No, a software switch is not enough. We need to be able to physically unplug the cellular modem entirely and have the vehicle work with 100% functionality (barring features which inherently require cellular connectivity like turning the heating on remotely)
Car manufacturers' features are mostly useless anyway thanks to Android Auto/Apple CarPlay
Yes and no. Ecall is but telemetry is not. And ecall only makes a call in case of a crash.
eliaspro 15 hours ago [-]
Ecall could/should use completely separate communications infrastructure than the entertainment/vehicle connectivity functionality.
wkat4242 15 hours ago [-]
That's difficult because both will need to use the cell network.
But I guess you mean on the car side like two modems? Yeah that would be nice, or at least to mandate the option to turn all manufacturer telemetry completely off. The EU never bothered to do this for computers and phones either though.
M95D 14 hours ago [-]
The GSM SIM cards, by design, can be remotely updated to do whatever the service provider wants (or asked "nicely", or paid to do).
I know, and they can be hacked too through sms messages.
But the sim card doesn't have access to the car telemetry. Probably even the whole baseband module doesn't. It just gets that data to transmit when an accident happens.
The worst you could do by hacking the SIM is to make the modem send nearby cell data somewhere. Which is serious enough because the rough location can be derived from it. But it's a far cry from what these manufacturers collect.
NewJazz 14 hours ago [-]
Or if the service provider is served a warrant, or if they're hacked.
cherryteastain 14 hours ago [-]
Just enable it by default and put a warning in big red letters that disabling the cellular modem will also disable the ECall system, which may mean you might not get the emergency assistance you need and therefore die.
wkat4242 14 hours ago [-]
That shouldn't have to be linked. You should be able to turn off manufacturer telemetry while keeping ecall. Ecall doesn't even talk to the manufacturer. It just calls the emergency services directly.
Of course when the modem is on you can't be sure that it's not doing that but that's what we have laws for.
NewJazz 23 hours ago [-]
Instead, US senators will rail about the security risk of Chinese vehicles while refusing to provide competitive alternatives.
remarkEon 17 hours ago [-]
What do Chinese vehicles have to do with this, or the ability of US Senators to "provide" alternatives? Sorry wasn't aware that the Ford family has someone in the US Senate.
NewJazz 17 hours ago [-]
If the US Senate can't effectively set industrial policy, then they don't deserve to call themselves oligarchs.
Okay fair enough, I didn't realize that that's what you meant. I agree, there should be a more coherent industrial policy that's nested with some specific national objectives. I too am very concerned about the lack of industrial capacity in this country. Feels like the lead up to WWI, in many ways.
18 hours ago [-]
mulmen 21 hours ago [-]
Why would turning on the heating require cell service? If you’re out of key fob range do you really need to pre-heat the car?
The only possible use of cell service is for infotainment and even that’s questionable in a world of ubiquitous cell phones.
Rohansi 2 hours ago [-]
I do this all the time. Don't even have a fob to begin with but it's very convenient when you're in a shopping mall and are going to make your way back to the car, for example.
Also handy to find your car if you manage forget where you parked for some reason. Or to set a destination for GPS navigation.
mihaaly 1 hours ago [-]
Putting your PIN on the back of your credit card is the most convenient thing. It is always there when you need it, no need to remember!
Marginal knicknacks vs. serious risks kind of thing here.
queuep 18 hours ago [-]
Schedule heating etc through their app
mulmen 13 hours ago [-]
The car can't keep time? How is the dashboard clock always right?
fastasucan 8 hours ago [-]
It can keep time, but how can you schedule remotely?
creshal 12 hours ago [-]
That's two different components, so they're made by two separate cottage industries in two different states to make sure you have leverage on more politicians. Connecting the two would increase the BOM by $0.1, which means a $1000 increase in retail price, and customers don't want to pay that, so clearly everything is the customers' fault.
(/s)
jazzyjackson 19 hours ago [-]
I like the 'call emergency services on airbag deployment' too, on the fence about removing it, I guess if I had an apple watch that could do the same thing but then I'm just moving the surveillance from one ecosystem to another
fastasucan 15 hours ago [-]
>If you’re out of key fob range do you really need to pre-heat the car?
Yeah, that can save 15 minutes of scraping the windows for snow and ice in the morning and afternoon.
mulmen 13 hours ago [-]
Sure that takes a lot of time but why would the car be out of fob range? If you care about 15 minutes of scraping snow why is the car parked out of fob range and also still in cell service somehow?
fastasucan 8 hours ago [-]
People hating having to scrape their car in the morning doesn't help them getting a parking spot closer to their work place or their home.
If they had a garage next to their house to park their car they wouldn't need either. However there are lots of situations where the car isn't close yet it need pre heating. For me this is driving the car to and from work in the winter, and certain one off situations (going home from the hospital, picking up the car after avriving at the train station).
Glant 11 hours ago [-]
I live in an apartment building on the side that faces the woods. I obviously have to park on the other side, and my fob doesn't reach. I don't care about remote start anyways, but there are absolutely situations where fobs can't reach but cell service can.
callc 24 hours ago [-]
Thank you for summarizing my feeling so succinctly.
The simplicity makes me think that law-makers can understand it.
UniverseHacker 8 hours ago [-]
> We need a way to disable vehicle telemetry
It should have a standard UI for doing so, but if you are technically inclined it is usually trivial to do- pulling a fuse, or changing a setting over the OBD port.
However, you will lose useful features like advanced charging controls, and starting the HVAC remotely on EVs.
surajrmal 8 hours ago [-]
It's pretty much industry standard for all consumer products to deliver metrics back to home base. Honestly there are many good reasons to do so and it does result in finding real problems and solving them. While I understand the argument that we did fine in these products for decades without them, the complexity of the products was also a lot less back then. Finding issues via metrics from the production fleet is an incredible tool and anyone who's deployed software to a server probably understands this.
I'd rather focus on standardizing a transparent and privacy safe way to gather these metrics. Consumers would know what metrics are collected and there would be guarantees that privacy is kept. There are ways to accomplish this today.
Providing a way to disable metrics is never going to be sufficient for anyone other than a power user.
effdee 7 hours ago [-]
> I'd rather focus on standardizing a transparent and privacy safe way to gather these metrics. Consumers would know what metrics are collected and there would be guarantees that privacy is kept.
I'd rather see laws to have it disabled by default. People who don't mind can then opt-in again.
0points 8 hours ago [-]
> Honestly there are many good reasons to do so and it does result in finding real problems and solving them.
Honest question, what is a good reason to do this?
My Logitech software sends telemetry to Logitech.
My VW apparantly sends my GPS coordinates.
How is this useful for improving their hardware?
surajrmal 7 hours ago [-]
I'm not sure I can defend all choices various vendors make, but there are plenty of signals that are helpful. Precise gps coordinates seem unnecessary, but some sort of region based information can help correlate whether there is a particular problem that might happen at far higher rates in hilly terrain or specific humidity levels. Users also often use products in a way that doesn't line up with how the product owner thinke it should be used. Metrics don't replace interviewing people but it might help you craft the right questions. In the case of a Logitech mouse, it might be useful to understand if people are actually using those extra features you've added or maybe it's worth removing in a future version.
The most obvious metric that everyone wants to know is failure or crash rates. After a software update it's always good to know if those rates went up. Those errors may be recoverable, but it's good to try and understand them to improve reliability. Maybe pairing android auto with specific phone models is more problematic, or maybe trying to pair Bluetooth is particularly bad under specific conditions like high thermals in warmer climates. It's pretty difficult to interop testing with all possible parties in all conditions.
hulitu 5 hours ago [-]
> some sort of region based information can help correlate whether there is a particular problem that might happen at far higher rates in hilly terrain or specific humidity levels.
You know what will help in those situations ? Testing.
It is expensive, i know. Why not skip it and just analyse the KPIs from the telemetry. /s
carra 6 hours ago [-]
Defending this because "it's industry standard" is no better than justifying any wrong practice because "it's always been done this way".
hulitu 5 hours ago [-]
> Honestly there are many good reasons to do so and it does result in finding real problems and solving them.
Tell that to Microsoft. Although their products have telemetry, they become shittier every day.
spike021 21 hours ago [-]
I believe my new car has a fuse you can pull to disable the remote telemetry. However, it disables some useful features, like being able to set valet mode from the Toyota app (useful because some dealer service departments will take cars joy riding) and track the car usage. it also tracks tire pressures. sure the tire pressure can easily be checked manually with my Slime gauge but having it on the phone is handy.
jazzyjackson 19 hours ago [-]
I've read disabled cellular modem on toyota prius also disables the microphone for bluetooth phone calls / handsfree commands. funny that.
devops99 4 hours ago [-]
Beyond any reasonable doubt any verbal conversation you have in your Toyota is being parsed by one or more LLMs. Anyone who believes otherwise is either room temp IQ or severely autistic.
I pulled the DCM fuse on my GR Corolla. I can confirm that it disabled the microphone. One of these days I might get around to pulling the car apart and popping in a resistor in place of the antenna.
mulmen 21 hours ago [-]
Both of those features were available on cars before cellular connectivity.
spike021 19 hours ago [-]
and?
mulmen 19 hours ago [-]
And that means Toyota is choosing to link those features to cellular connectivity.
NewJazz 20 hours ago [-]
You can't see the tire pressure on the dash?
spike021 19 hours ago [-]
yeah, you can. but I work from
home and don't drive every day. sometimes I want to make sure I don't have a slow leak or something.
blackeyeblitzar 22 hours ago [-]
No device should be allowed to be sold without the ability to function without telemetry or sale of data to third parties. And telemetry and any data sharing should be opt in, as part of configuring the thing the first time. With a one click opt out of all.
ryandrake 22 hours ago [-]
Expand this to any product. I should be able to use ANY product fully, without maintaining some kind of communication channel to and/or from the product's manufacturer. When I buy a hammer from Home Depot, I take it home and hammer with it. The manufacturer doesn't know I have it, doesn't know how many nails per month I hammer with it, how many swings it takes on average for me to drive in a nail, how often I use the claw side. They don't know if I use it for other purposes besides hammering nails. They don't know if I lend it to my neighbor. I can sell it to someone else without the manufacturer's permission.
Somehow hammer manufacturers can live with this. Why can't automakers, tech device manufacturers, and software developers live with this?
cozzyd 21 hours ago [-]
Just wait....
"Your hammer has reached its monthly nail limit. Please upgrade to the pro plan to unlock an additional 60 nails"
vaindil 18 hours ago [-]
I'm having a really fun time imagining how a hammer would physically prevent you from hammering a nail based on a subscription.
TeMPOraL 15 hours ago [-]
They wouldn't. Instead, they'd try to keep charging you automatically for out-of-plan extra nailing, and if you denied them the ability to charge your CC, they'll put your debt to collections by the end of the month.
cozzyd 18 hours ago [-]
Handle has retractable spikes (digitally retractable mincers, perhaps?) to promote compliance.
sudahtigabulan 20 hours ago [-]
Because they make products that are harder to replace with a better alternative. (they have a moat/lock-in).
Anyone that has built a moat/lock-in will, sooner or later, screw you over.
Hammer manufacturers would too, if they could. But hammers are simple devices.
mjevans 22 hours ago [-]
Default Opted Out
Opt In should NOT be required to enable features.
Features should not be rented, and should be delivered as purchased with the car. Shipped but disabled features that take up additional vehicle weight (relative to lacking the feature) should not be allowed. (This phrasing is precise, to allow for silicon and software enhancements which are not a material change to vehicle manufacturing / design.)
Setup processes should always empower the user. If there are multiple choices or paths a default may be indicated, but alternatives MUST NOT be in other locations, and MUST be displayed with equal prominence in a logically adjacent section of the dialog.
Example from a website: 'Paperless' should not be force enabled by default; the ability to have paper or paperless billing should be radio boxes next to each other. Additional benefits (E.G. higher account interest rates) should not be tied to either selection.
flir 21 hours ago [-]
Although I'm generally pro coming down hard on dark patterns, I'm uncomfortable with that last example. To me, it's just differentiation. You can have the bare-bones service (digital only) with a higher interest rate, or the deluxe service (paper statements, in-country phone support, etc) with a lower interest rate. That doesn't seem inherently bad to me, it seems like a company offering two different products.
IanCal 21 hours ago [-]
Devils advocate here
If this made it more expensive, because having cars that are physically different is harder, would you prefer that?
Why can't I simply not care that I don't get something I've not paid for and there's a doodad in the car that's capable of it?
If the alternative is having to buy that feature or pay more for a car that doesn't have it, that sounds like a bad outcome.
shakna 13 hours ago [-]
It's a question of ownership. If I see fit to modify something I own, as has always been done, why am I not free to utilise a particular piece of my purchase?
If I'm not free to do so - then do I actually still own my own product? Or is it now a lease?
Why should the era of rebuilding your car simply end? There are already safety regs you need to comply with. The average hotrod modifies a considerable proportion of the car. Reusing the majority of the structure in ways the manufacturer did not intend.
modeless 20 hours ago [-]
In many (all?) cars with cellular modems you can remove the SIM card to have this effect.
jazzyjackson 19 hours ago [-]
I would love a wiki of vehicles for simply 'how to rip out the SIM card'
I thought I saw instructions somewhere for my 2020 prius but can't find it now. a few reddit threads asking about it, I like the suggestion that even if its eSim or somehow embedded in the cellular modem, "Disconnect the antenna! / shunt the telecommunication modems antenna with a resistor shunt. It will trick the radio into thinking the antennas still connected but won't allow any data to be going out they just won't get signal"
Well my 10 year old car had 3G, which is now defunct.
I'd hope in 10 years 4G and maybe be 5G would also be defunct with their networks turned off.
whimsicalism 21 hours ago [-]
modern cars are unfortunately much safer
Klonoar 6 hours ago [-]
There are “modern” cars (~5-10 years old) that fit most of the modern safety standards and are effectively not transmitting things due to 3G no longer being much of a thing, coupled with automakers being glacially slow at replacing certain electronic components.
whimsicalism 5 hours ago [-]
definitely
AnthonyMouse 17 hours ago [-]
To a large extent this depends on the car and depends what you mean by "old". Modern cars vs. 1970s cars? The older cars are completely hopeless. Modern cars vs. 15 year old cars? The older cars may have had things like ABS and side airbags as options rather than as standard, but you can find one that has them that doesn't have cellular telemetry.
ta12653421 7 hours ago [-]
IIRC, there is for Europe a directive which requires 60/65% (?) of the force within a crash must be absorbed by the frame/chassis. It came into action around 2015, IIRC.
AnthonyMouse 5 hours ago [-]
That's when it became mandatory on all vehicles, not when the first vehicle to satisfy the standard became available on the market.
As another example, side impact airbags have been mandatory in the US since 2013, but the Volvo 850 had them in 1995 and they were present on something like half of new cars a decade before they were mandatory and >97% of new cars three years before the mandate.
whimsicalism 9 hours ago [-]
I think there have been considerable improvements in basic things like frame materials & airbag placement in the last 15 years. Certainly in the last 20.
rrr_oh_man 13 hours ago [-]
Cars from 2010 with optional ABS? Maybe domestic third world sub-$10k tuna cans?
But the larger point is definitely true.
AnthonyMouse 5 hours ago [-]
Apparently the 2010 Chevy Cobalt was available without ABS. Definitely in the minority even 15 years ago though.
wkat4242 11 hours ago [-]
Hmm yeah but anything over 15 years isn't really viable as a daily driver anyway. Then you're getting to the point where you start having serious issues every year at the mandatory mechanical check. Then you're getting into old-timer drive once on a sunny day territory.
I always bought medium sized cars at 10 years when they're already only a grand or two. The smallest ones are made so cheaply that they're already too tired at this age and strangely enough they're more expensive due to the lower road tax. So more people want them.
And then I used to drive them till the maintenance becomes too expensive, for 5 or 6 years or so. And just scrap them then.
I guess if I still owned a car I could still do this for a good while without having to get spyware. But not too long.
canarycari0 10 hours ago [-]
>Then you're getting to the point where you start having serious issues every year at the mandatory mechanical check
More like every couple months on the road, from my experience in having driven one. Just this year here are couple of things that have occurred:
>glowplugs burnt out
>air-mass sensor failure
>faulty abs-sensor
>fuel nozzle malfunction
>brake failure
>engine back support failure
>short circuit after worn-out manufacturer divider causing massive sparking, heating and a drained battery
Some additional fixes identified recently not yet fixed:
>faulty brake booster
>moisture buildup(?)in door mechanisms leading to it sometimes not opening from inside
>rust buildup in some parts, needs replacing before reaching important bits
>transient misfire/spray/clog on acceleration leading to computer shutting off engine power
wkat4242 6 hours ago [-]
Yeah at that point I'd just go for another 10 year old car.
My last car was a Volvo S40, had really nice leather interior, nearly full option and cost me €2000.
I only had a few brake pads an a broken trunk cable to deal with (super common issue on this model), the latter I did myself for €40 in parts. Ran great for years. But yeah there's an element of luck also.
My previous car was an Octavia, that had more issues. Electric window broke and I replaced it all myself. But it was a pretty nasty job. Eventually the gearbox started whining and when I brought it to the shop it basically blew up. But it had served me 5 years at that point. Cost me €1200 to buy.
martin_ 19 hours ago [-]
I for one am grateful for that fact ;)
23 hours ago [-]
a3w 1 days ago [-]
Best of from 38th CCC: every three letter secret service of the country seems to be spyied out by this. And a secret VW testing facility in sweden was uncovered.
Also, effects mostly EVs, but not only. (If the EV motor was the group usually logged to the opened AWS bucket, I don't understand how there were ICE or possibly hybrid cars involved in the leak.)
https://streaming.media.ccc.de/38c3/ had a german language video on it, live, but will surely add english translation and permanent video link soon.
> Also, effects mostly EVs, but not only. (If the EV motor was the group usually logged to the opened AWS bucket, I don't understand how there were ICE or possibly hybrid cars involved in the leak.)
I can't parse this. Is there a missing word? Mostly implies other possible inputs but the last part of that sentence specifically says this is confusing. Why is it hard to understand how ICE or Hybrid groups also had access to a bucket EVs mostly had access to?
schobi 15 hours ago [-]
What I understand from the presentation
Many Volkswagen cars somehow report telemetry. Looks like there is data not only from the EVs based on the MEB plattform?
But for a Name/email to be associated with the VIN of the car, the owner has to register and use the app (once). Many EV owners did, but fewer of the non EVs did.
jmward01 22 hours ago [-]
The answer is simple: No matter the reason, if you have a data breach you must pay each person 100$ min with higher amounts depending on the information lost. Additionally, if that information is used in a crime then you are liable for further damages. Car companies, and other data vacuums, will just stop collecting it if they are liable for what happens to it.
I will not buy a car that does this. I am starting to turn my phone off when I am not using it as well. Being tracked every second of my life is not acceptable.
tgsovlerkhgsel 21 hours ago [-]
The $100 thing is kind of a standard that a European court just established in a Facebook data leak case!
In the case of full location data, it would need to be a lot more though. Yes, that might bankrupt the company. They should have thought about that before they illegally stalked nearly a million people then put their highly sensitive data on the Internet.
If I did this to one person, I'd probably (and rightfully) go to jail. I'd like the same standard applied here.
jazzyjackson 19 hours ago [-]
Ugh, I would love to see more companies bankrupted. How much more dynamic the economy might be if all of Volkswagens assets were put up for bid at government auction.
Adbusters magazine (credited with spurring occupy wallstreet with a solid meme campaign) tried to get inertia going around revoking corporate charters, stop acting like we don't have power, corporations are borne into existence by acts of government, we are not powerless to punish them for crimes against humanity (to be dramatic about it, I don't know what language would be appropriate for collecting location information for a million individuals without disclosure), but didn't see much traction about it.
One way of looking at it is that the manufacturers are acting as a cartel to prevent anyone having access to privacy.
thesumofall 17 hours ago [-]
This is made worse by the fact that they created a really bad UX for their cars in the name of data protection (at least in Germany). Example: you have to accept the T&C of the online services with every(!) start of the vehicle. If you don’t press either the accept or reject button, you can’t enter any of the nav / entertainment/ … screens.
In the name of data protection, you are not even allowed to have two main users of the car. As a result, it’s either me or my SO being able to see the car‘s state of charge in the mobile app. It’s impossible for both to see it except you do account sharing
whatevaa 14 hours ago [-]
Accepting T&C is for covering their asses, not data protection. Smells like bullshit excuse.
olddog2 1 days ago [-]
Find the guys who usually park at expensive family homes, but occasionally visit a known brothel, then blackmail them.
We all just let surveillance haplen to us, in fact we paid for most of it
ctippett 23 hours ago [-]
I once worked for a firm that had access to credit card transaction data and came across almost this exact scenario.
Kindergarten transactions one day, escort payments on another.
It was — and still is — creepy. An average Joe like me shouldn't be able to pry into someone's private life like that.
harimau777 22 hours ago [-]
My theory is that most people think about data misuse, perhaps unconsciously, from the viewpoint of your average good person. E.g. "if I got a hold of a stranger's bank information, then I'd be tempted to steal from them."
Instead they should think from the perspective of an evil person. E.g. "how can I proactively use whatever data that I can get to hurt someone."
For example, at a previous job I went to my managers and pointed out that every developer working on our system had access to our user's names and their involvement with racial justice programs our client was running. By guessing someone's ethnicity from their name, a bad actor could target minorities involved in racial justice. The response I got was not to fix the security issue; instead it was horror that I would ever conceive of such a scheme.
aziaziazi 13 hours ago [-]
I hate those management arrogance. Reminds me a teacher that amply mocked me in front of the class to have mentioned Light Pollution [0] (I heard about in a youngster science magazine) during a chapter about... "various pollution type"!
> Instead they should think from the perspective of an evil person
From experience, they usually come up with some variation of "If you have nothing to hide, you have nothing to fear" [1]. And even those who buy the idea that private information could be used against them, most of them don't believe that someone would do this to them. What seems to be missing is understanding of how scalable and automated these attacks can be in the digital world.
[1] Amusingly enough, one of those "I have nothing to hide" people was pretty shaken when they asked me to take a look at a scam email that said "Hello <firstname from leaked database>, we have photos of you watching porn. Pay us or we'll post them on Facebook."
Has anyone had success with informing people about these types of abstract dangers? I find that people either get it almost immediately, or they never really get it until it happens to them.
3eb7988a1663 22 hours ago [-]
That's just bad opsec. I would have thought rule number one of soliciting was to be cash only.
Ignoring of course that the amount of aggregated surveillance makes it impossible to escape monitoring. Credit cards, license plate scanners, phone GPS, airtags, doorbell cameras, "Eye in the Sky" spy planes, etc
RandomBK 20 hours ago [-]
"What kind of hooker takes credit cards?"
"A rich one!"
19 hours ago [-]
mjevans 22 hours ago [-]
The exact example IS bad opsec... however assume some example fuzzing for good opsec.
Trip to McD's with a price of exactly happy meal + tax one day, and a recurring payment for XXX website OnlyFans access the next. Adjust the values to taste/theory. Sometimes a credit card is just a credit card.
Am4TIfIsER0ppos 22 hours ago [-]
> An average Joe like me shouldn't be able to
The average joe is merely a side effect of the government collecting all that data. The government is also why your car reports its location.
fangry 22 hours ago [-]
[flagged]
omolobo 1 days ago [-]
[dead]
__fst__ 1 days ago [-]
EVs are topping the list of (imho) useless extras in cars. I'm still cherishing my Honda Fit pre-touchscreen edition. I'm going to drive it until it will fall apart.
My next car will be an EV but I have yet to find one that still comes with mechanical features (door handles, knobs/buttons), without a whole battery of surveillance/telemetry tech and (crossing fingers) exchangable batteries. Simple electric propulsion ...
geor9e 1 days ago [-]
Just to be clear, this breach mostly affects non-EV cars. Even my stick shift, manual window crank car came with a hidden cellular data modem, collecting my GPS location by default.
johnea 1 days ago [-]
I just bought a used 2023 Nissan Leaf.
Fully EV, real buttons and knobs, and of course the model is cancelled.
The original tracking was 2G cellular, later updated to 3G cellular. 2G is long depricated, and 3G is already shutdown in many places.
This is a great car! Which explains why it's no longer available. It doesn't meet modern american needs, like being at least as large as a small building, or having 0 visibility over the hood, or costing at least $75K. (p.s. I paid $15K for mine, with 18K miles on the odometer and 150 miles of battery range)
But if you're into retro, like buttons and knobs, I highly recommend it...
p.s. I have to wonder if the data breach doesn't affect ICE cars as well? Would they use a separate surveilance system?
steelframe 4 hours ago [-]
I've owned two LEAFs. Fantastic vehicle. I only got rid of it when I realized all the cars around me were only getting bigger and heavier, and I felt I needed to get an SUV to defend myself against that.
grakker 23 hours ago [-]
I bought a used '14 Leaf in '16. It has been a great car with very little battery degradation. Sure, I'm not going to be taking it on any long trips, but for 90% of my driving it is great. I paid $11k for it. Best car purchase I've made in 30+ years of car ownership.
dboreham 23 hours ago [-]
That's amazing considering 2023 was only last year.
Rebelgecko 22 hours ago [-]
In a lot of cars you can pull the fuse that powers the cellular modem without any side effects
1oooqooq 21 hours ago [-]
you're taking to a bunch of old men shouting (literally) at clouds
mulmen 20 hours ago [-]
Pulling a fuse in a car is peak old maning.
doodlebugging 18 hours ago [-]
Peak old manning would involve locating all the information needed to be able to identify and remove all the components used to facilitate the tracking (or other bullshit that complicates vehicle ownership) and then following the documented procedures and updating other like-minded owners on vehicle forums so that everyone else can do the same.
In the process some forum threads would pick up hundreds of posts over a decade or more so that removal of every nut, bolt, screw, plastic plug, etc is documented with photos, allowing anyone with the vehicle to see exactly how to take ownership of the vehicle from the manufacturer.
True old-school old manning involves not only removal of all the bullshit, but also covers all cosmetic changes to the vehicle that would be needed to eliminate all signs that any of the offending components were ever installed and would include things like how to accomplish all the trim and body work necessary to permanently fill all the holes in the vehicle like antenna penetrations through the vehicle body and plastic trim mods to fill holes that formerly held buttons or switches that no longer exist.
In the process, old-school old manning would attack the software used in the vehicle, removing all the offending functionality with a custom flash tool so that the only software running on the vehicle after all the mods are completed would be that which controls and monitors engine and transmission functionality since that is actually the only software on a vehicle that adds value by allowing the vehicle owner to track operating efficiency in real time.
natch 1 days ago [-]
One person’s useless extra is another person’s collision avoidance system, AC, music system… I like extras when they make sense.
prmoustache 24 hours ago [-]
You can convert an old car to EV. There are comoanies speciliazing in this, mostly to convert classics that needed a ton of maintenance.
Expensive yes but might be worth it if you value your privacy.
geor9e 21 hours ago [-]
How is a complete rebuild of a car your go-to solution to an easily accessible cellular modem powered through the fuse box
prmoustache 11 hours ago [-]
Is it the case? Or is the fuse shared for something else that happens to be useful/important for the operation of the vehicle?
I'd be surprised if there was a dedicated fuse for only a modem really, especially in an EV or hybrid.
AngryData 18 hours ago [-]
I agree it shouldn't be necessary, but its not like replacing a motor and drivetrain on a vehicle is some super rare thing either, and often still far cheaper than buying a brand new car.
bdangubic 24 hours ago [-]
me thinks anyone with a cell phone in this year of our Lord 2024 should not say they worry about privacy in any context. instead of converting old car to EV I’d start by converting a rotary phone to a portable one :)
whimsicalism 21 hours ago [-]
only worth it if you really value the environment, your privacy, but not your life
behnamoh 1 days ago [-]
I hate touchscreen buttons too and unfortunately all EVs I've seen have adopted that. I wonder if there are EVs with good old fashioned mechanical buttons.
mhandley 24 hours ago [-]
The Polestar 2 is pretty good in this regard. All the most important things are on the steering wheel stalks, steering wheel buttons, and a few buttons for things like demist, play/pause and volume control on the centre console. There's still a lot on the touchscreen, including climate control, but it seems to hit a pretty good balance for me (and I'm not a fan on car touchscreens).
jlund-molfese 20 hours ago [-]
I love my Polestar 2. But there's gotta be a better way to do touchscreen climate controls. I've had mine for 8 months now, and had to google in order to figure out that the car had dual-climate zones—it's really hard to tell from the swipe-up page, so I just assumed it didn't have that feature for a while. Plus, I don't feel comfortable changing the climate settings while driving, because I might hit the wrong touchscreen button when I'm not looking at the screen.
But hey, maybe if I wait around another 5-10 years, there'll be more than 3 mainstream electric sedan options available for the US market and I'll be able to find the perfect car.
phatskat 10 hours ago [-]
Recently drove a Dodge Hornet rental and it had a slew of physical climate buttons, most of which didn’t make sense or didn’t control what I wanted. In the course of trying to just turn on the defrost from the touchscreen, I turned on the heated steering wheel, stopped the airflow to the cabin, adjusted the driver side temperature way higher than I wanted, and probably subscribed to Disney+
Both my Bolt(RIP) and my Ioniq 5 have mechanical buttons for the most common things(media controls/HVAC)
natch 1 days ago [-]
Many EVs have a sensible amount of buttons, and you generally don’t need the touchscreen for driving or much else for that matter.
I can even keep driving while the whole system is rebooting. Around here (where we have many immigrants and some odd practices) I’ve seen people with a towel hanging over their screen while driving, to protect it like a dust cover I guess.
The one thing you might argue I do need from my screen is the speed, which is very easy to see and usually not needed in the flow of traffic.
The outcry against screens is just misinformed imho. My car has plenty of mechanical buttons.
tremon 24 hours ago [-]
I can even keep driving while the whole system is rebooting
At least you're still acknowledging the abysmal state of modern cars by including this statement. Why on earth would anyone expect otherwise from a car?
bdangubic 24 hours ago [-]
if you are ever in the middle of highway (especially if you are traveling with loved ones) when your EV suddenly reboots you will understand why one does not expect shit to work… the anxiety is unlike most thing one can experience… I think 100% reverse of your comment but talking from a different real experiences.
EVs are computers on wheels, expecting them to work during reboot is not unlike expecting vim to work during a reboot :)
Dylan16807 20 hours ago [-]
I'm pretty sure they're talking about rebooting the console system, not the entire car.
EVs are not computers, they have computers. The controllers that make it go should stay on during a "sudden reboot". Expecting them to keep working is like expecting my coolant pump to work during a reboot, not vim.
mulmen 20 hours ago [-]
I would expect the drivetrain components (including computers) to be essentially bulletproof and only the unnecessary components like infotainment and maybe the dashboard displays to even have the option of crashing.
bdangubic 19 hours ago [-]
you are 100% right in theory. in practice the car is the computer. when my 2014 tesla s rebooted while I was going like 85mph on the highway it is a moment I’ll never forget. the car is running but everything is dead, quiet, have no idea what the speed is, all systems are shut down, a/c is out (I was in the middle of a desert in Utah)… EVERYTHING feels wrong and every instinct you have tells you to pull over immediately. no chance I would drive any distance other than maybe a quick 1-mile radius errand in that state of the car
mulmen 19 hours ago [-]
Ok but how is this failure mode unique to an EV? Modern ICE cars are highly reliant on computers as well. Maybe even more than EVs since they have transmissions and timing and fuel injection and exhaust monitoring.
bdangubic 18 hours ago [-]
oh I don’t think it is, this thread was discussing EVs but yea, I don’t think it is unique to EVs. not sure how often on other cars you have to reboot (soft and hard) and when you do reboot what is “off” and what is “on” on any given modern car - I soft reboot couple of times per month at least (it is an OG tesla s, 10 years old now…)
electrograv 13 hours ago [-]
You’re right that it’s not inherently unique to EVs, but it started with EVs and now this new dangerously fragile design (of having a single monolithic computer console handle display and control of everything from critical drive modes and gauge display, to non critical things like music and playing fart noise jokes) is infecting ICE cars too (e.g. BMWs new touch screen AC controls and unified touch screen dashboards rolling out to all new cars, Audi doing something similar now, etc. — all following after Tesla, but with crappier software).
I’ve owned and driven EVs from several brands. Prior to this, I could pretty much always expect the following from my car:
1. The drivetrain always operates normally and safely (aside from some actual mechanical failure) with no computer glitches.
2. I can always see my speed and gear selector state on a dashboard somewhere, even when (not if) the infotainment screen crashes and reboots. I’ve had (2010-2020ish era) Lexus, Audi, and others have infotainment glitches, crashes, and reboots, but the speedometer, drive train, and AC all had physical controls running on isolated systems and so they always continued to work through a reboot or glitch of the infotainment.
3. The AC is always operating (aside from some actual mechanical failure) with no computer glitches or lag to my ability to control it. I consider this a critical safety system given that many drive in climates with weather that can be dangerously hot or cold.
In pretty much every EV I’ve owned, none of these have been true except maybe #1, and that is pretty sad to say that the only thing that hasn’t happened is my entire cars wheels locking up on the highway (and yet still this is reported happening for many EV brands, Tesla, Audi, and Porsche at least come to mind where I’ve read stories).
It’s insane to me that it’s even possible for the cars computers rebooting to entail AC shutting down, not being able to see your speed, etc. If this EVER happens, the entire vehicle line should legally require a recall until it’s guaranteed this won’t happen. We have ways of guaranteeing computer systems don’t fail like this to extremely high probability — car companies only don’t do it because it’s expensive and more complex than just throwing all the same crappy software into one single system rather than designing multiple isolated fault tolerant systems.
Less horrible but still shockingly bad regression is how almost all modern cars AC is controlled through an often laggy computer system (not to mention the almost universally despised move of AC controls to touch screens, instead of physical controls). Maybe not so laggy on Tesla, but in my experience both BMW and Audi have AC control touch screens which sometimes respond but occasionally can have 1-10 second random lags before anything responds. Presumably due to garbage collector lag or something. But this is also a mild safety issue since the lack of predictable behavior from common controls makes it very distracting when trying to so something so common and simple as adjusting the temperature that should just be as simple as a simple physical button or knob.
behnamoh 1 days ago [-]
What model is your car?
nunodonato 1 days ago [-]
Kia/hyundai, best EVs imho
Lio 1 hours ago [-]
Kia is the company that gathers “information about your race or ethnicity, religious or philosophical beliefs, sexual orientation, sex life and political opinions” and “trade union membership”.
I don't want to have anything to do with a company like that.
thebruce87m 1 days ago [-]
I wonder if they were all petrol vehicles, or all diesel if that would be so prominent in the headline. The drive train has nothing to do with an unsecured s3 bucket, and if you think that electric vehicles are the only “connected” cars in 2024, you’re in for a shock.
potato3732842 23 hours ago [-]
Because EVs are new-ish and so mentioning them specifically is aproximate shorthand for "consumers of a certain tax bracket" so it's useful for getting those people to click on the article, hand wring, re-tweet and do all those other things that make money.
jsiepkes 1 days ago [-]
If it so bad there is actually a whistleblower then how do they pass their ISO27001 audits? Bit too friendly with TUV Nord?
EDIT: Just noticed this is an ISO9001 certificate. Though on their job offer site they do ask for "Foundational understanding of security related regulations and standards preferred (e.g. ISO21434, ISO27001, NIST-800)". Unclear if they are actually ISO 27001. Found the 9001 one by fluke, they don't seem to list that one on their site either.
tremon 1 days ago [-]
Not sure about 27000, but ISO9001 is a paper audit only: you pass or fail them based on your defined business processes. The technical configuration of your systems is outside the scope of the audit.
rf15 1 days ago [-]
TÜV certification has always been more about certification theater and being able to verify that you don't have egregious amounts of negligence than certifying that you are doing your work well.
edit: I've never prepared for our audits and we always get our certification, no matter what they find as long as you say "yes, we are aware"
tuwtuwtuwtuw 1 days ago [-]
The fact that you have passed audits isn't a guarantee (or even an indication) that you don't have major security vulnerabilities.
starbugs 1 days ago [-]
> The fact that you have passed audits isn't a guarantee (or even an indication) that you don't have major security vulnerabilities.
I so hope this will start an avalanche and car companies will not be able to get away with collecting so much data about users (cars, but that's pretty close).
Especially in the EU, the hypocrisy is jarring: on one hand, GDPR, protecting users from surveillance by businesses, etc, and on the other hand, car companies get a free pass, because they are car companies, and the EU likes car companies.
doodlebugging 18 hours ago [-]
As a former owner of 3 VW vehicles, it does not surprise me that they have skipped obvious steps needed to secure owner data. They cut costs across the board on everything involved in producing vehicles for sale in the US to the point where their interior plastics were half the thickness of competitor's interior furnishings and their wire harnesses used the smallest gauge wire possible to carry the loads expected.
forgetfreeman 1 days ago [-]
Why the sideways fuck did they even have location data to begin with? It's like the checklist for buying a new car starts with figuring out what circuit drives the cell modem and pop that fuse out before taking a test drive to confirm it doesn't brick anything critical. Fucking ridiculous.
bdcravens 24 hours ago [-]
Mobile apps (one of our cars in a VW ID.4, and I can see where it is right now), as well as repo/theft recovery.
forgetfreeman 15 hours ago [-]
Repo isn't a customer's concern and is thus irrelevant. Incidentally I walked to the window and I can see where my truck is without my phone. Is there really no limit to the bullshit folks will allow themselves to be convinced to install on their phones?
ImJamal 1 days ago [-]
Most new cars have features that require it such as onboard GPS, speed limits on the dash, OnStar and similar features.
tzs 1 days ago [-]
Those are mostly things that require the car to know its location. They don't require that the car share the location with the car's maker except possibly sharing what region the car is in.
The region sharing might be needed to efficiently update things like the map and the speed limits.
mulmen 20 hours ago [-]
None of that requires cellular connectivity. It can and was accomplished using only wifi sync at home. Live traffic information is (was?) broadcast on AM radio.
jazzyjackson 19 hours ago [-]
was it ever AM? info I can find points to traffic info being encoded in FM broadcast, as "audio" but above audible frequencies, 57khz, same as any metadata you get with modern digital radio - station name, song name, artist name etc.
Oh! Maybe it was FM. I always thought it was on the same band as the "Tune AM <whatever> for traffic information signs" but as you say outside the audible frequencies. Regardless the point is that the relevant information can be broadcast publicly and does not require location or cellular connectivity to function. My 2010 BMW knew about traffic jams but had no cellular connectivity to my knowledge.
NewJazz 22 hours ago [-]
Niche feature that shouldn't affect any other part of the car's operation if it were turned off or nonfunctional due to modem hardware shutoff.
jazzyjackson 19 hours ago [-]
speed limits come from a database written alongside map data
forgetfreeman 1 days ago [-]
All bullshit my car shouldn't do in the first place.
apelapan 24 hours ago [-]
I'm curious if the breach is from the German core Cariad or the Swedish subsidiary/joint-venture, WirelessCar?
Based on what sort of data was exposed, it seems plausible that it is one of the services from WirelessCar.
i80and 23 hours ago [-]
According to the article, Cariad
AzzyHN 5 hours ago [-]
I'll be holding on to my dumb 2012 civic for as long as I can
CatWChainsaw 1 days ago [-]
Ah, here's my daily reminder to treat my 2005 Honda like a princess and hope it never, ever dies.
2OEH8eoCRo0 1 days ago [-]
I plan to buy old used cars forever when I can no longer keep my 2013 Subie going.
throwaway173738 23 hours ago [-]
why not have whatever dies replaced? I will probably do that with my crappy small truck from 2006.
dghlsakjg 23 hours ago [-]
After a certain point, parts just aren't made.
I drive a 1997 ES300 that needs a new left rear taillight lens. The new part doesn't exist anymore, and I can't find a used part in Canada.
Scoundreller 21 hours ago [-]
So uhhhh, buy one from USA?
mulmen 19 hours ago [-]
They may very well be a different part. The USA and Canada have different regulations.
ryukoposting 22 hours ago [-]
Subframe rot. I live in Wisconsin. My 2000 Lexus won't live forever, no matter what I do.
garaetjjte 22 hours ago [-]
Rust. I mean, it's still possible to repair but it gets annoying.
UniverseHacker 8 hours ago [-]
Not surprised- VWs CarNet app for interacting with the car is the single worst software I have ever used… I would literally believe that their entire software engineering team consists of a single 11 year old with 2 weeks of coding experience.
17 hours ago [-]
1 days ago [-]
sschueller 1 days ago [-]
VW got caught because of their shit security but what is the situation with all other car makers?
The US does not have a GDPR so the collection of this information is legal. How much data is lying around at GM and others for someone to abuse?
RajT88 1 days ago [-]
Hey EU, maybe mandate an opt out for all vehicle telemetry?
Then maybe the rest of the world will follow suit.
I know, I know, I am kidding myself.
magicalhippo 1 days ago [-]
It's opt-out on my Renault Megane e-Tech.
It was a very clear prompt during initial setup, and it shows me a very unambiguous notification that it's enabled every time I start the car. If I click on that it takes me to the setting.
edit: might even have been opt-in during initial setup, now that I think about it. I do recall it being a very deliberate thing during setup.
Of course I'll have to trust that turning it off actually turns it off, no way for me to verify that.
The reason I keep it on is because my SO is a bit absent minded to where she parks the car, and I value not having to run around in the streets trying to find it when I'm in a hurry over the potential privacy loss.
edit: Renault was found[1][2] to be the "least problematic" with respect to privacy by Mozilla last year.
Apple knows how to allow one to find one’s devices without Apple knowing where they are. It’s not that hard.
likeabatterycar 1 days ago [-]
Ackhually, it is that hard, unless your method relies on millions of your devices out in the wild acting as sensors in a mesh network, as Apple does.
amluto 1 days ago [-]
That’s a much harder problem than VW would need to solve. Also, Find My substantially predates the Find My network and AirTags.
There are very straightforward solutions, depending on the threat model. For example, the app could send VW a private key every day, and VW would send that key to the car. Then the car sends periodic location reports, encrypted to that key. VW can, upon request, send the report to the app, which decrypts it. But VW can’t decrypt the report itself, so they don’t know the location of the car. Also, it’s forward secure in the sense that a leak of VW’s database is entirely useless after a day.
layer8 1 days ago [-]
You cannot establish a private channel between app and car if you don’t already have either a pre-shared secret, or pre-shared trusted certification authority keys (such as to allow TLS-like tamper-resistant encrypted communication between app and car) that VW can’t replace.
Otherwise, if there is no pre-existing private channel, the key (which by the way would have to be the public key, not the private key) could be switched out by VW acting as a man-in-the-middle, allowing it to access all encrypted content going through it.
The same is true for Apple. There are parts of the protocol or the pairing where you have to trust Apple, either their servers, or if the establishment happens locally via bluetooth or similar, their software that runs on the local devices.
amluto 1 days ago [-]
This argument seems like a fairly extreme example of the perfect being the enemy of the good. Sure, it would require a more advanced system for VW to prevent themselves from silently compromising their own system to learn everyone’s location. But the design I outlined will prevent a passive compromise of VW, and even possibly a court order, from learned everyone’s location, and it prevents even an active and highly malicious compromise from learning past locations.
mulmen 19 hours ago [-]
"Shipping the private key" does not meet the bar for "good". You still need a way to establish trust in your key distribution and also implement the system correctly. The proper way to secure access to a physical thing you own is to only communicate directly with that thing.
amluto 6 hours ago [-]
This is ridiculous. It would take heroic effort for VW to prevent themselves from silently uploading malicious firmware to VW cars. There are ways to do this, but it’s also a separate problem from the problem that should actually be solved here.
layer8 23 hours ago [-]
I was triggered by the argument “Apple knows how to allow one to find one’s devices without Apple knowing where they are. It’s not that hard.” People misunderstand this as Apple having no possibility to learn the location if they wanted to. And that’s just not the case.
amluto 23 hours ago [-]
Of course Apple could do this. But Apple is the one major company that actually goes out of its way not to.
1 days ago [-]
magicalhippo 1 days ago [-]
This would require a key per app installation, my SO has the app installed too for example.
It would also introduce a lot of additional failure modes.
Doable but not exactly trivial.
layer8 1 days ago [-]
It would work exactly like how you can send an encrypted email to multiple recipients and each of them can decrypt it despite having different private keys. That part isn’t rocket science.
magicalhippo 1 days ago [-]
Indeed, it's making it work reliably and with zero friction given both apps and car will have variable internet access.
amluto 1 days ago [-]
This is not hard. App login sets up a session with VW (which is surely already does), except the session needs a database entry and not just a JWT-like token. (Many auth frameworks do this anyway.) The database row needs to add a public key, and the server needs to send all the key changes to the car. And that’s about it.
magicalhippo 1 days ago [-]
Again, that's the easy part. The hard part is making it work reliably in the real world.
amluto 22 hours ago [-]
What, exactly, makes it hard to get this to work reliably in the real world? The app already won’t work without a valid login session. The car is already sending a little blob of data to the mothership containing a location. If the communication to the mothership changes to having the mothership send a list of keys and the car encrypt its blob, that’s basically it. The total increase in communication needed is one round trip to revalidate keys.
I realize that modern development has layers and layers of documents and teams and overcomplicated interfaces, but this is the kind of thing that could be done by one developer, using two servers and a load balancer (or a more creative HA scheme with client assistance that can easily survive complete loss of a datacenter or two), that can handle the entire fleet.
magicalhippo 21 hours ago [-]
The app and car will have intermittent connection to the internet.
My car for example doesn't have reliable connection when it's parked in the garage, which is where I charge it.
Your solution would add a lot of extra edge cases that needs to be considered.
You have to ensure the updated key is reliably transferred to the mothership in a timely fashion, and subsequently that the key is reliably transferred to the car in a timely fashion.
That's the back-end stuff. There's also the front-end stuff, like will my SO understand why her app isn't showing the car's location but mine is?
Not saying it's impossible, but it adds a lot of complexity beyond simply encrypting the location with multiple keys.
Dylan16807 20 hours ago [-]
If the car has enough signal to report, it has enough signal to get the key update. I don't see the problem.
Losing connection for extended periods of time can get in the way of "timely" key updates but they won't cause the encryption to fail.
> That's the back-end stuff. There's also the front-end stuff, like will my SO understand why her app isn't showing the car's location but mine is?
Well the reasons I can think of are either things like the server being broken, which can happen without any encryption, or she didn't finish setting up her app and waiting for it to sync which can also happen without encryption. Or she was removed from the list because she didn't open the app for a year... which can also happen without encryption.
amluto 6 hours ago [-]
> Losing connection for extended periods of time can get in the way of "timely" key updates but they won't cause the encryption to fail.
To be fair, if the car is offline while a newly installed app logs in, then the app won’t be able to locate the car until the car checks in. Which is not actually the end of the world, and there are ways to mitigate this. (See iMessage and Keybase for a couple of different approaches to this. See Signal for a shockingly poor group of bizarrely mutually incompatible solutions that barely work. I think that Matrix tries, too. MLS should be able to handle it, and piggybacking off an existing standard like MLS might be entirely reasonable albeit dramatically more complex than the simple solution I outlined.)
amluto 6 hours ago [-]
What edge cases? The app already can’t locate the car if the car hasn’t checked in recently enough.
mulmen 19 hours ago [-]
> I realize that modern development has layers and layers of documents
Where do you work and are you hiring?
6 hours ago [-]
23 hours ago [-]
likeabatterycar 1 days ago [-]
The opt-out should be pulling the telematics fuse. Unless you can audit the source code, you can't, and shouldn't, trust the software.
The reason for all that telemetry is the legislation. How do you think they are going to implement the full “intelligent” speed assistant in 2027?
wintermutestwin 1 days ago [-]
More like automated ticketing for speeding.
mikedelfino 1 days ago [-]
I’d love to see that implemented, yes, but it would be even better if all cars' speed were automatically limited to the speed limit of each road.
leobg 1 days ago [-]
Dangerous as hell. Imagine there’s a runaway truck behind you and you can’t speed up to avoid or at least soften the collision because of some government enforced handicap.
It would also give local governments a power they never had before: To directly control your behavior in the moment, with no judicial control or oversight.
No, thank you.
pbhjpbhj 13 hours ago [-]
Interval cameras (checking your speed over a length of road, using ANPR) are very effective at slowing traffic in the UK. Although you still get people in expensive cars driving 20mph faster than others; maybe undeterred by fines, or using false plates.
The system can tell you if there was a runaway truck (at your time and location), so an appeal should be easy for that uncommon situation.
leobg 9 hours ago [-]
I like that solution much better. I find that a driver should always be free to make a cost/benefit calculation. The ideal, in my view, would look something like this:
- Speed of every car on the road is recorded continuously.
- If you stay within the limit, you pay nothing.
For each second that you are faster than the limit, you incur some financial penalty, where the amount is calculated based on both the speed difference and the purpose of the limit (pedestrian safety vs. noise pollution, for example). In extreme cases, you can lose your drivers license.
- Speed data is also made available to your insurance. So drivers know they won’t get away with somebody else paying for any damage they may cause.
As a driver, I very much prefer this not to exist. But I think it would be the right thing from a “veil of ignorance” perspective of justice.
grecy 1 days ago [-]
There will always be contrived bogeyman edge cases to scare us from doing something.
The only question that matters is would it result in fewer road deaths? I bet the answer is yes.
In the US every single day 100 families are torn apart by a death on the road. I’m sure you don’t want it to be yours.
leobg 16 hours ago [-]
I don’t care about this particular edge case. The idea of being remote controlled by buerocrats is appalling to me.
I live in Europe. Regulations here make Teslas slam on the brakes when the road is curved by more than x degrees, and break off a lane change apruptly if they take longer than x seconds. The intentions behind these rules written by some buerocrat in Brussels surely were as good as those behind the cookie banner.
I’m glad I still get to override those rules with my pedals and steering wheel.
rad_gruchalski 1 days ago [-]
That’s a “think of the children” type of an argument. Remind me: how many people die because of guns every day in the US? On a serious note, how many of those road accidents are caused by exceeding the speed by less than 10%? You see, there is a difference between speeding and reckless driving.
Neither you nor me live in the US. They have other options to reduce those deaths. There’s no reason to drive a 4 ton EV truck made out of stainless steel doing 0 to 60 mph in 3 seconds.
16 hours ago [-]
jsjohnst 1 days ago [-]
> The only question that matters is would it result in fewer road deaths?
Speed doesn’t kill, it’s the sudden stopping that does.
vel0city 1 days ago [-]
Knowing exactly which lane you're in and the actual speed limit of that particular lane can be tricky for an automated system, at least in any of the systems I've seen implemented.
I've had cars with both automated speed limit sign readers, GPS+map databases, and more show me two different speed limits and neither one was actually correct for the lane I was in. This is a somewhat common occurrence on the highways around me.
wcoenen 1 days ago [-]
That would risk unintended consequences. For example, suddenly slowing cars on the highway down to 30 kph because a small road with that speed limit runs right next to the highway.
forgetfreeman 1 days ago [-]
This becomes a thing and I'll have a 25mph sign hanging off the back of my truck. I eagerly await starting a youtube channel of new cars losing their shit on jammed tailgating attempts.
rad_gruchalski 1 days ago [-]
Or in Germany, if you live in the village, put up a 60 sign by your driveway and when confronted just say someone is having their 60th birthday… Germans for whatever reason like putting up a speed limit signs by their driveway when celebrating birthdays.
rad_gruchalski 1 days ago [-]
As long as it’s accurate. The current technical implementation is a joke. The car has no idea what the speed limit is.
A few examples:
1) drive past the end of town sign in a particular German town, the car thinks it is 30kph, but only during the day because at night it doesn’t see the sign so it thinks it’s 50 where in reality it’s a 100 until the next speed limit,
2) driving between a couple of roundabouts inside of a town in the Netherlands, the car thinks it’s 30kph even though we stay within city limits and there’s no sign so the speed limit remains 50kph,
3) this is the funniest one so far… driving in Antwerpen along the Turhoutsebaan, there’s a massive 30 sign painted on a red painted road surface, the car insists that the speed limit is 50kph.
Those are just three out of a dozen examples happening consistently within 30 square kilometres I normally remain within. And I drive this car for 2.5 weeks. I have seen the future and I don’t like it. Number 2) happens routinely inside of the city limits after right or left turn. Car drops the speed limit to 30 just to realise a 100m down the road that it is 50.
Apologies for the ad hominem, I normally stay away from such tone. I genuinely hope that such pseudo cops like you get a grip. Because it’s my life you’re talking about and I already use speed limiter routinely. Every idiot around me on the road has exactly the same choice as me: curb the ego down and slow down or behave like a douche.
> but it would be even better if all cars' speed were automatically limited to the speed limit of each road
Yeah, you just described the ISA of 2027. This is going to be a tough year for car manufacturers. I forecast a ton of unsold new cars remaining on parking lots because one has to be really technically illiterate to buy something so dangerous willingly. Either full self driving or give full control. Everything in between is a disaster waiting to happen.
By the way, here’s a funny thought. So what is going to happen when that mythical zero casualties is reached and more people will be dying on bicycles than in car accidents? An implant in the brain? Where does it stop?
mikedelfino 1 days ago [-]
> So what is going to happen when that mythical zero casualties is reached and more people will be dying on bicycles than in car accidents?
I don't think anything will need to happen at that point. We wouldn't need to tackle down the top causes of death if the numbers were low, as seems to be the case of bicycle deaths not caused by cars. And when it comes to speeding, it's already against the law, so the technology is only trying to help prevent it. But of course, my enthusiasm is tied to a future where this technology works reliably, so I don't really expect anything like it with all the problems you're describing with current models.
rad_gruchalski 1 days ago [-]
The problem is that it doesn’t matter what you think, or what I think. What matters is what the bureaucrat in Brussels thinks. The bureaucrat doesn’t care. They are driven everywhere and fly on their private jets.
It’s also illegal to participate in the traffic drunk yet I routinely see drunk people riding bicycles and scooters in regular traffic, often ignoring traffic lights, often with their face glued to a phone. That’s half a problem, the other problem is those same people with those same things on the sidewalk. I bet you, a ton of those people do not even have a driving license and/or understanding of traffic rules. Humans will be humans. First they cry for cycling paths, when they get them, they don’t use them. Cannot win stupid.
As a pedestrian in the city I want scooters and bicycles regulated AND enforced. But nobody cares. I stopped counting how many times I have to do acrobatics to walk around scooters and bicycles left in the middle of the sidewalk.
chgs 1 days ago [-]
Earlier today my car thought I was on a 10mph road, I was in a 60
Earlier it said I was on a 30mph road despite being on a 20mph road
doubled112 1 days ago [-]
This summer Apple Maps believed I teleported 200m into a corn field for long enough it told me to return to the route. The location kept updating, moving in parallel to my real location.
What is the speed limit in that field?
Would a car suffer from similar problems? Should it continue at the original rate of speed or slam the brakes?
chgs 14 hours ago [-]
I had that a couple of months ago. Phone was fine when not connected to car play, location bang on. Soon as I plugged it in it moved my location.
Did the same with two other phones. Car play takes the location from the car rather than the phone.
19 hours ago [-]
mulmen 19 hours ago [-]
An onboard database and a GPS receiver?
rurban 10 hours ago [-]
Plus full name, address, email?
Huge privacy violation. I would just close down this business. Unfortunately it's a state cartel, and even part owner. They'll change the constitution to save those criminals
rad_gruchalski 11 hours ago [-]
So we can tamper with it? :)
merb 1 days ago [-]
VW do use opt-in. In fact it is so annoying that you get asked every time when you start your car. So basically every time your car start it says „do you want to use the profile connected with the vw service“ if you do not accept it than the car will be in a dumb mode.
One of my coworkers was annoyed by it and „reset“ the car to use a non connected profile which does not do that.
I’m a owner of a id.4 (or rather a user of it, since my company owns it)
switch007 1 days ago [-]
Reminds me of cookie banners. Annoy you into submission
(I know the EU doesn't mandate annoying cookie banners but unintended consequences etc)
merb 12 hours ago [-]
actually in that case its more the other way around. its easier to drive with a profile that is not connected, you only loose the app functions like heating and knowing how much you still can drive and other things that are not 100% needed.
with a not connected profile the car starts and you dont need to press an additional button to access your media stuff. so far only vw does that in the german market. everbody else uses agb's/eulas and stuff to tell you about the connection.
vw is just bad when it comes to software.
moffkalast 1 days ago [-]
Nah, make it illegal to collect any kind of identifiable data in the first place.
sschueller 1 days ago [-]
It already is and this will go to EU courts.
hyhconito 1 days ago [-]
Opt in you mean, like the cookie banners?
Oh no that'll never happen because VW are a European company and the money is in fining US tech companies!
rad_gruchalski 1 days ago [-]
European companies get fined the same as any other companies.
hyhconito 1 days ago [-]
Well within the constraints they set out which exclude a hell of a lot of European companies.
(I am in Europe for reference, this is not an external perspective)
mtmail 23 hours ago [-]
https://www.enforcementtracker.com/?insights shows breakdown by country, type, industry sector. "Highest fines: individual" top 10 list is all international companies (Meta, Amazon, TikTok, LinkedIn, Uber) and those make the news. Smaller European companies hardly make the news.
7bit 1 days ago [-]
What constraints? And which companies are excluded by them?
adolph 1 days ago [-]
VW paid "$14.7 billion to settle civil charges in the United States" and was ordered "to pay a $2.8 billion criminal fine for 'rigging diesel-powered vehicles to cheat on government emissions tests'."
Why is nobody talking about the fact that this should not be possible? There is precisely zero reason for them to have this location data. Give the CEO one year of jail per person whose location was illegally tracked.
behnamoh 1 days ago [-]
Can we some how hack the car and disable this "feature"?
betaby 1 days ago [-]
Most likely that's illegal in DE, FR and PL. See a related thread about trains at CCC.
zer8k 1 days ago [-]
On the contrary it's relatively simple to understand how it got there trivially.
Most modern cars, especially ones that fit into more "luxury" brands have an app. That app gives you telemetry and location data for a price. It's rather convenient to be able to pre-condition your car, or figure out where you parked in a massive unlabeled parking lot, etc. This is all consented to, but regardless the data is tracked anyway via some GPS/cell system modern cars have. When you pay for it you get more stuff - anti-theft, better tracking, service tracking, etc.
It's a convenience. I'm not entirely comfortable with it but if you want a better-than-decent car made after 2016 you probably have it on-board and unless you rip the ECM out you're stuck with it. Personally, I'd rather pay BMW, for example, for anti-theft and tracking than pay OnStar or another service that is gonna stick me with a ridiculous contract and stuff my car with even more buttons.
1 days ago [-]
gsich 1 days ago [-]
There is no reason why this can't be E2E.
CatWChainsaw 1 days ago [-]
Eh, "consented to" is rather weak when you are forced to hit the "I agree" button to be able to drive the car you bought. That and forced arbitration need to die posthaste.
rad_gruchalski 1 days ago [-]
I refuse to believe that it’s not possible to drive the car without the app.
jimt1234 1 days ago [-]
Back in the day, during the original Browser Wars, when the US Department Of Justice was trying to force Microsoft to detach Internet Explorer from Windows, Microsoft argued that it was impossible for Windows to operate without IE baked in. Well, it took a couple of "hackers" about a day to prove them wrong. I ran Windows XP without IE for years just fine. So yeah, cars can run without the app.
rad_gruchalski 1 days ago [-]
Of course they can. It doesn’t even make sense to consider that microsoft/ie matter.
AlotOfReading 1 days ago [-]
The data is collected even if you don't use the app or hit agree. The manufacturer has your personal info attached to the car from the warranty info. They're required to collect it so they can send you recall notices.
It's trivial to put a car in limp mode if the vehicle computers don't detect all the modules the manufacturer put there. It's slightly less trivial to detect missing antennas, but that tends to disable other features people enjoy like directions and data. Manufacturers simply don't care to cat-and-mouse this right now.
rad_gruchalski 1 days ago [-]
> The data is collected even if you don't use the app or hit agree
It’s irrelevant. The matter of the discussion is “cannot drive a car without hitting I agree button”.
AlotOfReading 1 days ago [-]
The post you were responding to is specifically about the lack of consent, not whether the button is necessary.
I rode in a 1948 Oldsmobile three days ago. No app needed. At this point the ignition switch is so worn the key is actually optional.
19 hours ago [-]
CatWChainsaw 8 hours ago [-]
Yes because that's comparable to a modern data-slurping EV, thank you for the useless comment.
CommanderData 14 hours ago [-]
Soon we'll be in an era where our vehicles are geofenced.
Stop people driving to protests? areas of strategic interest? congestion? Yep that's all coming quick.
greesil 17 hours ago [-]
I had to opt in to this shit to get firmware updates. I'm very angry. This explains the laggy infotainment on my id.3 if these idiots were involved in its creation.
I can't seem to find a link to the leaked data. I want to see if I'm in it.
Every satellite imaging company knows where they are.
mogadsheu 19 hours ago [-]
Revisit frequency and spatial resolution aren’t high enough to meaningfully and uniquely identify vehicles without additional data.
mensetmanusman 19 hours ago [-]
I doubt VW cares about real time locations of all their vehicles. Only government officials at the DMV care.
rurban 10 hours ago [-]
Of course they care. Only then they can sell it. With real name and full precision location. Even with 10m precision it would be a good sell.
TheChaplain 1 days ago [-]
That could be a nail in the coffin to end VW, the EU GDPR is quite a sharp weapon.
jwr 1 days ago [-]
The EU won't do much, because this is a car company. Car companies run the EU, basically, especially German ones.
newsclues 1 days ago [-]
Not surprisingly as the EU grew out of post war coal and steel association
rad_gruchalski 1 days ago [-]
The problem was caused by Cariad, not VW directly. Cariad will be held responsible for, not VW.
tremon 24 hours ago [-]
That's not how the GDPR works. Cariad may be a subcontractor (data processor in GDPR speak) for VW, but the driver does not have a contract with Cariad -- their contract is with VW (the data controller in GDPR speak). The data controller is always jointly liable with the processor for 3rd-party data breaches.
Reason077 1 days ago [-]
CARIAD is a 100%-owned subsidiary of the Volkswagen group.
42lux 1 days ago [-]
It’s their bad software bank.
rad_gruchalski 1 days ago [-]
Sure. Good accounting and disaster prevention from VW. The matter of the discussion proves that the decision was correct.
7bit 1 days ago [-]
Yep, and this will be the end of CARIAD. Volkswagen has already b decided to bleed them to death with the Rivien joint-venture. I guess they'll shut down the rest of the operation much, much faster now. This is the perfect reason for them to do so and what they have been waiting for.
tencentshill 1 days ago [-]
I think even in the EU, VW group is "too big to fail".
creshal 1 days ago [-]
Too big to fail and too much of it is state owned, either directly, or through government-owned retirement funds.
The government will investigate itself and find no wrongdoings, let's go after the journalists who committed the ultimate crime: Embarassing Officials.
johnea 1 days ago [-]
Oh yea, that big gubmint is the one to blame!
Never mind that it's a for-profit company that does the surveiling, and wrote the faulty IT structure.
Neoliberal religion runs deep...
creshal 12 hours ago [-]
Way to miss the point. Governments giving semi-private companies blank cheques is the worst possible combination, because nobody's incentivised to care about laws in such constructs.
davidrm 24 hours ago [-]
supervisory board of VW has 20 members, state of Lower Saxony appoints 2 (as a minority shareholder), workforce elects 7 among themselves, and 3 are trade union representatives also elected by the workforce.
no one is denying it's a for profit company, but its governance model doesn't really scream "neoliberalism". assuming you're from the US, (German) enterprises like VW are vastly different from what exists in the US, not just in the terms of their structure but also their influence on Germany and EU.
gadflyinyoureye 1 days ago [-]
The EU will play favorites. There will be a slap on the wrist. Some probation. Maybe a CEO or high level C* person will step down in disgrace with only a few hundred million in severance. Then everything will go back to normal.
devops99 4 hours ago [-]
[flagged]
JKCalhoun 23 hours ago [-]
Sofa King stupid. Why add this shit that is a liability?
Maybe legal needs to have a talk with marketing.
Rendered at 23:24:25 GMT+0000 (UTC) with Wasmer Edge.
No, a software switch is not enough. We need to be able to physically unplug the cellular modem entirely and have the vehicle work with 100% functionality (barring features which inherently require cellular connectivity like turning the heating on remotely)
Car manufacturers' features are mostly useless anyway thanks to Android Auto/Apple CarPlay
https://en.m.wikipedia.org/wiki/ECall
But I guess you mean on the car side like two modems? Yeah that would be nice, or at least to mandate the option to turn all manufacturer telemetry completely off. The EU never bothered to do this for computers and phones either though.
https://www.thalesgroup.com/en/markets/digital-identity-and-...
But the sim card doesn't have access to the car telemetry. Probably even the whole baseband module doesn't. It just gets that data to transmit when an accident happens.
The worst you could do by hacking the SIM is to make the modem send nearby cell data somewhere. Which is serious enough because the rough location can be derived from it. But it's a far cry from what these manufacturers collect.
Of course when the modem is on you can't be sure that it's not doing that but that's what we have laws for.
They can and do though, and they are.
https://www.peters.senate.gov/newsroom/press-releases/senato...
The only possible use of cell service is for infotainment and even that’s questionable in a world of ubiquitous cell phones.
Also handy to find your car if you manage forget where you parked for some reason. Or to set a destination for GPS navigation.
Marginal knicknacks vs. serious risks kind of thing here.
(/s)
Yeah, that can save 15 minutes of scraping the windows for snow and ice in the morning and afternoon.
If they had a garage next to their house to park their car they wouldn't need either. However there are lots of situations where the car isn't close yet it need pre heating. For me this is driving the car to and from work in the winter, and certain one off situations (going home from the hospital, picking up the car after avriving at the train station).
The simplicity makes me think that law-makers can understand it.
It should have a standard UI for doing so, but if you are technically inclined it is usually trivial to do- pulling a fuse, or changing a setting over the OBD port.
However, you will lose useful features like advanced charging controls, and starting the HVAC remotely on EVs.
I'd rather focus on standardizing a transparent and privacy safe way to gather these metrics. Consumers would know what metrics are collected and there would be guarantees that privacy is kept. There are ways to accomplish this today.
Providing a way to disable metrics is never going to be sufficient for anyone other than a power user.
I'd rather see laws to have it disabled by default. People who don't mind can then opt-in again.
Honest question, what is a good reason to do this?
My Logitech software sends telemetry to Logitech.
My VW apparantly sends my GPS coordinates.
How is this useful for improving their hardware?
The most obvious metric that everyone wants to know is failure or crash rates. After a software update it's always good to know if those rates went up. Those errors may be recoverable, but it's good to try and understand them to improve reliability. Maybe pairing android auto with specific phone models is more problematic, or maybe trying to pair Bluetooth is particularly bad under specific conditions like high thermals in warmer climates. It's pretty difficult to interop testing with all possible parties in all conditions.
You know what will help in those situations ? Testing.
It is expensive, i know. Why not skip it and just analyse the KPIs from the telemetry. /s
Tell that to Microsoft. Although their products have telemetry, they become shittier every day.
Somehow hammer manufacturers can live with this. Why can't automakers, tech device manufacturers, and software developers live with this?
"Your hammer has reached its monthly nail limit. Please upgrade to the pro plan to unlock an additional 60 nails"
Anyone that has built a moat/lock-in will, sooner or later, screw you over.
Hammer manufacturers would too, if they could. But hammers are simple devices.
Opt In should NOT be required to enable features.
Features should not be rented, and should be delivered as purchased with the car. Shipped but disabled features that take up additional vehicle weight (relative to lacking the feature) should not be allowed. (This phrasing is precise, to allow for silicon and software enhancements which are not a material change to vehicle manufacturing / design.)
Setup processes should always empower the user. If there are multiple choices or paths a default may be indicated, but alternatives MUST NOT be in other locations, and MUST be displayed with equal prominence in a logically adjacent section of the dialog.
Example from a website: 'Paperless' should not be force enabled by default; the ability to have paper or paperless billing should be radio boxes next to each other. Additional benefits (E.G. higher account interest rates) should not be tied to either selection.
If this made it more expensive, because having cars that are physically different is harder, would you prefer that?
Why can't I simply not care that I don't get something I've not paid for and there's a doodad in the car that's capable of it?
If the alternative is having to buy that feature or pay more for a car that doesn't have it, that sounds like a bad outcome.
If I'm not free to do so - then do I actually still own my own product? Or is it now a lease?
Why should the era of rebuilding your car simply end? There are already safety regs you need to comply with. The average hotrod modifies a considerable proportion of the car. Reusing the majority of the structure in ways the manufacturer did not intend.
I thought I saw instructions somewhere for my 2020 prius but can't find it now. a few reddit threads asking about it, I like the suggestion that even if its eSim or somehow embedded in the cellular modem, "Disconnect the antenna! / shunt the telecommunication modems antenna with a resistor shunt. It will trick the radio into thinking the antennas still connected but won't allow any data to be going out they just won't get signal"
https://www.reddit.com/r/Toyota/comments/1be9zuc/wheres_the_...
I'd hope in 10 years 4G and maybe be 5G would also be defunct with their networks turned off.
As another example, side impact airbags have been mandatory in the US since 2013, but the Volvo 850 had them in 1995 and they were present on something like half of new cars a decade before they were mandatory and >97% of new cars three years before the mandate.
But the larger point is definitely true.
I always bought medium sized cars at 10 years when they're already only a grand or two. The smallest ones are made so cheaply that they're already too tired at this age and strangely enough they're more expensive due to the lower road tax. So more people want them.
And then I used to drive them till the maintenance becomes too expensive, for 5 or 6 years or so. And just scrap them then.
I guess if I still owned a car I could still do this for a good while without having to get spyware. But not too long.
More like every couple months on the road, from my experience in having driven one. Just this year here are couple of things that have occurred:
>glowplugs burnt out
>air-mass sensor failure
>faulty abs-sensor
>fuel nozzle malfunction
>brake failure
>engine back support failure
>short circuit after worn-out manufacturer divider causing massive sparking, heating and a drained battery
Some additional fixes identified recently not yet fixed:
>faulty brake booster
>moisture buildup(?)in door mechanisms leading to it sometimes not opening from inside
>rust buildup in some parts, needs replacing before reaching important bits
>transient misfire/spray/clog on acceleration leading to computer shutting off engine power
My last car was a Volvo S40, had really nice leather interior, nearly full option and cost me €2000.
I only had a few brake pads an a broken trunk cable to deal with (super common issue on this model), the latter I did myself for €40 in parts. Ran great for years. But yeah there's an element of luck also.
My previous car was an Octavia, that had more issues. Electric window broke and I replaced it all myself. But it was a pretty nasty job. Eventually the gearbox started whining and when I brought it to the shop it basically blew up. But it had served me 5 years at that point. Cost me €1200 to buy.
Also, effects mostly EVs, but not only. (If the EV motor was the group usually logged to the opened AWS bucket, I don't understand how there were ICE or possibly hybrid cars involved in the leak.)
https://streaming.media.ccc.de/38c3/ had a german language video on it, live, but will surely add english translation and permanent video link soon.
I can't parse this. Is there a missing word? Mostly implies other possible inputs but the last part of that sentence specifically says this is confusing. Why is it hard to understand how ICE or Hybrid groups also had access to a bucket EVs mostly had access to?
Many Volkswagen cars somehow report telemetry. Looks like there is data not only from the EVs based on the MEB plattform? But for a Name/email to be associated with the VIN of the car, the owner has to register and use the app (once). Many EV owners did, but fewer of the non EVs did.
I will not buy a car that does this. I am starting to turn my phone off when I am not using it as well. Being tracked every second of my life is not acceptable.
In the case of full location data, it would need to be a lot more though. Yes, that might bankrupt the company. They should have thought about that before they illegally stalked nearly a million people then put their highly sensitive data on the Internet.
If I did this to one person, I'd probably (and rightfully) go to jail. I'd like the same standard applied here.
Adbusters magazine (credited with spurring occupy wallstreet with a solid meme campaign) tried to get inertia going around revoking corporate charters, stop acting like we don't have power, corporations are borne into existence by acts of government, we are not powerless to punish them for crimes against humanity (to be dramatic about it, I don't know what language would be appropriate for collecting location information for a million individuals without disclosure), but didn't see much traction about it.
https://www.adbusters.org/full-articles/rise-of-the-corporat...
Unfortunately it looks like that might be pretty hard:
https://foundation.mozilla.org/en/privacynotincluded/article...
In the name of data protection, you are not even allowed to have two main users of the car. As a result, it’s either me or my SO being able to see the car‘s state of charge in the mobile app. It’s impossible for both to see it except you do account sharing
We all just let surveillance haplen to us, in fact we paid for most of it
Kindergarten transactions one day, escort payments on another.
It was — and still is — creepy. An average Joe like me shouldn't be able to pry into someone's private life like that.
Instead they should think from the perspective of an evil person. E.g. "how can I proactively use whatever data that I can get to hurt someone."
For example, at a previous job I went to my managers and pointed out that every developer working on our system had access to our user's names and their involvement with racial justice programs our client was running. By guessing someone's ethnicity from their name, a bad actor could target minorities involved in racial justice. The response I got was not to fix the security issue; instead it was horror that I would ever conceive of such a scheme.
Do you have a written record of the conversation?
0 https://en.wikipedia.org/wiki/Light_pollution
From experience, they usually come up with some variation of "If you have nothing to hide, you have nothing to fear" [1]. And even those who buy the idea that private information could be used against them, most of them don't believe that someone would do this to them. What seems to be missing is understanding of how scalable and automated these attacks can be in the digital world.
[1] Amusingly enough, one of those "I have nothing to hide" people was pretty shaken when they asked me to take a look at a scam email that said "Hello <firstname from leaked database>, we have photos of you watching porn. Pay us or we'll post them on Facebook."
Has anyone had success with informing people about these types of abstract dangers? I find that people either get it almost immediately, or they never really get it until it happens to them.
Ignoring of course that the amount of aggregated surveillance makes it impossible to escape monitoring. Credit cards, license plate scanners, phone GPS, airtags, doorbell cameras, "Eye in the Sky" spy planes, etc
"A rich one!"
Trip to McD's with a price of exactly happy meal + tax one day, and a recurring payment for XXX website OnlyFans access the next. Adjust the values to taste/theory. Sometimes a credit card is just a credit card.
The average joe is merely a side effect of the government collecting all that data. The government is also why your car reports its location.
Fully EV, real buttons and knobs, and of course the model is cancelled.
The original tracking was 2G cellular, later updated to 3G cellular. 2G is long depricated, and 3G is already shutdown in many places.
This is a great car! Which explains why it's no longer available. It doesn't meet modern american needs, like being at least as large as a small building, or having 0 visibility over the hood, or costing at least $75K. (p.s. I paid $15K for mine, with 18K miles on the odometer and 150 miles of battery range)
But if you're into retro, like buttons and knobs, I highly recommend it...
p.s. I have to wonder if the data breach doesn't affect ICE cars as well? Would they use a separate surveilance system?
In the process some forum threads would pick up hundreds of posts over a decade or more so that removal of every nut, bolt, screw, plastic plug, etc is documented with photos, allowing anyone with the vehicle to see exactly how to take ownership of the vehicle from the manufacturer.
True old-school old manning involves not only removal of all the bullshit, but also covers all cosmetic changes to the vehicle that would be needed to eliminate all signs that any of the offending components were ever installed and would include things like how to accomplish all the trim and body work necessary to permanently fill all the holes in the vehicle like antenna penetrations through the vehicle body and plastic trim mods to fill holes that formerly held buttons or switches that no longer exist.
In the process, old-school old manning would attack the software used in the vehicle, removing all the offending functionality with a custom flash tool so that the only software running on the vehicle after all the mods are completed would be that which controls and monitors engine and transmission functionality since that is actually the only software on a vehicle that adds value by allowing the vehicle owner to track operating efficiency in real time.
Expensive yes but might be worth it if you value your privacy.
I'd be surprised if there was a dedicated fuse for only a modem really, especially in an EV or hybrid.
But hey, maybe if I wait around another 5-10 years, there'll be more than 3 mainstream electric sedan options available for the US market and I'll be able to find the perfect car.
I can even keep driving while the whole system is rebooting. Around here (where we have many immigrants and some odd practices) I’ve seen people with a towel hanging over their screen while driving, to protect it like a dust cover I guess.
The one thing you might argue I do need from my screen is the speed, which is very easy to see and usually not needed in the flow of traffic.
The outcry against screens is just misinformed imho. My car has plenty of mechanical buttons.
At least you're still acknowledging the abysmal state of modern cars by including this statement. Why on earth would anyone expect otherwise from a car?
EVs are computers on wheels, expecting them to work during reboot is not unlike expecting vim to work during a reboot :)
EVs are not computers, they have computers. The controllers that make it go should stay on during a "sudden reboot". Expecting them to keep working is like expecting my coolant pump to work during a reboot, not vim.
I’ve owned and driven EVs from several brands. Prior to this, I could pretty much always expect the following from my car:
1. The drivetrain always operates normally and safely (aside from some actual mechanical failure) with no computer glitches.
2. I can always see my speed and gear selector state on a dashboard somewhere, even when (not if) the infotainment screen crashes and reboots. I’ve had (2010-2020ish era) Lexus, Audi, and others have infotainment glitches, crashes, and reboots, but the speedometer, drive train, and AC all had physical controls running on isolated systems and so they always continued to work through a reboot or glitch of the infotainment.
3. The AC is always operating (aside from some actual mechanical failure) with no computer glitches or lag to my ability to control it. I consider this a critical safety system given that many drive in climates with weather that can be dangerously hot or cold.
In pretty much every EV I’ve owned, none of these have been true except maybe #1, and that is pretty sad to say that the only thing that hasn’t happened is my entire cars wheels locking up on the highway (and yet still this is reported happening for many EV brands, Tesla, Audi, and Porsche at least come to mind where I’ve read stories).
It’s insane to me that it’s even possible for the cars computers rebooting to entail AC shutting down, not being able to see your speed, etc. If this EVER happens, the entire vehicle line should legally require a recall until it’s guaranteed this won’t happen. We have ways of guaranteeing computer systems don’t fail like this to extremely high probability — car companies only don’t do it because it’s expensive and more complex than just throwing all the same crappy software into one single system rather than designing multiple isolated fault tolerant systems.
Less horrible but still shockingly bad regression is how almost all modern cars AC is controlled through an often laggy computer system (not to mention the almost universally despised move of AC controls to touch screens, instead of physical controls). Maybe not so laggy on Tesla, but in my experience both BMW and Audi have AC control touch screens which sometimes respond but occasionally can have 1-10 second random lags before anything responds. Presumably due to garbage collector lag or something. But this is also a mild safety issue since the lack of predictable behavior from common controls makes it very distracting when trying to so something so common and simple as adjusting the temperature that should just be as simple as a simple physical button or knob.
I don't want to have anything to do with a company like that.
https://cariad.technology/content/dam/digitalmindofmobility/...
EDIT: Just noticed this is an ISO9001 certificate. Though on their job offer site they do ask for "Foundational understanding of security related regulations and standards preferred (e.g. ISO21434, ISO27001, NIST-800)". Unclear if they are actually ISO 27001. Found the 9001 one by fluke, they don't seem to list that one on their site either.
edit: I've never prepared for our audits and we always get our certification, no matter what they find as long as you say "yes, we are aware"
Please explain that to my IT department.
https://www.spiegel.de/netzwelt/web/volkswagen-konzern-daten...
https://www.ccc.de/de/updates/2024/wir-wissen-wo-dein-auto-s...
Especially in the EU, the hypocrisy is jarring: on one hand, GDPR, protecting users from surveillance by businesses, etc, and on the other hand, car companies get a free pass, because they are car companies, and the EU likes car companies.
The region sharing might be needed to efficiently update things like the map and the speed limits.
https://www.mediarealm.com.au/articles/fm-rds-radio-data-sys...
Based on what sort of data was exposed, it seems plausible that it is one of the services from WirelessCar.
I drive a 1997 ES300 that needs a new left rear taillight lens. The new part doesn't exist anymore, and I can't find a used part in Canada.
The US does not have a GDPR so the collection of this information is legal. How much data is lying around at GM and others for someone to abuse?
Then maybe the rest of the world will follow suit.
I know, I know, I am kidding myself.
It was a very clear prompt during initial setup, and it shows me a very unambiguous notification that it's enabled every time I start the car. If I click on that it takes me to the setting.
edit: might even have been opt-in during initial setup, now that I think about it. I do recall it being a very deliberate thing during setup.
Of course I'll have to trust that turning it off actually turns it off, no way for me to verify that.
The reason I keep it on is because my SO is a bit absent minded to where she parks the car, and I value not having to run around in the streets trying to find it when I'm in a hurry over the potential privacy loss.
edit: Renault was found[1][2] to be the "least problematic" with respect to privacy by Mozilla last year.
[1]: https://foundation.mozilla.org/en/blog/privacy-nightmare-on-...
[2]: https://news.ycombinator.com/item?id=37443644
There are very straightforward solutions, depending on the threat model. For example, the app could send VW a private key every day, and VW would send that key to the car. Then the car sends periodic location reports, encrypted to that key. VW can, upon request, send the report to the app, which decrypts it. But VW can’t decrypt the report itself, so they don’t know the location of the car. Also, it’s forward secure in the sense that a leak of VW’s database is entirely useless after a day.
Otherwise, if there is no pre-existing private channel, the key (which by the way would have to be the public key, not the private key) could be switched out by VW acting as a man-in-the-middle, allowing it to access all encrypted content going through it.
The same is true for Apple. There are parts of the protocol or the pairing where you have to trust Apple, either their servers, or if the establishment happens locally via bluetooth or similar, their software that runs on the local devices.
It would also introduce a lot of additional failure modes.
Doable but not exactly trivial.
I realize that modern development has layers and layers of documents and teams and overcomplicated interfaces, but this is the kind of thing that could be done by one developer, using two servers and a load balancer (or a more creative HA scheme with client assistance that can easily survive complete loss of a datacenter or two), that can handle the entire fleet.
My car for example doesn't have reliable connection when it's parked in the garage, which is where I charge it.
Your solution would add a lot of extra edge cases that needs to be considered.
You have to ensure the updated key is reliably transferred to the mothership in a timely fashion, and subsequently that the key is reliably transferred to the car in a timely fashion.
That's the back-end stuff. There's also the front-end stuff, like will my SO understand why her app isn't showing the car's location but mine is?
Not saying it's impossible, but it adds a lot of complexity beyond simply encrypting the location with multiple keys.
Losing connection for extended periods of time can get in the way of "timely" key updates but they won't cause the encryption to fail.
> That's the back-end stuff. There's also the front-end stuff, like will my SO understand why her app isn't showing the car's location but mine is?
Well the reasons I can think of are either things like the server being broken, which can happen without any encryption, or she didn't finish setting up her app and waiting for it to sync which can also happen without encryption. Or she was removed from the list because she didn't open the app for a year... which can also happen without encryption.
To be fair, if the car is offline while a newly installed app logs in, then the app won’t be able to locate the car until the car checks in. Which is not actually the end of the world, and there are ways to mitigate this. (See iMessage and Keybase for a couple of different approaches to this. See Signal for a shockingly poor group of bizarrely mutually incompatible solutions that barely work. I think that Matrix tries, too. MLS should be able to handle it, and piggybacking off an existing standard like MLS might be entirely reasonable albeit dramatically more complex than the simple solution I outlined.)
Where do you work and are you hiring?
It would also give local governments a power they never had before: To directly control your behavior in the moment, with no judicial control or oversight.
No, thank you.
The system can tell you if there was a runaway truck (at your time and location), so an appeal should be easy for that uncommon situation.
- Speed of every car on the road is recorded continuously.
- If you stay within the limit, you pay nothing. For each second that you are faster than the limit, you incur some financial penalty, where the amount is calculated based on both the speed difference and the purpose of the limit (pedestrian safety vs. noise pollution, for example). In extreme cases, you can lose your drivers license.
- Speed data is also made available to your insurance. So drivers know they won’t get away with somebody else paying for any damage they may cause.
As a driver, I very much prefer this not to exist. But I think it would be the right thing from a “veil of ignorance” perspective of justice.
The only question that matters is would it result in fewer road deaths? I bet the answer is yes.
In the US every single day 100 families are torn apart by a death on the road. I’m sure you don’t want it to be yours.
I live in Europe. Regulations here make Teslas slam on the brakes when the road is curved by more than x degrees, and break off a lane change apruptly if they take longer than x seconds. The intentions behind these rules written by some buerocrat in Brussels surely were as good as those behind the cookie banner.
I’m glad I still get to override those rules with my pedals and steering wheel.
Neither you nor me live in the US. They have other options to reduce those deaths. There’s no reason to drive a 4 ton EV truck made out of stainless steel doing 0 to 60 mph in 3 seconds.
Speed doesn’t kill, it’s the sudden stopping that does.
I've had cars with both automated speed limit sign readers, GPS+map databases, and more show me two different speed limits and neither one was actually correct for the lane I was in. This is a somewhat common occurrence on the highways around me.
A few examples:
1) drive past the end of town sign in a particular German town, the car thinks it is 30kph, but only during the day because at night it doesn’t see the sign so it thinks it’s 50 where in reality it’s a 100 until the next speed limit,
2) driving between a couple of roundabouts inside of a town in the Netherlands, the car thinks it’s 30kph even though we stay within city limits and there’s no sign so the speed limit remains 50kph,
3) this is the funniest one so far… driving in Antwerpen along the Turhoutsebaan, there’s a massive 30 sign painted on a red painted road surface, the car insists that the speed limit is 50kph.
Those are just three out of a dozen examples happening consistently within 30 square kilometres I normally remain within. And I drive this car for 2.5 weeks. I have seen the future and I don’t like it. Number 2) happens routinely inside of the city limits after right or left turn. Car drops the speed limit to 30 just to realise a 100m down the road that it is 50.
Apologies for the ad hominem, I normally stay away from such tone. I genuinely hope that such pseudo cops like you get a grip. Because it’s my life you’re talking about and I already use speed limiter routinely. Every idiot around me on the road has exactly the same choice as me: curb the ego down and slow down or behave like a douche.
> but it would be even better if all cars' speed were automatically limited to the speed limit of each road
Yeah, you just described the ISA of 2027. This is going to be a tough year for car manufacturers. I forecast a ton of unsold new cars remaining on parking lots because one has to be really technically illiterate to buy something so dangerous willingly. Either full self driving or give full control. Everything in between is a disaster waiting to happen.
By the way, here’s a funny thought. So what is going to happen when that mythical zero casualties is reached and more people will be dying on bicycles than in car accidents? An implant in the brain? Where does it stop?
I don't think anything will need to happen at that point. We wouldn't need to tackle down the top causes of death if the numbers were low, as seems to be the case of bicycle deaths not caused by cars. And when it comes to speeding, it's already against the law, so the technology is only trying to help prevent it. But of course, my enthusiasm is tied to a future where this technology works reliably, so I don't really expect anything like it with all the problems you're describing with current models.
It’s also illegal to participate in the traffic drunk yet I routinely see drunk people riding bicycles and scooters in regular traffic, often ignoring traffic lights, often with their face glued to a phone. That’s half a problem, the other problem is those same people with those same things on the sidewalk. I bet you, a ton of those people do not even have a driving license and/or understanding of traffic rules. Humans will be humans. First they cry for cycling paths, when they get them, they don’t use them. Cannot win stupid.
As a pedestrian in the city I want scooters and bicycles regulated AND enforced. But nobody cares. I stopped counting how many times I have to do acrobatics to walk around scooters and bicycles left in the middle of the sidewalk.
Earlier it said I was on a 30mph road despite being on a 20mph road
What is the speed limit in that field?
Would a car suffer from similar problems? Should it continue at the original rate of speed or slam the brakes?
Did the same with two other phones. Car play takes the location from the car rather than the phone.
Huge privacy violation. I would just close down this business. Unfortunately it's a state cartel, and even part owner. They'll change the constitution to save those criminals
I’m a owner of a id.4 (or rather a user of it, since my company owns it)
(I know the EU doesn't mandate annoying cookie banners but unintended consequences etc)
Oh no that'll never happen because VW are a European company and the money is in fining US tech companies!
(I am in Europe for reference, this is not an external perspective)
https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal
Also I genuinely think those fines were low.
https://www.macrotrends.net/stocks/charts/VWAGY/volkswagen-a...
Most modern cars, especially ones that fit into more "luxury" brands have an app. That app gives you telemetry and location data for a price. It's rather convenient to be able to pre-condition your car, or figure out where you parked in a massive unlabeled parking lot, etc. This is all consented to, but regardless the data is tracked anyway via some GPS/cell system modern cars have. When you pay for it you get more stuff - anti-theft, better tracking, service tracking, etc.
It's a convenience. I'm not entirely comfortable with it but if you want a better-than-decent car made after 2016 you probably have it on-board and unless you rip the ECM out you're stuck with it. Personally, I'd rather pay BMW, for example, for anti-theft and tracking than pay OnStar or another service that is gonna stick me with a ridiculous contract and stuff my car with even more buttons.
It's trivial to put a car in limp mode if the vehicle computers don't detect all the modules the manufacturer put there. It's slightly less trivial to detect missing antennas, but that tends to disable other features people enjoy like directions and data. Manufacturers simply don't care to cat-and-mouse this right now.
It’s irrelevant. The matter of the discussion is “cannot drive a car without hitting I agree button”.
Stop people driving to protests? areas of strategic interest? congestion? Yep that's all coming quick.
I can't seem to find a link to the leaked data. I want to see if I'm in it.
As per this guy, maybe I should sell my vehicle before VW is sued out of existence. https://www.reddit.com/r/electricvehicles/comments/1hnh3sg/c...
The government will investigate itself and find no wrongdoings, let's go after the journalists who committed the ultimate crime: Embarassing Officials.
Never mind that it's a for-profit company that does the surveiling, and wrote the faulty IT structure.
Neoliberal religion runs deep...
no one is denying it's a for profit company, but its governance model doesn't really scream "neoliberalism". assuming you're from the US, (German) enterprises like VW are vastly different from what exists in the US, not just in the terms of their structure but also their influence on Germany and EU.
Maybe legal needs to have a talk with marketing.