[HN Gopher] Who is collecting data from your car?
___________________________________________________________________
Who is collecting data from your car?
Author : atg_abhishek
Score : 125 points
Date : 2022-07-30 13:58 UTC (9 hours ago)
(HTM) web link (themarkup.org)
(TXT) w3m dump (themarkup.org)
| salawat wrote:
| https://cccis.com/
|
| There's your data aggregator. At least one of em.
| i67vw3 wrote:
| Year 2022: 'Degoogling' your car.
|
| PC/laptops were first, smartphones were done next and now car are
| too be 'degoogled'.
|
| Edit:- 'Smart' TV's were between smartphones and cars.
| pessimizer wrote:
| TVs between smartphones and cars. There's still plenty of room
| for expansion, like your door locks and home climate controls,
| your medical history/treatment, your votes...
| mdp2021 wrote:
| > _home climate controls_
|
| These are already attack objectives - thermostat ransoms.
| derwiki wrote:
| Interesting, do you have a link or remember an instance of
| this?
| mdp2021 wrote:
| There have been reminders on The Conversation only a few
| months ago ( https://theconversation.com/considering-
| buying-a-smart-devic... ),
|
| but here is a generic article on The Atlantic from 2016 -
| year relevant, because there had been cases of actual
| ransomware for some thermostat models then:
|
| https://www.theatlantic.com/technology/archive/2016/01/th
| e-e...
|
| Which also contains the line:
|
| > _When it comes to connected vehicles, the possibilities
| are even more frightening. And thanks to an experiment
| where white-hat hackers remotely hijacked a Jeep as it
| hurtled down a St. Louis highway, they're not that far-
| fetched_
|
| http://www.wired.com/2015/07/hackers-remotely-kill-jeep-
| high...
|
| Which raises another point: security faults in cars have
| been used to stop them, to take control of them etc.
| Among the malicious purposes, one can emerge of ransom:
| "We now control your car. If you want to drive it
| again...". Nothing new in the crime scene ("We just stole
| your car. If you want to drive it again...") - only, now
| through fully avoidable technical holes which should not
| be there in the first place.
|
| --
|
| About the thermostats:
|
| _Hackers demonstrated first ransomware for IoT
| thermostats at DEF CON // Ransomware-infected smart
| thermostats, it's no longer hypothetical. An attacker
| could crank up the heat and lock the IoT device until
| sweltering occupants paid a ransom to unlock it_ (Aug
| 2016)
|
| https://www.computerworld.com/article/3105001/hackers-
| demons...
| mdp2021 wrote:
| No, that is a comparatively minor detail: a car MUST NOT be
| Internet connected. Before privacy, security.
|
| You do not open to security risks when advantages are
| negligible or even negative (privacy issues make them
| negative).
| AlotOfReading wrote:
| The direction OEMs are going is to try and have their cake
| and eat it too. Data connection is not optional, so security
| is achieved through an isolated network interface boxe that
| talks to the outside and is assumed to be pwned/pwnable. The
| rest of the architecture is hardened accordingly, with a
| single internal interface to the rest of the vehicle on a
| secured bus and attestation/secured computing platform, etc.
| shnock wrote:
| I have layman knowledge of this and do not understand. How
| does this compare to the level of security described in the
| GP comment (no connection at all)?
| AlotOfReading wrote:
| It might help to imagine there's a data diode between the
| interface box and the rest of the system. In an ideal
| world, there should be few differences beyond the actual
| data being sent. In practice, the analysis is a lot more
| complicated. I've also seen cases where there should be
| no connection hardware at all, but someone forgot to
| disable Bluetooth on a dev board or something and it
| shows up in a red team exercise.
| skummetmaelk wrote:
| That's great until an unknowing mechanic connects a pwned
| device to the secure system that infects it and enables it
| to receive commands from the "assumed pwned" network box.
| AlotOfReading wrote:
| They wouldn't have a direct connection regardless, but
| this is also part of the threat model on every vehicle
| I've been involved with.
| i67vw3 wrote:
| Problem is car manufactures have started forcing cars to
| connect to internet, even concepts like firmware, updates
| etc.
|
| Notorious among them are electric cars like Tesla. Even
| petrol/diesel car manufactures have started doing same stuff.
| mdp2021 wrote:
| For a large number of categories today the most extensive
| research to identify a decent product has become necessary.
|
| It is a disaster that cars are now part of it, but - the
| most extensive research to identify a decent product will
| be necessary.
|
| Edit: what I fear most (second to a market that allows
| perversions - i.e. buyers of unacceptable products), is
| cretinous legislation what may remove options.
| smolder wrote:
| > For a large number of categories today the most
| extensive research to identify a decent product has
| become necessary.
|
| What exactly are you saying here? Is this a "telemetry is
| necessary for effective product design" argument?
|
| Apologies if I'm misunderstanding, but if so: I
| personally don't buy that it is except in very specific
| circumstances. Gathering data through telemetry to make
| product decisions, when it's not just about data sales
| for extra revenue, doesn't always make a lot of sense,
| particularly when that data gathering capability directly
| compromises the product quality. I would argue that often
| it's done because of people trying to cargo cult
| competence at product design by doing what seems cutting
| edge, analogous to "architecture astronauts" designing
| overcomplicated & inelegant software systems with too
| many bells and whistles.
| mdp2021 wrote:
| > _What exactly are you saying here? Is this_
|
| No, I wrote that nowadays, before buying, as you will
| need to <<identify a decent product>>, you will have to
| research a lot, and discard the largest number of -
| useless - options. If nowadays you are in need of buying
| an item you will have to do extensive research of what is
| available in the market, because most of the products
| around are unacceptable.
| JadeNB wrote:
| > what I fear most (second to a market that allows
| perversions - i.e. buyers of unacceptable products)
|
| I have a hard time buying this (no pun intended). Your
| greatest fear is _other_ people being able to buy things?
| I fear very much my _not_ being able to buy what I want,
| and I can see knock-on effects from other people being OK
| with (or not understanding) the violation of their
| privacy and so indirectly violating my privacy, but it 's
| hard for me to see that raising to the level of my
| _greatest_ fear. So I wonder if I 'm misunderstanding
| you, or we're frightened by different things.
| fariszr wrote:
| A big example of this is phones. And TVs.
| JadeNB wrote:
| > A big example of this is phones. And TVs.
|
| Which 'this' do you mean? There is the 'this' where
| _other people_ buy stupid things (meaning 'smart'
| things, in the marketing terminology we've had foisted
| upon us), and there is the 'this' where _I_ can 't buy
| what I want. Phones and TVs are examples of both, to be
| sure; but, as I mentioned in the comment to which you are
| responding, these two phenomena seem different, though
| linked, and it's not clear to me that the former is
| inherently bad.
| mdp2021 wrote:
| > _I wonder if I 'm misunderstanding you_
|
| Yes, you misunderstood. I stated that the fearsome
| weakness in the system is a market which is mostly made
| by careless buyers who will disregard low quality, absurd
| specifications and dystopian features in the products.
|
| A product would not circulate in the market if people did
| not buy it, and people in general most unfortunately tend
| to buy what is available, without assessing it, without
| considering the effect of their purchases on the market.
|
| You would not struggle to find e.g. telephones with
| replaceable batteries in the market if people generally
| refused to purchase otherwise. The same is valid for
| bluetooth-operated only washing machines (and other
| appliances), etc.
|
| Bad products are around because people buy them.
|
| > _I fear very much my not being able to buy what I want_
|
| Exactly: that is already largely the situation, and it
| comes from a polluted market, spoiled by purchasers
| accepting bad products.
| elf25 wrote:
| byteduck wrote:
| I don't know why I never considered that my car may be collecting
| data on me. I have a Hyundai, and I just went into my settings to
| turn off as much of this as possible. I wonder if there's a way
| to disconnect the antenna or deactivate the cell service since I
| don't need it...
| tencentshill wrote:
| Brink0004 wrote:
| it's weird that they missed Autonomic in this article; they're
| outright owned by Ford. pretty much every new Ford is sending to
| Autonomic before you even drive off the lot
|
| https://www.crunchbase.com/organization/autonomic
| Cupertino95014 wrote:
| This is a great article. I've wondered about that myself:
|
| Forgetting about the smartphone data, many cars have a Navigation
| system, which means the car itself knows where you are. Is it
| being communicated in real time, or does the car at least
| remember?
|
| I actually asked someone who works in car automation this very
| question, and he said it's really manufacturer-dependent.
|
| The car manufacturers are hoping no one digs into this. So let's
| dig.
| spinny wrote:
| My 2016 BMW 118d has a navigation system and a built-in SIM
| card. It is used in multiple instances (the listed ones):
| locating/locking/unlocking your car remotely (all optional),
| start an emergency call, updating the firmware and talking to a
| messaging server
| Cupertino95014 wrote:
| Right, the question is: does all the data about where you've
| been get used anywhere, with PII attached? Could the police
| subpoena it?
| reaperducer wrote:
| My car has no data connection hardware. The navigation maps are
| updated by putting a USB stick in the music player and
| uploading files to the car.
|
| The dealer charges about $200 to do it. It's probably possible
| for someone to do it on their own, but I don't drive enough to
| bother looking it up.
| userbinator wrote:
| _many cars have a Navigation system, which means the car itself
| knows where you are. Is it being communicated in real time, or
| does the car at least remember?_
|
| GPS itself is entirely passive. The last position is definitely
| stored in the receiver to make it faster to acquire a position
| fix the next time it's turned on, but the question is whether
| that is sent outside the car. A standalone GPS unit of the type
| that people add as an aftermarket accessory, instead of being
| integrated, will almost certainly not be transmitting its
| location elsewhere.
| Cupertino95014 wrote:
| One would hope.
|
| On the other hand, there's money to be made by selling that
| data. So I wouldn't blindly assume _every_ manufacturer just
| leaves it sitting on the table.
| hocuspocus wrote:
| Car makers are typically on the conservative side, and they
| aren't really in a position where their own data would be
| particularly valuable compared to that of other players.
|
| What mostly happens is that data sharing goes both ways:
| for instance if your embedded navigation system shows live
| traffic data, your car is probably sharing its location
| upstream, which gets aggregated and anonymized according
| the legal framework and the terms between both parties.
|
| You can do stuff with a car that you wouldn't be able to do
| with a smartphone, for instance using sensors to scan
| curbside parking, whereas Google needs to extrapolate
| street parking availability based on driving patterns. But
| I'm not aware of anyone doing that yet... I've only seen
| proofs of concept.
| otikik wrote:
| I really despise the "smartphone on wheels" trend. I got a used
| Mazda 3 which doesn't have any of that, the new models come
| hyperconnected, so you can "see the status of your car with an
| App" (no thanks).
|
| Is there a list of cars which _don 't_ have remote data
| collection?
| userbinator wrote:
| _Is there a list of cars which don 't have remote data
| collection?_
|
| Everything made before this technology existed?
| otikik wrote:
| I should have been more explicit: I meant _modern_ cars that
| don 't have this "feature".
| Silhouette wrote:
| _Is there a list of cars which don 't have remote data
| collection?_
|
| Here it is:
|
| .
|
| Unfortunately to the best of my knowledge I am not joking.
| This is one of the big reasons why I haven't bought a new
| car with modern automation and connectivity for a long
| time.
|
| I think they will be unreliable.
|
| I think they will be insecure.
|
| I think they will be privacy-invasive.
|
| I think the technology at the original time of sale will
| age quickly and manufacturers will abuse that to extract
| more money from current owners or any potential new owners
| who might buy the vehicle from them.
|
| I think the technology will allow for artificial
| limitations on vehicles' physical capabilities and
| encourage manufacturers to make pay-to-play style upgrades
| and rental models the industry standard.
|
| And I think there is a non-trivial risk that eventually
| someone will successfully exploit a remote vulnerability on
| a popular model and gain enough physical control over a
| large number of vehicles simultaneously to cause injury or
| even loss of life on a massive scale.
|
| Absolutely nothing I have seen about the auto industry, the
| people who lead it, or the people who regulate it would
| undermine any of those claims and apart from the last one
| there seems to be plenty of evidence that they are already
| starting to happen.
| mackatap wrote:
| I just got a 2012 Mazda 3 and I love how dumb it is. Bluetooth
| audio and an aux cable is really all I want.
| derwiki wrote:
| I recently switched back to MP3 CDs and am happy not dealing
| with Bluetooth or a smartphone
| mackatap wrote:
| Yeah, I have a bunch of cd's I'm happy to be able to use
| again. But it's so easy to drag and drop music onto an
| android phone.
| LAC-Tech wrote:
| You can go slightly more high tech and just plug a USB
| drive into the port. Still no bluetooth or smartphone but
| you get more than 700 odd megabytes of mp3s.
| stinos wrote:
| _Bluetooth audio and an aux cable_
|
| I'll take just the aux then, at least as long as I can. Aux
| (as in: 3.5mm jack on both ends or else on one end and the
| other one cinch or DIN to support even older devices) is
| something which has been working fairly universally to get
| music from any portable and even some not-so-portable players
| to amps in the past 30 years or so, extend to like 60 years
| to include anything compatible but with DIN (just a rough
| guess here, I still have some old Telefunken radio with an
| aux input via DIN and I'd estimate that is it's age; still
| works, moreover they really figured out nice warm bass from
| small speakers back then already). It's simple, it's a de
| facto standard, it really just works, it's a good idea
| (doubling as headphone out) and well-executed.
|
| Bluetooth audio on the other hand tries to be all of that,
| but I never quite got the feeling it's there yet, after all
| those years, and I wonder it will ever be the same level of
| 'just works'.
| mackatap wrote:
| The Bluetooth is nice because I don't have to do anything
| for it to work. I get in the car, hit play on my phone, and
| music comes out! Only downside is about a one second delay.
| Also nice for friends with phones that don't have 3.5mm.
| I've never had trouble with Bluetooth. I have a pair of
| wireless Sony headphones that really just work. I tap my
| phone to the side of them and they automatically turn on
| and connect. Battery lasts about a month.
| blub wrote:
| The newest Russian cars will allegedly not have airbags or ABS,
| so it's a good bet that they'll be otherwise analog :-)
|
| If they manage to install ABS/ESP, they might actually be an
| interesting choice, if it weren't for the likely lack of EU
| market authorisation and spare parts.
| pluc wrote:
| When it's not that... my dealer tried to upsell some tag
| protection system... but that's just an excuse for a
| geolocation harvest racket [1]. You just can't trust anyone
| today not to abuse their convenience service.
|
| [1] https://www.tagtracking.ca/privacypolicy
| jsjiwfwie wrote:
| Slightly tangential, but I am beginning to despise "smart"
| anything, because the product developers don't seem to care at
| all.
|
| I just got z-wave locks from a company ultraloq, figured I
| don't want the integration with the app etc. I will just use
| z-wave and connect to my local offline hub. But once I get down
| to set it up, I can only connect to the hub via z-wave from the
| ultraloq app. I install the app and I need to register an
| account by providing first name, last name, email and phone
| number, then the only way to pair my lock with the app is by
| enabling bluetooth and providing location access to the app
| with gps enabled. I do that and then I find out that once I
| install the app and register the lock, I am not allowed to use
| it in standalone/offline mode (setup/change lock codes directly
| from the lock) unless I do a factory reset. Funny enough, if I
| factory reset, I lock is no longer connected to my hub on
| z-wave.
|
| Basically to use z-wave with my offline hub, I need to provide
| the company my gps location, first name, last name, email and
| phone number and stream data of lock usage every time the door
| is unlocked/locked to the company. How is this not a security
| risk for the company? If they ever get hacked, all their
| customer PII data including the gps location of where the locks
| are installed are compromised.
| justinclift wrote:
| With all of those issues, maybe it would be better to return
| them?
| jsjiwfwie wrote:
| That is my plan. Their support is Mon-Fri working hours. I
| want to call their support and ask them if indeed z-wave is
| only usable if I register the lock, hook it up with their
| app and give up functionality of using it in
| standalone/offline mode. If they confirm there's no other
| way, I will return and buy something from a competitor
| instead.
| verisimi wrote:
| Smart = spy
| m463 wrote:
| > product developers don't seem to care at all
|
| They do care - it is just what they care about is
| diametrically opposed to your interests. The post-sales
| revenue stream from collected data is not only profitable,
| but in some cases more profitable than the sale itself.
| jsjiwfwie wrote:
| Makes me wonder, if people really cared the market should
| react to it and have products to cater to those needs.
| Maybe my interests and people with similar interests are a
| very small minority, everything now is setup via an app -
| toasters to routers to vacuums. The sad truth is probably
| that vast majority of people like the convenience of an app
| and don't care about privacy or data collection and the
| products/market is heading there.
| Silhouette wrote:
| _The sad truth is probably that vast majority of people
| like the convenience of an app and don 't care about
| privacy or data collection and the products/market is
| heading there._
|
| I don't really believe in this theory. Certainly the
| average HN commenter trends more privacy-aware than the
| average person in our societies but I know many "normal"
| people who don't like the intrusion but accept it because
| they don't see any viable alternative apart from giving
| up a normal life.
|
| The correct solution when competition in commercial
| markets doesn't solve a problem like this because it's
| just too profitable for everyone to carry on the abuse is
| for governments to regulate in the public interest. Of
| course that relies on elected representatives to do their
| jobs and not just pander to whichever industry gives its
| lobbyists the most funding so the success of the strategy
| is likely to vary wildly depending on which country you
| live in.
| ajsnigrutin wrote:
| yep.
|
| I only buy stuff that I can reflash (tasmota, esphome, or
| whatever), because everything else will either be deprecated,
| the cloud will be discontinued, the app wont work on the
| newest android, or there will be a huge security breach, that
| the company won't fix for "legacy" devices.
|
| This makes stuff pretty limited, but you can still find
| atleast some things that are (eg.) esp8266 based.
| fariszr wrote:
| And the big thing is after maybe 3 or 4 years its already going
| to be outdated. While you replace your phone if its outdated,
| you don't do the same thing with cars.
|
| A car + phone combination is always more capable, because its
| almost always up-to-date and the user is already used to it.
| pxeboot wrote:
| > While you replace your phone if its outdated, you don't do
| the same thing with cars.
|
| I have family that work at a car dealership. Most of their
| business comes from people leasing or trading in vehicles
| every couple years (or less).
| snoopy_telex wrote:
| A decent number of people I know only lease cars. They
| upgrade cars faster then I upgrade my phone.
| tomxor wrote:
| That's not representative. Imagine if the whole world
| refused to use any car older than 2 years... how many cars
| would have to be made every year? even if that made any
| economic sense, it certainly doesn't make any environmental
| sense. You might not think of it this way but those people
| you know are privileged, they would not be able to get a
| new car less than every 2 years unless there was a 2nd hand
| market. Cars need to last.
| mertd wrote:
| Everything is "data collection".
|
| Someone really needs to qualify the boundaries of what is
| considered a breach of privacy.
|
| Sending location, heading and speed anonymously is perfectly ok
| by me because in return we all get real time congestion aware
| routing.
| dwighttk wrote:
| nobody, but it is 22 years old.
| mixmastamyk wrote:
| License plate scanners find some data.
| jareklupinski wrote:
| Followed the Sirius link in the article to their privacy policy:
| https://www.siriusxmcvs.com/privacy-policy/
|
| > Vehicle Data... After your Vehicle's ignition is turned off,
| the Vehicle transmits the location of the Vehicle and the time it
| was turned off.
|
| If every car with Sirius installed transmits the time and
| location when it was switched off to marketers, that would close
| the loop on all those "I just moved to this place and I'm getting
| local robocalls to my cell number".
| pilgrimfff wrote:
| That's a horrifying policy. Though advertisers don't need
| Sirius. USPS will sell your change of address data to any one
| who had your old address
|
| https://www.edq.com/glossary/ncoa/
| MSM wrote:
| >"I just moved to this place and I'm getting local robocalls to
| my cell number"
|
| This is more than likely just a combination of National Change
| of Address database (which is updated daily, I think, and there
| seems to be a lot of companies selling it) and some marketing
| information from one of many services that sell it, almost all
| of which contain your cell phone.
| ldayley wrote:
| True to HN form the proposed remedies tend to be technical in
| nature (though not necessarily wrong). This is another one of
| those problems best rectified with legal protections, not blog
| posts about how to disconnect the antennas. At the state level
| (in the US) it would be manageable to pass laws limiting or
| banning these practices, and that should be the first response.
| Of course backing that up with technical workarounds doesn't
| hurt, either...
| xanaxagoras wrote:
| I didn't see a blog post with instructions on how to remove the
| antennas. Got one? I'd love to do this. I'd love even more to
| pay a mechanic to do this but I'm not even sure what I'm asking
| for. I think there are 3 two way radios in my car, Sirius and 2
| cellular modems from what I can glean from the user's manual.
| It's a 6 month old $50k car; asked about it on a subreddit and
| someone said it would probably void my warranty - fucking
| awesome.
|
| Legal protections would be nice, but I'd like to stop being
| stalked _immediately_.
| WaitWaitWha wrote:
| I will assume removing the radios, or modifying them would
| indeed void the warranties. On the other hand if the radios
| were blocked, without direct manipulation (i.e. Faraday cage-
| ish ideas) if the connectivity fails, is warranty void?
|
| An alternative would be to use something Ms Fried built in
| 2006[0], but more specific. Come to think of it... this might
| be a small business idea...
|
| [0]http://ladyada.net/make/wavebubble/index.html
| Pakdef wrote:
| Ford is: https://www.businessinsider.com/ford-exec-gps-2014-1
| (Ford Exec: 'We Know Everyone Who Breaks The Law' Thanks To Our
| GPS In Your Car)
| rad_gruchalski wrote:
| Oh, not only GPS. Ford cars stream data in real-time. BMW cars,
| for example, only when the cars stop. AFAIR, Toyota cars also
| stream in real-time.
| bertil wrote:
| I'm surprised that all this web of data hasn't led to the most
| meaningful and significant improvement we still need in the car
| industry: have people who drive dangerous pay more for their
| insurance. It takes very little time near a road to notice that
| some people present an order of magnitude more risk than others,
| and no one has ever tried to confront them about it -- at least
| successfully.
|
| With cars and their drivers killing more than a million people
| every year, a little constructive feedback would be a major help
| to avoid so many tragedies.
| dahart wrote:
| At least three of the companies listed in the article offer
| apps that track your driving and give an insurance discount if
| you sign up. This could be seen as effectively the same thing;
| safer drivers paying less is perhaps equivalent to dangerous
| drivers paying more. Yes it's voluntary so this isn't perfect,
| but I'd speculate there is some presumption that in general
| safer drivers are the people signing up for the discount. This
| unfortunately comes in the form of a privacy trace-off, but if
| having dangerous drivers pay more is the goal, I'm not sure
| there's a way to have that without some monitoring.
|
| Another way your wish already exists partially is that people
| who cause accidents have higher insurance rates. This isn't
| 100% effective, but some of the people who prove themselves
| more dangerous really do pay higher insurance already.
| bertil wrote:
| > safer drivers paying less is perhaps equivalent to
| dangerous drivers paying more
|
| That's not what happens in practice: drivers concerned about
| their privacy don't use those apps, not those who drive the
| most carefully. Subscribers remain a minority. This is a
| shame because careless driving requires very little
| information, nothing that is genuinely affecting privacy.
| dahart wrote:
| How do you know what happens in practice? I have no idea
| who's signing up for discounts. I'd speculate wildly that
| specific monetary discounts win over generic privacy
| concerns more often than not, but I have no idea.
|
| But if we're to have dangerous drivers pay more, without it
| being a voluntary opt-in system, then someone needs to be
| able to monitor all drivers, right? What information are
| you thinking of that isn't considered private? You could
| have the cars reporting only speed & steering & accel/decel
| telemetry, but that might be easily hackable. Having GPS to
| compare against is much more trustworthy. What if primary
| components of safe driving are where and when you drive?
| Choice of roads and time of day may matter for some drivers
| as much as speed. Maybe the behavior in the proximity of
| other cars is a primary factor, I wonder how that could be
| reported - how often you pass, how much room and time you
| leave when changing lanes, how closely you follow, etc.
|
| I wonder what it would really take to identify dangerous
| driving. The largest factors identified by the NHTSA are:
| drinking, speeding, being "distracted" (using a cell
| phone), and driving tired. Speeding might be the easiest,
| while monitoring for drinking and tired and cell phone use
| seem more invasive.
| bertil wrote:
| > How do you know what happens in practice?
|
| I've done consulting work for that industry.
|
| > What information are you thinking of that isn't
| considered private?
|
| Statistical distribution of the absolute jerk. People who
| race, and distracted drivers have to correct at the last
| minute both have sudden changes in acceleration.
| dahart wrote:
| That seems pretty reasonable as one valid data point, but
| unlikely to capture dangerous driving broadly and
| accurately, no? Certainly location and traffic and speed
| matter, and jerk might not tell you much about people who
| drink or drive tired; certainly a large percentage of
| accidents happen without sufficient deceleration prior to
| collision. I could be wrong though, maybe the
| accelerometer data over time is reliable at identifying
| bad drivers, it'd be interesting to see how well it does.
|
| My kids use the insurance company apps and they are
| pretty awful in terms of accuracy. The apps nit pick the
| turning and braking based on acceleration data, and I've
| ridden with them and watched it call out safe driving as
| bad. One downside of this is that neither my kids or my
| wife and I trust the insurance company app to understand
| safe acceleration. I'm a little bit worried about what
| happens to this data and to the insurance company's
| conclusions about what stops and turns were safe or not.
| It would be bad IMO if this record follows people around
| informing law enforcement using poorly decided thresholds
| for safety. The crappy app, of course, does not mean that
| the insurance company can't reliably identify dangerous
| drivers, but there's no indication to me that they're
| using the data in a way I'd want or agree with... even if
| I'm completely on board with your suggestion to identify
| dangerous driving and charge for it.
| mdp2021 wrote:
| Such check has been implemented many years ago by insurance
| companies through data collection from GPS devices.
| pessimizer wrote:
| It's even in the commercials in the US.
|
| edit: and the last four entries on the list from tfa.
| otikik wrote:
| Go after the insurance companies instead. They are highly
| motivated to pass on the costs to their customers. I don't know
| exactly what would be an appropriate metric though.
| WaitWaitWha wrote:
| Commercial, fleet insurance works exactly like this.
|
| Back in the 80's there were already such solutions that would
| monitor speed and location based on cell tower. the data would
| be chirped back periodically. The price of the insurance would
| depend on driving speed and postal code for the cumulative
| information of the entire truck fleet.
|
| Today, this is not even a question. It is the de facto way of
| charging fleet insurance.
| llIIllIIllIIl wrote:
| Because that's not their problem. They want all their customers
| pay more, because people can change their driving habits. It
| shall never be the reason for profits to fall through.
| akira2501 wrote:
| > present an order of magnitude more risk than others
|
| The data really doesn't bear this point out, or the category of
| drivers your considering are such a small part of the total
| that changing their behavior will have almost no noticeable
| impact on the total.
|
| Further.. at least in the US, the majority of fatal accidents
| are single vehicle accidents where the driver was impaired
| either by alcohol or other drugs. You don't really need to mine
| data from the car to figure out who and who isn't the problem
| here.
|
| > With cars and their drivers killing more than a million
| people every year,
|
| That's uncharitable. Bad road design and failure to make
| protected pedestrian paths (16% of all fatalities in the US are
| pedestrians) definitely deserve some credit here too.
|
| > a little constructive feedback would be a major help to avoid
| so many tragedies.
|
| Based on US data: If you drink and drive you should be revoked
| for 10 years. It should be illegal to give people under 24
| vehicles with more than 250hp, or any power level with a turbo.
| jbotdev wrote:
| I have a car with Here maps, but it never occurred to me that a
| side effect of it having a data connection is data collection.
| I've been used to car navigation systems being offline, but it
| seems newer models like to search online for results, which of
| course exposes a lot of data to their servers.
|
| I wonder if you turned off the "online" search results and
| routing if it would shut off data collection, or if you'd have to
| physically cut off the cell connection.
| JadeNB wrote:
| > a side effect of ... a data connection is data collection.
|
| This is a fantastic catchphrase.
| tunap wrote:
| If FAANG has taught us nothing else, the option you choose will
| be expressly ignored if it is not the _right_ choice. Metadata
| is gold. Full stop.
| Incipient wrote:
| I'm a bit surprised Android auto didn't crack a mention. Take a
| guess how much they'd be collecting too!
| colordrops wrote:
| Can't wait until there is an EV with good range and no connection
| to the cloud. Very unlikely, I know.
| LAC-Tech wrote:
| Are there even modern ICs that don't connect to the cloud?
| wiz21c wrote:
| If the car sends data back to the mothership, then who pays the
| phone bill ? Say's it's about an SMS size each time I use a car
| so maybe 0.02$ a day ? 200 days/year, 10 years => 0.02 _200_
| 20=80$ and they sure have discount, so it's very cheap...
|
| IS there a way to know where the chip is ? Is there a way to jam
| it so it can't send information back ?
| rad_gruchalski wrote:
| > If the car sends data back to the mothership, then who pays
| the phone bill
|
| You do. The bill is included in the purchase price of the
| vehicle. The manufacturer sources data SIMs, pays for data
| ahead of time, and that's to the cehicle price.
| thrtythreeforty wrote:
| The simplest solution may be to disconnect the antenna. I would
| be very impressed if this negatively impacted the actual rolls-
| down-the-road functionality, since it's always possible that a
| car is in an area that has no cell service, and it would need to
| work without an always-on connection.
|
| This is unlikely to be in the service manual, though. Are people
| identifying where the radios in new cars are?
| akomtu wrote:
| It's almost always the shark fin on the roof that has separate
| gps and cellular antennas.
| mdp2021 wrote:
| > _I would be very impressed if [no cell service] negatively
| impacted_
|
| Tesla issued a press release years ago in which they reassured
| the public that their cars were used in connection-less or
| heavily-firewalled territories, and they still run.
|
| While on the one hand those reassurances are sinister ("our new
| feature will not impair function"; "our electronic systems will
| not fail when driving in the desert" - which was false for some
| manufacturers), also note that - as one poster nearby notes -
| that the item seems to work properly at some point in time is
| not a warranty for the future.
| chrismartin wrote:
| It's often even simpler to find the fuse for the cellular radio
| and pull it.
| AlotOfReading wrote:
| It's quite possible that the same antenna package providing
| cellular connection is also providing the antennas for GNSS and
| radio.
|
| It's also not impossible that you'll start to experience odd
| behaviors and warnings after a month or two, as the software
| stack expects connectivity _eventually_.
| fmntf wrote:
| Frequencies among radio/gps/cellular/bt are different, you
| need separate antennas.
| WarOnPrivacy wrote:
| The article notes 3rd party data services sprung up because car
| manufacturers weren't equipped to well-leverage the collected
| data.
|
| If auto financing taught us something, it's that manufacturers
| are compelled to control every monetization opportunity.
|
| I expect car companies will soon give their partners a choice -
| either sell yourselves to us or get locked out.
| pessimizer wrote:
| I have it on good authority that it's not a monopoly if more
| than one company exists on the planet. In the end it will just
| be Monocorp and Mozilla, surviving on yearly half-billion
| monobuck(r) checks from Monocorp.
| nobody9999 wrote:
| I'm a little confused by the discussion here. Please forgive me
| if I've missed something obvious.
|
| Much of the discussion seems to be around the _government_
| (usually, but not limited to, police) monitoring the location and
| operation of a vehicle _on public roads_.
|
| While I'm not a huge fan of government surveillance, registering
| a vehicle (and obtaining a driver's license) and monitoring the
| performance of that vehicle (and its driver(s)) are
| _governmental_ functions purporting to ensure the safe operation
| of a vehicle.
|
| Corporate entities, like auto manufacturers, dealers and "tech"
| companies have no such responsibility, nor do they have any role
| in (except in abiding by the law/regulation -- e.g., emissions
| standards).
|
| So, unless there is some sort of _government_ mandate to collect
| such information, corporate entities have no reason (other than
| their own profit) to collect location, velocity and /or in-
| vehicle activities.
|
| IMNSHO, that they do so should be much more concerning than red
| light or speed cameras, being followed for a few miles by the
| police, or as is popular where street parking is a thing,
| checking registration/inspection expiry.
|
| Just as one (or should be) is horrified by the levels of tracking
| by corporate entities on IOT devices, "smart" TVs,
| dishwashers(?!?), etc., etc., etc., why are folks focusing on the
| _government_ here?
|
| They aren't gathering the boatloads of information being
| collected by the corporate entities (and if the government starts
| buying such data, they should be smacked down hard!) that are
| invading/destroying what little privacy we might have.
|
| As such, I don't get why the focus is on the government rather
| than on the folks _actually_ gathering all this data.
| devoutsalsa wrote:
| You might change your mind when the government starts tracking
| the fact that you drove to an abortion clinic.
| jancsika wrote:
| Hm, I was looking at 2022 Prius Prime LE and I don't see any
| evidence they even have a SIM card in them.
|
| Also can't imagine that Mitsubishi would be wasting money putting
| a SIM in a Mirage.
|
| Am I wrong? If so, how do I find out short of physically
| inspecting dozens of vehicles myself to see if they contain a
| SIM?
| tyingq wrote:
| Not sure that stops it even. Some company could, for example,
| cut a deal with oil change places to download/upload the data
| when you visit.
| j-bos wrote:
| This. I went to get an inspection at a Valvoline place and
| the final part involved plugging their device to the car's
| computer. They were clear that it had nothing to do with the
| inspection, just "policy". I didn't push back since it was
| the last day for inspection, but honestly. Our culture keeps
| is of isolation and siloed personal lives, except for
| corporations, they have their fingers in the details of all
| personal affairs.
| RHSeeger wrote:
| It is worth noting that pretty much all the "quick oil
| change" brands have horror stories associated with them.
| Everything from minor ("they didn't notice my air filter
| needed replacing") to fraud ("they tried to get me to pay
| for an air filter that was replaced the week before; and
| showed me a dirty one that wasn't mine") to outright
| dangerous ("they left a tool on my engine that could have
| (or did) destroy when it fell into the workings, later"
| [1]). As a general rule, they tend to hire people without
| any _real_ training or motivation to be good at their job.
| I highly recommend being very wary of such places.
|
| To be clear here, not all of them are like this; possibly
| not even most of them. But enough of them are that I
| generally try to always go to a local shop to get my oil
| changed. It's not worth the risk to me. If you have one
| that you know enough about to be comfortable with, none of
| this applies to you.
|
| [1] I had this happen to me. Got home, popped the hood, and
| there was a screwdriver sitting on top of my engine. If it
| had fallen in on the highway, it could have caused some
| serious damage/injuries. Luckily, it didn't.
| AlotOfReading wrote:
| Honestly, as someone who's been involved with designing
| some of the internal systems and seeing how effective they
| can be, the large majority of the time a car either has the
| potential to be able to detect or already knows where the
| problems are located. The facilities to detect that are
| simply not in place or exposed to end users/techs in enough
| detail.
| tyingq wrote:
| They do need to read the "emissions readiness" in many
| (all?) US states.
| j-bos wrote:
| Of course, but they did that with a sensor. If anything
| my car computer says it has an emissions issue. But maybe
| I'm missing something.
| tyingq wrote:
| "emission readiness" is a specific state of the computer
| where all of the sensors are reporting "good for an
| extended period of time". It takes several drive cycles
| to get into that state. So that you can't, for example,
| reset the ECU and drive in for an inspection right then.
|
| They do also do live tests with a sensor, but the "ECU
| says car is emissions ready" is an additional
| requirement. At least in many US states...maybe not
| yours?
| someweirdperson wrote:
| > all of the sensors are reporting "good for an extended
| period of time"
|
| Not exactly. Boring monitors like those for sensors or
| actuators are excluded / always reported as ready. Even
| misfire is always ready, and fuel was, too, until
| recently.
|
| But of course since the more intersting monitors take
| long to complete, when they do reach ready, simple sensor
| checks would long have set at least a pending code if
| there was a problem.
|
| Next update in california will likely require all
| monitors to be included in the readiness status latest
| for model year 2027.
| tyingq wrote:
| Hrm. I've done this myself with the OBD-II reader and
| some do come up pretty quickly, but they took all some
| amount of running/driving to be ready if you reset the
| ECU...which people would try if there's a code stored /
| check engine light on. Some of them take quite a while to
| be ready.
| wsh wrote:
| For the Prius Prime, page 8 of the brochure describes Toyota's
| Connected Services, and page 10 says it's a feature of the LE
| model:
|
| https://www.toyota.com/content/dam/toyota/brochures/pdf/2022...
| jancsika wrote:
| Damn, I guess this is endemic now.
|
| Hey-- where's that free market HN poster on this one? I want
| to know how to use the law of supply and demand to find a new
| car without a SIM chip.
| xanaxagoras wrote:
| There isn't one.
| someweirdperson wrote:
| While they all can connect (required), there could be
| cars that only connect in case of an emergency.
|
| Availability of such cars is declining of course, but I
| don't think they are extinct yet. If in doubt check Lada
| or similar.
| mrshadowgoose wrote:
| You are wrong.
|
| You aren't going to find "sim card" on a car's spec sheet for
| the same reason you wouldn't find "lug nut". It's a component.
|
| If a vehicle has any sort of telematics, and/or an emergency
| assistance feature, it's got cellular data connectivty.
|
| That includes the Prius you mentioned, and a a boatload of
| other Toyota vehicles.
| RyJones wrote:
| If you want to see what Honda collects:
| https://gist.github.com/ryjones/73739f6a7e662b9ed9ba64d9141f...
| codedokode wrote:
| Wouldn't this be illegal under GDPR? A license plate number can
| be linked to the owner and therefore can be a PII, as well as car
| serial number or other identifier.
|
| Also, this shows that no matter if you pay for the product or
| not, you become the product for squeezing the data anyway.
|
| Also, this could be a national security issue everywhere except
| US if US government would be able to track the cars all around
| the world. For example, what if they will track the cars used by
| defence industry employees or military personnel?
|
| Such tracking equipment should be banned for import, but it is
| more likely that local government will just ask to provide the
| data to them too.
| AinderS wrote:
| > Also, this shows that no matter if you pay for the product or
| not, you become the product for squeezing the data anyway.
|
| Because it's not due to money, but _power_. They have the power
| to put spy devices in so many cars it becomes (near) impossible
| to buy one without, and so they do it.
|
| A product only respects your rights if you can control it, if
| you have the power and leverage to change how it works. If you
| don't, you get user-hostile features whether you like it or not
| (the Intel Management Engine, and its AMD equivalent, being
| just two examples).
| teeray wrote:
| This doesn't end until data is seen by companies as a liability
| rather than as an asset.
| dahart wrote:
| What is the current legal thinking on the right to privacy while
| driving, has there been any legal development recently? In a car
| on public roads, location (for example) isn't something we have
| historically had a right to keep private. Companies could, and
| the government sometimes does, legally track license plates or
| RFID tags on some roads (esp. state borders, bridges, HOV lanes).
|
| So we've never had a right to not have our whereabouts known or
| tracked, but companies and the govt have also never been able to
| track everyone extremely easily until recently. So there's
| legitimate concern that the ease and scale of location tracking
| mean that we should perhaps establish a right to some privacy,
| but I'm not sure how that stands up to other people's rights to
| see you and identify you when you're in public.
|
| I was just thinking about the famous "Photographer's rights"
| pamphlet that has gone around the internet for a while, and
| people who post YouTube videos of being harassed by police or
| security guards who claim photos can't be taken of a building or
| site when the photographer is standing on public ground. The
| pamphlet patiently explains that you're allowed to photograph
| anything visible from public land. Googling, I see a page at ACLU
| dedicated to the same idea https://www.aclu.org/issues/free-
| speech/photographers-rights
|
| I'm thinking about the future: imagine people made a stink about
| cars transmitting this data, and companies deciding instead to
| install cheap cameras everywhere on all roads. How do the
| photographer's rights interact with people's expectations for
| privacy? What should we expect, and what expectations are
| unrealistic and need adjusting? Are there any developments were
| lawmakers are addressing where the right boundaries are between
| public rights, private data, and the scale of cheap ubiquitous
| digital tracking?
| samstave wrote:
| There are tech companies that have cameras that track all the
| vehicles that drive by their campus HQs -- and report the
| activity back to the city/police
| calvinmorrison wrote:
| this problem is simple to solve, remove license plates. They're
| pointless anyway.
| dahart wrote:
| What do you mean? To the DOT, license plates ensure drivers
| have had basic training and that the vehicle has been
| inspected for basic safety and emissions standards. To
| police, the license plates offer a way to find out who the
| driver is. You might not see direct benefits today, but there
| certainly is a point to plates. If you find yourself in an
| accident that is the other party's fault, you might
| understand the benefits to you of their license plate being
| visible. I hope that doesn't happen to you, but many people
| in the past have been glad the offender could be identified.
| calvinmorrison wrote:
| The side effects cannot be worse than the medicine. License
| plates and modern data collection practices are far worse
| than any of the purported benefits.
| googlryas wrote:
| I guarantee you 95% of America doesn't agree with you on
| this.
| dahart wrote:
| I'm still not following, could you elaborate on the
| problems with license plates? What are the negative side
| effects, and how/why is that "far worse" than meeting
| safety & emission standards and catching at-fault drivers
| after accidents?
|
| One thing to consider is what would happen if license
| plates actually did go away. This idea is completely
| unrealistic- license IDs & license plates (or some way
| for police to identify you) are never going away. But
| assuming they did, what would happen? This would mean an
| astronomical increase in hit and run accidents, in
| uninsured driving, and in criminal activity from unsafe
| driving to theft. Do you think that wouldn't happen, and
| if so why? Why would having no plates be a better thing
| than having them?
| calvinmorrison wrote:
| The problem is that our government cannot be trusted. The
| car-ification of the united states in combination with
| endless driving regulations creates a dragnet for the
| police to simply stop and detain anyone going about their
| daily lives.
|
| There's no reason license plates expire, there's no
| reason we should have to pay for inspection, there's
| little proof it even is effective in improving safety.
|
| Drivers licenses again prove very little. People are
| pulled over constantly for suspended and expired
| licenses, were the unable to drive? clearly they were.
|
| The issue with license plates is that it creates a
| automatic background check on every person who drives
| past a police officers with an ALPR. It's about as bad as
| the slave catching squads from the ante-bellum era.
| There's no reason I should have a bench warrant from
| missing a traffic ticket in New Jersey cause a police
| officer to detain me, arrest me, jail me, and send me
| back to New Jersey.
|
| The problem is, you cannot separate the benefits from the
| bad. The problem is the government routinely abuses their
| power of licensure (see may-issue licenses in new york)
| to the point they cannot be trusted to license at all.
|
| Given the rampant abuses on our civil rights from the
| government, especially state and local governments who
| tend to do the day to day brunt of enforcement, I
| hesitate to offer them any option to be more efficient.
| pxeboot wrote:
| These things are all decided by individual states.
| Permanent license plates and zero inspections are
| definitely a thing in some parts of the country. Drivers
| licenses with very long validity periods were too, until
| REAL ID became essentially required.
| dahart wrote:
| > The problem is that our government cannot be trusted.
|
| Depends on what you mean, it sounds like you're saying
| the government cannot be trusted to be perfect. I'd agree
| with that. But the counter problem is that the public
| cannot be trusted either. A huge number of people can and
| will avoid maintaining their car if they don't have to,
| will wait to purchase tires until after they're bald,
| will drive with smoky exhaust, will avoid paying sales
| taxes if they aren't caught, will crash their cars and
| run if they can't be tracked down, etc. etc.
|
| This isn't really a government problem, it's a people
| problem. People just happen to make up the government.
|
| > There's no reason license plates expire, there's no
| reason we should have to pay for inspection, there's
| little proof it even is effective in improving safety.
|
| Kind of a lot to unpack there. Contrary to your claim,
| there are reasons plates & registration & IDs expire.
| Whether you accept and agree with those reasons is a
| separate question. Cars do change hands and degrade over
| time. It makes sense to check in, especially from the POV
| of the govt who maybe primarily wants to tax any sales,
| and keep track of who's associated with each license
| plate.
|
| Safety and emissions inspections are improving our safety
| & air, and there's data over time to show it.
|
| > Drivers licenses again prove very little.
|
| There's some proof; we have lower accident rates than
| some other countries where drivers have a lower barrier
| to entry. Aside from that, licenses are partly for
| identification. You might not like that, but that is part
| of their purpose.
|
| > It's about as bad as the slave catching squads from the
| ante-bellum era.
|
| Hard disagree. Treading dangerous water with this one.
|
| > There's no reason I should have a bench warrant from
| missing a traffic ticket in New Jersey cause a police
| officer to detain me, arrest me, jail me, and send me
| back to New Jersey.
|
| Sure there is, you appear to be fleeing when you miss a
| court date and drive across state lines. I'm skeptical
| this happens with any regularity over minor traffic
| tickets with no other context and a clean record. But
| again you're saying "no reason" when what you mean is you
| don't like it.
|
| > Given the rampant abuses
|
| You've established that you have a fear of abuse, but not
| that it's affecting you routinely. I haven't seen any
| dragnets ever, personally.
| pixl97 wrote:
| Ah, libertarianism coupled with if you cannot solve every
| case then you shouldn't solve any case.
|
| I can separate the benefits from the bad. The road
| without rules is a net loss for everyone. Companies and
| individuals would gladly save on getting inspections if
| it saved them a few dollars at risk to everyone on the
| road when their bald tires and bad brakes finally failed
| them.
| livueta wrote:
| How about this: e-ink plates plus public-key
| cryptography.
|
| Your actual license number or other identifier, plus a
| time-based nonce, is encrypted with the DOL's public key.
| The displayed value changes as the nonce changes
| according to its schedule, so third-party observers can't
| correlate the displayed value across time.
|
| If you get in a hit-and-run and note the displayed plate,
| the DOL has the other half of the keypair, the time, and
| the derivation function for the nonce, so can translate
| the displayed value to the actual owner.
|
| Not being able to publish a single stable value in amber
| alert cases would be a bit of a regression, but you could
| still publish what a value would be at a particular time
| interval.
|
| Doesn't do anything about governmental abuses of ALPR
| data but could be effective at cutting out corporate
| abuses. I'm probably missing something but it doesn't
| seem to increase info leakage w.r.t the status quo either
| - you'd theoretically be able to figure out when a
| particular image of a plate was taken, but that source
| would almost definitely be timestamped anyway.
|
| e: I don't think "just ban private ALPR" is a solution;
| it's simply way too easy to do with COTS+FOSS and way too
| hard to enforce against.
| dahart wrote:
| It makes sense as a technical solution to the problem of
| not being tracked / identified by NGOs. Could work but
| seems a little complicated, and unlikely to end there;
| car, location & face recognition could achieve the same
| ends, by and large. (China already does this). However
| the bigger issue to resolve is the goals and legality. We
| haven't yet established that being able to identify
| someone in public is bad, or conversely that being able
| to travel anonymously is a goal we want, right?
| livueta wrote:
| > car, location & face recognition could achieve the same
| ends, by and large. (China already does this).
|
| Yeah, I actually started out writing that comment about
| how license plates are probably unnecessary given the
| volume of other forms of location data accessible to LE
| but the peak HN strat was more fun to think about.
|
| > We haven't yet established that being able to identify
| someone in public is bad, or conversely that being able
| to travel anonymously is a goal we want, right?
|
| I don't have full answers here, but I think it's worth
| considering the modes of enforcement enabled by this
| change. Despite there being no de jure change in privacy
| protections while in public, there's been a de facto
| change from that kind of data only being accessible in
| cases of specific, targeted investigations to that kind
| of data being accessible to automated dragnet
| enforcement. Targeted investigations are inherently
| limited in scale and there's (at least theoretically) a
| nexus between the investigation and some kind of probable
| cause, but dragnet enforcement generally disregards
| fourth-amendment protections. The Carpenter decision
| theoretically offers some protection against this, but
| parallel construction is trivial enough that I'm not
| exactly resting easy.
|
| So, I think it is possible to be against ALPRs without
| necessarily being for wholly anonymous travel in public -
| it's an issue of probable cause and avoiding the fruit of
| the poisoned tree, not one of absolute lawlessness. My
| (admittedly silly) suggestion is also problematic because
| it doesn't address this concern at all. My real feelings
| are a lot closer to 'calvinmorrison, but I acknowledge
| that "just get rid of license plates" isn't exactly a
| winning proposition to the average voter.
| aaaaaaaaaaab wrote:
| Lol! This comment is peak HN.
| calvinmorrison wrote:
| > I don't think "just ban private ALPR" is a solution;
| it's simply way too easy to do with COTS+FOSS and way too
| hard to enforce against.
|
| Which leads to another issue, that local governments have
| contracted these corporations to do just this. From red
| light cameras to suvellience cams, police don't actually
| store this data themselves, private companies do the bulk
| of the work here.
| livueta wrote:
| And even if we could do something about ALPRs, the same
| outsourcing of the 4th is going on in areas like mobile
| telemetry.
| mikestew wrote:
| _How about this: e-ink plates plus public-key
| cryptography._
|
| You're suggesting that a solid plate of metal that can
| sit, neglected, out in the weather for multiple years
| without much visual wear, and when damaged by the car
| wash can just be bent back to shape, and replace that
| with your delicate little piece of electronics and
| software? And pile on some PKI to boot?
|
| I'm seriously on the fence in deciding if this comment is
| trolling me, or if this is what late-stage HN looks like.
| :-)
| livueta wrote:
| It was definitely at least partially tongue-in-cheek ^_^
|
| I bet you could figure out the physical aspects. E-ink
| tech itself has come a long way in the last few years
| following some patent expirations, and the electronics
| stuff is basically just a yubikey JB welded to a license
| plate frame. The cost per unit would be pretty low at
| scale, so just replacing borked units seems pretty
| doable.
|
| Imo, a bigger problem is competent implementation. Yeah
| sure, the DOL is gonna run a bunch of PKI infrastructure
| and not mess that up. At least in my region, just keeping
| a largely static website up seems to be a struggle.
| kube-system wrote:
| License plates signify an owners initial registration.
| That's it.
|
| > license plates ensure drivers have had basic training
|
| No, that's what a drivers license does.
|
| > and that the vehicle has been inspected for basic safety
| and emissions standards.
|
| Most states (even ones that do require those inspections)
| issue license plates without these.
|
| > To police, the license plates offer a way to find out who
| the driver is.
|
| They really don't, because vehicles are frequently driven
| by people who did not register them.
| reaperducer wrote:
| Both you and the parent are making broad assumptions
| based on narrow experience.
|
| I've lived in enough states that various parts of my
| experience from various jurisdictions both confirm and
| refute each of the points made.
|
| It's important for everyone to remember that their
| experience is not the only experience.
| dahart wrote:
| Since you implicate me, I'm open to feedback and willing
| to change my mind. Would you point out my incorrect
| assumptions to me?
| kube-system wrote:
| I'm not making any assumptions.
|
| In all 50 states, plates represent the registered owner
| and not the driver, because non-owners can drive cars in
| all 50 states.
|
| As for safety and emissions, only a minority of states do
| each of these, and the majority of those denote
| compliance with a sticker, or have exemptions:
|
| https://en.m.wikipedia.org/wiki/Vehicle_inspection_in_the
| _Un...
| spinny wrote:
| Portuguese license plates for a long time had the
| month/year of the car manufacture. This been discontinued
| because apparently no other country in EU does this and
| it was confused with expiry date.
|
| There is no other indication on the license plate. just
| the numbers and letters.
|
| I assume that expiry dates on US plates is related to
| either road tax or vehicle inspection
| landemva wrote:
| Years ago I put my cars in business name and the mail
| goes to a post office box. Simple and cheap privacy, yet
| most people can't be bothered to do it.
|
| Whenever I get one of the geotracking cars, hopefully the
| antenna wire will develop a fault.
| rad_gruchalski wrote:
| > Simple and cheap privacy, yet most people can't be
| bothered to do it.
|
| Most people don't have businesses registered.
| dahart wrote:
| > They really don't, because vehicles are frequently
| driven by people who did not register them.
|
| Someone else driving your car doesn't prevent the police
| from compelling you to tell them who drove your car. The
| point is the police can come to you. Different story if
| the car's stolen, of course, but license plates in fact
| are used often as the first point of contact to identify
| drivers, regardless of whether it is their car. Without
| the plate, there might be nothing to go on, right?
|
| Your other corrections are valid, I was imprecise with my
| point. Do you agree with parent that plates are
| pointless? I was only trying to point out the utility and
| reasons for the existing system of licensing and
| registration, plates, IDs, and stickers. I can see parent
| is making more of a political statement than one of
| actual utility, but maybe also important to keep in mind
| that purpose and utility of the various parts of this
| scheme look different depending on who you are.
| kube-system wrote:
| No I think plates are important, for the purpose of
| correlating a vehicle back to the registered owner.
|
| And this can be used, in turn, to look up a lot of the
| other data you pointed out, even if it does not do so
| directly.
|
| > Without the plate, there might be nothing to go on,
| right?
|
| There's the VIN, but they're difficult to see at a
| distance, and don't indicate the jurisdiction of
| registration for out of state vehicles, and so, they'd be
| a PITA for most things states care about using plates
| for.
| mnahkies wrote:
| Difficult to see at a distance is a little charitable -
| all cars I've encountered the vin is in the engine bay.
|
| Without a license plate, all you have to go on is make /
| model / colour and any obvious modifications, essentially
| the same as seeing a random human but with less
| cardinality since vehicles are mass produced
| rad_gruchalski wrote:
| The VIN number in modern cars is located in multiple
| places. Usually: engine mount, central tunnel, under the
| windscreen, often in the trunk.
| mdp2021 wrote:
| > _photograph anything visible from public land_
|
| From public land I can see people sunbathing in their gardens.
|
| For a photographer, there may exist an excuse such as "yes but
| the landscape in the background"...
|
| For data such as the routes of a car1, there is no excuse.
|
| (1Which does not overlap with "what enters or leaves a
| territory" - monitored in many administrations.)
| dahart wrote:
| Would you mind elaborating? I don't know what you mean by
| 'excuse' in either example. You don't need an excuse as a
| photographer to capture people sunbathing in their gardens,
| if you're standing on public land. And law enforcement
| doesn't currently need an excuse for tracking location. In
| both cases, the real issue is that there is currently (as far
| as the law is concerned) no "reasonable expectation of
| privacy" when you're outside and visible to others.
| rolph wrote:
| when when in alaska, and the distance is such that
| technical or mechanical means are required to observe nude
| sunbathers, there is no public visibility, the offense is
| with the fault of the eavesdropper, and it is voyeurism.
| dahart wrote:
| Totally, there is a line you can cross, and it might
| require a telescope or mirrors. There absolutely is an
| expectation of privacy on private property when there is
| no public visibility. I wasn't talking about telescopes
| or mirrors X-rays or any other tricks, just what you can
| observe with the naked eye. There probably is a gray area
| here with zoom lenses that would have to be decided in
| court, it might come down to intent and not who's fault
| it is.
|
| I guess that discussion is veering away from the
| practical question of whether anyone should be able to
| know who you are if you're driving on public roads. It
| doesn't require any special technical or mechanical means
| to see people's license plates and faces from the side of
| the road or from poles or overpasses, right? What I'm
| really curious about is whether there should be laws
| established against such surveillance because it has
| become too cheap and easy to monitor everyone at once all
| the time, or whether as a society we deem activity in
| public space to be public knowledge and not a matter of
| privacy, whether no privacy should be expected.
| rolph wrote:
| popular culture plays into it alot.
|
| there are somethings that are illegal that the public,
| and enforcement simply ignore most of the time. there are
| other things that are legal but apalling to the public
| when they encounter them.
|
| i think this distills to a threshold for surveillance.
| there needs to be some discriminator between casual
| observation, and active surviellance.
|
| there seems to be a need to revisit just what a warrant
| is, and why it is required. i really would like to see a
| warrant apply to any means of collection, as in the
| warrant is allowing posession of the data itself,
| regardless of the origin as a court appointed priviledge
| for the term of the investigation, -regardless of origin
| RHSeeger wrote:
| I think problem here is one of trying to limit the "pre-crime"
| instead of the crime itself. We have a problem with companies
| using mass data surveillance to keep track of the movements,
| generally of large amounts of people. Trying to stop this by
| creating laws that prevent taking pictures is almost doomed to
| fail.
|
| Along the same lines, if an office follows someone (they
| believe might be related to a crime, etc) around town to track
| their whereabouts, that seems within reason. If the police
| force (using advances in technology) tracks the whereabouts of
| all people at all times, it's unreasonable. It's the same
| thing, just at a different scale.
|
| We need to find an effective way to allow the "components" of
| something that isn't allowed, without allowing the thing
| itself.
| gumby wrote:
| > What is the current legal thinking on the right to privacy
| while driving
|
| I think it's pretty clear from precedent you have none.
|
| Every vehicle displays a unique number in large, readable type,
| and has for longer than any person has been alive. I haven't
| seen any objections.
|
| The same applies to driving licenses that are covered in very
| personal information which is handed over willy-nilly to anyone
| who asks for it.
|
| In California they make it clear that driving is a "privilege",
| not something in which you have any rights.
|
| Edit: another example: notice that the automatic toll
| collection systems are always implemented as
| registration+billing based systems rather than as any kind of
| privacy-protecting cash-like schemes.
| dahart wrote:
| I mostly agree on precedent, as far as I know, but I would
| say that recent developments like the GDPR and others
| targeting _digital_ practices are probably starting to broach
| this topic of what is public and what is private. And I'm
| asking because I don't know whether precedent is changing
| right now; I imagine that it is changing in some locales.
| Googling just now I noticed that California passed a new
| privacy act in 2020. I've seen a lot of discussion and
| debate, and the idea that cheap mass surveillance technology
| is a marked departure from what was available before this
| century does legitimately question whether we can continue
| operating under the framework where anything done in public
| is free for someone else to record and consume. That idea is
| now much, much more prone to abuse than it was 30 years ago,
| right?
| walnutclosefarm wrote:
| > The pamphlet patiently explains that you're allowed to
| photograph anything visible from public land.
|
| Or public air space, for that matter.
| codedokode wrote:
| Found an interesting part:
|
| > Otonomo is one example of the dozens of companies that market
| their attempts at keeping information anonymous. Otonomo
| describes its platform as having "privacy and security by design"
| and notes the use of patented "data blurring" technology to
| protect user privacy.
|
| > It also has an "Otonomo Driver Pledge" page promising drivers
| the ability to easily grant or revoke access to personal data,
|
| This doesn't add up. If they collect only anonymized data, then
| they won't be able to find that customer's data and do anything
| with it.
| redtexture wrote:
| > patented "data blurring"
|
| This can be looked up. I suspect it is not their own patent
| though, so not under their own name.
| xfitm3 wrote:
| I installed a dummy load instead the cellular antenna in my
| vehicle. In theory it should not be able to connect back to my
| automaker's virtual mobile network.
| nimbius wrote:
| I'm a diesel mechanic by trade. for anyone curious to disable
| your cars data collection the OnStar systems easiest.
|
| under your passenger dash is a black metal box, usually
| documented. unplugging the harness and removing it, you can open
| it to expose a baseboard and a riser. the baseboard is for things
| like infotainment usually but the riser is your cellular modem.
| pull it and you'll get a warning light on the dash, but no more
| data collection. older cars will have a Sim in the riser you can
| pull if thats less invasive to you.
|
| note: OnStar is also disabled and will not dial 911/999 on
| collision.
| cameldrv wrote:
| What happens if you disconnect the cellular antenna from your
| car?
___________________________________________________________________
(page generated 2022-07-30 23:00 UTC)