upvote

points

by this_user2 hours ago |
comments
upvoteby anonymousiam2 hours ago|
next
[-]
If they have concerns about the security of their app on some platform, they have the choice to either put "security" into the app, or to trust the platform vendor to provide the security. The correct solution is the first way. Deferring trust to the platform provider is the lazy way.

If their APIs are done correctly, they shouldn't be afraid to expose them.

reply
upvoteby user39393822 hours ago|
prev|
next
[-]
VW didn’t seem too concerned with compliance when they were rigging their pollution tests.
reply
upvoteby zie1 hours ago|
parent|
next
[-]
That was just engineers engineering their way into creating Electrify America :)
reply
upvoteby zelphirkalt18 minutes ago|
parent|
[-]
I am pretty sure that was not the engineers, but someone higher up the food chain ordering people to do that. I might be wrong, but maybe I missed the obvious "/s" or "/i" here.
reply
upvoteby xenocratus2 hours ago|
parent|
prev|
next
[-]
They'd have you know they actually cared a bit too much about said compliance itself.
reply
upvoteby CuriouslyC2 hours ago|
parent|
[-]
*appearance of compliance
reply
upvoteby joe_mamba1 hours ago|
parent|
prev|
next
[-]
Them cheating the tests WAS them ensuring THAT compliance.

In fact, that's how a lot of compliance works in industries where there's little little enforcement and relies a lot on self regulation.

reply
upvoteby this_user2 hours ago|
parent|
prev|
[-]
I mean, the only reason they did it was to be able to comply with the requirements of the test.

But the reality is that every once in a while you have a scandal like this or something like Wirecard, and it happens, because the culture is such that absolutely nobody thinks it possible. That includes officials and regulators whose first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.

reply
upvoteby joe_mamba1 hours ago|
parent|
[-]
>because the culture is such that absolutely nobody thinks it possible

Only naive laymen or newcomers to Germany think it's not possible. German business leaders, lawyers and politicians know exactly how much corruption and scamming is going on in the business sector, and it's not a little.

>first instinct will often be to come after the people trying to expose the scandal, as has happened in the case of Wirecard.

That was purely malicious to try to protect Wirecard, not because the regulators couldn't possibly imagine corruption and law breaking exists, that was the story they used as cover for their corruption.

Like you're a regulator and instead of doing the thing you were hired for and look at the evidence The Economist showed you, you instead "use your instincts" to decide not to do your job and not look into Wirecard because you can't imagine something bad can ever happen? Come on! All those regulators should have been fired and tried for corruption and/or accessory to crime.

reply
upvoteby formerly_proven2 hours ago|
prev|
next
[-]
If I had to guess it’s liability concerns around the app-based remote unlock and parking + R155 and CRA. A lot of european companies have moved to require attestation in their apps, likely spurred on by the CRA.
reply
upvoteby Perseids13 minutes ago|
parent|
next
[-]
But why? I'd understand (though not approve) them tightening down everything about the car firmware to the max. They are responsible for the app, sure (it's a "digital element"), but they aren't responsible for the OS the app runs on. The CRA should not be used as an excuse to enact stupid restrictions.
reply
upvoteby 2 hours ago|
parent|
prev|
[-]
deleted
reply
upvoteby neya2 hours ago|
prev|
[-]
Yeah sure, the company behind Dieselgate and single handedly destroyed the diesel market is worried about compliance? Give me a break.
reply
upvoteby adrianN2 hours ago|
parent|
next
[-]
VW is large enough that different parts of the company can have very different opinions.
reply
upvoteby zelphirkalt14 minutes ago|
parent|
next
[-]
That itself though speaks for a broken company culture. If one part of the company is completely disaligned with the values of good engineering, why should anyone still trust the company as a whole? It seems they at the very least severely lack a good vision then, to uphold the company values or what should be the company values.
reply
upvoteby moooo9918 minutes ago|
parent|
prev|
[-]
I mean, the app services department doesn't exactly have a track record of perfect compliance (privacy) either, so there is that.
reply
upvoteby thyristan24 minutes ago|
parent|
prev|
[-]
You don't understand, both comes from the same motivation and way of thinking: You see, compliance in Germany is about pretending to be super-compliant and not getting caught. Everyone will do the dance, make all the moves, and if you seem to make all the moves, you are assumed to be compliant. Supervisory authorities will not really check thoroughly except if you are annoying them or making them look bad. Especially if you are partially state-owned like VW.

In Dieselgate VW got caught, made the supervisory authorities and politicians look bad, which is why the authorities also weren't inclined to sweep it under the rug completely. They just shielded VW from the financial consequences in Germany (German VW customers got shafted).

Blocking GrapheneOS is the useless "pretending" part of compliance. They don't really want to do security, because that would cost money, so they pick some actions that seem drastic, harsh and don't cost them anything to implement. Later, when there is a security incident, they will point to their huge heap of pretend compliance, whine a bit about state sponsored actors, high criminal intent and other obvious deflecting bullshit. But they will get away with it, because they did the compliance dance, so they are obviously compliant and did nothing wrong. Nobody in authority will look twice als long as they are neither annoyed or made to look bad.

tl;dr: compliance in Germany is performative

reply