I am sure this article has been shared before, however I wanted to have a look at this topic.
The articles short summary is this:
All 25 car brands we researched earned our *Privacy Not Included warning label – making cars the worst category of products that we have ever reviewed
I am currently driving a 2014 Ford Fiesta which just has a radio with a CD player and Bluetooth. I do not need more than that in a car.
The reason I am looking at all is that that the Fiesta does not belong to me and the friend owning it will be moving out in a bit, so I kinda need another one.
There seems to be one brand that is not as bad as the other ones (but still bad): Renault; mozilla’s review…
Maybe I will have a look at their cars.
What do you guys think? Stick to older used cars and not use an EV or look at which of the manufacturers have the least bad privacy policy?
I was lucky enough to buy new in 2017, just before all the ridiculous privacy violations hit the fast lane
By the time this car is done for, I will have no option available that is not a privacy violation on wheels… jailbreaking/hacking will be my #1 purchase criteria of whatever my next car will be
I have an older Nissan Leaf in Australia. While I’m sure the car is trying to send telemetry, it only has a 3G modem, and the 3G network has been switched off for all of Australia.
If you have a newer car, it may be possible to remove the telematics fuse and ignore the related DTC.
I’m confused here, if cars are not connected to the internet how else are they broadcasting the data? Or is it collected during maintenance and if so what do mechanics care about your sexual activity.
Edit: Reading through the comments there are 3G/4G/LTE/5G bands in the cars? Who is paying for the cellular service then?
I don’t drive nor care about cars so this isn’t my wheelhouse obviously.
if cars are not connected to the internet how else are they broadcasting the data
I can’t think of any cars that aren’t connected to the web these days. The connection is used for the built in android computer that’s in most dashboards. If it’s not android it’s likely some form of QNX. The connection is usually shared with some sort of connectivity module that’s used for things like emergency services. With connectivity comes the opportunity to harvest data.
Who is paying for the cellular service then?
Why limit ourselves to only one answer or even to the ‘data’ side of cellular service?
You! Most companies offer some sort of data plan to enable an in-vehicle wifi hotspot and/or to enable the android computer in most of them to connect to the interwebs. You might be able to buy limited scope plans for things like “navigation data only.”
You again! Even if you’re not paying explicitly for data you might subscribe to a “control some of your vehicle from your phone” thing or a safety package to do things like call EMS if you’re in an accident. Believe it or not, but some of this functionality is managed via SMS
Both of the above have been getting bundled into MSRPs recently to ‘justify’ jacking up MSRPs and to try to get users hooked.
Finally, the OEM. Nearly everyone delivers software updates over the air. Even though the OEM eats the data costs they’ll gladly pay if it reduces dealership visits.
There’s been quite a bit of news, and a few lawsuits, regarding OEMs collecting and/or selling data. I’m all for privacy, but I still do things like carry a cellphone everywhere. Vehicles shouldn’t mine data on us. Neither should infrastructure (see the surge in cities buying license plate readers), phones, facial recognition, etc. Sometimes it seems like there’s too much focus on a single area when we should really be saying, “our devices, or even devices I don’t own, should not collect data on me without my explicit consent.”
I pay for a 5g wireless number from AT&T. Not sure exactly what my Mustang is selling. But I do get warnings.
None of this has anything to do with the car’s powertrain. Regular internal combustion engine cars are just as bad as EVs in this regard.
Nobody said it does. OP said “buy an old car without all of this shit even though it won’t be electric or suck it up”
This is a lose-lose-lose.
- New cars don’t respect people’s privacy.
- New cars cost more due to the extra camera/sensors/compute/connectivity necessary for tracking.
- Less people buy new cars due to increased cost and tracking. Instead drive older, more polluting cars for longer.
The word is lose.
Maybe 3 of the 4 wheels need tightening?
So it’s a loose-loose-loose-tight situation when it should be a tight-tight-tight-tight situationYes exactly. Thanks for backing me up :)
Thanks, fixed. Sorry for being a bit too loose with spelling
And all of a sudden data roaming costs isn’t an issue anymore ;) Who pays the mobile subscription? Or do car manufacturers pay the telco’s with a part of the data gathered …
Yes, the OEMs pay for it. They get sims that are prepaid for like 10 years.
Which shows that wholesale, data subcriptions are probably a few dollars a year.
Depends entirely on the amount of data and the bandwidth.
Phoning home every hour is a couple of KB at most and doesn’t matter how long it takes.
Streaming videos on the other hand, a lot more and you don’t want to be waiting.
Since it’s in your car can you just use it to do what you want?
Like. I don’t drive. But if I did I’m yanking that SIM card out.
There have to be people hacking these, right?
Probably e-sim or heavily embedded in critical systems.
Makes sense.
Fucking horse shit.
While I’m glad I don’t drive the idea of paying $60,000 for something that does whatever the fuck it wants without my say so makes me frothing mad.
I feel the same. But it goes for so much. My wife just bought a new phone and i’m angry for hours already. All that shit you need to remove and turn off. All the configurations “help” that starts and you must walk through that turns it all back on again and reinstalls bloat. And god damnit so many shit we had turned off on the old phone shows up on the new one. All privacy settings feel like placebo toggles. I’m done with “smart” devices.
It’s possible, as long as its not an eSim or soldered to the PCB.
Bike
Well that’s it, I’m just going to drive my 23-year-old 350Z Roadster forever. As a 90s computer geek, I would have never imagined that future technology would turn me into a classic car guy, yet here we are.
I miss the days when spyware was treated like a virus; now it’s the norm.
2000s car is classic car
☠️☠️☠️ i feel old.
I know, right? I shuddered as I typed out that part of my comment. But yes, it’s a 2004 model; in 2029 it’ll be legally considered a classic where I live.
FWIW I did both a GDPR request and a Lexus Nexus data request on both of my Mercedes and they had zero info on me. My buddy did the same and same results. I’m not sure they are collecting any data even though they say they may, or they’re actually honoring the opt out setting. Either way I’m not worried about my Mercedes cars. My brother requested his data and his Toyota and Lexus had a LOT of info on him.
or they’re actually honoring the opt out setting
yeah right. “Hey! He used opt-out, don’t tell him shit on what we know”. Also out-out should be illegal. All should be opt-in
I don’t disagree, but the results are the results. So for whatever reason, they don’t have my information. Of course I’d prefer a traditional approach to data collection from a car (none).
We need more development of open source cars
I love the idea but the cynic in me sees the Mountains of hurdles, starting with the gigantic piles of money you need for development and certification.
I’d love this, but I doubt that it is ever going to happen. Open-Source-Hardware is not as widely spread as open source software which is also still a niche. The big difference is that you can easily develop OSS on your own in your free time, but with hardware its a lot more difficult. And then think of all the parts necessary to build a car and then again all the certifications to actually get it on the street and after that the question of liability in case of accidents…
I think the real obstacle isn’t even the regulations but the safety systems. The various US DMVs can comprehend things like scratch-built or kit cars, but the level of engineering to make a thing that can even sometimes decelerate a person from like 60 to 0 without killing them more with exploding airbags is several levels above that required to make a thing with wheels that drives forward.
So you can build and probably even drive a car from plans you got off Github, but if you crash it it will kill you.
I’d be happy to have a car that goes max 50 kph
All it takes is one company to do open hardware. Then all the other companies will use it, because its cheaper for them without having to do the initial r&d.
If it’s licensed properly, then all subsequent customizations by these other companies will get shared, so the project just gets better and better with time.
You mean… Trains?..
Fun fact, French auto brands are defacto banned in the US. You can’t insure them.
Why not?
Freedom, probably.
No idea on the technical reason, but it’s complicated. There’s a lot of foreign brands that are banned here.
I bought a used Chevy bolt EV, for now I’ve pulled the onstar system fuse which kills the telemetry and GPS+cell antenna. No tracking with no power, it’s my car and my battery so I decide what gets my power.
I’m not interested in letting any of these companies screw me over behind my back regardless of who is “less evil,” but I’ve gotten so used to the convenience of EVs that I won’t do without one.
I use my phone for navigation and music/podcasts and that still works just fine.
Might at some point look at a more sophisticated way of doing this like removing just the onstar module or terminating its antenna, but for now it’s fine.
I’ve pulled the onstar system fuse which kills the telemetry and GPS+cell antenna
If that is possible in a european car that would be exactly what I’d want to do as well :D
It’s almost certainly possible, but it might void your warranty/be illegal, depending on your jurisdiction (and qualifications- it’s probably not illegal if you’re a licensed mechanic, but might violate your employment contract). Even if it’s not illegal, it might affect your liability insurance coverage.
I’m not saying you shouldn’t do it, but make sure you know what the potential consequences are.
I bought a used 2017 Bolt a few months ago and I love it. It is the most practical car I’ve ever owned and it’s nice to drive.
Sorry to burst your bubble, but the sensors store data locally and then get uploaded to the Internet when you take it to a mechanic, who plugs your car into an internet-connected computer
Your assumption about how datalogging works is incorrect.
In short, sensors almost never store local data which doesn’t even matter if those sensors are depowered. There is absolutely nothing to be afraid of here.
So yeah, sensors do not locally store data except in very rare and high-cost cases not found in basically any consumer electronics. There needs to be a datalogger or handoff to a datalogger of some variety. While the ECU or MCU of a vehicle logs data, there’s not a permanent memory of every action you’ve done with the car because it literally doesn’t have enough memory. Doubly so if some of the sensors such as GPS are physically unplugged or depowered as in my case.
So, no amount of malicious action from a dealer would extract location or even more basic data from a car. The only thing they’d see are the basics of the ECU or MCU which has been common for every car produced since OBD2 became… a thing.
I’ll also add that an easy solution to this is not to go to a corporate dealer (all Chevy dealers are shit anyway to be fair). While the independent mechanic might have to buy proprietary diagnostics from the manufacturer, they aren’t going to re-enable systems like GPS or telemetry if you tell them not to because they care about you coming back and thus have an incentive not to fuck you over.
Sounds like you’ve been out of the industry for a while.
The sensors don’t store the data. The storage does. How do you think the entertainment system remembers your music history? Its stores it. And uploads it. And they sell it.
So your car won’t track you but your phone will. OK.
That was my first thought too, but some people are moving to more privacy focused phones like grapheneOS, and other ROMs, or even Linux phones.
Besides, reduction in the number of people tracking you is still a positive thing.
I have a 2014 Chevy volt. Not a full EV, but used ones are affordable and the 3g cell modem no longer works.
We get 30-38 miles per charge depending on the outside temperature which covers most of our day to day driving. It will charge from a regular wall outlet (120v at 8 amps) in 12 hours. The ICE engine gets an oil change every 2 years since it gets rarely used.
List of automotive connectivity module providers: https://www.evbusiness.net/ev-directory/automotive-lte-5g-module-manufacturers/
Find which one your car has. Then see if you can find a repair manual with schematics. Find where the cell antenna connects. Non-destructively disconnect it. This way your telematics won’t be affected. It will just look like you’re always in a cell dead-zone.
Edit: don’t do this if it’s a lease, a rental, or there’s a loan on the vehicle. If you own it outright and it doesn’t void the warranty, go nuts.
Sorry to burst your bubble, but the sensors store data locally and then get uploaded to the Internet when you take it to a mechanic, who plugs your car into an internet-connected computer.
You have to neuter the sensors, not just the cell antenna
Source?
A lot of cars do have EDRs (Event Data Recorders), but they only store certain events related to crashes so they can go back and establishes what was going on before an accident.
AFAIK, regular telemetry going out the cell is much more extensive, continuous, and realtime.
Its not the sensors that store the data, the ecu/pcm/bcm do that. Yes, there is essentially a black box function in most modern-ish cars that logs the last X minutes of driving. It likely also has an “event recorder” for when certain conditions are triggered.
I know for a fact that most have reflash counters or log when the ecu was written to last. That is more to do with tuning or warranty stuff but still.
Of course, but the computer won’t store any sensitive data if you neuter the sensors.
Yeah that isn’t an option unless you want the dash to light up like a Christmas tree, your abs not to work, the stability/traction control to freak out and disable your accellerator, or cause an airbag fault, or cause the seatbelt pretensioners to fault.
You’re saying the airbag will deeply if I feed it a black feed from the cameras and silence from the microphones? Huh.
No, I am saying if you disable or tweak the sensors that feed the onboard telemetry system on a modern car which include sensors for the accelerator pedal position, vehicle speed, individual wheel speed sensors (for abs, traction control, and stability control), the car will probably freak out and enter limp mode.
If you screw with the stability or traction sensors, they can cause the airbags to not trigger properly or predictably. Remember, there are basic impact sensors for airbags but there are also angle sensors and accelerometers for rollover detection now. If you disable any of that, the car will not work properly.
Yeah, and I’m saying that those aren’t the sensors that we need to neuter. Namely the surveillance sensors are cameras, microphones, and seat sensors.
Basically all the things that they use to sell your sexual habits to the highest bidder.
Would it be possible/easier to slap a Faraday cage around it instead of disconnecting anything?
In most cars, there is an integrated antenna for all wireless signals. For example:
- Audi: https://parts.audiusa.com/p/Audi__/Mobile-Phone-Antenna/78750936/3G9035534.html
- GM: https://parts.gmparts.com/product/gm-genuine-parts-mobile-telephone-and-telematics-antenna-22964579
- VW: https://parts.vw.com/p/Volkswagen__Jetta/Mobile-Phone-Antenna/78750936/3G9035534.html
These are often mounted behind non-metallic surfaces (plastic bumper, spoiler, etc). You can try to cover them up, but it means you’ll lose all the other antenna functions.
Disconnecting at the other end can only take out cellular without affecting wifi, Bluetooth, etc.
Mind you, it’s not easy. There’s a wiring harness with a waterproof connector that eventually goes into the cell modem. You’ll have to find the right antenna pin and disrupt the signal. Different for every make/model and not possible without proper schematics.
I bought a used Chevy Bolt, then disconnected the antenna to put a dummy load on the OnStar transmitter. Never told it my Wi-Fi password. It can’t connect to the Internet unless I park it next to a cell tower, unless I pay for OnStar, which I refuse to do. I only use CarPlay so it can’t even hope to use my phone’s Bluetooth tethering (not that it seems capable).
Fortunately, Chevy’s only OTA infotainment update was to remove the video player, so I’m not missing much. Unplug the power cord and drive.
It’s full of sensors and cached locally. When you take it to the mechanic, they connect it to a computer with internet access, where all the data is uploaded. Sorry.
You have to neuter the sensors, not just the antenna
