Maybe if you buy the car with cash, but if you finance it you are leasing from a company that has definetly accepted all the terms and conditions to capture and sell all the telemetry to various parties
>without an explicit opt-in
check out at a modern volvo/audi/whatever, they are making it so difficult to say no every single time the screen is powered on
No it isn't. Stop spreading FUD.
It is illegal in the UK/EU to make provision of a service dependent on allowing your personal data to be sold to third parties. This is BASIC data protection law here. You should be embarrassed for not understanding this.
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...
> modern volvo/audi/whatever, they are making it so difficult to say no every single time the screen is powered on
More FUD.
The nagware is for "safety" features such as lane assist which must turn on every time by default (yes, this is a PITA). This has nothing whatsoever to do with data privacy requests.
nagware is absolutely not for safety features. Deny the terms and conditions and every time you start the car you have at least three screens you have to scroll and click buttons. It is a very recent feature, have seen it on models from january onwards.
BTW: You also want to deny that because if you agree you also agree to update the system at their will (many cases on the press of them fucking it up, bricking cars requiring ECU replacement. A couple of manufactures i won't mention fucked that up as badly as using two different ECU makes for the same car model, and sending the wrong binary and the bootloader happily accepting it. All without user approving the update beforehand. All happening in the background. Car stops at the sign, ECU reboots and dies.)
You also have constant nagware when you disable the tracking features in software.
Your trust in the law (EU law! Haha) to do the enforcing itself is nice, but history and lived experience tell me that these laws are going to be skirted if there’s money in it.
Honestly, the number of people on here spreading FUD and defending the 'right' for the adtech industry to invade their private lives and treat them like shit is unreal. One could almost think their salaries are dependent on it!
Nobody seems to care and this isn't enforced at all.
It is very hard to live in Germany without having a google account. Many services are only offered via phone-app that is only available through play-store. I'd have to use apks from questionable, untrusted third-party websites.
Good luck finding an employer that doesn't require you to have a microsoft account.
The EU is not the privacy paradise some make it seem to be. It's a corrupt, bureaucratic, exploitive nightmare with some splashes of democracy here and there.
Von der Leyen is the perfectly ridiculous representative, she left nothing but corruption, collusion and incompetence in her wake.
Which in the EU/UK, is subject to data protection law; including compulsory opt-in for sharing personal data!
Granted, the scummy adtech industry push the law to the limit ("legitimate use"), meaning we need better regulation, not less.
> The EU is not the privacy paradise some make it seem to be
Nobody said anything about paradise, though considering the unrestrained nature of adtech in the USA, I certainly know under which laws I'd rather my (and others) personal data is kept.
The data is anonymized and you can opt out, but many people probably don't know it's collected in the first place.
How do you know?
BTW, the checking all the opt-ins is usually the first thing the sales person does when selling a new car.
And the FUD has started. Maybe try reading the law?
https://europa.eu/youreurope/citizens/travel/security-and-em...
But based on my experiece:
- GPS cold start requires 1-2 minutes to get a fix. That's too long in case of a crash. That means GPS is started at the same time as the car.
- A-GPS is better, but not sufficiently fast in case of a crash either.
- The cheapest way to implement an eCall module is to use a phone chip that includes both phone and GPS functions. I'm sure we can agree that all manufacturers will choose the cheapest. That means the telephony is started at the same time as GPS - when the car is started.
- Let's assume that telephony chip is separated. A phone boots in ... 30s? Too slow even if the eCall module doesn't include a full OS.
- A phone in airplane mode still takes 5-10 seconds to connect to the network and 3-5 seconds to dial. If you press the ecall button on your car, how fast does the call connect? If it's less than 5s, the ecall module was already registered on the network. If it's registered on the network, the car leaves a metadata trail on at least one of the local phone operators' servers. That metadata includes the time and the cell towers = full tracking data.
- GSM networks since the beginning mandate that the SIM card can execute commands received from the network. A SIM card is a full independent embedded processor. You should really watch the Defcon and BackHat presentations about SIM cards. Anyone that can send binary SMSs (and most operators are very ignorant/permissive) can track it, start calls, listen on the mic, etc.
So what is the point in having laws then?
No doubt you believe any adtech request for personal data should be met by the subject promptly bending over and grabbing their ankles with both hands?
So, yes, I am absolutely sure a telecom provider will be bending over immediately, or risk losing their licence.
But maybe it IS true. I know it's legally mandated.
So do you think UK/EU vehicle manufactures are deliberately in mass breach of data privacy law... fully knowing the cost of a consumer backlash, fines and vehicle recall costs to fix any law breach?
Really?
It's genuinely amazing how many Americans on here (a tech news site!) are unaware of data privacy law and expectations outside their homeland.
Of course, I can't or won't prove it.
And yes, I am _intimately_ familiar with the GDPR and other laws and regulations. The US also had (has) wiretapping laws that would have prevented snooping on Americans.
I'm not claiming the EU is no better than the US, it clearly has better intentions. But fundamentally, I think the EU will end up in the same place as the US sooner or later, simply because the same forces are at play: desire for security >> desire for privacy for most people if the rubber hits the road.
Here's some fun read for those who seek more info:
https://www.politico.eu/article/germany-privacy-watchdog-sid... https://www.bnd.bund.de/EN/Service/PrivacyPolicy/privacypoli... https://www.lexxion.eu/?newsletters_method=newsletter&id=477
Or, more succinctly - they are likely following the law but have figured out a way to avoid it as written using consumer opt-in and dark patterns.
You call it FUD, but this is hacker news and with overwhelming incentives it is not unreasonable to ask for verification that data isn’t being exfiltrated.
They were also in mass breach of vehicle emission laws. The fact that there was some backlash (although people didn't really stop buying VAG cars), people got prosecuted, the company got fined, didn't really change their decisions while they were pumping out fraudulent cars.
Yes, we should have privacy laws like this in the EU, this is a good thing! But thinking that, when these laws are in place, all companies magically will follow them is naive. To them it's still a cost/benefit analysis, and history has shown short term benefit trumps many other things for these companies.
I'd also suggest the backlash from breaches in data privacy would be much larger than from fiddling emissions tests (as evil as the latter was, it actually saved many customers money on a (more polluting) car with higher performance).
> After news broke out of Volkswagen cheating on diesel emissions, multiple other vehicle manufacturers got caught falsifying emissions data, as well as exceeding legal emission limits. This uncovered a greater industry-wide issue that goes far beyond only Volkswagen Group.
Doesn't that depend on the company though? Not all companies are focused in the same amount on short vs long term benefits.
There are costs of not following the regulation (example, did not check in detail: https://www.enforcementtracker.com/) and I do not hear (media, social network, etc.) anybody complaining about fines so I think it will just continue ad hopefully will change their opinion at some point.