Connected Cars Don't Necessarily Disconnect Previous Owners When Resold

A modern car should be treated like a personal computer. Before you sell it, you should make sure all connections are severed and personal information is wiped before handing the keys to the buyer. The Drive reports of a former Volkswagen owner who recently discovered that her connection to her car lingered even after her old car was sold to a new owner. In what may seem like a public service announcement, The Drive writes: "It's up to you to wipe out your data and connections, not the dealer or manufacturer." From the report: Ashley Sehatti sold her 2015 Jetta back to her local VW dealer back in December. Like most car owners, she figured that was the end of it. So she was baffled when she continued to get monthly reports about her car's health. After receiving April's report, she attempted to log into her account for Car-Net, Volkswagen's connected car service. Much to Sehatti's surprise, she found that not only was her account still active, she still had access to her old car. She could see its current mileage, the status of its locks and lights, and, most disturbingly, its current location on a map. Sehatti was not aware that she, not Volkswagen or her dealer, was responsible for disabling access to Car-Net when she sold the car. Its new owner likely didn't sign up for the Car-Net service, which meant that Sehatti's access remained available, even though she didn't even want it. "Our Car-Net Terms of Service explicitly outlines that as a subscriber, the customer has the responsibility to terminate the contract when selling their vehicle," writes Catharina Mette, the head of technology communications for Volkswagen Group's North Americas region. "This is a practice common in the industry." The takeaway here is to read the Terms of Service because most car owners don't do so in any great detail.

Scissors. Antenna cable.

[b0s0z0ku]

Scissors. Antenna cable. Problem solved. Even if only I have access to the app and web site, the servers themselves (run by the automaker) have access to my car. Why the hell would I let someone else's server have access to my car? The only way I'd allow that is if they allowed use of your own encryption keys. Load an encryption key into the car with a USB, push the same key to your phone and computer. Anyone without the key, including the automaker themselves, shouldn't be able to shut down your car, lock it, unlock it, or read its location. Minus they key, they should only be able to do firmware updates, but only with your permission, at a time scheduled by you.

If you're dumb enough to sign up

[quonset]

Why would anyone think signing up for an account meant that account would somehow cease to exist once you no longer owned the car? Not only that, why would one sign up for an account which explicitly links you to your car?

Oh right. Forgot. Because you can have your "smart" phone linked to your car so you can fiddle with apps instead of concentrating on the road.

As has been said about Facebook, you deserve what you get. Stop treating cars like a computer and stick to driving.

What can the new owner do?

[BitterOak]

As I understand this, it is the responsibility of the seller to terminate the service before selling the car, but if the seller fails to to this, the seller has access to the car's information, including its location, after the sale. This sounds like it would impact the privacy of the new owner, not the seller. In other words party A is responsible for taking steps to protect the privacy of party B. This doesn't sound like a good system. Is there anything a new car owner can do to ensure that no private information (such as location) is leaked to the previous owner?