New research reveals serious privacy flaws in the data practices of new internet connected cars in Australia. It’s yet another reason why we need urgent reform of privacy laws.
Modern cars are increasingly equipped with internet-enabled features. Your “connected car” might automatically detect an accident and call emergency services, or send a notification if a child is left in the back seat.
But connected cars are also sophisticated surveillance devices. The data they collect can create a highly revealing picture of each driver. If this data is misused, it can result in privacy and security threats.
A report published today analysed the privacy terms from 15 of the most popular new car brands that sell connected cars in Australia.
Mozilla Foundation did a deep dive into this. And the results where abysmal. The only brands not completely horrifying where Renault/Dacia because they are European and only serve the European market so they have to follow GDPR.
Any company that serves European customers have to follow GDPR. Any company that breaks it can be fined by the EU. Hence why a bunch of American websites rather just block European browsers instead of changing their cookie/data retention policies.
I am less interested in ranking them based on what they do (because we can assume they just vacuum up everything anyway), and more in a ranking based on how easy the surveillance is to remove. Apparently for some cars the telematics module can be easily unplugged at least, losing you some non-critical functionality, but on others it may be integrated tighter.
Bikes are great.
I can’t sleep in my bike
Seems like you have bigger issues than corporate surveillance.
Guess where surveillance capitalism is going to send you besides the grave.
or he just has priorities that include travel experiences that he’d rather spend his limited cash on than a hotel. Until I got old and needed a c-pap machine this was certainly my preference.
Not with that attitude!
At least in most US cities, it’s also illegal to sleep in your car. You’re pry fine in the netherlands.
In all US cities, the police can’t enter your car without a warrant. So just put up curtains and ignore them when they knock
Your word against theirs, and they can easily say they saw something suspicious. That’s how it works with every stop and search.
They still can’t enter. The doors at locked. Are you thinking they’d break the glass?
This is why when I get my driver’s license, I’ll buy a car from 2012 that has no Internet. Probably old Skoda Octavia.
9th Gen Civic
1.8 or 2.4L, no turbo, tons of manual transmissions out there, cheap to fix, easy to find and source with tons of motors still in crates brand new.
Skodas, VWs, and other French and Spanish are more common than Hondas in country where I live.
Ah, I figured they were as common here as anywhere else they were, but now that I remember it, Honda makes their American cars in Ohio, they aren’t imports. That stacks.
Yeah I have a 2012 vehicle, doesn’t even have built in Bluetooth. I love it.
Unfortunately, many of the cars transmit the surveillance data through phone carrier data lines, using an embedded SIM card. So, sadly I don’t think this would help very much.
If it’s not helpful to the operation of the vehicle, then you can just wrap it in a Faraday cage. Oops no signal.
Why bother using the car? There’s a phone in your pocket telling them where you are 24/7.
Sell me a dumb car.
I played Cyberpunk 2077 many times and in the game they have vehicle quickhacks that allow you to stop a car temporarily (emergency break), force the car to full throttle (Floor it), taking control of the car… or making the car blow up with self-destruct.
Now it’s just a game and this can be excused, but at the same time I wondered how the hell could you make a car blow up? Then I realize Tesla cars can burn quite viciously, and the mechanisms of opening the door CAN be jammed. The other shit is probably going to be quite possible soon if not already. Meaning we could see high-tech murders happen by people who find weaknesses in car cybersecurity and exploit it to kill their target, and if they cannot trace where the hacker was or how it would be an unsolvable murder…
But that’s only if a random ass murderer does it. It wouldn’t surprise me if corporations wanted to off someone they didn’t like for any reason and that person was driving one of their cars then… yeah, it doesn’t take much imagination there, does it?
Maybe it’s because I am an elder millenial who never owned a car, but only rented cars when I need them, The most I ever used is google maps (now Osmand… which is the superior Open source option!) to find my way. But I never felt the need for anything else other than blindspot detectors (which don’t need to be connected to anything!) to help in lane changing since it makes that task easier. I listen to all my music and stuff on my phone (which is another tracking device I fucking hate) so I don’t even bother with the radio.
In short. I would like my automobile to be like what automobiles were… a hunk of metal that is used to travel from point A to point B. This is coming from someone who LOVES technology and I recently took the time to buy a 6000$ desktop because I fucking wanted the most high end machine I could get and I love it. But even I have my limits.
That’s how the CIA killed reporter Michael Hastings for demonstrating american arrogance of McChrystal and his squad of butchers which led to the europeans funding the war on islam a little bit less.
I just looked up Michael Hastings on Wikipedia and I find his ‘car accident’ to be a little too damn suspicious.
yeah, I work in automotive and “vehicle inhibit” is definatley a feature we have. I could be wrong but I think its actually a legal requirement now to sell in certain jurisdictions (I don’t work in that side of the company).
So… a hacker CAN make the cyberpunk 2077 quickhack Emergency Break a reality? Well fuck me sideways!
it can happen easily in future moreover like wireless earbud which can be dos as they use bluetooth which was not build as security in mind , if used in hot countries they can be easily blasted which is enough to kill someone considering the shards will go in the brain . so this can easily be replicated in electronic cars as well . though these earbud manufactures had brain and have a device in earbuds but sometimes that device can also fail , i never used a e car so dont know if they have some type of device in it . but i would love to see a experiment over this
Israeli terrorism with their pager bombs is something that is already happening, but with those they had some explosive material planted. The thing you are mentioning doesn’t require anything dubious to be added and they can work as is. This shit is just scary as hell.
@Phoenicianpirate @legionguy it is quite implausible too. The battery in your earbuds will at most deform your earbuds and cause ear damage and or hearing loss.
Not just hearing loss, your sense of balance will be fucked. So it’s double whammy.
yep. I just with some car company would choose not to do this and advertise the fuck out of it. (looking at you Chrysler you have nothing to lose)
They still have the Pacifica…
uhm, the pacifica doesn’t fit this description (source, worked at FCA on this kind of stuff and we put it in the pacifica).
The Dodge Grand Carvan, which was basically unchanged from '08-'19 on the otherhand…
Sorry, I meant that in response to “they have nothing to lose”. They still have one vehicle line, but it was slightly facetious because I don’t think they have much if anything else.
New report Mozilla said this a year ago I think. Released a privacy report on all car manufactures.
A lot of you probably already know about this one but here’s Mozillas privacy not included blog where they review smart devices/services based on how much data they collect about you. A lot of car manufacturers at the very top of the most creepy ones.
I’m shocked, i tell you, shocked!
I mean if you’re mechanically talented enough and sufficiently motivated, you could probably rip out the digital controls and replace them with mechanical analogs, getting rid of the computer entirely. Extremely difficult, but probably doable if you know what you’re doing.
That aside, we shouldn’t have to do that to get out of being spied on.
The more we electrify our cars, the less feasible this is.
Decoding and sending messages to mechanical systems over the CANBUS is one thing (still difficult, but possible), but taking control over system software is another. In the us, consumers are supposed to have the right to repair their personal vehicles, but a lot of that law was established back when you could do work on a vehicle without having access to digitally protected copyright. We might have a right to repair, but that’s starting to clash against their copyrights over their IP and software controls.
And that’s not even getting into their eagerness to utilize subscription models - would a court side with a consumer if they decided they wanted to circumvent DRM controls over subscription-controlled car features (a car that they own outright)? It’s unclear to me that right to repair or consumer protections have been written in a way to accommodate those conflicts… Especially when cars are subject to far higher safety regulations than computers - a manufacturer could argue that they need to prevent consumers from tampering with their software systems for their own safety.
If you still own a ‘dumb’ car without one of these systems, it’s really not a bad idea to hold onto them for as long as possible. You can always upgrade them if you want to - some people have even replaced ICE transmissions with electric ones. But once you own one of these cars with software-controlled systems, it’s far harder to strip them out. Especially once they start requiring cellular connection to operate or function (or require connections to privately-owned satellite constellations…)
Or just disable the cell modem.
It’s also why repair costs an arm and a leg.
It used to be a bumper was just filled with foam, so getting in a fender bender was a pretty cheap fix.
Now a bumper has upwards of $5000 in technology and sensors sitting in it, and a fender bender can often make the car considered “totaled” because the cost to repair is now more than the total resale value of the car.
Get a bike, ride a bus, fuck surveillance capitalism.
Best part is it’s $5000 because they get to name their price. These sensors, headlights, etc, cost nowhere near that, but where else are you gonna go get em?
So in a few years when your new car has depreciated to somewhere around 10k and you get a massive repair bill? Well most people are scrapping it and getting another car, convenient for them…
Opting out still seems like they’re pinkie promising they won’t spy on you. There’s no guarantee they’re not using all those sensors on your car to keep tabs on you. The only thing they can’t do is sell your data without getting caught. Are there any guides to install a faraday cage on the telemetry antenna? I miss having dumb cheap vehicles.
I have never seen an opt-out work as it should. Operating systems just re-enable everything through system updates. Apps do it through app updates. A lot of updates seem like they’re for nothing other than getting you to agree to a new more intrusive ToS. For websites, spam lists, and that sort of shit, they just create a new mailer program and opt you into that. Sure, they’re not sending you the one you opted out of, but there are 500 more on the back burner. Some of the worst offenders will have dozens or even hundreds of different lists and force you to opt out of each one individually. Then of course there are the spammers who just don’t even capture the opt out. Or put the opt out behind a login that you don’t even have. Or serve the opt out page through an ad-click network which is blocked by your filter list, firewall, ad blocker, or DNS. There are a hundred ways they circumvent the laws and legislators are doing nothing to stop them.
I just pulled the fuse for my vehicles modem once Mozilla released their report earlier this year or last year.
I think the best course of action is to find an cut the antenna or it’s trace on the board (and verify). Sounds a lot easier than it is though.
edit: or also pull the modem fuse, if it has one
From a cursory examination, it looks like there are at least some models where you can disconnect the antenna, for which you may get a warning you can just ignore. Seems a lot easier than a faraday cage. But a lot worse than a car not outfitted with that kind of tech.
The surveillance is mostly done on the inside of the car, not the outside. Parking sensors don’t really provide useful data for them to harvest, but that is why they cost so much to replace. If you don’t care about parking sensors you can just replace your bumper without them, the car doesn’t really care after you tell it “you didn’t ship with parking sensors”.
YES
A few years ago, when I cared little about my privacy, I would fancy buying a new car. Thanks to privacy concerns, I became proud to have my old car, which also happens to be highly repairable.
Yep, I have my 2004 landcruiser. I will never get rid of this car
I once had a conversation with AI to see what the fastest form of local transportation is, that didn’t absolutely require paying any kind of insurance, like cars do. I did not expect the response at all: the AI told me horseback riding. The thing is, it’s completely right, but it’s something no human would ever have given as a response. Anyways, if anyone has a horse you don’t want…
An eBike would be faster, and way easier to maintain and store. They don’t require insurance.
Horses can run between 25-30 MPH, a class 3 e-bike caps out at 28 MPH. So, they’re about the same.
Horses can’t just go galloping around everywhere. It’s hard on them, hard on their hooves if they’re carrying a rider, and they require distance to get up to that speed. They have limited endurance, and if they eat right after a hard gallop, then they get bloat and die a painful death. Trust me, a bicycle is faster, and easier, and all around better unless you’re commuting around the hills and backcountry.
Also, horse is bigger/more visible to cars, and maybe could be in the street. So you may not have to wait on traffic crossings as much depending on the area.
I still choose e-bike because poo, but what a looney idea, I love it.
Just superglue a neodymium magnet to the bottom of your bike shoe and hover it over the sensor lines in front of the stop light.
deleted by creator
The AI was doing that meme
“Humans have horses. Don’t ride them. Are they stupid?”
Horse Outside by the Rubber Bandits
That’s why I’ll take bus, train, rideshare, carshare, plane with all the cameras and tracking over buying a new personal vehicle. Modern cars can build a personal digital profile of you, they know where you travel, they track your plate, and we found out they track your driving behaviour to screw with your insurance rates.
Also consider getting an ebike, if possible.
In fact, I have one! And for its size (20-inch wheels and foldable) it can fit a lot!
E-bike
Nice, that looks legit.
First thing I did when buying my '21 Toyota was remove the fuse giving power to the cellular modem. Is it still recording my data? Of course, but that’s only a worry if I go to their dealership for service. If I ever need to actually do that (recalls for example) I’ll remove the DCM module from the vehicle before bringing it in. There’s a very good local shop near me that I’ll bring it to for normal maintenance before letting Toyota plug in to the car and download my data.
Some vehicles this may not be possible, so if this concerns you, check forums about your vehicle if it is a moving spy machine before trying this because you might end up causing the vehicle to be put in limp mode because of some BS design choices.
I’ll remove the DCM module from the vehicle before bringing it in.
Why don’t you remove it right now then?
Haven’t had the time to tear the dash apart. It’s located below the infotainment screen. It’s not transmitting so no need for immediate action.
I am consistently disappointed to see the top posts say to not buy a car whenever news like this comes out.
Your post at least provides an alternative.
Which fuse? And links to a guide?
Pretty simple, there’s a fuse in the fuse box under the dash labeled DCM, just remove it. It’s extremely simple and takes 3 minutes. The DCM has an 18650 backup battery so it’ll stay powered for a short time but should die in a day or two and stop transmitting.