[HN Gopher] Who is collecting data from your car? ___________________________________________________________________ Who is collecting data from your car? Author : atg_abhishek Score : 125 points Date : 2022-07-30 13:58 UTC (9 hours ago) (HTM) web link (themarkup.org) (TXT) w3m dump (themarkup.org) | salawat wrote: | https://cccis.com/ | | There's your data aggregator. At least one of em. | i67vw3 wrote: | Year 2022: 'Degoogling' your car. | | PC/laptops were first, smartphones were done next and now car are | too be 'degoogled'. | | Edit:- 'Smart' TV's were between smartphones and cars. | pessimizer wrote: | TVs between smartphones and cars. There's still plenty of room | for expansion, like your door locks and home climate controls, | your medical history/treatment, your votes... | mdp2021 wrote: | > _home climate controls_ | | These are already attack objectives - thermostat ransoms. | derwiki wrote: | Interesting, do you have a link or remember an instance of | this? | mdp2021 wrote: | There have been reminders on The Conversation only a few | months ago ( https://theconversation.com/considering- | buying-a-smart-devic... ), | | but here is a generic article on The Atlantic from 2016 - | year relevant, because there had been cases of actual | ransomware for some thermostat models then: | | https://www.theatlantic.com/technology/archive/2016/01/th | e-e... | | Which also contains the line: | | > _When it comes to connected vehicles, the possibilities | are even more frightening. And thanks to an experiment | where white-hat hackers remotely hijacked a Jeep as it | hurtled down a St. Louis highway, they're not that far- | fetched_ | | http://www.wired.com/2015/07/hackers-remotely-kill-jeep- | high... | | Which raises another point: security faults in cars have | been used to stop them, to take control of them etc. | Among the malicious purposes, one can emerge of ransom: | "We now control your car. If you want to drive it | again...". Nothing new in the crime scene ("We just stole | your car. If you want to drive it again...") - only, now | through fully avoidable technical holes which should not | be there in the first place. | | -- | | About the thermostats: | | _Hackers demonstrated first ransomware for IoT | thermostats at DEF CON // Ransomware-infected smart | thermostats, it's no longer hypothetical. An attacker | could crank up the heat and lock the IoT device until | sweltering occupants paid a ransom to unlock it_ (Aug | 2016) | | https://www.computerworld.com/article/3105001/hackers- | demons... | mdp2021 wrote: | No, that is a comparatively minor detail: a car MUST NOT be | Internet connected. Before privacy, security. | | You do not open to security risks when advantages are | negligible or even negative (privacy issues make them | negative). | AlotOfReading wrote: | The direction OEMs are going is to try and have their cake | and eat it too. Data connection is not optional, so security | is achieved through an isolated network interface boxe that | talks to the outside and is assumed to be pwned/pwnable. The | rest of the architecture is hardened accordingly, with a | single internal interface to the rest of the vehicle on a | secured bus and attestation/secured computing platform, etc. | shnock wrote: | I have layman knowledge of this and do not understand. How | does this compare to the level of security described in the | GP comment (no connection at all)? | AlotOfReading wrote: | It might help to imagine there's a data diode between the | interface box and the rest of the system. In an ideal | world, there should be few differences beyond the actual | data being sent. In practice, the analysis is a lot more | complicated. I've also seen cases where there should be | no connection hardware at all, but someone forgot to | disable Bluetooth on a dev board or something and it | shows up in a red team exercise. | skummetmaelk wrote: | That's great until an unknowing mechanic connects a pwned | device to the secure system that infects it and enables it | to receive commands from the "assumed pwned" network box. | AlotOfReading wrote: | They wouldn't have a direct connection regardless, but | this is also part of the threat model on every vehicle | I've been involved with. | i67vw3 wrote: | Problem is car manufactures have started forcing cars to | connect to internet, even concepts like firmware, updates | etc. | | Notorious among them are electric cars like Tesla. Even | petrol/diesel car manufactures have started doing same stuff. | mdp2021 wrote: | For a large number of categories today the most extensive | research to identify a decent product has become necessary. | | It is a disaster that cars are now part of it, but - the | most extensive research to identify a decent product will | be necessary. | | Edit: what I fear most (second to a market that allows | perversions - i.e. buyers of unacceptable products), is | cretinous legislation what may remove options. | smolder wrote: | > For a large number of categories today the most | extensive research to identify a decent product has | become necessary. | | What exactly are you saying here? Is this a "telemetry is | necessary for effective product design" argument? | | Apologies if I'm misunderstanding, but if so: I | personally don't buy that it is except in very specific | circumstances. Gathering data through telemetry to make | product decisions, when it's not just about data sales | for extra revenue, doesn't always make a lot of sense, | particularly when that data gathering capability directly | compromises the product quality. I would argue that often | it's done because of people trying to cargo cult | competence at product design by doing what seems cutting | edge, analogous to "architecture astronauts" designing | overcomplicated & inelegant software systems with too | many bells and whistles. | mdp2021 wrote: | > _What exactly are you saying here? Is this_ | | No, I wrote that nowadays, before buying, as you will | need to <<identify a decent product>>, you will have to | research a lot, and discard the largest number of - | useless - options. If nowadays you are in need of buying | an item you will have to do extensive research of what is | available in the market, because most of the products | around are unacceptable. | JadeNB wrote: | > what I fear most (second to a market that allows | perversions - i.e. buyers of unacceptable products) | | I have a hard time buying this (no pun intended). Your | greatest fear is _other_ people being able to buy things? | I fear very much my _not_ being able to buy what I want, | and I can see knock-on effects from other people being OK | with (or not understanding) the violation of their | privacy and so indirectly violating my privacy, but it 's | hard for me to see that raising to the level of my | _greatest_ fear. So I wonder if I 'm misunderstanding | you, or we're frightened by different things. | fariszr wrote: | A big example of this is phones. And TVs. | JadeNB wrote: | > A big example of this is phones. And TVs. | | Which 'this' do you mean? There is the 'this' where | _other people_ buy stupid things (meaning 'smart' | things, in the marketing terminology we've had foisted | upon us), and there is the 'this' where _I_ can 't buy | what I want. Phones and TVs are examples of both, to be | sure; but, as I mentioned in the comment to which you are | responding, these two phenomena seem different, though | linked, and it's not clear to me that the former is | inherently bad. | mdp2021 wrote: | > _I wonder if I 'm misunderstanding you_ | | Yes, you misunderstood. I stated that the fearsome | weakness in the system is a market which is mostly made | by careless buyers who will disregard low quality, absurd | specifications and dystopian features in the products. | | A product would not circulate in the market if people did | not buy it, and people in general most unfortunately tend | to buy what is available, without assessing it, without | considering the effect of their purchases on the market. | | You would not struggle to find e.g. telephones with | replaceable batteries in the market if people generally | refused to purchase otherwise. The same is valid for | bluetooth-operated only washing machines (and other | appliances), etc. | | Bad products are around because people buy them. | | > _I fear very much my not being able to buy what I want_ | | Exactly: that is already largely the situation, and it | comes from a polluted market, spoiled by purchasers | accepting bad products. | elf25 wrote: | byteduck wrote: | I don't know why I never considered that my car may be collecting | data on me. I have a Hyundai, and I just went into my settings to | turn off as much of this as possible. I wonder if there's a way | to disconnect the antenna or deactivate the cell service since I | don't need it... | tencentshill wrote: | Brink0004 wrote: | it's weird that they missed Autonomic in this article; they're | outright owned by Ford. pretty much every new Ford is sending to | Autonomic before you even drive off the lot | | https://www.crunchbase.com/organization/autonomic | Cupertino95014 wrote: | This is a great article. I've wondered about that myself: | | Forgetting about the smartphone data, many cars have a Navigation | system, which means the car itself knows where you are. Is it | being communicated in real time, or does the car at least | remember? | | I actually asked someone who works in car automation this very | question, and he said it's really manufacturer-dependent. | | The car manufacturers are hoping no one digs into this. So let's | dig. | spinny wrote: | My 2016 BMW 118d has a navigation system and a built-in SIM | card. It is used in multiple instances (the listed ones): | locating/locking/unlocking your car remotely (all optional), | start an emergency call, updating the firmware and talking to a | messaging server | Cupertino95014 wrote: | Right, the question is: does all the data about where you've | been get used anywhere, with PII attached? Could the police | subpoena it? | reaperducer wrote: | My car has no data connection hardware. The navigation maps are | updated by putting a USB stick in the music player and | uploading files to the car. | | The dealer charges about $200 to do it. It's probably possible | for someone to do it on their own, but I don't drive enough to | bother looking it up. | userbinator wrote: | _many cars have a Navigation system, which means the car itself | knows where you are. Is it being communicated in real time, or | does the car at least remember?_ | | GPS itself is entirely passive. The last position is definitely | stored in the receiver to make it faster to acquire a position | fix the next time it's turned on, but the question is whether | that is sent outside the car. A standalone GPS unit of the type | that people add as an aftermarket accessory, instead of being | integrated, will almost certainly not be transmitting its | location elsewhere. | Cupertino95014 wrote: | One would hope. | | On the other hand, there's money to be made by selling that | data. So I wouldn't blindly assume _every_ manufacturer just | leaves it sitting on the table. | hocuspocus wrote: | Car makers are typically on the conservative side, and they | aren't really in a position where their own data would be | particularly valuable compared to that of other players. | | What mostly happens is that data sharing goes both ways: | for instance if your embedded navigation system shows live | traffic data, your car is probably sharing its location | upstream, which gets aggregated and anonymized according | the legal framework and the terms between both parties. | | You can do stuff with a car that you wouldn't be able to do | with a smartphone, for instance using sensors to scan | curbside parking, whereas Google needs to extrapolate | street parking availability based on driving patterns. But | I'm not aware of anyone doing that yet... I've only seen | proofs of concept. | otikik wrote: | I really despise the "smartphone on wheels" trend. I got a used | Mazda 3 which doesn't have any of that, the new models come | hyperconnected, so you can "see the status of your car with an | App" (no thanks). | | Is there a list of cars which _don 't_ have remote data | collection? | userbinator wrote: | _Is there a list of cars which don 't have remote data | collection?_ | | Everything made before this technology existed? | otikik wrote: | I should have been more explicit: I meant _modern_ cars that | don 't have this "feature". | Silhouette wrote: | _Is there a list of cars which don 't have remote data | collection?_ | | Here it is: | | . | | Unfortunately to the best of my knowledge I am not joking. | This is one of the big reasons why I haven't bought a new | car with modern automation and connectivity for a long | time. | | I think they will be unreliable. | | I think they will be insecure. | | I think they will be privacy-invasive. | | I think the technology at the original time of sale will | age quickly and manufacturers will abuse that to extract | more money from current owners or any potential new owners | who might buy the vehicle from them. | | I think the technology will allow for artificial | limitations on vehicles' physical capabilities and | encourage manufacturers to make pay-to-play style upgrades | and rental models the industry standard. | | And I think there is a non-trivial risk that eventually | someone will successfully exploit a remote vulnerability on | a popular model and gain enough physical control over a | large number of vehicles simultaneously to cause injury or | even loss of life on a massive scale. | | Absolutely nothing I have seen about the auto industry, the | people who lead it, or the people who regulate it would | undermine any of those claims and apart from the last one | there seems to be plenty of evidence that they are already | starting to happen. | mackatap wrote: | I just got a 2012 Mazda 3 and I love how dumb it is. Bluetooth | audio and an aux cable is really all I want. | derwiki wrote: | I recently switched back to MP3 CDs and am happy not dealing | with Bluetooth or a smartphone | mackatap wrote: | Yeah, I have a bunch of cd's I'm happy to be able to use | again. But it's so easy to drag and drop music onto an | android phone. | LAC-Tech wrote: | You can go slightly more high tech and just plug a USB | drive into the port. Still no bluetooth or smartphone but | you get more than 700 odd megabytes of mp3s. | stinos wrote: | _Bluetooth audio and an aux cable_ | | I'll take just the aux then, at least as long as I can. Aux | (as in: 3.5mm jack on both ends or else on one end and the | other one cinch or DIN to support even older devices) is | something which has been working fairly universally to get | music from any portable and even some not-so-portable players | to amps in the past 30 years or so, extend to like 60 years | to include anything compatible but with DIN (just a rough | guess here, I still have some old Telefunken radio with an | aux input via DIN and I'd estimate that is it's age; still | works, moreover they really figured out nice warm bass from | small speakers back then already). It's simple, it's a de | facto standard, it really just works, it's a good idea | (doubling as headphone out) and well-executed. | | Bluetooth audio on the other hand tries to be all of that, | but I never quite got the feeling it's there yet, after all | those years, and I wonder it will ever be the same level of | 'just works'. | mackatap wrote: | The Bluetooth is nice because I don't have to do anything | for it to work. I get in the car, hit play on my phone, and | music comes out! Only downside is about a one second delay. | Also nice for friends with phones that don't have 3.5mm. | I've never had trouble with Bluetooth. I have a pair of | wireless Sony headphones that really just work. I tap my | phone to the side of them and they automatically turn on | and connect. Battery lasts about a month. | blub wrote: | The newest Russian cars will allegedly not have airbags or ABS, | so it's a good bet that they'll be otherwise analog :-) | | If they manage to install ABS/ESP, they might actually be an | interesting choice, if it weren't for the likely lack of EU | market authorisation and spare parts. | pluc wrote: | When it's not that... my dealer tried to upsell some tag | protection system... but that's just an excuse for a | geolocation harvest racket [1]. You just can't trust anyone | today not to abuse their convenience service. | | [1] https://www.tagtracking.ca/privacypolicy | jsjiwfwie wrote: | Slightly tangential, but I am beginning to despise "smart" | anything, because the product developers don't seem to care at | all. | | I just got z-wave locks from a company ultraloq, figured I | don't want the integration with the app etc. I will just use | z-wave and connect to my local offline hub. But once I get down | to set it up, I can only connect to the hub via z-wave from the | ultraloq app. I install the app and I need to register an | account by providing first name, last name, email and phone | number, then the only way to pair my lock with the app is by | enabling bluetooth and providing location access to the app | with gps enabled. I do that and then I find out that once I | install the app and register the lock, I am not allowed to use | it in standalone/offline mode (setup/change lock codes directly | from the lock) unless I do a factory reset. Funny enough, if I | factory reset, I lock is no longer connected to my hub on | z-wave. | | Basically to use z-wave with my offline hub, I need to provide | the company my gps location, first name, last name, email and | phone number and stream data of lock usage every time the door | is unlocked/locked to the company. How is this not a security | risk for the company? If they ever get hacked, all their | customer PII data including the gps location of where the locks | are installed are compromised. | justinclift wrote: | With all of those issues, maybe it would be better to return | them? | jsjiwfwie wrote: | That is my plan. Their support is Mon-Fri working hours. I | want to call their support and ask them if indeed z-wave is | only usable if I register the lock, hook it up with their | app and give up functionality of using it in | standalone/offline mode. If they confirm there's no other | way, I will return and buy something from a competitor | instead. | verisimi wrote: | Smart = spy | m463 wrote: | > product developers don't seem to care at all | | They do care - it is just what they care about is | diametrically opposed to your interests. The post-sales | revenue stream from collected data is not only profitable, | but in some cases more profitable than the sale itself. | jsjiwfwie wrote: | Makes me wonder, if people really cared the market should | react to it and have products to cater to those needs. | Maybe my interests and people with similar interests are a | very small minority, everything now is setup via an app - | toasters to routers to vacuums. The sad truth is probably | that vast majority of people like the convenience of an app | and don't care about privacy or data collection and the | products/market is heading there. | Silhouette wrote: | _The sad truth is probably that vast majority of people | like the convenience of an app and don 't care about | privacy or data collection and the products/market is | heading there._ | | I don't really believe in this theory. Certainly the | average HN commenter trends more privacy-aware than the | average person in our societies but I know many "normal" | people who don't like the intrusion but accept it because | they don't see any viable alternative apart from giving | up a normal life. | | The correct solution when competition in commercial | markets doesn't solve a problem like this because it's | just too profitable for everyone to carry on the abuse is | for governments to regulate in the public interest. Of | course that relies on elected representatives to do their | jobs and not just pander to whichever industry gives its | lobbyists the most funding so the success of the strategy | is likely to vary wildly depending on which country you | live in. | ajsnigrutin wrote: | yep. | | I only buy stuff that I can reflash (tasmota, esphome, or | whatever), because everything else will either be deprecated, | the cloud will be discontinued, the app wont work on the | newest android, or there will be a huge security breach, that | the company won't fix for "legacy" devices. | | This makes stuff pretty limited, but you can still find | atleast some things that are (eg.) esp8266 based. | fariszr wrote: | And the big thing is after maybe 3 or 4 years its already going | to be outdated. While you replace your phone if its outdated, | you don't do the same thing with cars. | | A car + phone combination is always more capable, because its | almost always up-to-date and the user is already used to it. | pxeboot wrote: | > While you replace your phone if its outdated, you don't do | the same thing with cars. | | I have family that work at a car dealership. Most of their | business comes from people leasing or trading in vehicles | every couple years (or less). | snoopy_telex wrote: | A decent number of people I know only lease cars. They | upgrade cars faster then I upgrade my phone. | tomxor wrote: | That's not representative. Imagine if the whole world | refused to use any car older than 2 years... how many cars | would have to be made every year? even if that made any | economic sense, it certainly doesn't make any environmental | sense. You might not think of it this way but those people | you know are privileged, they would not be able to get a | new car less than every 2 years unless there was a 2nd hand | market. Cars need to last. | mertd wrote: | Everything is "data collection". | | Someone really needs to qualify the boundaries of what is | considered a breach of privacy. | | Sending location, heading and speed anonymously is perfectly ok | by me because in return we all get real time congestion aware | routing. | dwighttk wrote: | nobody, but it is 22 years old. | mixmastamyk wrote: | License plate scanners find some data. | jareklupinski wrote: | Followed the Sirius link in the article to their privacy policy: | https://www.siriusxmcvs.com/privacy-policy/ | | > Vehicle Data... After your Vehicle's ignition is turned off, | the Vehicle transmits the location of the Vehicle and the time it | was turned off. | | If every car with Sirius installed transmits the time and | location when it was switched off to marketers, that would close | the loop on all those "I just moved to this place and I'm getting | local robocalls to my cell number". | pilgrimfff wrote: | That's a horrifying policy. Though advertisers don't need | Sirius. USPS will sell your change of address data to any one | who had your old address | | https://www.edq.com/glossary/ncoa/ | MSM wrote: | >"I just moved to this place and I'm getting local robocalls to | my cell number" | | This is more than likely just a combination of National Change | of Address database (which is updated daily, I think, and there | seems to be a lot of companies selling it) and some marketing | information from one of many services that sell it, almost all | of which contain your cell phone. | ldayley wrote: | True to HN form the proposed remedies tend to be technical in | nature (though not necessarily wrong). This is another one of | those problems best rectified with legal protections, not blog | posts about how to disconnect the antennas. At the state level | (in the US) it would be manageable to pass laws limiting or | banning these practices, and that should be the first response. | Of course backing that up with technical workarounds doesn't | hurt, either... | xanaxagoras wrote: | I didn't see a blog post with instructions on how to remove the | antennas. Got one? I'd love to do this. I'd love even more to | pay a mechanic to do this but I'm not even sure what I'm asking | for. I think there are 3 two way radios in my car, Sirius and 2 | cellular modems from what I can glean from the user's manual. | It's a 6 month old $50k car; asked about it on a subreddit and | someone said it would probably void my warranty - fucking | awesome. | | Legal protections would be nice, but I'd like to stop being | stalked _immediately_. | WaitWaitWha wrote: | I will assume removing the radios, or modifying them would | indeed void the warranties. On the other hand if the radios | were blocked, without direct manipulation (i.e. Faraday cage- | ish ideas) if the connectivity fails, is warranty void? | | An alternative would be to use something Ms Fried built in | 2006[0], but more specific. Come to think of it... this might | be a small business idea... | | [0]http://ladyada.net/make/wavebubble/index.html | Pakdef wrote: | Ford is: https://www.businessinsider.com/ford-exec-gps-2014-1 | (Ford Exec: 'We Know Everyone Who Breaks The Law' Thanks To Our | GPS In Your Car) | rad_gruchalski wrote: | Oh, not only GPS. Ford cars stream data in real-time. BMW cars, | for example, only when the cars stop. AFAIR, Toyota cars also | stream in real-time. | bertil wrote: | I'm surprised that all this web of data hasn't led to the most | meaningful and significant improvement we still need in the car | industry: have people who drive dangerous pay more for their | insurance. It takes very little time near a road to notice that | some people present an order of magnitude more risk than others, | and no one has ever tried to confront them about it -- at least | successfully. | | With cars and their drivers killing more than a million people | every year, a little constructive feedback would be a major help | to avoid so many tragedies. | dahart wrote: | At least three of the companies listed in the article offer | apps that track your driving and give an insurance discount if | you sign up. This could be seen as effectively the same thing; | safer drivers paying less is perhaps equivalent to dangerous | drivers paying more. Yes it's voluntary so this isn't perfect, | but I'd speculate there is some presumption that in general | safer drivers are the people signing up for the discount. This | unfortunately comes in the form of a privacy trace-off, but if | having dangerous drivers pay more is the goal, I'm not sure | there's a way to have that without some monitoring. | | Another way your wish already exists partially is that people | who cause accidents have higher insurance rates. This isn't | 100% effective, but some of the people who prove themselves | more dangerous really do pay higher insurance already. | bertil wrote: | > safer drivers paying less is perhaps equivalent to | dangerous drivers paying more | | That's not what happens in practice: drivers concerned about | their privacy don't use those apps, not those who drive the | most carefully. Subscribers remain a minority. This is a | shame because careless driving requires very little | information, nothing that is genuinely affecting privacy. | dahart wrote: | How do you know what happens in practice? I have no idea | who's signing up for discounts. I'd speculate wildly that | specific monetary discounts win over generic privacy | concerns more often than not, but I have no idea. | | But if we're to have dangerous drivers pay more, without it | being a voluntary opt-in system, then someone needs to be | able to monitor all drivers, right? What information are | you thinking of that isn't considered private? You could | have the cars reporting only speed & steering & accel/decel | telemetry, but that might be easily hackable. Having GPS to | compare against is much more trustworthy. What if primary | components of safe driving are where and when you drive? | Choice of roads and time of day may matter for some drivers | as much as speed. Maybe the behavior in the proximity of | other cars is a primary factor, I wonder how that could be | reported - how often you pass, how much room and time you | leave when changing lanes, how closely you follow, etc. | | I wonder what it would really take to identify dangerous | driving. The largest factors identified by the NHTSA are: | drinking, speeding, being "distracted" (using a cell | phone), and driving tired. Speeding might be the easiest, | while monitoring for drinking and tired and cell phone use | seem more invasive. | bertil wrote: | > How do you know what happens in practice? | | I've done consulting work for that industry. | | > What information are you thinking of that isn't | considered private? | | Statistical distribution of the absolute jerk. People who | race, and distracted drivers have to correct at the last | minute both have sudden changes in acceleration. | dahart wrote: | That seems pretty reasonable as one valid data point, but | unlikely to capture dangerous driving broadly and | accurately, no? Certainly location and traffic and speed | matter, and jerk might not tell you much about people who | drink or drive tired; certainly a large percentage of | accidents happen without sufficient deceleration prior to | collision. I could be wrong though, maybe the | accelerometer data over time is reliable at identifying | bad drivers, it'd be interesting to see how well it does. | | My kids use the insurance company apps and they are | pretty awful in terms of accuracy. The apps nit pick the | turning and braking based on acceleration data, and I've | ridden with them and watched it call out safe driving as | bad. One downside of this is that neither my kids or my | wife and I trust the insurance company app to understand | safe acceleration. I'm a little bit worried about what | happens to this data and to the insurance company's | conclusions about what stops and turns were safe or not. | It would be bad IMO if this record follows people around | informing law enforcement using poorly decided thresholds | for safety. The crappy app, of course, does not mean that | the insurance company can't reliably identify dangerous | drivers, but there's no indication to me that they're | using the data in a way I'd want or agree with... even if | I'm completely on board with your suggestion to identify | dangerous driving and charge for it. | mdp2021 wrote: | Such check has been implemented many years ago by insurance | companies through data collection from GPS devices. | pessimizer wrote: | It's even in the commercials in the US. | | edit: and the last four entries on the list from tfa. | otikik wrote: | Go after the insurance companies instead. They are highly | motivated to pass on the costs to their customers. I don't know | exactly what would be an appropriate metric though. | WaitWaitWha wrote: | Commercial, fleet insurance works exactly like this. | | Back in the 80's there were already such solutions that would | monitor speed and location based on cell tower. the data would | be chirped back periodically. The price of the insurance would | depend on driving speed and postal code for the cumulative | information of the entire truck fleet. | | Today, this is not even a question. It is the de facto way of | charging fleet insurance. | llIIllIIllIIl wrote: | Because that's not their problem. They want all their customers | pay more, because people can change their driving habits. It | shall never be the reason for profits to fall through. | akira2501 wrote: | > present an order of magnitude more risk than others | | The data really doesn't bear this point out, or the category of | drivers your considering are such a small part of the total | that changing their behavior will have almost no noticeable | impact on the total. | | Further.. at least in the US, the majority of fatal accidents | are single vehicle accidents where the driver was impaired | either by alcohol or other drugs. You don't really need to mine | data from the car to figure out who and who isn't the problem | here. | | > With cars and their drivers killing more than a million | people every year, | | That's uncharitable. Bad road design and failure to make | protected pedestrian paths (16% of all fatalities in the US are | pedestrians) definitely deserve some credit here too. | | > a little constructive feedback would be a major help to avoid | so many tragedies. | | Based on US data: If you drink and drive you should be revoked | for 10 years. It should be illegal to give people under 24 | vehicles with more than 250hp, or any power level with a turbo. | jbotdev wrote: | I have a car with Here maps, but it never occurred to me that a | side effect of it having a data connection is data collection. | I've been used to car navigation systems being offline, but it | seems newer models like to search online for results, which of | course exposes a lot of data to their servers. | | I wonder if you turned off the "online" search results and | routing if it would shut off data collection, or if you'd have to | physically cut off the cell connection. | JadeNB wrote: | > a side effect of ... a data connection is data collection. | | This is a fantastic catchphrase. | tunap wrote: | If FAANG has taught us nothing else, the option you choose will | be expressly ignored if it is not the _right_ choice. Metadata | is gold. Full stop. | Incipient wrote: | I'm a bit surprised Android auto didn't crack a mention. Take a | guess how much they'd be collecting too! | colordrops wrote: | Can't wait until there is an EV with good range and no connection | to the cloud. Very unlikely, I know. | LAC-Tech wrote: | Are there even modern ICs that don't connect to the cloud? | wiz21c wrote: | If the car sends data back to the mothership, then who pays the | phone bill ? Say's it's about an SMS size each time I use a car | so maybe 0.02$ a day ? 200 days/year, 10 years => 0.02 _200_ | 20=80$ and they sure have discount, so it's very cheap... | | IS there a way to know where the chip is ? Is there a way to jam | it so it can't send information back ? | rad_gruchalski wrote: | > If the car sends data back to the mothership, then who pays | the phone bill | | You do. The bill is included in the purchase price of the | vehicle. The manufacturer sources data SIMs, pays for data | ahead of time, and that's to the cehicle price. | thrtythreeforty wrote: | The simplest solution may be to disconnect the antenna. I would | be very impressed if this negatively impacted the actual rolls- | down-the-road functionality, since it's always possible that a | car is in an area that has no cell service, and it would need to | work without an always-on connection. | | This is unlikely to be in the service manual, though. Are people | identifying where the radios in new cars are? | akomtu wrote: | It's almost always the shark fin on the roof that has separate | gps and cellular antennas. | mdp2021 wrote: | > _I would be very impressed if [no cell service] negatively | impacted_ | | Tesla issued a press release years ago in which they reassured | the public that their cars were used in connection-less or | heavily-firewalled territories, and they still run. | | While on the one hand those reassurances are sinister ("our new | feature will not impair function"; "our electronic systems will | not fail when driving in the desert" - which was false for some | manufacturers), also note that - as one poster nearby notes - | that the item seems to work properly at some point in time is | not a warranty for the future. | chrismartin wrote: | It's often even simpler to find the fuse for the cellular radio | and pull it. | AlotOfReading wrote: | It's quite possible that the same antenna package providing | cellular connection is also providing the antennas for GNSS and | radio. | | It's also not impossible that you'll start to experience odd | behaviors and warnings after a month or two, as the software | stack expects connectivity _eventually_. | fmntf wrote: | Frequencies among radio/gps/cellular/bt are different, you | need separate antennas. | WarOnPrivacy wrote: | The article notes 3rd party data services sprung up because car | manufacturers weren't equipped to well-leverage the collected | data. | | If auto financing taught us something, it's that manufacturers | are compelled to control every monetization opportunity. | | I expect car companies will soon give their partners a choice - | either sell yourselves to us or get locked out. | pessimizer wrote: | I have it on good authority that it's not a monopoly if more | than one company exists on the planet. In the end it will just | be Monocorp and Mozilla, surviving on yearly half-billion | monobuck(r) checks from Monocorp. | nobody9999 wrote: | I'm a little confused by the discussion here. Please forgive me | if I've missed something obvious. | | Much of the discussion seems to be around the _government_ | (usually, but not limited to, police) monitoring the location and | operation of a vehicle _on public roads_. | | While I'm not a huge fan of government surveillance, registering | a vehicle (and obtaining a driver's license) and monitoring the | performance of that vehicle (and its driver(s)) are | _governmental_ functions purporting to ensure the safe operation | of a vehicle. | | Corporate entities, like auto manufacturers, dealers and "tech" | companies have no such responsibility, nor do they have any role | in (except in abiding by the law/regulation -- e.g., emissions | standards). | | So, unless there is some sort of _government_ mandate to collect | such information, corporate entities have no reason (other than | their own profit) to collect location, velocity and /or in- | vehicle activities. | | IMNSHO, that they do so should be much more concerning than red | light or speed cameras, being followed for a few miles by the | police, or as is popular where street parking is a thing, | checking registration/inspection expiry. | | Just as one (or should be) is horrified by the levels of tracking | by corporate entities on IOT devices, "smart" TVs, | dishwashers(?!?), etc., etc., etc., why are folks focusing on the | _government_ here? | | They aren't gathering the boatloads of information being | collected by the corporate entities (and if the government starts | buying such data, they should be smacked down hard!) that are | invading/destroying what little privacy we might have. | | As such, I don't get why the focus is on the government rather | than on the folks _actually_ gathering all this data. | devoutsalsa wrote: | You might change your mind when the government starts tracking | the fact that you drove to an abortion clinic. | jancsika wrote: | Hm, I was looking at 2022 Prius Prime LE and I don't see any | evidence they even have a SIM card in them. | | Also can't imagine that Mitsubishi would be wasting money putting | a SIM in a Mirage. | | Am I wrong? If so, how do I find out short of physically | inspecting dozens of vehicles myself to see if they contain a | SIM? | tyingq wrote: | Not sure that stops it even. Some company could, for example, | cut a deal with oil change places to download/upload the data | when you visit. | j-bos wrote: | This. I went to get an inspection at a Valvoline place and | the final part involved plugging their device to the car's | computer. They were clear that it had nothing to do with the | inspection, just "policy". I didn't push back since it was | the last day for inspection, but honestly. Our culture keeps | is of isolation and siloed personal lives, except for | corporations, they have their fingers in the details of all | personal affairs. | RHSeeger wrote: | It is worth noting that pretty much all the "quick oil | change" brands have horror stories associated with them. | Everything from minor ("they didn't notice my air filter | needed replacing") to fraud ("they tried to get me to pay | for an air filter that was replaced the week before; and | showed me a dirty one that wasn't mine") to outright | dangerous ("they left a tool on my engine that could have | (or did) destroy when it fell into the workings, later" | [1]). As a general rule, they tend to hire people without | any _real_ training or motivation to be good at their job. | I highly recommend being very wary of such places. | | To be clear here, not all of them are like this; possibly | not even most of them. But enough of them are that I | generally try to always go to a local shop to get my oil | changed. It's not worth the risk to me. If you have one | that you know enough about to be comfortable with, none of | this applies to you. | | [1] I had this happen to me. Got home, popped the hood, and | there was a screwdriver sitting on top of my engine. If it | had fallen in on the highway, it could have caused some | serious damage/injuries. Luckily, it didn't. | AlotOfReading wrote: | Honestly, as someone who's been involved with designing | some of the internal systems and seeing how effective they | can be, the large majority of the time a car either has the | potential to be able to detect or already knows where the | problems are located. The facilities to detect that are | simply not in place or exposed to end users/techs in enough | detail. | tyingq wrote: | They do need to read the "emissions readiness" in many | (all?) US states. | j-bos wrote: | Of course, but they did that with a sensor. If anything | my car computer says it has an emissions issue. But maybe | I'm missing something. | tyingq wrote: | "emission readiness" is a specific state of the computer | where all of the sensors are reporting "good for an | extended period of time". It takes several drive cycles | to get into that state. So that you can't, for example, | reset the ECU and drive in for an inspection right then. | | They do also do live tests with a sensor, but the "ECU | says car is emissions ready" is an additional | requirement. At least in many US states...maybe not | yours? | someweirdperson wrote: | > all of the sensors are reporting "good for an extended | period of time" | | Not exactly. Boring monitors like those for sensors or | actuators are excluded / always reported as ready. Even | misfire is always ready, and fuel was, too, until | recently. | | But of course since the more intersting monitors take | long to complete, when they do reach ready, simple sensor | checks would long have set at least a pending code if | there was a problem. | | Next update in california will likely require all | monitors to be included in the readiness status latest | for model year 2027. | tyingq wrote: | Hrm. I've done this myself with the OBD-II reader and | some do come up pretty quickly, but they took all some | amount of running/driving to be ready if you reset the | ECU...which people would try if there's a code stored / | check engine light on. Some of them take quite a while to | be ready. | wsh wrote: | For the Prius Prime, page 8 of the brochure describes Toyota's | Connected Services, and page 10 says it's a feature of the LE | model: | | https://www.toyota.com/content/dam/toyota/brochures/pdf/2022... | jancsika wrote: | Damn, I guess this is endemic now. | | Hey-- where's that free market HN poster on this one? I want | to know how to use the law of supply and demand to find a new | car without a SIM chip. | xanaxagoras wrote: | There isn't one. | someweirdperson wrote: | While they all can connect (required), there could be | cars that only connect in case of an emergency. | | Availability of such cars is declining of course, but I | don't think they are extinct yet. If in doubt check Lada | or similar. | mrshadowgoose wrote: | You are wrong. | | You aren't going to find "sim card" on a car's spec sheet for | the same reason you wouldn't find "lug nut". It's a component. | | If a vehicle has any sort of telematics, and/or an emergency | assistance feature, it's got cellular data connectivty. | | That includes the Prius you mentioned, and a a boatload of | other Toyota vehicles. | RyJones wrote: | If you want to see what Honda collects: | https://gist.github.com/ryjones/73739f6a7e662b9ed9ba64d9141f... | codedokode wrote: | Wouldn't this be illegal under GDPR? A license plate number can | be linked to the owner and therefore can be a PII, as well as car | serial number or other identifier. | | Also, this shows that no matter if you pay for the product or | not, you become the product for squeezing the data anyway. | | Also, this could be a national security issue everywhere except | US if US government would be able to track the cars all around | the world. For example, what if they will track the cars used by | defence industry employees or military personnel? | | Such tracking equipment should be banned for import, but it is | more likely that local government will just ask to provide the | data to them too. | AinderS wrote: | > Also, this shows that no matter if you pay for the product or | not, you become the product for squeezing the data anyway. | | Because it's not due to money, but _power_. They have the power | to put spy devices in so many cars it becomes (near) impossible | to buy one without, and so they do it. | | A product only respects your rights if you can control it, if | you have the power and leverage to change how it works. If you | don't, you get user-hostile features whether you like it or not | (the Intel Management Engine, and its AMD equivalent, being | just two examples). | teeray wrote: | This doesn't end until data is seen by companies as a liability | rather than as an asset. | dahart wrote: | What is the current legal thinking on the right to privacy while | driving, has there been any legal development recently? In a car | on public roads, location (for example) isn't something we have | historically had a right to keep private. Companies could, and | the government sometimes does, legally track license plates or | RFID tags on some roads (esp. state borders, bridges, HOV lanes). | | So we've never had a right to not have our whereabouts known or | tracked, but companies and the govt have also never been able to | track everyone extremely easily until recently. So there's | legitimate concern that the ease and scale of location tracking | mean that we should perhaps establish a right to some privacy, | but I'm not sure how that stands up to other people's rights to | see you and identify you when you're in public. | | I was just thinking about the famous "Photographer's rights" | pamphlet that has gone around the internet for a while, and | people who post YouTube videos of being harassed by police or | security guards who claim photos can't be taken of a building or | site when the photographer is standing on public ground. The | pamphlet patiently explains that you're allowed to photograph | anything visible from public land. Googling, I see a page at ACLU | dedicated to the same idea https://www.aclu.org/issues/free- | speech/photographers-rights | | I'm thinking about the future: imagine people made a stink about | cars transmitting this data, and companies deciding instead to | install cheap cameras everywhere on all roads. How do the | photographer's rights interact with people's expectations for | privacy? What should we expect, and what expectations are | unrealistic and need adjusting? Are there any developments were | lawmakers are addressing where the right boundaries are between | public rights, private data, and the scale of cheap ubiquitous | digital tracking? | samstave wrote: | There are tech companies that have cameras that track all the | vehicles that drive by their campus HQs -- and report the | activity back to the city/police | calvinmorrison wrote: | this problem is simple to solve, remove license plates. They're | pointless anyway. | dahart wrote: | What do you mean? To the DOT, license plates ensure drivers | have had basic training and that the vehicle has been | inspected for basic safety and emissions standards. To | police, the license plates offer a way to find out who the | driver is. You might not see direct benefits today, but there | certainly is a point to plates. If you find yourself in an | accident that is the other party's fault, you might | understand the benefits to you of their license plate being | visible. I hope that doesn't happen to you, but many people | in the past have been glad the offender could be identified. | calvinmorrison wrote: | The side effects cannot be worse than the medicine. License | plates and modern data collection practices are far worse | than any of the purported benefits. | googlryas wrote: | I guarantee you 95% of America doesn't agree with you on | this. | dahart wrote: | I'm still not following, could you elaborate on the | problems with license plates? What are the negative side | effects, and how/why is that "far worse" than meeting | safety & emission standards and catching at-fault drivers | after accidents? | | One thing to consider is what would happen if license | plates actually did go away. This idea is completely | unrealistic- license IDs & license plates (or some way | for police to identify you) are never going away. But | assuming they did, what would happen? This would mean an | astronomical increase in hit and run accidents, in | uninsured driving, and in criminal activity from unsafe | driving to theft. Do you think that wouldn't happen, and | if so why? Why would having no plates be a better thing | than having them? | calvinmorrison wrote: | The problem is that our government cannot be trusted. The | car-ification of the united states in combination with | endless driving regulations creates a dragnet for the | police to simply stop and detain anyone going about their | daily lives. | | There's no reason license plates expire, there's no | reason we should have to pay for inspection, there's | little proof it even is effective in improving safety. | | Drivers licenses again prove very little. People are | pulled over constantly for suspended and expired | licenses, were the unable to drive? clearly they were. | | The issue with license plates is that it creates a | automatic background check on every person who drives | past a police officers with an ALPR. It's about as bad as | the slave catching squads from the ante-bellum era. | There's no reason I should have a bench warrant from | missing a traffic ticket in New Jersey cause a police | officer to detain me, arrest me, jail me, and send me | back to New Jersey. | | The problem is, you cannot separate the benefits from the | bad. The problem is the government routinely abuses their | power of licensure (see may-issue licenses in new york) | to the point they cannot be trusted to license at all. | | Given the rampant abuses on our civil rights from the | government, especially state and local governments who | tend to do the day to day brunt of enforcement, I | hesitate to offer them any option to be more efficient. | pxeboot wrote: | These things are all decided by individual states. | Permanent license plates and zero inspections are | definitely a thing in some parts of the country. Drivers | licenses with very long validity periods were too, until | REAL ID became essentially required. | dahart wrote: | > The problem is that our government cannot be trusted. | | Depends on what you mean, it sounds like you're saying | the government cannot be trusted to be perfect. I'd agree | with that. But the counter problem is that the public | cannot be trusted either. A huge number of people can and | will avoid maintaining their car if they don't have to, | will wait to purchase tires until after they're bald, | will drive with smoky exhaust, will avoid paying sales | taxes if they aren't caught, will crash their cars and | run if they can't be tracked down, etc. etc. | | This isn't really a government problem, it's a people | problem. People just happen to make up the government. | | > There's no reason license plates expire, there's no | reason we should have to pay for inspection, there's | little proof it even is effective in improving safety. | | Kind of a lot to unpack there. Contrary to your claim, | there are reasons plates & registration & IDs expire. | Whether you accept and agree with those reasons is a | separate question. Cars do change hands and degrade over | time. It makes sense to check in, especially from the POV | of the govt who maybe primarily wants to tax any sales, | and keep track of who's associated with each license | plate. | | Safety and emissions inspections are improving our safety | & air, and there's data over time to show it. | | > Drivers licenses again prove very little. | | There's some proof; we have lower accident rates than | some other countries where drivers have a lower barrier | to entry. Aside from that, licenses are partly for | identification. You might not like that, but that is part | of their purpose. | | > It's about as bad as the slave catching squads from the | ante-bellum era. | | Hard disagree. Treading dangerous water with this one. | | > There's no reason I should have a bench warrant from | missing a traffic ticket in New Jersey cause a police | officer to detain me, arrest me, jail me, and send me | back to New Jersey. | | Sure there is, you appear to be fleeing when you miss a | court date and drive across state lines. I'm skeptical | this happens with any regularity over minor traffic | tickets with no other context and a clean record. But | again you're saying "no reason" when what you mean is you | don't like it. | | > Given the rampant abuses | | You've established that you have a fear of abuse, but not | that it's affecting you routinely. I haven't seen any | dragnets ever, personally. | pixl97 wrote: | Ah, libertarianism coupled with if you cannot solve every | case then you shouldn't solve any case. | | I can separate the benefits from the bad. The road | without rules is a net loss for everyone. Companies and | individuals would gladly save on getting inspections if | it saved them a few dollars at risk to everyone on the | road when their bald tires and bad brakes finally failed | them. | livueta wrote: | How about this: e-ink plates plus public-key | cryptography. | | Your actual license number or other identifier, plus a | time-based nonce, is encrypted with the DOL's public key. | The displayed value changes as the nonce changes | according to its schedule, so third-party observers can't | correlate the displayed value across time. | | If you get in a hit-and-run and note the displayed plate, | the DOL has the other half of the keypair, the time, and | the derivation function for the nonce, so can translate | the displayed value to the actual owner. | | Not being able to publish a single stable value in amber | alert cases would be a bit of a regression, but you could | still publish what a value would be at a particular time | interval. | | Doesn't do anything about governmental abuses of ALPR | data but could be effective at cutting out corporate | abuses. I'm probably missing something but it doesn't | seem to increase info leakage w.r.t the status quo either | - you'd theoretically be able to figure out when a | particular image of a plate was taken, but that source | would almost definitely be timestamped anyway. | | e: I don't think "just ban private ALPR" is a solution; | it's simply way too easy to do with COTS+FOSS and way too | hard to enforce against. | dahart wrote: | It makes sense as a technical solution to the problem of | not being tracked / identified by NGOs. Could work but | seems a little complicated, and unlikely to end there; | car, location & face recognition could achieve the same | ends, by and large. (China already does this). However | the bigger issue to resolve is the goals and legality. We | haven't yet established that being able to identify | someone in public is bad, or conversely that being able | to travel anonymously is a goal we want, right? | livueta wrote: | > car, location & face recognition could achieve the same | ends, by and large. (China already does this). | | Yeah, I actually started out writing that comment about | how license plates are probably unnecessary given the | volume of other forms of location data accessible to LE | but the peak HN strat was more fun to think about. | | > We haven't yet established that being able to identify | someone in public is bad, or conversely that being able | to travel anonymously is a goal we want, right? | | I don't have full answers here, but I think it's worth | considering the modes of enforcement enabled by this | change. Despite there being no de jure change in privacy | protections while in public, there's been a de facto | change from that kind of data only being accessible in | cases of specific, targeted investigations to that kind | of data being accessible to automated dragnet | enforcement. Targeted investigations are inherently | limited in scale and there's (at least theoretically) a | nexus between the investigation and some kind of probable | cause, but dragnet enforcement generally disregards | fourth-amendment protections. The Carpenter decision | theoretically offers some protection against this, but | parallel construction is trivial enough that I'm not | exactly resting easy. | | So, I think it is possible to be against ALPRs without | necessarily being for wholly anonymous travel in public - | it's an issue of probable cause and avoiding the fruit of | the poisoned tree, not one of absolute lawlessness. My | (admittedly silly) suggestion is also problematic because | it doesn't address this concern at all. My real feelings | are a lot closer to 'calvinmorrison, but I acknowledge | that "just get rid of license plates" isn't exactly a | winning proposition to the average voter. | aaaaaaaaaaab wrote: | Lol! This comment is peak HN. | calvinmorrison wrote: | > I don't think "just ban private ALPR" is a solution; | it's simply way too easy to do with COTS+FOSS and way too | hard to enforce against. | | Which leads to another issue, that local governments have | contracted these corporations to do just this. From red | light cameras to suvellience cams, police don't actually | store this data themselves, private companies do the bulk | of the work here. | livueta wrote: | And even if we could do something about ALPRs, the same | outsourcing of the 4th is going on in areas like mobile | telemetry. | mikestew wrote: | _How about this: e-ink plates plus public-key | cryptography._ | | You're suggesting that a solid plate of metal that can | sit, neglected, out in the weather for multiple years | without much visual wear, and when damaged by the car | wash can just be bent back to shape, and replace that | with your delicate little piece of electronics and | software? And pile on some PKI to boot? | | I'm seriously on the fence in deciding if this comment is | trolling me, or if this is what late-stage HN looks like. | :-) | livueta wrote: | It was definitely at least partially tongue-in-cheek ^_^ | | I bet you could figure out the physical aspects. E-ink | tech itself has come a long way in the last few years | following some patent expirations, and the electronics | stuff is basically just a yubikey JB welded to a license | plate frame. The cost per unit would be pretty low at | scale, so just replacing borked units seems pretty | doable. | | Imo, a bigger problem is competent implementation. Yeah | sure, the DOL is gonna run a bunch of PKI infrastructure | and not mess that up. At least in my region, just keeping | a largely static website up seems to be a struggle. | kube-system wrote: | License plates signify an owners initial registration. | That's it. | | > license plates ensure drivers have had basic training | | No, that's what a drivers license does. | | > and that the vehicle has been inspected for basic safety | and emissions standards. | | Most states (even ones that do require those inspections) | issue license plates without these. | | > To police, the license plates offer a way to find out who | the driver is. | | They really don't, because vehicles are frequently driven | by people who did not register them. | reaperducer wrote: | Both you and the parent are making broad assumptions | based on narrow experience. | | I've lived in enough states that various parts of my | experience from various jurisdictions both confirm and | refute each of the points made. | | It's important for everyone to remember that their | experience is not the only experience. | dahart wrote: | Since you implicate me, I'm open to feedback and willing | to change my mind. Would you point out my incorrect | assumptions to me? | kube-system wrote: | I'm not making any assumptions. | | In all 50 states, plates represent the registered owner | and not the driver, because non-owners can drive cars in | all 50 states. | | As for safety and emissions, only a minority of states do | each of these, and the majority of those denote | compliance with a sticker, or have exemptions: | | https://en.m.wikipedia.org/wiki/Vehicle_inspection_in_the | _Un... | spinny wrote: | Portuguese license plates for a long time had the | month/year of the car manufacture. This been discontinued | because apparently no other country in EU does this and | it was confused with expiry date. | | There is no other indication on the license plate. just | the numbers and letters. | | I assume that expiry dates on US plates is related to | either road tax or vehicle inspection | landemva wrote: | Years ago I put my cars in business name and the mail | goes to a post office box. Simple and cheap privacy, yet | most people can't be bothered to do it. | | Whenever I get one of the geotracking cars, hopefully the | antenna wire will develop a fault. | rad_gruchalski wrote: | > Simple and cheap privacy, yet most people can't be | bothered to do it. | | Most people don't have businesses registered. | dahart wrote: | > They really don't, because vehicles are frequently | driven by people who did not register them. | | Someone else driving your car doesn't prevent the police | from compelling you to tell them who drove your car. The | point is the police can come to you. Different story if | the car's stolen, of course, but license plates in fact | are used often as the first point of contact to identify | drivers, regardless of whether it is their car. Without | the plate, there might be nothing to go on, right? | | Your other corrections are valid, I was imprecise with my | point. Do you agree with parent that plates are | pointless? I was only trying to point out the utility and | reasons for the existing system of licensing and | registration, plates, IDs, and stickers. I can see parent | is making more of a political statement than one of | actual utility, but maybe also important to keep in mind | that purpose and utility of the various parts of this | scheme look different depending on who you are. | kube-system wrote: | No I think plates are important, for the purpose of | correlating a vehicle back to the registered owner. | | And this can be used, in turn, to look up a lot of the | other data you pointed out, even if it does not do so | directly. | | > Without the plate, there might be nothing to go on, | right? | | There's the VIN, but they're difficult to see at a | distance, and don't indicate the jurisdiction of | registration for out of state vehicles, and so, they'd be | a PITA for most things states care about using plates | for. | mnahkies wrote: | Difficult to see at a distance is a little charitable - | all cars I've encountered the vin is in the engine bay. | | Without a license plate, all you have to go on is make / | model / colour and any obvious modifications, essentially | the same as seeing a random human but with less | cardinality since vehicles are mass produced | rad_gruchalski wrote: | The VIN number in modern cars is located in multiple | places. Usually: engine mount, central tunnel, under the | windscreen, often in the trunk. | mdp2021 wrote: | > _photograph anything visible from public land_ | | From public land I can see people sunbathing in their gardens. | | For a photographer, there may exist an excuse such as "yes but | the landscape in the background"... | | For data such as the routes of a car1, there is no excuse. | | (1Which does not overlap with "what enters or leaves a | territory" - monitored in many administrations.) | dahart wrote: | Would you mind elaborating? I don't know what you mean by | 'excuse' in either example. You don't need an excuse as a | photographer to capture people sunbathing in their gardens, | if you're standing on public land. And law enforcement | doesn't currently need an excuse for tracking location. In | both cases, the real issue is that there is currently (as far | as the law is concerned) no "reasonable expectation of | privacy" when you're outside and visible to others. | rolph wrote: | when when in alaska, and the distance is such that | technical or mechanical means are required to observe nude | sunbathers, there is no public visibility, the offense is | with the fault of the eavesdropper, and it is voyeurism. | dahart wrote: | Totally, there is a line you can cross, and it might | require a telescope or mirrors. There absolutely is an | expectation of privacy on private property when there is | no public visibility. I wasn't talking about telescopes | or mirrors X-rays or any other tricks, just what you can | observe with the naked eye. There probably is a gray area | here with zoom lenses that would have to be decided in | court, it might come down to intent and not who's fault | it is. | | I guess that discussion is veering away from the | practical question of whether anyone should be able to | know who you are if you're driving on public roads. It | doesn't require any special technical or mechanical means | to see people's license plates and faces from the side of | the road or from poles or overpasses, right? What I'm | really curious about is whether there should be laws | established against such surveillance because it has | become too cheap and easy to monitor everyone at once all | the time, or whether as a society we deem activity in | public space to be public knowledge and not a matter of | privacy, whether no privacy should be expected. | rolph wrote: | popular culture plays into it alot. | | there are somethings that are illegal that the public, | and enforcement simply ignore most of the time. there are | other things that are legal but apalling to the public | when they encounter them. | | i think this distills to a threshold for surveillance. | there needs to be some discriminator between casual | observation, and active surviellance. | | there seems to be a need to revisit just what a warrant | is, and why it is required. i really would like to see a | warrant apply to any means of collection, as in the | warrant is allowing posession of the data itself, | regardless of the origin as a court appointed priviledge | for the term of the investigation, -regardless of origin | RHSeeger wrote: | I think problem here is one of trying to limit the "pre-crime" | instead of the crime itself. We have a problem with companies | using mass data surveillance to keep track of the movements, | generally of large amounts of people. Trying to stop this by | creating laws that prevent taking pictures is almost doomed to | fail. | | Along the same lines, if an office follows someone (they | believe might be related to a crime, etc) around town to track | their whereabouts, that seems within reason. If the police | force (using advances in technology) tracks the whereabouts of | all people at all times, it's unreasonable. It's the same | thing, just at a different scale. | | We need to find an effective way to allow the "components" of | something that isn't allowed, without allowing the thing | itself. | gumby wrote: | > What is the current legal thinking on the right to privacy | while driving | | I think it's pretty clear from precedent you have none. | | Every vehicle displays a unique number in large, readable type, | and has for longer than any person has been alive. I haven't | seen any objections. | | The same applies to driving licenses that are covered in very | personal information which is handed over willy-nilly to anyone | who asks for it. | | In California they make it clear that driving is a "privilege", | not something in which you have any rights. | | Edit: another example: notice that the automatic toll | collection systems are always implemented as | registration+billing based systems rather than as any kind of | privacy-protecting cash-like schemes. | dahart wrote: | I mostly agree on precedent, as far as I know, but I would | say that recent developments like the GDPR and others | targeting _digital_ practices are probably starting to broach | this topic of what is public and what is private. And I'm | asking because I don't know whether precedent is changing | right now; I imagine that it is changing in some locales. | Googling just now I noticed that California passed a new | privacy act in 2020. I've seen a lot of discussion and | debate, and the idea that cheap mass surveillance technology | is a marked departure from what was available before this | century does legitimately question whether we can continue | operating under the framework where anything done in public | is free for someone else to record and consume. That idea is | now much, much more prone to abuse than it was 30 years ago, | right? | walnutclosefarm wrote: | > The pamphlet patiently explains that you're allowed to | photograph anything visible from public land. | | Or public air space, for that matter. | codedokode wrote: | Found an interesting part: | | > Otonomo is one example of the dozens of companies that market | their attempts at keeping information anonymous. Otonomo | describes its platform as having "privacy and security by design" | and notes the use of patented "data blurring" technology to | protect user privacy. | | > It also has an "Otonomo Driver Pledge" page promising drivers | the ability to easily grant or revoke access to personal data, | | This doesn't add up. If they collect only anonymized data, then | they won't be able to find that customer's data and do anything | with it. | redtexture wrote: | > patented "data blurring" | | This can be looked up. I suspect it is not their own patent | though, so not under their own name. | xfitm3 wrote: | I installed a dummy load instead the cellular antenna in my | vehicle. In theory it should not be able to connect back to my | automaker's virtual mobile network. | nimbius wrote: | I'm a diesel mechanic by trade. for anyone curious to disable | your cars data collection the OnStar systems easiest. | | under your passenger dash is a black metal box, usually | documented. unplugging the harness and removing it, you can open | it to expose a baseboard and a riser. the baseboard is for things | like infotainment usually but the riser is your cellular modem. | pull it and you'll get a warning light on the dash, but no more | data collection. older cars will have a Sim in the riser you can | pull if thats less invasive to you. | | note: OnStar is also disabled and will not dial 911/999 on | collision. | cameldrv wrote: | What happens if you disconnect the cellular antenna from your | car? ___________________________________________________________________ (page generated 2022-07-30 23:00 UTC)