Hacker News new | past | comments | ask | show | jobs | submit login
A CBP contract shows the risks in connecting your vehicle and your smartphone (theintercept.com)
246 points by jbegley 10 days ago | hide | past | favorite | 249 comments





So do I have to ride horses to get my privacy back now?

I would totally buy a brand new car without all the "visible" electronics (by visible I mean all the screens and doodads. I don't mind ABS and other "invisible" electronics as long as they are reliable which is not a given nowadays).

I don't get the point of turning the interior of a car into a smartphone experience.

I watched a YT video of a Mercedess class S review. So many screens, leds, buttons etc. The reviewer was so busy fiddling with the controls that he never saw a pedestrian woman wanting to cross the road. If she hadn't payed attention he would probably have hit her.


Honestly, non-tactile buttons on a car seems ridiculous. You HAVE to look away from the road to do anything. Tactile buttons let you feel around to do things if you need to. That change has made zero sense to me.

It's also scary just how many controls there are now, tactile or otherwise, that have little to do with safely driving the car and navigating efficiently to your destination. Until we have truly autonomous vehicles, all those distractions are accidents waiting to happen (or sometimes, sadly, not waiting).

Touch controls for anything a driver needs to manipulate while driving are obviously ridiculous, so there's not much else to say there. But given how dangerous using a phone while driving is under most circumstances, what on earth are phone-related controls doing taking up prime real estate on a steering wheel in so many modern vehicles, even if they're tactile? Either way, it's like the car makers said "OK, we get that using these features while driving is about as dangerous as driving while you're drunk, but the kind of person who will buy our premium vehicles is going to be grossly irresponsible anyway, so they might as well have an easy time doing it."

And then after distracting the driver's attention and giving them lots to look at other than what they actually need for driving, they act all surprised that the driver who was "required to be fully aware and able to take over control of the vehicle immediately at any time" was messing around with the infotainment system with lane keeping, cruise control and automatic distance keeping turned on instead of watching the road, and point to the legal small print when the inevitable tragedy happens because of course the driver was not actually able to take over immediately when something unexpected happened.

This whole issue makes my blood boil. It's like the worst example of prioritising flash and gimmicks at the expense of making something that actually works properly, and in a context where safety is a huge factor and people are literally dying unnecessarily every day. These kinds of idiocy should have been regulated out of existence the day after they were announced.


Especially with the shit microcontrollers they put into the toyota mid range cars and their lack of responsiveness. Really forces you to look at the screen when you fidget with it.

Those shit micros in the infotainment system are still running at least in the hundreds of MHz. PCs from 25 years ago with equivalent performance were responsive. It's poor software development practices that makes good enough hardware crawl at a snail's pace.

Using a cellphone while driving is illegal? Let's just make the whole car a cellphone! Brilliant!

It makes new wonder how these non-tactile buttons and entertainment systems are even legal to use while driving. And if you had to stop your car to adjust the radio then these touch screens would immediately disappear.


I swear I don't work for Mazda but their new cars actually have a feature that disables touch on the screen above 5km/h. You can still use the tactile buttons though.

It's actually not ideal because now the passenger can't use it either, but at least they've made an attempt to stop drivers interacting with the screen at high speeds.


Just seems strange that it's 2021 already and touchscreens are still considered acceptable in cars. https://www.theverge.com/2019/8/11/20800111/us-navy-uss-john...

Isn’t Mazda discontinuing use of touch screens?

I bought a Mazda CX-5 last year and in the dealership, one of the televisions was playing an endless loop of Mazda commercials, and one of the commercials was specifically about how all the important controls are on physical buttons / knobs / switches.

Mazda is clearly aware that they work better, but I'm sure customers who don't drive often or don't pay attention to the experience of driving simply assume that a larger touchscreen is better and somehow more modern.

I sometimes even turn the screen off completely, on long drives or at night; I only wish there was a dedicated button to do so.

The car is great too - it has dedicated buttons for pretty much everything else, including a dedicated, physical volume knob in the center armrest and track change buttons on the steering wheel, climate control, various driver assistance features, etc. It was all clearly designed with the driver in mind, and the touchscreen was an afterthought.


I drive a 2018 Mazda 3. The touch functionality is disabled while the car is moving, everything is done with a wheel and a few buttons. It works well but it's a pretty basic system (nav and audio that's it). I don't know if it could accommodate advanced features.

That is their plan as far as I know. And even before that, their interfaces have generally been pretty good about tactility. My '17 does have a touchscreen, but it is entirely optional and everything can be controlled using physical controls.

> I don't mind ABS and other "invisible" electronics as long as they are reliable which is not a given nowadays

These are pretty damned reliable, IMO, in absolute terms (before even giving credit for the fact than an automobile is pretty harsh environment for electronics with temperature and humidity swings, large voltage transients, poor grounds, mechanical shock/vibration, road salt, corrosion, etc). I've probably changed more power window regulators than ABS or EFI modules.


I've never had an EFI fail (knock on wood) but my main car right now has had a failed ABS for several years (too expensive to repair vs. value of the vehicle).

It's almost certainly a wheel sensor rather than the ABS module itself. They can be damaged during a brake job, etc.

or cheap, vs the cost of running someone down.

ABS does not significantly shorten stopping distances. It does provide improved steering control during brake applications that would otherwise exceed available traction, but I think it's extremely rare that ABS would be the difference between a pedestrian collision vs not. (They could just as easily choose a car that didn't have ABS as originally equipped and no one would say anything about the omission.)

> They could just as easily choose a car that didn't have ABS as originally equipped and no one would say anything about the omission.

That’s the kind of failure case I wish fancy electronics had. Component breaks = now you’re driving a lower trim-level. As opposed to $5000 touchscreen module dies and now you can’t use the car.


you do realise the point of things breaking is so that people would be coerced to make a new purchase...

Being able to control the vehicle during emergency braking would ostensibly allow you to steer around the obstacle or pedestrian prior to impact.

It does in skid conditions by detecting the slippage and releasing and reapplying the brake far faster than you could alone.

> So do I have to ride horses to get my privacy back now?

You say this in jest, but depending on your locale and transport needs, you could consider a motorcycle or bicycle. The interface is a bit like riding a horse, just more 21st century (obviously).

Modern bikes come with ABS and fuel injection, and tires these days are great. Motorcycles don't come with any of the annoying road-car nanny-state stuff. Riding a bike is cool too.


If I lived in the countryside (which I wouldn't mind) I would consider this, but otherwise I personally couldn't justify the risk. I forget where I read it, but the phrase "right of weight, not right of way" comes to mind. It's also why I love that my hometown allows riding bikes on sidewalks.

> It's also why I love that my hometown allows riding bikes on sidewalks.

This would be a dream.

I live in a reasonably deserted/seasonal neighbourhood, so it has a neat 2-lane divided avenue down the middle, but it is usually very empty (a car maybe every minute).

This doesn't mean I can ride anywhere but the very edge of the asphalt, almost tripping my pedals on the sidewalk rise (I forget the word in English), since drivers love to pick up some speed in the avenue and drive at frankly disrespectfully close distances, even though they could have almost entire lane of distance to a cyclist.


>> It's also why I love that my hometown allows riding bikes on sidewalks.

> This would be a dream.

Or the kind of urban nightmare where motorcycles (sorry, battery assisted bicycles) are rushing down sidewalks at 20 mph, barely missing baby carriages, dogs, and other humans.


Not here, because the sidewalks are not continuous or very well maintained, so such ill folk would not be able to rush at their desired maximum speed.

It is. Maybe you can take short trips somewhere close that allows it, or at least lets you feel a little safer?

> almost tripping my pedals on the sidewalk rise (I forget the word in English)

The curb?


That's the word, thank you!

> ... motorcycle or bicycle. The interface is a bit like riding a horse,

There is no truth to this: First, riding a horse is a _cooperative_ enterprise. You have to communicate with another living being and convince it to do what you want. It is not just a matter of pull one way to go in that direction. Second, the horse has a survival instinct. With good communication that instinct is lined up with your desires. A motorcycle, on the other hand, does not care whether it or you survive anything.

I am far from being a competent rider, but I'd rather be on a horse.


Anecdote:

The wife and I enjoyed a tourist horse ride. Because of my motorcycle past time I was assigned "the fast horse".

The enjoyable leisurely ride out only had a minor disagreement regards a path shortcut under a low hanging branch.

The ride back included a gallop in shallow lake waters.

Apoplectically incompetent I hung on for dear life trying to balance standing crouched in the stirrups while we proceeded to overtake everyone thanks to the horses own plan.

Thankfully the lead guide called forwards telling it to slow and it was someone else who fell off into the shallow water as we came to a stop.

I am far from being a competent rider - either horse or motorbike - but I'd rather be calling the shots!

To each their own. :-)


> but I'd rather be calling the shots!

With a horse, you get to communicate and convince. Also, stretching your legs and not squeezing would help.

> To each their own. :-)

Definitely.


I recall that fatalities per distance traveled of bikes is atrocious, like orders of magnitude higher than a car

Right on one order of magnitude where I come from (.au)

Which is still, while perhaps not as “atrocious” as plural “orders of magnitude”, without doubt something people considering riding bikes be fully aware of and prepared to accept the risk/consequences of.

I personally believe you can manage that risk. But I might be bullshitting myself because I want to ride because I enjoy it a lot. 32 years and approaching 1 million km on the bikes I own with my most serious injury being a dislocated shoulder is a fun/consequence ratio I’m happy enough to live with. (I suspect my decision there might be different if I had children or other similar responsibilities…)


Melbourne daily commuter rider (at the moment) here.

Risk management is a personal thing. If you are lax about it, expect lax outcomes - which explains a proportion of the 10x worse figure, but not all of it clearly. Some risks you can't mitigate much and humans with a metal shield around them are predictably better off.

Regards kids... I gave up my bike for $$$ to move cities. Upon first kid birth, I bought another bike off a guy who was giving it up because his wife was having a kid.

My friends joked that it was clear his wife loved him more than mine loved me. :-P

But I missed riding, my wife has no issue and the logistics justified the cost. I am still wanting to add ride cameras though.

Enjoy! Best wishes for safe riding.


Unfortunately, modern regulations forbid manufacturers from easily making a "dumb car". For example, backup cameras are required in new cars.

It's the same deal with avoiding wire insulation that rodents enjoy eating. Your only option is to buy a car from before 2000-ish.

I'd actually like to find a DIY subculture of taking old car frames and swapping in newer features a bit at a time. People do it with electric motors, but it still seems hard to get decent range/mileage/etc on a DIY EV project.


And buying a pre-2000 car involves giving up a lot of safety. That’s before regulators started looking at partial offset crashes, so older cars perform poorly if you clip a pole or oncoming vehicle with one of the headlamps.

You gain basically nothing in safety from the adoption of airbags in the early 90s to the improvements in roof strength and passenger cabins in the mid-00s (many models had their improvements in the early 00s because the regulations were known in advance). From there nothing changes until the proliferation of side curtain airbags.

Safety as a step function, basically.

>Unfortunately, modern regulations forbid manufacturers from easily making a "dumb car".

This is not true.


See https://globalcar.com/11-car-safety-systems-to-become-mandat... . I won't list them all, just the non-dumb features:

- Alcohol interlock installation facilitation and attention detection

- Emergency stop signal (aka autonomous braking)

- Intelligent speed assistance (aka adaptive cruise control)

- Lane keeping assist

- Reversing camera or detection system

All these systems require the car to be aware of its surroundings, i.e. require some "intelligence" in the control systems.


You’re right that those sort of rules require some kind of “smarts”.

None of them seem to require recording or log files.


It is true as of 2018: https://www.nhtsa.gov/equipment/driver-assistance-technologi...

Does NHTSA recommend rearview video systems? Yes. As of May 2018, NHTSA requires this lifesaving technology on all new vehicles. We recommend you look for RVSs that meet NHTSA’s performance specifications when shopping for a vehicle.


The actual requirement is a series of rear visibility tests that are done on a vehicle through the full range of seat adjustability.

A rear view camera allows any vehicle to meet the regulation regardless of vehicle styling and design. They are cheap, too.

But they are not strictly required. Your average 1980s sedan probably would meet the requirement as long as it had mirrors on the driver and passenger side.

Here is the regulation: https://www.law.cornell.edu/cfr/text/49/571.111


You're not wrong but in practice they're all but required because the corner that fuel economy and cabin strength requirements box you into is a corner with really high belt-lines and really poor visibility. You couldn't build something that's the shape of a 1990s sedan today.

In the US, it's absolutely true as of May 2018. https://www.nhtsa.gov/equipment/driver-assistance-technologi...

A backup camera does not make a car smart.

Absolutely insane. I wonder how much cheaper and better a modern car could be if I didn't have to pay for legally-mandated safety features that A) are probably not utilitarian B) I don't even use.

For example, I am 100% certain that the benefit of having an airbag between my legs does not outweigh the monetary cost plus the comfort cost of not having an AC vent under the steering wheel.


I understand the sentiment. However, are you saying that you think AC between your legs is a worthwhile feature but airbags are not?

>are you saying that you think AC between your legs is a worthwhile feature but airbags are not?

Why should people not be allowed to make that choice?

Keep in mind that the only reason we have airbags is because Naderites did not believe that one could rely on people using seatbelts so there needed to be technology that did not require cooperation from humans.

Fast-forward a couple of decades. Oooops. Airbags have no use without seatbelts and provide only a small amount of additional protection in most cases (thanks to crumple zones and improvements in shaping the interior of the car).


Crumple zones themselves aren't really that big of a win either. They basically just buy time to set an airbag off unless you just so happen to crash into something approximately like what the crash tests use at whatever speed the relevant crash test is at. A little blow that speed it will be too stiff to do much. A little above that speed the car will blow right through it like it's not even there.

The real benefit is in rigid passenger cabins that keep tires and engines out of the occupants legs.

IMO side curtain airbags are a far better safety improvement than frontal airbags because the safety technology in the sideways direction and space for dissipating force is lacking so something needs to pick up the slack.


Well, safety features also benefit the people who ride in your car with you, and those people weren't necessarily involved in your purchasing decision.

There's a happy medium somewhere. In an ideal world, we would regulate what is really important and ignore what isn't, but we're still figuring things out.

Personally, I like the idea of universal sunsets to deal with the difficulty of repealing old regulations. Codes could be reviewed on an N-year basis, with old rules requiring a cost/benefit analysis and 'yes' vote to renew. But in practice, those kinds of processes seem to end up with people rubber-stamping "last year++" revisions, like with the USA's defense re-authorization acts.


> Why should people not be allowed to make that choice?

Because in practice people don't make that choice. Manufacturers do.


Read up on de-gloving. Then remember to keep your hands away from the top of the wheel.

>So do I have to ride horses to get my privacy back now?

Yes, but only so long as you don't take your cellphone with you.


Reminds me of a Rubberbandits classic.

“Your phone died, you’re gonna get in the car, plug it in, and there’s going to be this nice convenient USB port for you. When you plug it into this USB port, it’s going to charge your phone, absolutely. And as soon as it powers up, it’s going to start sucking all your data down into the car.”

That used to be just something seen in hostile devices. Now it's standard equipment.


You can get a USB Condom [1] for this purpose.

[1] - https://www.amazon.com/PortaPow-3rd-Gen-Data-Blocker/dp/B06X...


Buying a USB Condom for a piece of equipment you own is absolutely ridiculous and unacceptable.

This is like having sex with your wife through a condom because you're worried about STDs.


I'm not sure this disease metaphor is appropriate. Lots of people have STDs, and lots of those people get married, and, as I understand it, many of those people have a lot of safe sex.

And frankly, I don't trust many of my own devices not to fuck me. (figuratively speaking)


I absolutely agree, one should not have to do this.

Do you really even own it, if it can be remotely disabled by the manufacturer?

Nowadays I mostly feed the e-herd with cables like these:

https://www.aliexpress.com/item/4001139641708.html

https://www.aliexpress.com/item/1005001524934944.html

A small plug stays with the device that moves about, the cables stay put with the charger, "mag-safe" for all the things ...


Thank you, I just bought two! But any idea for if you're connected via Bluetooth?

Probably not without controlling one side of the communication. On the cell phone, you would need something that enforces mandatory access controls on what data can be sent over Bluetooth. Ideally a smart phone hacker could chime in. I've never owned one. Another potential option would be to root the car, likely voiding any warranty and potentially creating other liability implications.

You have to ok sharing contacts with "normal" bluetooth pairing. For a personal vehicle most people would.

Bluetooth is always switched off on my phone unless I am in a situation where I explicitly want to connect to something (this has not happened yet). General good advice is to go through you phone settings and turn off everything you know you don't need. If you don't know, turn it off and see if anything you need stops working.

How effective is this today? Don't modern phones refuse to do anything except charge over a USB connection until the user unlocks the phone and trusts the connected host?

I was going to ask this. My iPhone will charge but won't talk to my computer unless I type my PIN and confirm a trust dialog. Don't these cars work the same way?

Or is this an Android/BlindlyHittingYes situation?


Note 8 here, my phone will not communicate with the computer that I am plugged to unless I give it permission. It been like that since years ago.

Educated guess is that it is generally people blindly hitting yes situation. Often people just want to quickly setting it up and ready to be used. They don't want to wait 30 sec or more to look through the dialogs. They want instant results, that what they get for blindly hitting yes. In my experience, most of my friends and family are impatient when it come to pairing the phone to the head console.


It's not an Android situation. Android makes you do the same thing.

Yes, but we are back at square one, where if I want to use "Chevy Play" or whatever their music player is, I have to battle a legion of dark patterns reaching for my data i.e "Allow this Stop Watch app to not don't allow prohibit from reading contacts"

How I miss the ol standby Aux port with a 1/8" cable.

You can use CarPlay or Android Auto and the data isn't going anywhere new.

Maybe those of us that understand this problem can and should help friends and family buy making/buying them a "USB condom"[1] and strongly encouraging that they use it anytime they want to plug something into USB for charging. This type of device can be as simple and cheap as a USB connector/cable with the data wires cut.

[1] A USB dongle that only passed the power pins through for charging. Data is either blocked or physically disconnected.


Doesn't work for all the higher-power USB-C charging options that require negotiation before the higher voltage turns on.

There are "smart" ones that MITM the power negotiation. IE they negotiate with the Devices for a particular PD profile, and with the Host for the same PD profile.

This is why I use a 12V-to-5V USB charging adapter in my 2019 model year car that absolutely has usb ports and supports android auto / carplay. I have connected it with bluetooth but only for calls and audio, no contacts / call history / etc. I trust apple enough to not screw that last part up and let my car get my contacts.

I'd still call it hostile though...

I started bringing and charging off those little external battery backup on trips years ago. Not perfect but great in hostile environments.. which is more and more.

> That used to be just something seen in hostile devices. Now it's standard equipment.

Remember when going around mapping wifi access points to location was "wardriving"? Well, then it became a business model. Although google was slapped on the wrist for doing it with their google maps cars early on, now all smartphones apple and google populate the database.


One of the cars I rented (A Ford using the Sync console) had bluetooth contacts synced from the previous renter. It was just sitting there: names, phone numbers, addresses, email addresses. Being privacy conscious I deleted the contacts and the 20+ bluetooth profiles stored in the console.

I am always shocked when people make these sorts of pairings with devices they don't even own. I often see employees pairing person phones with corporate fleet vehicles too. It's unfortunately an example of where people rank convenience over privacy almost every single time.

People aren't at fault here. These systems are deliberately designed to put the user in a compromised position. Designed by behavioral experts using techniques the business world has been building up for decades.

Agreed, the expected outcome of pairing your phone is that it just streams music to the stereo like an aux jack. Its extremely unexpected that it will steal your contact and private messages.

I mean, most people wouldn’t suspect all their contacts would get copied over to the rental car. Before CarPlay I’d routinely “just hit okay” my way though pairing my phone to the rental car.

Agreed, this seems more like a UX problem than a "people don't value privacy" problem.

No reasonable person would ever expect that connecting your phone to a car's wireless audio system would transfer all your contacts -- but that's Bluetooth for you!


Every phone I've ever had on every car system I've ever paired to via Bluetooth has requested permission for contact sync before it would happen. Windows Phone and Android. Perhaps iOS works differently.

It's the same for iOS. But, I'm also guilty, most users configure their bluetooth while leaving the parking lot. If you're reading the request you aren't looking at the road, and vice versa. I've been quick to press OK before fully reading what the car is asking simply because the car and the phone are asking similar questions.

I agree that it's primarily a UX problem driven by the context. Someone designing the UX might not fully appreciate this, or be told to optimize for the best experience in particular situations.

Someone has just rented a car and is likely in unfamiliar surroundings. I guess some renters will renting regularly, but let's assume not. The want to hit the road while getting their seat in the right place, fixing mirror positions, familiarizing themselves with the dash, etc.

They also want to listen to some podcasts and in the back of the head they think they need to let someone know of their arrival time when they are closer to the destination. The fumble through the BT connection menu while multi-tasking. They are always going to do what's most expedient unless they are security conscious and know about this issue. Their contacts get picked up.

This is the manufacturer optimizing for the car being a single person machine. They often don't support multiple family members sharing a car. It's interesting to see how some sales people handle this situation when giving a test drive. Many are aware of the issue because there was one customer who spent time clearing things up before the test drive.

Can this be fixed? Technically, yes. It won't be fixed because manufacturers don't seem to care. The only option is for Apple or Google to make it part of qualification of some kind for CarPlay or the Android equivalent.


I'm not sure that most people would see taking a copy of their phone contacts as a serious invasion of privacy. Maybe your mind (and the mind of many HN readers) quickly skips to the various social engineering and metadata attacks that such a dataset could enable, but the average guy on the street is more likely to think "what are you going to do, call my hairdresser?"

With a phone contact book it's not about you, it's about protecting the personal phone numbers others entrusted you with. If you are careless and loose them (for example by using any of these "modern" IM systems that insist on getting all your contacts so you don't have to add people you know one by one) it's you fault friends will be getting advertising phone call at 3 in the morning or worse.

I just think they have to be educated.

> I am always shocked when people make these sorts of pairings with devices they don't even own.

I'm not, because of all the random technology trivia and footgun crap that 'everyone' should know, any random person is not going to know a lot of it.


Many of them by default upload all the contacts. The iphone in the beginning would do it, but eventually they changed it to ask during bluetooth pairing.

"Deleting" is probably not good enough in modern devices with cheap copious storage.

"I do not consent to any searches."

You can't prevent them, but don't consent to a search just because you don't do drugs, transport drugs, transport anyone who does drugs. Carrying cash is considered a valid pretext for a search (have any coins in a change tray?), as is being too polite or not being polite enough (maybe because you're annoyed at being stopped).

Now that a search of your vehicle also includes a search of any information it's received from any connected devices as well as a history of your locations and speeds you need to make sure you preserve any and all possible avenues to challenge anything found.

"Your honor, we didn't find any drugs but during the search he consented to we found evidence that he was driving far in excess of the posted speed limits on these 20 occasions so we're charging him with 20 counts of reckless driving. He confirmed to us during the initial stop that he is the only driver of the vehicle. He was also carrying cash so we're moving to seize those funds and the vehicle."

Who, what, when, where and how fast, all neatly tied into one package.



What are the odds that this remains within the CBP? If police departments decide they can suck all this data from a car without a warrant on a pretext search of a vehicle so you think they won't at least try?

I live in Washington State, where the state legislature recently voted to ban sales of gasoline powered cars after 2030.

Aside from the fact that I enjoy drives through some pretty empty parts of the country, especially in the Southwest, where range is a concern (e.g., I drove the Great Basin Highway a few years ago), what bothers me about that measure is this sort of data collection thing.

I wouldn't mind a move to all-electric vehicles nearly so much if it were possible to get a "dumb" electric and the range was better.


You can't really buy a "dumb" gas car anymore either. I'm holding onto my 2011 Nissan Versa to the bitter end.

Same here with my '93 Saab. I replaced the smart (for its time) HVAC control system with an Arduino running software I wrote, but otherwise it's bone stock.

I'd love an electric too, but the way I figure it, continuing to use a fairly efficient vehicle that already exists is probably better for the environment than buying something new anyway. It takes a lot of resources and material to build a car.


The problem with older cars, is that safety standards have improved dramatically in that time. So while you might have a "dumb" car that isn't spying on you, in the event of an crash, you are going to be much more likely to be injured. If I had to weigh being spied on with being injured, I'd guess the odds of being injured actually impacting my life negatively as greatly higher.

I do miss my old Saab though...


"Those who give up freedom for security deserve neither," as the saying goes, and these recent years that saying has gotten quite a bit more meaningful, I think.

From now on, you only get to pull that quote out if you make literally no compromises to your freedom for the sake of security. Lock your car doors, thus making yourself less free to open them in favor of a bit of security? Run a firewall on your server, reducing your freedom to connect frictionlessly however you like in favor of that also being true of others?

That phrase originally had the opposite meaning: https://www.npr.org/2015/03/02/390245038/ben-franklins-famou...

> It is a quotation that defends the authority of a legislature to govern in the interests of collective security.


Car wrecks are a safety concern not security.

That's not the correct quote, you're missing two key modifiers. It's "essential liberty" for "temporary security"... which is not the case here.

What about when the data is collected from all the spying and used to deny your claim?

Can you share more of the Arduino HVAC setup, possibly even the code and the wiring? I married into a family of classic-Saab-lovers and am curious.

That sounds very interesting. I don't own a Saab but I'd still like to see a write-up on your project.

I haven't written anything up for it yet, but I've been thinking about a hackaday post. Ideally I'd like to integrate the other chassis electronic systems at some point too – lights, radio, ignition, pretty much everything but engine management. Then you could add support for a yubikey or something before it would start, but it already has a manual transmission to that's probably sufficient antitheft these days.

[Very relevant BlipShift t-shirt I saw today](https://www.blipshift.com/products/enable-2fa)


Your Versa isn't exactly dumb either. It's younger than the iPhone.

You can still buy a brand new Toyota Land Cruiser J70 in 2021. Even though it will be newer than the iPhone 12, it won't spy on you -- because it was designed in 1984.

https://en.wikipedia.org/wiki/Toyota_Land_Cruiser_(J70)


Unfortunately, only in Australia and parts of Africa and a few other select markets.

I've been trying to buy a new J70, but AFAICT you can't buy a new one in the EU or US, and it's practically impossible to import one either. I'd be very happy to be corrected.


The 25 year rule sucks

Mechanical design of original platform does NOT limit the OEMs ability to install telecommunications modules and other upgraded electronic.

You mean older?

A 2011 Versa is younger than the iPhone which launched in 2007.

You can buy dumb cars, they just won't be new cars.

I don't expect that to be financially viable too long into the future. Once a significant enough portion of the general public's fleet turns over you can expect to see onerous requirements applied to older vehicles to get people at the margins to buy newer stuff (e.g. inspection programs that drive up the cost of ownership under the guise of safety, some states already have these). Insurance lobby wants people in new cars. The Karens don't like seeing old junk. The upper middle class wants everyone driving EVs for the planet's sake. The state wants to be able to track everything. None of these parties care that most of the people affected will have credit scores in the 400s and be forced to do business with predatory "buy here pay here" lots.

California is running an experiment that collects all of your location data while in a car to collect a gas tax. Of course once they have it they will make it available for any government agency.

I really, really hate this. Why not just require an annual odometer reading and multiply by vehicle weight to determine how much should be owed to cover road and transportation infrastructure costs?

Far easier than maintaining a complex system to track every drivers' location over time. Ugh.


The usual explanation is that they want to tax only in-state travel, so they need the location data.

That seems like something that one ought to be allowed to opt out of in favor of an odometer reading; I do something like 99% of my driving in my home state, and would rather just go with an annual odometer reading and maybe slightly overpay on my road taxes than have a tracking device in my car.


Because the goal is as much to collect the location data as it is the tax.

No I think collecting the data is much more the actual goal and the tax is a flimsy pretext.

Because the next logical step is to allow jurisdictions (cities/counties/whatever) charge more tax on their roads.

Oh boy just wait until the ultra wealthy realize they can lobby to have a $50 per mile road tax going into their community to discourage the poors from using their parks/beaches/public areas.

This is more or less the purpose of toll roads.

A dynamic toll can be used to reduce incentive to drive on the road at certain times. It's not feasible to make a 10 mile wide road due to congestion for 2 hours during the day.

Solution? Increase the cost during those 2 hours such that fewer people choose to use the road during those hours. You can give poor people cash and they can decide if it's worth using that road during the times with higher congestion, but the problem of exceeding a road's capacity along with the inability to build infinite lane roads is separate from income/wealth gaps.


Everyone already has to pay in time and frustration to use the roads when it is congested. Slapping a monetary fee on top gives priority to the wealthy. $10/day is a lot more when you make $12/hr. When you consider the flexibility afforded to well compensated white collar workers it becomes even less fair.

The drywaller has every right to sit in stop and go traffic with the investment banker.


Yes, and that’s a distribution of wealth problem. Making both the drywalled and banker sit in traffic doesn't solve it. The banker will take a helicopter. Or leave the office early.

Congested roads have externalities such as the congestion backing up into side streets, rubber banding the congestion along the rest of the road, and extra use of brakepads/fuel energy to stop and go.

Spending time in congestion also adversely affects lower paid people because the cost of their time spent in congestion is implicit. If it was made explicit via tolls, then employers would have to pay better to get them to their workplace at peak congestion times.


I suspect being able to assign infrastructure money to the correct county public works departments is a thing. And even on the more simple sense, your odometer read would let California tax people for miles they drove outside of California.

Not that I support this initiative at all, but your suggestion misses some key issues.


Just because its convenient doesn't mean I want that. I want less tracking. At least let people opt in to reporting their mileage and paying an annual tax instead of even more tracking.

Assuming the tax rate was flat, regardless of the road, usage could be found as it is now, with road sensors and cameras. If they want to have different rates for different roads, then that could make sense.

The problem is this is liable to at minimum leak your entire social graph and all data that can be derived from same. The vastly more logical thing to do would be to abolish the gas tax and increase taxes either on vehicles or on income.

The second best solution if you must tax miles driven is to mandate new cars include short range Bluetooth readable odometers and let users electronically submit this data to oem. While we are at it car electronics should be mandated to be able to perform this task without giving your contact data to the fuckin car.


do you have more information on this? what's it called? this one? http://caroadcharge.com/

Why not just tax gas? It’s the perfect solution. The more you drive, the more you pay. The more polluting your car, the more you pay. Long term it seems inevitable that tax will need to move onto the electricity used to charge cars.

Yes, the fuel tax is far more perfect if the goal is to tax road usage and pollution but the state worried about future $$ and taxing gas is not future proof in the face of EVs. They want shovel read infrastructure to tax the people with money (the middle and upper middle class) and those people look like they're gonna buy EVs.

I'd like to think it's because EV proliferation makes the gas tax too regressive but I'm not that good at lying to myself.


you have a link to that claim? all i've seen have been for electric vehicles and a mileage at the end of the year on your taxes.

The legislature voted to set a _goal_:

> ... a goal is established for the state that all publicly owned and privately owned passenger and light duty vehicles of model year 2030 or later that are sold, purchased, or registered in Washington state be electric vehicles.

http://lawfilesext.leg.wa.gov/biennium/2021-22/Pdf/Amendment...


We should get a WA state law passed controlling information access for cars. I'm sure it will be really hard with all the usual suspects against it. Most recent cars have a privacy policy and have some part of opt out. But it's unclear what you really get. A customer friendly law would be something like you can opt out and have your private tracking info deleted whenever you want. We should have a law against phone company tracking too. A year later and they have no reason to know what cell towers I was at, unless they are selling tracking on people. You've always paid the bill in a couple of months at most anyway.

I was surprised that WA did this, so I went to check if what you said was true, turns out, they actually didn't ban non-electric vehicle sales in 2030.

The actual bill: https://lawfilesext.leg.wa.gov/biennium/2021-22/Pdf/Amendmen...

On page 12:

line 36 & 37: Nothing in this section: a) Authorizes any state agency to restrict the purchase, sale, or registration of vehicles that are not electric vehicles;

and the actual quote around 2030(starting @ line 16):

"... then a goal is established for the state that all publicly owned and privately owned passenger and light duty vehicles of model year 2030 or later that are sold, purchased, or registered in Washington state be electric vehicles."


By 2030 gasoline cars are going to be just as equipped to violate your privacy as electrical cars. Many of them already are.

That's from 2014: "Ford Exec: 'We Know Everyone Who Breaks The Law' Thanks To Our GPS In Your Car" https://www.businessinsider.com/ford-exec-gps-2014-1

I guess it's only sales of new cars? Otherwise I can't imagine the classic car community is going to be happy about that...

And laws like that will just make even older vehicles more desirable.


It's just a target [1], and isn't even set as a target until some other tax stuff changes. See section 6 of [2] to really see that nothing is banned.

[1] https://www.reuters.com/world/us/washington-state-passes-bil...

[2] http://lawfilesext.leg.wa.gov/biennium/2021-22/Pdf/Amendment...


There's already a classic car exception from a lot of road rules, there's a special numberplate for them.

Those rules are radically different depending on state or country (dunno if non-US countries mess with automotive rules depending on region).

Yes, I mean in WA.

Get a plug in hybrid.

Think about how much the iPhone improved over 9 years of sales from the original in 2007 to whatever model they had in 2016.

Given how many manufacturers are jumping on the electric bandwagon, the extremely fast decline in the cost of batteries, the rate of progress to date AND these kinds of laws to give some good motivation, I think it's very safe to say the electric vehicles on sale 9 years from now (2030) will be vastly superior to today's offerings.


Yes, it's probably true, the iPhone of 9 years ago probably collected a lot less information, and the cars of 9 years from now will also collect a lot more.

However, less on the original point and more on yours, the iPhone of 9 years ago didn't have that much worse of a battery than today. Batteries have technically been progressing, but it's slow.


And, aside from the range like the GP said, will still be fully tracking all usage. Why does the car manufacturer get to see and sell my location information?

Aren't electric vehicles a lot simpler conceptually? No engine, no transmission, etc. Maybe someone could start a company that made the equivalent of a battery with wheels for very cheap.

> Maybe someone could start a company that made the equivalent of a battery with wheels for very cheap.

Those cars exist in India and China, but for some reason Americans don't want to buy them. It could be that outside of the techie bubble, nobody cares very much about this problem, and within the techie bubble, most people stop caring the moment that they can be the first person on their street to own a Tesla.


I'd buy one

>on sale 9 years from now (2030) will be vastly superior to today's offerings

I hope you are right. Discounting the environmental and societal impact of mining the materials needed for these advancements and the electrical generation, my concern is selfish. We drive for vacations and sometimes push 12 hours a day. A quick fill up of gas in the minivan seems better than an hour or two of charging.

Others have mentioned hybirds alleviate the long distance concern. There are minivan and larger vehicles already using hybird technology, so it should work out. It is such a wild change to think about.


The environmental and societal impact of EVs are largely localized. The impacts of internal combustion engines have been almost entirely externalized. While EVs will still have some negative impacts, it's a huge improvement over the status quo.

How do CarPlay and Android Auto integrate with the car's entertainment system? My sense is that CarPlay mostly treats the car as an external display (and input device) and I would hope that Apple has thought about the amount of data that is exposed.

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

CBP's warrantless searches are plainly unconstitutional.


NSA has been illegally spying on US citizens for 20+ years, in direct violation of the constitution. https://arstechnica.com/tech-policy/2020/09/nsa-spying-expos...

President Obama signed off on a drone strike on foreign soil targeting and killing a US citizen, in direct violation of the constitution depriving a citizen of a fair trial. https://en.wikipedia.org/wiki/Anwar_al-Awlaki

We didn't collectively do anything about it then, except cheer it on or say nothing, so it will continue and expand until, and if, we do.


A few months later, Obama codified indefinite detention without trial. Some of us sounded the alarm, but it seems that politicians are still drunk on power post-9/11 and neither party is interested in the "rule of law" as set out by the constitution.

https://www.aclu.org/issues/national-security/detention/inde...


Hence why land within 100mi of the border is known as the US Constitution Free Zone.

ref: https://duckduckgo.com/?q=+constitution+free+zone


Which also contains areas within 100 miles of the coasts, international airports, and other "ports of entry".

The constitution is dead, and we the people, are left holding the bag.

Probably true, but good luck with that.

As my grandfather said: "You might be right, but you don't want to be dead right."

CBP already have extra authorities due to border control because crossing the border is not a constitutional right.

The most egregious expansion was the declaration that all territory within 100 miles of the border is 'authorized' for all CBP's nonsense. That happens to cover about 90% of the US population.

There is a lot of anguish about the intelligence agencies doing their jobs against very serious threats, including Nuclear, Biological, Chemical. Meanwhile the real damage to civil liberties is from the CBP and INS, who literally storm homes every day, and engage in this kind of 4th amendment trashing.


I'm having trouble understanding how 100 miles from the border covers 90% of the US population?

Edit: I see - I was thinking only in terms of e.g. the Arizona southern border, however looking up the Constitution Free Zone shows that it means the entire US - California, all states connected to Cananda etc.

Eidt 2: Would this mean ALL of Hawaii is in this Constitution Free Zone?


Hawaii? yup, I'd expect that is a solid YES.

I'm curious how much and how long it takes for this to drive migrants inland away from the border... and then how long it will take for them to make an excuse to make it 200mi...


Don't international airports count as "the border" too?

Yes, they're considered "ports of entry".

> Eidt 2: Would this mean ALL of Hawaii is in this Constitution Free Zone?

And the entirety of a handful of states in the Northeast US, as well.


It is all of the US land, sea, and lake (Great Lakes) borders.

" ... because crossing the border is not a constitutional right."

Yes, it is.

"In Nguyen v. INS (2001), on a separate matter of citizenship, the Supreme Court put down, in writing, that citizens of the US have the absolute right to enter its borders. It was in recent times more or less presumed to be the case, though historically there have been a wide range of decisions that did deny entry by citizens, mainly by denying the underlying citizenship. This right extends to lawful permanent residents, so long as they maintain their status."[1]

[1] https://www.quora.com/Can-a-U-S-citizen-be-denied-entry-into...


Good point

I should have said 'crossing the border without being searched is not a constitutional right'

I can't cite chapter and verse, but I'm pretty sure that you do effectively consent to search in the act of crossing the border -- if you don't want to be searched for controlled or taxed items, you can choose to not cross the border, so...


Is there a reliable list of cars that do not surveil me, or that can be modified to not surveil me? I read a Bruce Schneier article a little while ago (maybe the article was much older) where he said that he looked, but didn't find one that met his other needs.

Unlikely. Based on the article, it sounds like the data they are "vacuuming" up is telemetry data captured and stored by the car itself. Every manufacture is different, but they all are storing at least some information. I suspect there are regulatory requirements to keep such information for the purposes of public safety (see: analysis of Toyota unintended acceleration situations)

This information has been captured, stored, and made available for analysis since at least the early 00s. I remember the first time I hooked up VAGCOM to my 03 VW, it has data from so many sensors available for the tech to look up and could turn on and off hundreds of different features, it was like going into the VW equivalent of chrome://flags. And this was in a 2003 car!

You'd probably have to go back to pre-ODBII days (mandated in 1996 for the US) to really get away from this. In my experience (which is not comprehensive) 90s cars tended to keep telemetry mostly on engine performance (timing advance, cam/crank sensor positions, throttle position, etc).


Car telemetry, until recently, is still kind of basic and from a surveillance standpoint not that interesting. It's usually just speed, angles, performance, and electricity. It can tell you when the car was started and how long it ran, but not where it went.

On the other hand, the MIB or stereo, has a lot more interesting stuff: contact lists, GPS data, media, bluetooth devices, and even Wifi. The clock is GPS synced and it logs every time you touch the console: change radio, enter POI, phone calls.

And you can stick one of the new Carplay headunits into any old pre-OBDII car and now enjoy the same level of surveillance. Sony, Kenwood, JVC are all running QNX or Linux . And all of them just has a plethora of information behind some very basic security.


> It's usually just speed, angles, performance, and electricity. It can tell you when the car was started and how long it ran, but not where it went.

Assuming that includes wheel speed (and possibly tire pressure) and steering wheel angles, yes, that can be used to compromise where you went (via dead reckoning from your driveway or parking spot).


That data is only available in realtime reading, the only logging ECU's of that era did was fault logging.

>to my 03 VW, it has data from so many sensors available for the tech to look up

There's a lot of sensors and flags, but it isn't really logged anywhere in significant amounts. It just stores log of occurred errors, and dump of selected module parameters at the moment of error entry.


I wonder if you could at least do something petty, like swap the +12v and GND pins with the Bus+ and Bus- pins on your OBDII connector so it would fry their fancy tool when they tried to read your data.

This also makes it impossible for other mechanics to diagnose and fix your vehicle. It also makes it much harder for you to use that port to diagnose and fix the vehicle yourself with readily available tools you can buy. The OBDII port is a blessing, not a curse. There are things you can do to limit the telemetry (this will be on a case-by-case basis for the vehicle and manufacturer, so I'm not going to detail specifics) but that is one of the sillier things you can do.

Smog check will be a problem.

That's mostly a Cali and large city thing.

https://ondatashop.com/ive-vehicle-system-forensics/

says "iVe currently supports BMW, Buick, Cadillac, Chevrolet, Chrysler, Dodge, Fiat, Ford, GMC Hummer, Jeep, Lincoln, Maserati, Mercury, Pontiac, Ram, Saturn, Seat, Skoda, SRT, Toyota and Volkswagen vehicles generally as far back as 2008 models" - so older might be better :)


Interesting that I don't see Tesla on the list.

Used cars are already selling like hot cakes! now this!

Admin's talking about bringing back cash for clunkers. Just strap yourself into the matrix so your social credit score doesn't flag you for resisting.

I suspect that insurance coverage is going to require strong telemetry at some point.

Obviously a person could pick a car of a given year/model that meets their needs and rebuild it forever, at least until the government or (once again) the insurance companies regulate you out of it. It's for the children after all.


I actually already use Metromile, an insurance company that charges per mile and uses GPS tracking to measure that mileage. I'm very happy with it.

I no longer have to subsidize heavy drivers, and my rates are much lower as a result. I can always check the location of my car (in case of theft or forgetfulness) and there are other smaller benefits like diagnostics being pushed to my phone. As a bonus, they allow you to change your policy at any time, enabling me to opt in and out of comprehensive and collision based on the time of year.


Metromile, and other similar programs, are neat. You are still subsidizing heavier drivers because your premium doesn't decrease proportionately to the reduced risk due to the data you provide and the agreements you make. But they certainly can save money.

I don't have a problem with that. But it ideally will be encrypted until I release the data when there is a claim or a subpoena. I don't see a technical reason why this cannot be done.

Answering my own question: Maybe abandoned brands and models, for which the manufacturer has little interest in the data and nobody maintaining that infrastructure.

Anything built before 2000.

From the marketing material: iVe currently supports AUDI, BMW, Buick, Cadillac, Chevrolet, Chrysler, Dodge, FIAT, Ford, GMC, HUMMER, Hyundai/Kia, INFINITI, Jeep, Lincoln, Mercedes-Benz, Maserati, Mercury, Nissan, Pontiac, Ram, Saturn, SEAT, Skoda, SRT, Toyota and Volkswagen

Now you know which brands to avoid!


My Volvo has a cellular radio in it that I cannot disable with pulling a fuse for a bunch of things. I've always assumed that the car uploads everything to Volvo without my knowledge or permission. I'll bet law enforcement can just ask Volvo for my data without needing a tool.

Apparently new cars sold since 2018 have to have a way to automatically contact emergency services after a crash, so they all probably come with a SIM card: https://en.wikipedia.org/wiki/ECall

My guess is the manufacturer wants to upload "diagnostic" data, they would just use that same SIM card. And you probably can't disable it because it's a legal requirement (or, maybe you can on your Volvo?).

Maybe one could just put a prepaid SIM card with zero bandwidth quota/zero call credits, because those are still able to call the emergency number.

Interestingly the automatic "call the cops" function means hit and runs would be a lot harder, since the cops would get a timestamp of an accident, and a phone number as a car identifier...


It seems there are eCall dedicated SIM cards, which cannot be used for other purposes. Though I'm confused why it is required at all, as you don't need any SIM card to call 112 emergency number.

>The in-vehicle system has a valid SIM that enables the provision of the eCall service. It is to be configured only for making an eCall, or it could also be used, in addition and as optional, for commercial service provision. In the first case, the IVS will be in a dormant mode (not traceable and active only in case of eCall triggering)

https://eena.org/wp-content/uploads/eCall-and-open-issues-20...


Wirecutters. Find the antenna and clip the wire.

Ill be buying a new car this summer and seriously considering doing this or other hardware mods to disable any modems/telemetry. Does anyone know of any forums or something similar dedicated to these types of car hardware mods?

I've seen some posts on the various Toyota 4Runner forums about this. I'd check out the forums dedicated to your specific make/model.

I mean, though, you can always disable a cellular radio, it's just a matter of finding it.

There is a SIM card in the glove box that supports the Infotainment system and in-car hotspot if you want. I pulled that one out. The car still has another one, somewhere, as I occasionally get calls into the car but I don't pay for that service. I found the fuse for the factory phone but not the SIM, you're right its somewhere but for all I know its not removeable.

You'll probably need to do at least some disassembly to get to it (maybe next time you take the car for servicing). Then you can either wrap the antenna in some aluminum foil or just cut it (which would probably fry the transmitter).

I agree, though, all our devices are becoming hostile to us.


> or just cut it (which would probably fry the transmitter).

I'd recommend physically removing the entire transmitter (the electronics can be removed with a chisel), but if you're trying to fry the transmitter, don't cut the antenna; that leaves a undamaged but low gain transmitter a la [0] (though probably not powerful enough to detect outside the vehicle). Instead, short the antenna to a power rail (or ground, but V!=0 is more likely to damage it) to fry the transmitter and also keep it from moving the antenna voltage enough to transmit anything.

0: https://www.youtube.com/watch?v=8sQF_K9MqpA (at 17:06)


Modern transmitters should back down power when SWR (Standing Wave Ratio) is too high, specifically in order to avoid blowing out the front end.

Any one left out of that list? Should I assume if I see one PSA-owned brand (for example), all PSA will be under contract and just not named because the list was too big? I'm just confused...

Honda, Subaru, Tesla to name some.

Mazda, Mitsubishi, Nissan

Nissan is in the list but Datsun is not... I really think they trimmed down the list to the bigger brands.

Datsun is Nissan.

Nissan is in that list, along with Infiniti.

So that leaves Hot Wheels.

Honda, Subaru, Tesla too.

Tesla may not work with this tool but they’re definitely beaming data home all the time. If your privacy Conscious I wouldn’t think Tesla spoiled be on your list.

Also if your Tesla crashes itself, Tesla will release only enough data to tarnish you, even if you weren't actually driving.

Don’t forget Mazda!

Volvo is not on the list. Yet.

Well, at least that leaves Honda & Acura as well as Subaru and probably a bunch more regional brands I'm unaware of. Also I suppose Tesla...but we all know how much telemetry data those cars send back to base.

Subaru is partially owned by Toyota and is slowly being absorbed into the company.

I included a sample of what Honda[0] records when you pay for Honda Navigation System. It spams your VIN every minute it’s on WiFi, though, regardless of trim level.

[0]: https://gist.github.com/ryjones/73739f6a7e662b9ed9ba64d9141f...


Wow, that's a fair bit of data to send home for a "feature" that you don't even have.

        "TripDate": "",
        "FuelUsed": "",
        "StartPos": {
          "Lat": "",
          "ODO": "",
          "Time": "",
          "Lon": "",
          "Datum": ""
, and some scoring on your driving style.

This should be illegal.


One day, I hope radios / networking off, telemetry off and logs off and still as functional as possible with those options off will all be legally mandatory options in any device that can do any of those things.

You better fight for it. Otherwise industry is likely to lobby those become mandatory to prevent competition from heopardizing potential revenue streams by couching them as public safety and sustainibility features.

I remember reading about being able to pull a fuse to disable cellular connectivity on Teslas a few years back and you could also opt-out of data collection but it was apparently an involved process over email.

Has anyone been through going 'radio silent' in a Tesla more recently?


Looks like I'm switching back to AUX. I had no idea cars were scooping up this much data. I wish the article went into more detail about what the attack vector is, what permissions, if any can mitigate this, etc but I understand that's not the point of this piece.

If it has a USB port, it can get data. If you have Android auto or native iOS integration, same story.

People need to understand, despite the efforts of sticks in the mud like me, industry should be considered malicious by default. If you don't pay attention to what people are doing and call it out, nobody even raises a finger. Those that do are ignored, or told there's a place for people like them with a condescending smirk.


Via USB you can still use a USB blocker, but if you connect via Bluetooth, nothing can protect you, correct?

see https://news.ycombinator.com/item?id=27041032 , maybe this isn't universal but in all the cars I've paired my phone to, you can choose both on the phone and on the car whether you want contacts to sync.

I don't trust the car to get it right, but I do trust apple to get it right.


You have to explicitly allow contact/phone/sms sharing on the phone when you pair it.

I wonder if there are ways to ... improve the aesthetics of the files in the infotainment system.

This is one of the many reasons that adding screens to cars has been such a failure. All these carmakers were deluded and couldn’t even build custom systems that were pleasant to use, much less secure.

The problem is only partially solved by CarPlay.


It amazes me that people load all their contacts into the infotainment system of rental vehicles, let alone ones they own. Some individuals have no concept of or desire for privacy.

Interesting this is paid software. Given automakers sad security practices, I wonder how hard it is for some hacker to make a kit using off the shelf products and release the software open source.

It'd be a shame if a Berla kit happened to fall off the back of a truck.

Is there any surprising data? I'm not surprised it records destinations entered into satnav for example. I mean that's a fairly common trick in TV shows.

> MSAB claims that this data can include “Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been.” MSAB even touts the ability to retrieve deleted data, divine “future plan[s],” and “Identify known associates and establish communication patterns between them.”

I seriously doubt my car has records of my emails, pictures, videos, and social media feeds even though it has Android Auto.


> I seriously doubt my car has records of my emails, pictures, videos, and social media feeds even though it has Android Auto.

Why?


Because I didn't give it access to any of that and Android Auto runs on the phone, not on the car. The car essentially becomes a glorified touchscreen.

Have you checked?

Look up https://cccis.com/

Mobile/automotive networking has been a big thing for a while now, and there is no dearth of software people who will predate on most people's expectations that software only does what the UI makes apparent to them. Even if they don't realize they are contributing to it because they've been hired to do a job, but don't take the time to grok the consequences of the business model.

Never assume. Trust, but verify.


> I seriously doubt my car has records of my emails, pictures, videos, and social media feeds even though it has Android Auto.

Even if you car does not, your phone does. So the phone being connected to the car during the time when the accident occurred, could lead to checking that you were in fact, watching unboxing videos on Netflix at the moment the wreck occurred while you were in the driver's seat.


I still hope for a blackbox law, but all the privacy police will just scream that they will get caught going to see their mistress, I mean about their privacy.

Of course my phone does. It's not surprising to learn that my phone contains my emails and photos.

Slightly off this topic. What amazes me is that our phones are surely capable of knowing when we are driving but they still allow texting. Seems like an easy win for safety yet crickets is all we get here.

How would they know we are driving and not a passenger?

GPS, accelerometer, AI. It can't be impossible.

More importantly who cares, a couple 10k dead people a year is probably worth a tiny bit of inconvenient, not to mention the 500B in insurance waste.

Bring back drunk driving too while your at it! Fail.

And yet, hitting 'next track' on the bluetooth audio still takes 1-2 seconds to register?



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: