Last year I requested a Carfax on it, and one of the fields in the request was current mileage. I entered an estimate like 75000 miles. On form submission, that field failed validation with the red subtext along the lines of 'this is less than the last reported mileage of 75345, reported <5 or so days prior>'. Checking my odometer and looking at my past few days' trips, that was indeed accurate.
The car hadn't been to a shop or out of my possession in weeks, so I can only assume the telemetry was still dialing home and selling to third parties despite my best efforts to disable it.
Anecdotal and not unexpected in the grand scheme, but it still surprised me.
The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.
They are both very cagey with how they talk about this (or don't).
It's hard to not want to throw your hands in the air screaming "whatever" when almost everything you use in public is somehow used to track you either as you move around, or in the future.
The FUD spouted on here by the scummy adtech industry about legislation to protect YOUR privacy is mind boggling. These are the people doing the digital equivalent of sniffing your underwear to work out what you had for breakfast.
(And before somebody shouts FUD about the UK/EU vehicle eCall 112 system, that certainly doesn't track you or seek to invade your privacy on any level!)
Maybe if you buy the car with cash, but if you finance it you are leasing from a company that has definetly accepted all the terms and conditions to capture and sell all the telemetry to various parties
>without an explicit opt-in
check out at a modern volvo/audi/whatever, they are making it so difficult to say no every single time the screen is powered on
No it isn't. Stop spreading FUD.
It is illegal in the UK/EU to make provision of a service dependent on allowing your personal data to be sold to third parties. This is BASIC data protection law here. You should be embarrassed for not understanding this.
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...
> modern volvo/audi/whatever, they are making it so difficult to say no every single time the screen is powered on
More FUD.
The nagware is for "safety" features such as lane assist which must turn on every time by default (yes, this is a PITA). This has nothing whatsoever to do with data privacy requests.
nagware is absolutely not for safety features. Deny the terms and conditions and every time you start the car you have at least three screens you have to scroll and click buttons. It is a very recent feature, have seen it on models from january onwards.
BTW: You also want to deny that because if you agree you also agree to update the system at their will (many cases on the press of them fucking it up, bricking cars requiring ECU replacement. A couple of manufactures i won't mention fucked that up as badly as using two different ECU makes for the same car model, and sending the wrong binary and the bootloader happily accepting it. All without user approving the update beforehand. All happening in the background. Car stops at the sign, ECU reboots and dies.)
You also have constant nagware when you disable the tracking features in software.
Nobody seems to care and this isn't enforced at all.
It is very hard to live in Germany without having a google account. Many services are only offered via phone-app that is only available through play-store. I'd have to use apks from questionable, untrusted third-party websites.
Good luck finding an employer that doesn't require you to have a microsoft account.
The EU is not the privacy paradise some make it seem to be. It's a corrupt, bureaucratic, exploitive nightmare with some splashes of democracy here and there.
Von der Leyen is the perfectly ridiculous representative, she left nothing but corruption, collusion and incompetence in her wake.
Which in the EU/UK, is subject to data protection law; including compulsory opt-in for sharing personal data!
Granted, the scummy adtech industry push the law to the limit ("legitimate use"), meaning we need better regulation, not less.
The data is anonymized and you can opt out, but many people probably don't know it's collected in the first place.
How do you know?
BTW, the checking all the opt-ins is usually the first thing the sales person does when selling a new car.
And the FUD has started. Maybe try reading the law?
https://europa.eu/youreurope/citizens/travel/security-and-em...
So what is the point in having laws then?
No doubt you believe any adtech request for personal data should be met by the subject promptly bending over and grabbing their ankles with both hands?
But maybe it IS true. I know it's legally mandated.
So do you think UK/EU vehicle manufactures are deliberately in mass breach of data privacy law... fully knowing the cost of a consumer backlash, fines and vehicle recall costs to fix any law breach?
Really?
It's genuinely amazing how many Americans on here (a tech news site!) are unaware of data privacy law and expectations outside their homeland.
Of course, I can't or won't prove it.
And yes, I am _intimately_ familiar with the GDPR and other laws and regulations. The US also had (has) wiretapping laws that would have prevented snooping on Americans.
I'm not claiming the EU is no better than the US, it clearly has better intentions. But fundamentally, I think the EU will end up in the same place as the US sooner or later, simply because the same forces are at play: desire for security >> desire for privacy for most people if the rubber hits the road.
Here's some fun read for those who seek more info:
https://www.politico.eu/article/germany-privacy-watchdog-sid... https://www.bnd.bund.de/EN/Service/PrivacyPolicy/privacypoli... https://www.lexxion.eu/?newsletters_method=newsletter&id=477
They were also in mass breach of vehicle emission laws. The fact that there was some backlash (although people didn't really stop buying VAG cars), people got prosecuted, the company got fined, didn't really change their decisions while they were pumping out fraudulent cars.
Yes, we should have privacy laws like this in the EU, this is a good thing! But thinking that, when these laws are in place, all companies magically will follow them is naive. To them it's still a cost/benefit analysis, and history has shown short term benefit trumps many other things for these companies.
Doesn't that depend on the company though? Not all companies are focused in the same amount on short vs long term benefits.
There are costs of not following the regulation (example, did not check in detail: https://www.enforcementtracker.com/) and I do not hear (media, social network, etc.) anybody complaining about fines so I think it will just continue ad hopefully will change their opinion at some point.
I'd also suggest the backlash from breaches in data privacy would be much larger than from fiddling emissions tests (as evil as the latter was, it actually saved many customers money on a (more polluting) car with higher performance).
> After news broke out of Volkswagen cheating on diesel emissions, multiple other vehicle manufacturers got caught falsifying emissions data, as well as exceeding legal emission limits. This uncovered a greater industry-wide issue that goes far beyond only Volkswagen Group.
Then let us hire different leaders into government. Public servants, not overlords.
I fear that only blackmail-able people with the potential to win elections, get the support, so that they are beholden to someone who ultimately gives them the job (e.g. funding their campaign) and has to return the favor x10 when elected, so promises go out the window and new reality sets in.
So it's not just that the primary process will crush anyone who will seriously roll back government powers. They won't even let anyone peacefully create an entirely new fucking island to try and get away from the tyrants and do it while leaving everyone else alone and not messing with the powers that be.
America did have a period of relatively small government intervention at the beginning, but that took a war with Britain. It also had some periods of it during the pre-founding (some of 1600s Pennsylvania and Rhode Island while Britain was occupied elsewhere). Pennsylvania (before it was a state) in particular was basically straight up anarchist for I want to say, about 20 years.
When forced off the reef, the founders went back to places like Australia, Manhattan, and London with considerable wealth. Pretty easy to see why that was preferable to possibly dying by firing on the armed forces of another country.
Somaliland and Rojava don't have that option.
Yes, the women, slaves, non-land-owners and native Americans all loved that phase! It was paradise on earth and the embodiment of the eternal liberty to which all (*) humans are entitled.
(*) your experience may vary, depending on your membership of various demographics. Some restrictions apply. Please see package for details.
I have no option other than to lay down my intellectual tools before you and declare you the winner of this battle of the ages. I am humbled by my idiocy in even bringing up the fundamental economic engine of the early American republic, as if it actually mattered at all in the face of the noble, if perhaps a little selfish, goals of those proud young Americans.
I'd also note slavery was also influenced by how land distribution happened in the colonial era. Lands dispersed under more feudal models lent themselves more to slavery and indentured servitude. Lands that for various reasons that were rapidly sold were more likely to end in the hands of small holders without slaves or fewer slaves.
Not only that. Them and the point-of-sale vendors (aptly shortened PoS), sell that data. They tend to attempt to do this anonymized. How successful they are in anonymizing that is very much so up for debate.
The websites (and even their retail locations) you buy from send your purchase data to meta and other advertisers directly via APIs so they can better track their marketing conversion rates. You can browse their APIs [1][2] to see what kind of data they like to get, but it tends to be every piece of identification they have on you. Rewards programs make this a much richer data set. You don't need to be a user of Google/Meta for them to build a marketing profile based on this. Google links your physical conversion from ads based on your maps data. Facebook does the same if you give them your location data. Many retailers attempt to use the bluetooth/wifi signals from your phone to track the same data even if you pay in cash [3].
There's no legal framework preventing this outside of the EU and California.
1: https://developers.facebook.com/documentation/ads-commerce/c... 2: https://developers.google.com/google-ads/api/docs/conversion... 3: https://www.nytimes.com/interactive/2019/06/14/opinion/bluet...
Yeah I think the big thing to push or talk about is that there is no such thing as "anonymized".
There's only such as a thing as "can only be identified as X many people". Like for a given dataset you can make any data point correlated to 1 of say 50 people. If somebody is anonymizing data and they don't provide a k-anonmizity [1] you should just assume it's 1:1 and effectively not anonmized.
let anon_id = md5(SSN);But now it's so convenient and discreet and common, we think nothing of it. Plus, Google and Apple and Facebook and their partners and everyone they sell data to are our friends, not enemies :)
My car is old, so no gps/trackers there, but this is troubling of course. I think that if/when I buy a new one, it has to be either some vintage car, or I have to find a workshop who can rip out all the tracking.
CC payments can be mitigated by paying cash, when available. But yes, CC and bank are a concern and so is CCTV.
An agent will be shortly with you to assist in that endeavor.
In some parts of the world that's a death sentence for the target. In other parts, it's one for the agent.
Maybe, but what happens without the mod described is that Google and Apple track you in addition to the telecom company. That, of course, assumes that you carry a cell phone tied to your identity. Some people refuse to carry cell phones altogether because of the privacy implications, or use them mostly in airplane mode with an anonymous SIM for backup.
You can also buy an older car that doesn't come with a SIM card installed.
Should that happen, I will move to a VoIP provider. Not perfect, but better than a smartphone.
Did you know ... in many countries government tracks car number plates and the data is stored for many years.
And if the competitor doesn't? Ouch.
I think there should be a "digital equivalency act" or something to hamper full digital capture, but my feelings aside, there's a few powers that dislike cash:
Free people like cash, but businesses with low-skill/low-trust workers dislike cash because despite the CC fees, there is less theft, less overhead with cash reconciliation, cameras to watch cash with, less safes to manage, less cash pickup services.
The IRS hates it because there is a cash industry (as there should be, imo, but I'm injecting too much opinion already) that doesn't report earnings. I personally know barbers, housecleaners, handymen that admit to reporting no or few earnings, and synthesize a living off cash and benefits. If you stop paying taxes, this actually works pretty well compared to a low-end tax-paying job. My housecleaner takes overseas vacations (like, thrifty ones in hostels) 2-3 times a year this way.
Banks (arguably the IRS again, deputizing them with KYC) squint at you when you deposit or withdraw significant cash - ask any weed industry participants. Untrackable currency is a natural catch-all for people they don't want to bank with, so it's just friction and headache naturally.
If there was a posted notice that no cash is accepted it's unlikely you'll get a criminal charge, but you can get civilly sued. Most places will just accept the cash then put up a picture saying "If this asshole shows up again, trespass him"
I worked at the gym in college and we sold like one item a day and it was still a whole bunch of work and pain to keep up on the cash counts correct.
I definitely believe that all businesses should take cash as much as is reasonable, but logistically it is understandable why some choose not to
If your operating costs are some percentage higher for accepting cash versus the coffee shop across the street that doesn't, you're more likely to fail.
Assuming you’re talking about the US here: there is no such requirement, at least not at the federal level. Individual states may have their own laws, but see for example this notice [0] from a Texas federal court that they will no longer accept cash as of May 21, 2021.
[0] https://www.txnb.uscourts.gov/news/notice-court-will-no-long...
If you wish to make an apple pie shop from scratch, you must first invent an economy that isn't hamstrung by legacy obligations from ventures that people who are long-dead somehow were allowed to finance with your paycheck. (Somewhere, a middle-aged nepo-baby is clutching her pearls at the thought, and I just think we should cherish, rather than shy from, the opportunity to throw her and her siblings under the bus.)
Anecdotally via friends in law enforcement.
I know the laws are far from perfect, but isn't there some legislation compelling them to disclose what they collect?
What specifically would be the most relevant law/regulation? (If it varies by geography, pick any major market, eg. California, that is big enough to impact their engineering design and the content of published material). You mentioned they're cagey, and my aim is to examine if there's a gap between what they're supposed to disclose and what they do, which could be rectified by litigation. Eg. If they just say "vehicle telemetry" that doesn't tell you much, and I'd happily contribute to an EFF effort to get them to elaborate.
Alternatively someone who works close to this code could provide some examples of what a "typical" smartphone OS platform collects these days.
The author seems unaware that in iOS you can uncheck nearly every single location usage the OS and Apple Apps themselves collect.
On iOS not only can you shut off things like traffic reporting while using Maps and cellular/WiFI/Bluetooth data collection...unlike Google, Apple will let you use those services without requiring you contribute to them.
The author provides links at the top to credible reporting on relatively well-known privacy concerns.
No, not really - at least not apple. They are very clear on what CarPlay’s privacy stance is, and they’ve got privacy white papers on pretty much everything:
Eg. https://www.apple.com/privacy/docs/Location_Services_White_P...
Again, at least on the apple front this comes off as a ton of “stated without evidence “
Allowing it to connect over Bluetooth requires granting AA plenty of additional permissions which I didn't want to do (but hey, on GOS at least you can muzzle that thing).
Another possibility is to keep an old/cheap, stock Android phone at home with WiFi only for apps like this.
What's more concerning is that it's entirely unclear exactly what information is shared over the Android Auto link, in my case, over Bluetooth.
A lot of this has obvious use within the AA interface; for example, the parking brake position is used to prevent scrolling too far through lists, and the car's GPS is usually much more accurate than the phone's and better on the phone battery.
0: https://github.com/f1xpl/aasdk/tree/development/aasdk_proto (pretty old reverse-engineering effort)
EDIT, previously "does not" above said "doe snot", which explains the reply below
Source? Can bluetooth devices do that without the user's knowledge?
How?
While the car has a sim card already, I can't use it for general purpose apps without a subscription. Only updates, remote control and I suppose telemetry.
I usually opt for choosing a bluetooth tether instead of wifi since I already establish a connection for calls, or music / audio books.
It isn't hard to imagine Android being able to transmit vehicle telemetry via the same means.
You can also "firewall" AA via something like TrackerControl, this would let you block connections to eg. Google Analytics servers without denying network access altogether (which would likely cause AA to stop working). I've only used AA with short-term rentals so I didn't spend too much time exploring these options.
not sure if this was caused by an OS update or an AA update because im certain it used to work fine
(not graphene, but friends otherwise stock samsung android)
I guess it's fine in an emergency, but I wouldn't want to use it day-by-day, the live traffic/road closure information in my case ends up saving us tons of time over the year.
So I bought an Android auto / Car play module that integrates with the car touch screen. Now I have up to date maps and navigation for ever. :)
This option is also disabled in the UK - an intentionally preserved backdoor for government access.
Do you have evidence or a citation for this? Or is it just the sort of statement that’s made in the pretty certain expectation of upvotes on HN?
I would be concerned that a passenger connecting their phone to it while I was driving.
In other cars I've been successful picking up the relevant modules for peanuts from surplus/scrap then just desoldering the RF-active components (like bt radios, etc) and swapping them in. YMMV but if it doesn't work you're just out the cost of a junk part.
Even if some radio feature is benign its existence means that its hard to be confident that there isn't some other telemetry feature you missed. With no connectivity at all you don't need to worry that you missed something because you can monitor the car with a spectrum analyzer and observe its never transmitting.
Unfortunately in some newer cars you can't swap any modules without a dealer tool to pair the module to the car, presumably in a bid to prevent third parties from fixing the car (presumably preventing people from lobotomizing their surveillance isn't on their radar yet).
https://www.toyota.com/configurator/build/step/summary/year/...
...maybe there is a lot of dealer markup in your area?
I think the inital point was that car manufacturers/dealers are double dipping through initial cost/interest AND data harvesting.
A free 55 inch tv supported by ads would be subsidized. A big ticket item price likely does not change even if it intrudes on your privacy and the manufacturer makes additional income on your data. In that sense it’s not subsidized it’s just greedy business practices.
Most (all?) ordinary TVs, plus things like Roku streaming devices, are sold essentially at-cost. The profit comes from ads and information-brokering stuff. This makes it basically impossible to break into the market without doing the same thing.
Different products exist at different price points to cater to different customers.
If you want to sell a subsidized product with the implication that there will be ads, that’s one business strategy, but to say that it’s not viable to have a higher end product that will not sell the user data because it’s not commercially viable is something I’ll have disagree with.
Computer monitors with no smart features wouldn’t viable if that was the case.
Important: Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then it does not do that (see the discussion here and elsewhere), so I exclusively use CarPlay via USB. I wish I had a way to completely disable the car’s Bluetooth functionality, but it’s deeply integrated into the head unit.
Following the thread linked to, the only thing I can find is very unsubstantiated; https://www.rav4world.com/threads/2019-rav4-dcm-deactivate-p... :
One caveat, if you use bluetooth to connect your phone to the car DCM will use your phone to connect to the mother ship and presumably send your data. I only use my iPhone cable to connect to the car which does not have this effect.
Bluetooth tethering is a thing, actually predates wifi tethering. Though it's not enabled unless you enable Personal Hotspot in your phone settings (and Android requires it to be enabled separately).
CarPlay complicates things, as it only uses bluetooth to pair, then it switches to using a wifi network (as bluetooth doesn't have anywhere near enough bandwidth). Maybe Apple automatically shares internet over that carplay connection?
I have no doubt that the car will use the internet connection if one is exposed, I just doubt it will be exposed automatically.
For me on Android 16, the setting is in Network & internet > Hotspot & tethering > Bluetooth tethering
I have reported this to Toyota multiple times with videos detailing the problem and they have denied the problem and ultimately when faced with the evidence simply refused to fix it.
I've been a big fan of Toyota's Production System and their management culture, but this experience has really diminished the brand for me. I realize these problems exist with all cars today. The pattern seems to be to foist low-quality hardware and software on their customers and take no responsibility for the results. Software bugs aren't what they consider a "typical car problem" so they simply don't fix them.
The only fix I've found is to disconnect the phone and use its map standalone, just sending audio over Bluetooth. Maybe it's possible to get Android Auto or Carplay to reject GPS data from the car? I don't know...
I use Apple CarPlay and one thing that consistently worked was starting the navigation on the phone before it connected to the car.
Otherwise, the fix is relatively simple and cheap: the ECU has to be replaced, it doesn't cost too much, but it's pretty labour intensive.
This is exactly why the civil legal system exists.
I promise you a consumer rights attorney will be interested in going after Toyota if you have clear evidence of it.
Or you could take it to an independent mechanic. It's likely just a bad connection to the "sharkfin".
> I realize these problems exist with all cars today.
Nah. It really doesn't, not to the same degree. Consumer Reports has demonstrated this handily for many, many years.
My experience is pretty small; I've owned the same Tesla Model 3 LR for the last 6.5 years, and the software has been pretty much solid the entire time. There was briefly a problem with echos when I called land lines using the bluetooth and my iPhone, but that problem eventually went away - not clear if it was because the iPhone changed, the software was updated, or perhaps the particular landline I was calling got an upgraded CO, but for a car that's a pretty good track record. There were some sensor glitches but they got fixed.
I've test driven other cars. Lucid Air - tons of weird glitches. Rivian - almost as good as the Tesla, but laggy UI on a brand new car. My Tesla is almost seven years old and still smooth as the day it was new! How do they do it?
Compass heading specifically does seem to be unusually challenging. Does anyone else recall the bizarre "Google Maps on iPhone is 90 deg off" problem? Totally strange.
Aside from that, it was always pretty solid and IMO better than the typical legacy manufacturer offering.
I've done many USA cross-country trips in a Tesla. Chargers are a non-issue if you stick to interstate highways. I often don't, which means I have to do some advance planning. I find that fun. Others might not.
But if I were in the market for an EV today I wouldn't buy a Tesla. It's a great car but until the Musk family is no longer part of the company I won't buy another one or recommend them to others.
and amplified racially bigoted conspiracy theories
and likes eugenics
and runs companies which have set a record for the highest number of complaints about racial discrimination and bigotry in its workplaces
and bought an entire social media platform solely so he and people with his ideologies could spew bigotry without having their accounts deleted
and, uh, came from a very wealthy white family that lived in one of the most racially oppressive countries on the planet during his youth
This does not change the fact that Tesla is shamelessly spying on you. In fact, Tesla takes the software so seriously that it can probably fully remotely control your car. This is not something that I would want, and, if I were to be gifted a Tesla, the first thing that I would do is unplugging the cellular modem. If the car becomes unusable because of this, I would get rid of it.
> Tesla
It's really hard to take this claim seriously about a car company that programs its self-driving system to disengage if it detects what it thinks is a likely crash, so said company can then tell investigators, regulators, juries, and the public that "the car wasn't in self-driving mode when it crashed." "I'm not touching her, Mom. THE STICK is touching her!"
...and touts itself as having the most advanced driver assistance and self-driving capabilities, yet has the highest crash rate of any brand? Beating out Mustang and Imprezza WRX STi owners is truly an accomplishment, though.
...and (still?) hasn't fixed its issues with "phantom braking" that have caused multi-car pileups
...and has self-driving software documented as being so bad it will randomly swerve at cyclists, steer at light poles while turning, and swerve at crowds of pedestrians on a street corner waiting for the light? Which after years of refinement drives about as well as a highly distracted teenager who just got their learner's permit?
Yeah, taking software "very seriously."
My personal experience of the FSD function is that it works as its supposed to; it handles the mundane tasks of driving while I look around, and it's easy for me to interject when I feel I need to, which is almost never. That's what I wanted and that's what they delivered. It was not so good earlier, yes including phantom braking, but it's very good now.
I don't work for Toyota, but I do wonder, who exactly within Toyota have you contacted? Maybe you're reaching people who have no idea how to reach out to a real engineer within Toyota?
https://www.mavericktruckclub.com/forum/threads/telematics-f...
I don’t think there’s convincing my dealer to get into the service menu and disabling it.
I would presume that other manufacturers might have this as well.
It let me disable telematics, and Kia support confirmed that my car was flagged as a "Massachusetts variant" even though it wasn't purchased in MA.
How far do you live from Massachusetts, and how do your feel about driving vacations?
On newer vdubs there’s both a “location services” and a “offline mode” toggle in the infotainment, though this only turns the infotainment SIM off. Obviously this also disables remotely controlling the car using the app.
And the secondary eCall SIM cannot be disabled - not without triggering a fault code and a tell-tale. Since eCall is considered a safety-critical system it has self-monitoring and must work for the vehicle to pass inspection. It even has its own separate power supply. This is true for any vehicle (type) newer than ~2018 in the EU. This probably makes tracking the rough location of any eCall-equipped vehicle quite easy, if you have signaling-level access to the cell network – exactly like in all those SS7 exploits.
edit: turns out they thought about that and eCall modules aren’t supposed to constantly stay connected to a cellular network (dormant mode). Instead they only log onto the cellular network when needed. Difficult to verify as a consumer though.
I would be very concerned that the flag just continues to submit your data but with a "telematics disabled" bit set on it. This is absolutely how location privacy is implemented in some devices. Moreover, even if it is effective it could be remotely reset including accidentally as part of an update.
Better than not setting it, I suppose! :)
You can get an Autel KM100 for under ~$400 from China. Worked great to program in a couple spare keys for my car and less than what the dealer was gonna charge...
https://www.10tv.com/article/news/local/teens-indicted-colum...
- It has an internal battery and will keep running for quite a while after pulling the fuse. This is a safety feature in case you get in a crash that disconnects the 12V battery
- It will break your in-car microphone as discussed. Repairing that requires opening up the dash
- That won't do anything for disconnecting the GPS antenna
The reliability is way better than GitHub's uptime.
Better even than my car's uptime.
You must work in telco.
99.9999% or it's unusable :P
It still technically is used for telemetry... but only when you get into a wreck. It'll ping the onboard GPS at that time for coordinates, then place a voice call over your paired cellphone to 911 with TTS coordinates and information about the wreck.
"Attention. A side crash with rollover has occured in a Ford vehicle. Multiple impacts detected. The maximum speed change was 38 miles per hour. Airbags deployed. Detected ONE seatbelt fastened. Press 1 at any time for location information, or press 0 at any time to speak with vehicle occupants."
As I own two Toyota's I have read through these carefully and consistently the theme is that the owner was opted into this program without knowing it (likely by the sales person clicking through setup steps to enable every feature). If you are not opted in, I have seen no evidence they share driving data.
When I set up my Toyotas, the app clearly walks through the programs they have and you must click either "yes/opt in" or "no/opt out" for each program. It is not opted in by default.
Likely doing it to remove any frustrations from the brand new buyer being unable to figure out how to set it all up. The last thing you need is someone changing their mind about the car they just bought, because well if setting up the app is a PITA, what else is terrible about the car?
That being said, on re-reading the Toyota app does not require location/Bluetooth/Contacts to set up.
Before 2018-2019, the opt-in process for data sharing was hidden on a website somewhere. Around that time, the form became part of the vehicle purchasing process.
As mentioned in the article as part of the introduction, there were problems with those car regarding security. Especially with the Rav4 where a colleague, Ken Tindell, showed a very serious flaw: https://kentindell.github.io/2023/04/03/can-injection/
Because of this OEMs build in more and more security, like SecOC with Autosar and other similar things. More and more of those security feature depend certificates in the devices that have an expiration time. Those certificates needs to be rotated regularly. If the rotation does not happen, because of missing communication with the mothership, then the security will fail, which finally will lock you out of your car.
That will be true for all the coming luxury car models.
IRC, Tesla has something like this for years in their cars. They can be offline for a certain period of time. But when this runs out, you will be out of luck.
Guaranteed
How is this the case? I thought bluetooth was just sharing my phone's audio. Why would it allow requests over the internet? Surely there's a way to tell the phone not to give its internet connection to any connected bluetooth device?
If your Android is rooted, it's pretty easy to get tethering working. There's magisk modules that can fix the TTL problem and/or disable the hidden carrier-installed software that Android will ask for permission before enabling tethering.
Aah, you mean ‘snitches’. :P
Going on a bit of a tangent, but deep packet inspection can identify packets routed using NAT, so if the phone is operating as a typical hotspot it would be identifiable by your carrier. Carriers in the USA used to block / denylist / charge extra for tethering using this exact approach.
Anyway, one way to detect NAT is to observe different TTLs originating from one device. Is that deep inspection? Probably depends on who you ask. The fact that you have to track information across multiple packets counts for something, though.
Off the top of my head I wouldn't really expect there to be much value in a MITM inspection of the contents of HTTP traffic for the purposes of NAT detection. You could probably come up with some scenarios in which it might be possible, but I'd content those scenarios aren't very practical. Easier to compare TTLs between packets, say, or track connections to known OS "phone home" destinations. While these just use information from the IP layer, they're stateful observations requiring comparisons across multiple packets, and that might count for something.
One way to detect a shitty carrier service, though, is that they're inspecting your traffic for "good" or "bad" uses of their service, because that is a good indicator that they're not just a carrier. I call it Dickish Practices Identification, or DPI.
The delineation here is between "shallow" packet inspection (which basically nobody refers to because it's just a normal part of networking), where network devices look at just the bits of the packets they need to route / NAT / etc them appropriately.
DPI can tell a ton of things without needing to MITM encrypted layer 7 traffic.
A boring example is that you can tell TLS from OpenSSH traffic just by seeing the initial handshake. sslh ( https://github.com/yrutschle/sslh ) takes advantage of this on the server side to let you run both on the same port.
A less boring example is identifying OpenVPN, Wireguard, etc traffic regardless of what port they're run on, to enable blocking VPN traffic on a network.
You could spoof it by finding out your mobile's TTL, overriding the TTL in the connecting device to be one higher than the mobile.
Does the phone add a proxy header? Can it be configured to not add the header?
Android and Linux use 64 by default - the block could be circumvented by setting the laptop to use 65 TTL.
The fix for this is a phone that doesn't implement that protocol, i.e. not Android or iOS.
(There is the ability to set up a Bluetooth hotspot on a phone and allow Internet sharing over Bluetooth, but that’s a different thing entirely and you have to explicitly set it up and use it. It’s also slow compared to a modern WiFi hotspot).
Older versions of bluetooth may have other networking capabilities.
Modern Kias with the CCNC cockpit have a data connectivity unit that exclusively handles cellular. If you can get this unit unplugged, which only requires two Phillips head screws to remove, your set. It took me nearly 2 years to figure this out. Thanks OP
The active driver assistance features are criminally dangerous.
Sadly, the current administration is more interested in illegally locking Kia’s engineers in cages than actually enforcing consumer protection or safety regulations.
Anyway, avoid them and Hyundai. If you don’t believe me, drive in rush hour for 30 minutes and frequently change lanes. Be sure to be on the road at dusk and dawn to get the full experience, where glare confuses the onboard cameras, so regen braking flaps on and off, and it repeatedly overrides steering and sets of spurious cabin alarms.
I’d suggest parking a few times at a costco during peak hours, but I don’t want to get anyone killed.
Driving mountainous switchbacks with very tight corners it was so strict about not wanting to cross the central line that it frequently tried to dump me into either the mountain or over the cliff.
Similarly on straight 2 lane roads where only really the centre was clear of snow and ice it was adamant that I should be driving with 2 wheels in deep snow instead of daring to drive in the middle.
What's your year model and engine? I'll look it up.
yes. there ought to be a right to reasonable expectation of behavioral privacy where if it's not obvious and intrinsic to function that behavior is being recorded then it must be consented with functional opt-out.
gps tracking to the manufacturer of a car seems egregious. i wonder if it runs afoul of anti-stalking laws.
If you then charge only at home you’re even more private than gas cars, which must stop at gas stations with cameras.
But both types of vehicles are easily spotted with Flock cameras. And if you keep your phone on that tracks you, too.
I’m not that paranoid so I won’t do it, I just wanted to know.
Ideally I'd like to keep my cake and eat it: keep navigation (preferably offline), spotify, etc. working but disable the telemetry, remote control, etc. From what I could gather, Teslas can use Wifi (your phone's hotspot) as a backup uplink. So depending on how they've implemented the cloud features, after disconnecting the antennae, you might be able to set up a tiny router and whitelist certain DNS queries, HTTPs connections, etc. But it might also be that they just use a big ol' VPN tunnel to the mothership and pipe all the cloud features through it.
Slightly less ambitious: does the navigation in Teslas work offline? Offline maps and route calculation have been around since the 00's in standalone GPS navigators, so it's not impossible.
Everything has cameras these days. On my street almost every house has a cloud connected camera. Every major road has cameras, every store and business. Now I’m not suggesting we give up the fight for privacy but avoiding gas stations does nothing
I suspect soon cameras in other cars will also be reporting our whereabouts.
Absolute privacy is almost impossible on public roads.
Most of these are cloud connected, how do you know they aren't storing license plate information, or face data, or audio data for extended periods of time in the cloud?
Because I am instead annoyed at all three.
Not necessarily my neighbours, but the companies selling this spyware.
You can store an ungodly amount of data if you convert everything to metadata, e.g store a face picture for a short period of time, create a hash to match against other faces in the database. Same with license plates.
Using the metadata alone could effectively completely track your whereabouts.
They can't brick cars with bad antennas. They have to allow for cars that drive into tunnels or that are used in areas with no cell service.
They could choose to throw up increasingly annoying messages if the car hasn't phoned home for some time. Tesla does this if you haven't updated your software in a while but the screens are pretty easy to close and ignore.
BTW I don’t own a Tesla. My car is like yours, a pre-2010 gas minivan with zero tracking.
Our phones and roadside Flock cameras still rat out both kinds of vehicles. I suspect soon cameras in other cars will also be reporting our whereabouts.
Absolute privacy is almost impossible on public roads.
Afaik phones do not share their internet blindly to Bluetooth devices.
What is the basis for this claim? I've never heard of this capability.
A random post on a forum is not evidence that Toyota has found a magic way to exfiltrate data over a bluetooth connection without turning on hotspot/etc.
But they could also do this over USB, so something doesn't add up.
It takes two seconds to turn off in my car (though by law it has to reset on every drive), but I never bother. In situations where it's "ok" to drive a little over the limit, it's a small price to pay and a gentle reminder.
No. They beep when they think I go above the speed limit.
Technically it is wrong 100% of time because the car underreports the speed. But even if we agree to ignore that fact, it is still wrong constantly because the car doesn't have nearly enough sensors and compute power to actually figure out what's the limit at the moment.
Thus this feature is as useful as cookie banners.
Dataset is readily available for most places. Pull local on entry to jurisdiction on every drive…
Internet connected options here in Australia generally have good speed limit data but there are generally very few variable speed limits that allow you to travel faster than usual.
Transition is never perfect but surely regulation would account for that?
I genuinely don’t know but to me it’s an interesting problem.
If you can't drive into a tree at 200mph and kill yourself in a car, then I do not what it.
When you get in a car, you have to spend 20 seconds disabling all those systems. Lane keep assist is downright dangerous as it keeps you in your lane if you do an emergency avoidance manoeuvre.
I don’t hate safety system like emergency brake assist or ABS but I don’t need a nanny keeping me in my lane. I also don’t need a coffee symbol for taking a break.
(Which makes me wonder, is there a flag set to make it not beep on cars sold here? Cuz otherwise people would be returning them en masse)
A completely empty straight country road with just a cyclist ahead of me. I pull out to pass the cyclist with plenty of room, and the lane assist tries to swerve me into the poor bugger. Very alarming considering I had no idea the car had such a "safety" feature.
Jokes aside, I am seriously pissed at Nissan because it was one of reasons I bought it in the first place: to pre-heat or pre-cool the car remotely before going to work, while it is still plugged to the wall charger. And they just decided to take it down. Funny thing, they even mentioned in the email that "not to worry, I can still use my AC when I am in the car". Wow.
Sorry, rant. Anyway, my point being - buy Nissan Leaf, no connectivity guaranteed by the manufacturer, LOL.
Modern aftermarket remote start systems work with both ICE and EVs alike. Take a look at Compustar. You can remote start your Leaf with a key fob from 1/2 mile away, no telemetry, connectivity, or silly app needed.
https://rabbit-labs.com/product/cancommander/
Crazy commenter, tell us a little about this. Can I use it on any Can bus?
Dangerous, but hilarious (Dubai raver has set up a 303 and 606 to make acid house while he drives): https://www.youtube.com/watch?v=mwYtjQk0QaU
Interestingly, Subaru itself used to make a DCM bypass kit for its cars. When AT&T shut down its 3G network, Subaru was stuck replacing all the DCMs, because they would search and search forever for a connection to a network that no longer existed, and slowly drain the battery. But there initially wasn't enough inventory to replace them all, so they offered these bypass kits if you weren't an active Starlink (cloud svcs) subscriber.
As a result, analytics endpoints generally have some authentication and verification built into them. Obviously, with enough time it's possible to reverse engineer these components. But that's a lot of time and effort vs just blocking the request.
Personally, I just plop it into a "dead letter office" table, then verify it's not malicious. But it's possible other companies would handle this differently.
But you do all that for privacy... and then you use CarPlay?
> eCall was made mandatory in all new cars approved for manufacture within the European Union as of April 2018.
What's this?
For this kind of thing to succeed as a general lifestyle, you would need to invest an enormous amount of time making potentially irreversible modifications to all kinds of electronic equipment - only to be virtually guaranteed to miss something.
Do this kind of thing if you want, but don't be fooled into thinking you're actually solving the problem for real.
Every HN thread is accompanied by comments saying it's all hopeless.
Tuned it off and used our phones from there to the hotel. That was the last time we used a rental cars navigation.
So yeah, its already happening.
[1] https://www.drivencarguide.co.nz/news/new-zealand-startup-le...
[2] https://thespinoff.co.nz/partner/17-09-2017/the-airbnb-for-c...
I always though ...just need to remove the ... the antenna .. modem would always get no signal and transmissons would always fail....
Same for the GPS.
To verify- no other hiddwen transmitters could use some RF( Radio Frequency) analyzers
[RF analyzer (ie spectrum analyzer) is a tool for measuring the power, frequency, and signal strength of radio frequency signals.]
To me it's a little bit like, "I love these new cellphones but I'm keeping it in airplane mode all the time because I don't want it online"
I mean what's the point of buying a new car if you're going to cripple features that are so much better because it's connected? Sure, use CarPlay or such, but to say forever end things like over the air software updates? Anything to prevent Kia from theoretically detecting sexual activity I suppose [1].
Just buy an old car. Or convert a classic into an EV [2].
There are A LOT of things in our lives that can be completely torn apart if one wants to. Glass is a vastly inferior window covering. Do you know how easy it breaks, and people can just look into it.
1 If you ask me, there's a whole whitepaper to be written about how to detect sexual activity in a Kia.
I'd like to think failure to apply an OTA safety update would trigger a mail-out notification requesting you bring the vehicle into the dealer. But that's probably optimistic...
If the car has a recall or safety issue with the suspension part failing prematurely, what possibly could some software nonsense do?
Ford https://www.caranddriver.com/news/a70513450/ford-4-million-v...
GM https://www.themanual.com/auto/gm-brake-fluid-warning-recall...
I think Chrysler does it too, but I only find mention of the time they bricked a bunch of Wranglers with a bad OTA update.
Broadly I don't think it's hard to imagine a software update being safety critical if the software is used in a safety critical system.
On the other hand, as mentioned by others: Why bother if you use CarPlay?
You can download and store Open Street Map for individual states. Map data doesn't have to come in over the air. That's not the problem. It's enhancing GPS with cell phone tower data that's the problem. That requires a cell connection.
What problem are we trying to solve here? At this point in time, guided navigation with completely offline maps and GPS has already been a no-brainer off-the-shelf thing for decades.
AFAIK it's almost always enhanced by things cell tower data, wifi network data, and external data sources (besides the satellites). Look up GPS/GNSS enhancement and augmentation for the latter.
Not GPS and WAAS. Not GPS and RTK. Not GPS + wifi + BT + cellular. I didn't mean any of those things, so I did not write any of those things.
If the thing is more than GPS -- by itself -- then that's outside the scope of what I was referring to with the juxtaposition of the words "GPS" and "itself".
(If a thing -- by itself -- can be better specified to be that way using concise phrasing, then I'm all ears.)
You could get more accurate fix with RTK data, but I'm not sure if that's actually widely used. And in any case that doesn't require active communications either, you could get correction data from satellite broadcasts too.
Technically it only requires an antenna that can listen on the LTE band (or even GSM). Trilaterating based on cell towers with a hackRF or other SDR is a fun exercise.
If your device has zero GPS signal then you can get ~100m accuracy from the cellular signals alone. If your device doesn't have "enhanced GPS" then you can get ~1m accuracy from the GPS signals alone.
Note that this changed with 5G beamforming. The new towers have a much better idea of where you are. (My understanding (thanks to other HN commenters) is that technically it's possible to do beamforming without deriving precise 3D coordinates but that this isn't how it's done in practice.)
I hate how this is a trade off. It’s totally possible for cars to broadcast their location only if the SOS is pressed or the crash sensor is triggered, but it feels like there’s no way to have that without also having everything else.
Amen.
Peppers article with Amazon affiliate links
Perfect summation of 2026
They can deny any claim for any reason, the onus gets flipped on you because if you want to fight back, you have to take a multi-billion dollar company to court .
All these car manufacturers pushing this horrorshow deserve to go under. Tbh it looks like most will soon....
(I dread the day my 2007 Civic is no longer usable.)
When I was a younger man, audio visual forums used to have an unfortunately sexist, but fairly good conceptual measure they called “wife acceptance factor”. It should really just be partner acceptance factor. Regardless of whom you are with, I hope they would physically intervene before letting you do this. What is the point? All of these posts feel like they miss the forest for the trees. Don’t like This Modern World? Fair enough, start by leaving your phone at home. Pay cash. And so forth. The author’s problems would be better solved by taking the bus. If you’re going to get into messing with cars, the wiring harness is not the place to start. Every trip to the dealer or any other mechanic is going to be painful right up until you finally give up and try to private sale the vehicle. At some point in that process, after you have dropped the price by over half the Kelley Blue Book value (or whatever Palantir shit replaces that) you may actually hear yourself explaining to the pleasantly smiling with a certain look in their eye non buyer about how you had to do this.
I will admit my bias. Fair play to the author for putting this all together but it reads like a very intricate aluminum foil hat.
1) My auto insurance is already too expensive. I have zero interest in "oh yeah we had to add to your driver factor because telematics says you exceeded the speed limit 11 times last year :^)". Less tracking is just a bonus.
2) He made no irreversible changes to the vehicle. Just keep the part and plug it back in when you need it for service/inspection or whatever.
3) "Telematics disabled" probably adds to the resale value of the car.
His solution: disconnect the cell modem
Your solution: Be single, never drive a car ever, and leave your phone at home.
?????
Also my spouse is just as paranoid as this guy is and when I told her what new vehicles collect she was happy she had an older model car. So this is not really a thing.
Removing seems hard/complicated but foil seems within most ppls reach.
It's a shortcoming each of us will have, if we're so lucky as to live that long.
Generally speaking, it's more efficient to power a car using a series-parallel hybrid system than an electric drivetrain with generator (series hybrid) while not really being any more complicated.
In a series hybrid (electric with generator), you're losing energy converting the rotational energy into electric energy. It's better to use the engine's output to power the wheels while it's in an efficient range. It's why Toyota's series-parallel hybrid design offered better mileage than vehicles that (primarily or fully) operated as series hybrids like the Chevy Volt.
> No screens
You can't really sell a car without a screen due to government regulations which require backup cameras (since 2018 in North America, since 2022 in the EU and Japan).
> no assists
Automatic Emergency Braking is going to be required in the US in 2029 (detecting frontal crashes about to happen and automatically braking, including pedestrian detection).
The EU requires even more including blind spot detection and lane-keeping assist.
I certainly agree that cars need knobs and buttons for controls like AC/heat, music, etc. However, it'd be hard to make a car where you aren't putting in a screen and assistive technology. I think a better argument would be to make a car where the screen was simply Apple CarPlay/Android Auto and a backup camera - rather than shoving a lot of garbage UX into it.
I'm never going to want to drive a car that has that.
A couple of years ago, I was involved in a stupid car crash that probably would have been prevented by this kind of system. Everyone was pretty much OK (yay), but both vehicles were ruined. And for me, at least, it was a complete and utter pain in the ass to find something else to drive that fit my intended use.
0/10. Would rather be annoyed by false positives.
However, you now have a chance to buy one of the rare prototypes!
https://finance.yahoo.com/sectors/technology/articles/bollin...
Maybe a simpler way is to to slap a Faraday cage on all antennas.
DCM Bypass kit. https://www.autoharnesshouse.com/store/AHH-DCM77
I used to keep my work phone in a Faraday bag sometimes. (I had my reasons[1]). It usually worked. Occasionally, it didn't work and the phone would demonstrate this by doing phone-stuff like ringing even while it was snug inside of that conductive bag.
So sometimes, the radiation was radiating well-enough despite my efforts.
Not so long ago, I was chatting with someone here on HN about blocking RF at GHz frequencies using aluminum foil. I was sure that it would be trivial, and they were sure that it would be difficult. So I tested that.
I started pinging my phone on its LAN IP, and wrapped it in foil. I found that I could increase latency some and also institute some packet loss.
But I couldn't stop it altogether -- not with a sheet of aluminum foil, anyway. No matter how carefully I made the creases, pings simply kept happening. (Having satisfactorily demonstrated to myself that were right and that it would be difficult, I stopped testing at that point.)
---
So here in reality, suppose the [car's] cellular connection finds that it has a connection occasionally. What's to stop it from buffering data and sending it in batches during times when it works? A few dozen lines of code that's geared to that purpose, perhaps? Or maybe a few hundred lines, instead?
Not that the difficulty matters much; the software is all closed up and inscrutable.
If the value of batching data to deal with intermittent connections is greater than the cost of producing the code to do this, then it can be assumed that such code has been or will be written.
---
[1]: An abusive manager I had liked to turn on the tracking system that the phone had. I didn't mind being tracked while I was on the clock, but I placed a higher value on my privacy than on her ability to be a snoopy bitch when I was not on the clock. My Faraday bag solution was adequate for that phone, at that time, with that particular tracking system, and for my particular desires, and I had access to the system with which to validate the adequacy of this success, but it was by no means perfect.
I use to disconnect batteries all the time when fixing vehicles, but the last decade ive been avoiding it unless I have to because of how poorly new cars run afterwards. And people get really angry when you fix something on their vehicle and then go to drive it later and it hard starts and feels and performs worse than ever. Telling them to "just drive for 30 minutes and then restart your car again and hopefully it goes away" doesn't make people happy or confident in your fix, nor does it make diagnosing issues after replacing a suspected faulty module or sensor easier when it sounds and performs like trash for a long while afterwards.
I would be the target customer, but I keep making convenience concessions and buying the nice car / appliance with smart stuff.
I appreciate this guide from a technical perspective, but despite a lot of the stated preferences, I’m not seeing a huge market for it.
Convenience is paramount.
Can't do the design bits, but there's full service manuals for any 1990s to early 2000s Landrover. Only NAS models, unfortunately, so for some things in UK/EU you need to interpolate a little.
Notice the complete absence of phone-home GSM modems or other tracking stuff?
You have the full right to view and ask for deletion.
Can you skirt the GDPR by making it hard to discover who you need to ask?