles running for as long as I possibly can. I'm imaging this setup is only going to work for another 5-10 years. At which point I'll have to see what is available on the market which can reasonably replace it that is old. The problem is going to be finding cars with low mileage and in good condition that can continue on and be fixed up. I would buy a new car if this crap wasn't on it.
It was just about saving money but this is a good reason too.
"Science is the power of man"
We need a law to require all data collected be anonymized to protect our privacy, and it's not going to be easy because I'd doubt 1 in 10 members of Congress would understand the technology. In addition, Google, Facebook, Verizon, and GM will all lobby Congress to prevent this from happening.
If we're going to recapture our privacy, the data has to be anonymized at the source, we can't leave it up to companies like Apple, just trusting that they're assigning us a token rather than tying the data collected to our actual identity.
Now, I know that requesting a new token is likely to reset what the company knows about our behavior, which is likely to negatively affect the services they're providing us. I just think that each customer should be able to decide whether they want privacy or convenience from each company.
I have a new Camry and they offer Entune as their media/entertainment/communications. And they work really, really hard on getting you to install it. It uses your phone's cellular data plan for communications of course, so they very well may send a lot of personal information over that line. They give you two years for free and then they charge you for it. I never installed it as it's received terrible reviews and you need a wired connection to use it reasonably.
...and she said everything was okay, that nobody was tracking anything.
Mine would be more like:
127.0.0.1 *
I've seen the idea of simply disconnecting the car's communications antenna(s), but I don't know what the unintended side-effects of this may be, or how complicated that procedure would actually be.
If you could find the GPS and cell antennas you could cover them with tin foil. Wouldn't surprise me if the black box antenna locations are documented somewhere. Of course you could live like me "with nothing to hide" grrrrrr. If they rigged the car to malfunction after (30 days) of no-ping - remove the cover while near a dealership - that should update the car and send them a message. To even be talking about how to blind your car is insane & necessary.
I suppose since I buy 10yr old cars, I have some time before I have to deal with this crap. :D
L'Idiot
As of 18th May there are strong limits on slurping up data without explicit buy in from the subject.
Now I have to cover my car in tin foil too.
It must have been something you assimilated. . . .
It's pretty easy to yank the onstar box in your vehicle. I recommend doing it just for security reasons. A CAN network should absolutely be air gapped.
Does anyone know HOW the data leave the car? If a vehicle doesn't have OnStar, even as an option, then how? WiFi? Special radio band? (Cellular ain't cheap [25 GB?!] and the manufacturers don't own any cellular towers.)
http://www.businessinsider.com...
Ford Exec: 'We Know Everyone Who Breaks The Law' Thanks To Our GPS In Your Car
Slashdot has become an echo chamber.
What about the benefits of sending data back? Have you ever tried to actually deal with people, especially when money is on the line? I mean I want people to be happy with their product, and I don't enjoy angry accusatory phone calls...
People very often lie when something goes wrong, and even if telling the truth would help us both out (better, longer lasting product) AND get the problem fixed faster, but we spend so much time and effort going over false or completely made-up observations and emotionally charged statements.
So what if the data can say something (hypothetical situation)?
Customer account: "the bearing just failed, you stupid morons and your cheap bearings and your constant cheaping out, also there's a crack in your windshield, what are you cheapening out on your glass you better get those people in line, I want this replaced or I'll never buy again..."
The data says: Your drive is otherwise pretty smooth and you're otherwise treating your car well. BUT, at a regular point every day for the past 3 months, there is this large spike on the acceleration detector.
Customer: oh yeah, damn that Department of Transportation. They won't fix that damn pothole so I just run over it every day at high speed.
(okay, so if you knew we were watching for high-energy events at risk to your warranty, maybe you'd have avoided that pothole?)
((and oh, I'll save so much money not having to ream the bearing vendor and take samples, that I'll probably honor your warranty claim anyway. pfft in real cost what's a wheel bearing set replacement and tire balancing/alignment anyway?))
Okay, dear customer, please proceed to the nearest dealership for your warranty replacement, if you know which one you want I can put them on the line right now, have a nice day.
You'd have a lot more credibility if you a) hadn't posted as AC, b) could say with a straight face that any savings resulting from installing spyware in people's cars would be reflected in reduced sticker prices, and c) acknowledged that people's privacy concerns are at least as legitimate as your shareholder protectionist stance. If you're gonna shill, at least put some effort and imagination into it.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
It's nearly 20 years old...Oh wait. I did plug an OBD-II gadget that connects to my phone and there is that dash-cam. Crap. My privacy doesn't exist.
Not that Verizon wasn't already more aware of where I am than I am. And literally like clockwork, my fitness tracker gizmo has just vibrated to tell me I should get off my ass - and I know it talks to servers in China too. I try to stop it. I'm not sure how successful I've been but I did install a firewall on my phone.
I suspect the firewall app is the real spyware. Netflix knows what I watch. Amazon knows what I buy. Even though I don't have a FaceBook account they probably have a profile on me.
Even the liquor store where I buy beer wants my email address. Why should the sale of alcohol involve an e-mail adress? They said they had just partnered with - I cannot even remember what idiotic website. They're outsourcing the tracking!
When I was a kid I thought Radio Shack's Battery of the Month Club card was awesome. I always needed batteries. What did Radio Shack get out of it? I wasn't really sure but I found out later in life that a customer's information was worth 26 cents to my employer at the time. I was shocked, but also felt a bit naive - of course their customer database was valuable...and of course they sold it.
Ford has cell phone modems in their electric (Focus Electric) and PHEV (C-Max and Fusion) cars. According to the service manual a lot of information is provided to that modem but only a small part shows up on the App or website. No way of knowing if the modem just uploads that limited subset of data or if everything is uploaded with the rest kept for Ford use only.
They missed out on my data for the 1st 3.4 years I owned my PHEV because the original modems only did 2G AT&T and our AT&T tower only had 3G (it was installed after the 2G shutdown was announced). Ford finally replaced all the modems at the very very end of 2016 with 3G models.
It is depressing how the TCP design standardized hostfiles on Windows, Unix, Apple and derivatives so that hostnames can be blocked, but we're running into intentional crippling
1) No wildcards. You have to know all the domains and subdomains in advance
2) No whitelist-only setup (there are those of us dedicated enough to use block everything and approve every site upon examination --proof? NoScript)
3) No obligation for the OS to obey you, given how Microsoft's Windows 10 setup ignores inconvenient blocks in the guise of protection against Virus meddling.
4) No IP-specific redirection or blocking. This would be helpful to protect us from Chinese and Russian address ranges. When malware (including Microsoft) bypasses DNS with known hardcoded IPs, it's game over. New Zero Day IPs are an issue. We can use external routing hardware to block (and IPs will change anyway) but that hardware isn't home-friendly even if you know enough to use DD-WRT, Pi or commercial hardware.
Would anyone else consider having (or even speccing out) a vehicle that is "Certified" as not interconnected to others in any way?
Things like no Sirius/XM, no internal WiFi, no built in GPS, etc.
Obviously, there is a need for built in Bluetooth for Hands Free phone operation. Beyond that, what else dopes everyone consider truly needed?
Would having such a certified Dumb Vehicle even be a worthwhile selling point?
I do want an autonomous car. But that doesn't mean a remotely controlled one.
I think we've pushed this "anyone can grow up to be president" thing too far.
Yeah, but the trucking companies own their trucks and they *want* the coverage for legitimate reasons. I'm all in favor of that.
I think we've pushed this "anyone can grow up to be president" thing too far.
What reason do you have to think that the end user (i.e. purchaser of the vehicle) will receive any benefits from this system? Can you point to any benefits so far that don't require extra payment in advance?
I don't drive, so I'm a "relatively" unbiased observer of this debate, but nobody, including you, has mentioned any benefits so far that weren't paid extra for in advance.
I think we've pushed this "anyone can grow up to be president" thing too far.
The article, or at least the summary, is wrong when it call this more intrusive than cell phones. Cell phones definitely track your location, well, the location of the phone, at all times. They contain a lot more personal data. And they are more often broken into and the data widely shared.
That's not saying this additional intrusion isn't evil. But lets not engage in false hyperbole.
I think we've pushed this "anyone can grow up to be president" thing too far.
Software freedom (a computer owner's freedom to run, inspect, share, and modify published computer software) is a viable cure for this just as it would have been a great way to thoroughly address the recent VW fraud where that company (and many other automakers) cheated emissions checking by having the software control emissions differently during testing than during regular car use. Fines, firings, and forcing automakers to accept returned cars in exchange for money won't fix these problems and they won't help car owners own the vehicles they ostensibly own. Software freedom can by allowing car owners to determine their own limit for how much they're willing to make their cars obey their will (including not leaking data about the car's use without their consent). This is ultimately an ethical issue (how should we treat people with regard to computers?) and yet another spying issue (spying is big business and turning a blind eye to software freedom is indistinguishable from letting abusive proprietors have their way).
Digital Citizen
I'll accept the CVT repair as a potential benefit, but before I actually accept as an actual benefit I need to know that those who received the "improvement" considered it an improvement. Searching for "CVT automobile transmission automatic upgrade" (without quotes) didn't return any hits on the first page.
The assertion(2) that it helps make newer cars better is a (potential) benefit to the community, but probably not measurably to the individual driver. It's also not proven. That kind of information is just about as often used to make things chintzier. Perhaps more often. True, that *could* lead to lower prices, but that's far from guaranteed, and often doesn't happen.
In the past the situations where this kind of information has been used to the benefit of the operator of the vehicle was in situations where the vehicle was owned by the company/agency that was doing the data collection. Trains and airplanes are examples. When it's been collected by the manufacturer (after sale) it has much more frequently been used to hide problems. It's not clear to me why I shouldn't expect that pattern to continue.
I think we've pushed this "anyone can grow up to be president" thing too far.
Data plans ain't cheap here.
Abusing the hosts file for blocking was never intended and is, still, a stupid and unreliable hack. Also that's got nothing to do with TCP. Please try to be less confused, also the moron who wasted a mod point on you.
CLI paste? paste.pr0.tips!
But if people can t even be bothered to read "purchase contracts", I don't know what to say.
There shouldn't BE a purchase contract, just a bill of sale.