Many of us know how bad modern cars are for privacy. Yet many of our friends and neighbors do not realize how intrusive it really is. I linked a blog entry from Mozilla’s investigation about car privacy. In that blog is a link to their make-by-make analysis. The amount of very intimate information a modern car collects is honestly appalling. It includes health data, real time mood information, weight gain or loss, and so on. And it does so even for passengers.
The web has many resources talking about this problem, but almost no resources on what to do about it. I know the simple thing is to say, “just drive an old car bro!” That’s fine if you can, but not everyone can. Also it has drawbacks like more maintenance. Sometimes less safety if it’s older than certain safety features. For the purpose of this thread, it is more interesting to focus on newer, surveillance enabled cars which are the majority of what people drive on the road today.
Some people have figured out how to bypass the surveillance package on some cars. One way is to uncouple the antenna it uses to phone home. Other times you can bypass the telematics module or remove a fuse that powers it. I feel like we really need a central model by model repository of information.
Past that, how do we prove it has worked, if we do it? Has anyone reading this tried to use an RF detector to see if their car is still trying to phone home, after they have bypassed telematics? What are your experiences? I want to buy one and use it to test my own car, but the info on the web seems sketch.
Spoiler: Not a single brand received Mozilla’s Best Of designation, though researchers identified Renault as the least problematic. The European brand must comply with General Data Protection Regulation (GDPR), a stringent law governing the way in which personal data is used, processed, and stored.
Sleeper old car for privacy: the gmt800-cateye full size Chevrolet/gmc pickups or suvs.
You’d think they would be terrible for it because they often have onstar, but that version of onstar uses a 2g connection that literally isn’t in service anymore!
When I had to reluctantly buy a used car, I made it a point to buy a used car no newer than 2015 and this is why. Well this and touchscreen mania.
I don’t think touch screens are going away, sadly.
Which is why I will never buy a car made after 2015 if I can possibly avoid it. If I were writing the rules,
-
My car should not be capable of pay-walling any features
-
Just like my phone, I should have fine grained control over what data my car shares and with whom
-
No vehicle controls that may need to be accessed while driving should require more than one click on a touchscreen to access
-
Any touchscreen UI should be easily controllable from a steering wheel type d-pad
-
No non-entertainment vehicle controls should be primarily accessible from a touchscreen
-
Any controls that affect the speed, position, size, or access of the car should only have secondary touchscreen controls that are upstream of any failures modes in the primary physical control; in other words, a UI control should only be a backup method for important functions of the vehicle, and they shouldn’t be able to break the main method if they break
-
Look at Slate Auto if you are in the usa. I heard about this on the Privacy Guides forum. There is a possibility of them moving into Canada, which has got me interested.
Oh, nice. Canada & USA have cooperated closely for a long time on regulations for cars, so manufacturers only need minor tweaks to sell into both markets. Hopefully that’ll help.
Aside: don’t buy into the myth that older cars need more maintenance or cost more to maintain. Its an excellent sales pitch to convince people to keep upgrading but it’s not always reality. Modern cars can easily cost more to repair and maintain than older cars because more technology = more that can break. Car manufacturers have, over time, crammed more and more proprietary parts into cars which they can then charge exorbitant amounts for and force you to use their mechanics rather than your local.
I have both an 25+ year old Toyota that’s still going strong and still only needs basic maintenance (parts are also easily available and cheap). I also have an ‘older’ Nissan Leaf EV that is very little maintenance and has nothing in it that reports back to Nissan. It’s got a nice balance of technology and most things we can maintain or repair ourselves if we want. Parts for this are also easily accessible and cheap.
I also highly recommend people learn more vehicle maintenance themselves (easier of older cars with less tech) so you can either do things yourself and/or you’ve got more knowledge yo protect yourself from mechanics and car dealers who try to scam you by repairing/replacing things that don’t need it.
Depends entirely on your car make and model. On many models you can disconnect or remove the fuse for the telematics control unit (TCU) and it’s as simple as that. However you won’t receive any OTA updates that will likely solve problems. And if you reconnect to get them, there’s no guarantee your car doesn’t suddenly dump all your personal data obtained in the meantime onto company servers. Further I find it more and more likely that OEMs either already have or will add a ToS that requires you to keep all this stuff connected, and they’ll argue that the data collection is part of the sale.
Slate seems to be the only brand currently that intends to deliver vehicles with zero connectivity required.
Slate seems to be the only brand currently that intends to deliver vehicles with zero connectivity required.
Do you mean these guys? That’s the first I heard of them so thank you for that! I thought it would turn out to be a European make, but they’re on my side of the pond. A zero-connectivity electric car would be the dream. I like the idea of electric cars but so far they have all been even more wrapped up in telematics than internal combustion cars.
Yes, zero connectivity, relatively affordable, highly customizeable, and repair-friendly (for now). The only connectivity is through the phone app. Only downside is you have to buy a stupid truck. They could have made it a lot cheaper as a coupe.
They could have made it a lot cheaper as a coupe.
Maybe if it sees market success, they’ll branch out into other body styles. I want a car too, not a truck.
That would be nice. But then I’d be driving around in my stupid truck like an idiot!
Jeff Bezos is a named investor of Slate, so i wouldn’t trust it
Would you like to recommend another brand that has zero data connection and also isn’t invested with Bezos?
deleted by creator
It was not aggressive in the slightest. And that wasn’t a fact, that was your position.
No car companies are owned or run by ethical non-profits, because it takes an absolute fuckton of money to start them.
You stated your simple opinion, too.
And if you reconnect to get them, there’s no guarantee your car doesn’t suddenly dump all your personal data obtained in the meantime onto company servers.
It’s a good point. Also I wonder if OBD-II can do that. A person could disable the port, but that may make it hard / impossible to get the vehicle serviced.
Yeah OBD is the main diagnostic port so that would certainly cause problems LOL
There is a private mode in my Kia Ev3, but yeah, It disables almost everything.
What are the chances that it’s just lying? Or re-enables itself periodically?
It’s designed to be hell. I primarily know about Honda’s practices as a relative bought a new Honda and ran into the same issue laid out in this article.
I drive a vehicle that’s over a decade old and have joked with friends and family that if I have to buy a new vehicle I am ripping the whole dashboard out. I imagine I may get blacklisted from local dealerships for my demands, but that is the world we live in.
have joked … that if I have to buy a new vehicle I am ripping the whole dashboard out.
Desperate times call for desperate measures.
I’m pretty new to Lemmy and noticed that my post was crossposted to fuckcars and privacy@programming.dev. I have no problem with that, but I didn’t do it on purpose!
Fun fact: at least one of the fuckcars mods cares deeply about this issue, to the point that he only owns older cars to avoid telemetry.
(Source: it’s me, I’m that mod.)
Anyway, don’t be shy; feel free to crosspost on-topic stuff like this there yourself if you want!
Why would a fuckcars mod own a car?
Because I still live in a car-centric shithole country.
Also, I’m a car enthusiast. I think cars should be treated the same way as horses: a fun hobby, but that it’s insane to use them for basic transportation. Among the other benefits good urbanism brings, not needing a car makes me free to own interesting ones instead of reliable ones.
Oh, nice. I thought maybe I did it by accident somehow!
I bike everywhere when I can. I’ll join the fuckcars group, now that I know about it.
Some vehicles have privacy policies you can opt out of. What I’d like to know is if that works.
I wish there was a solution for this, but it sounds like the only way to fix the problem is regulation.
Good luck with that, we can’t bribe this administration as well as the auto lobby can.
I mostly agree. But sometimes if a single jurisdiction gets regulation in place, it can be cheaper for companies to produce a single model to comply with all of them, rather than make multiple models. Even if they do make multiple models, it still means there is a supply of privacy-spec cars.
California in the USA has been more privacy friendly than most states. If California would crank up some car privacy regs, maybe work with the Europeans and Canada on a common legal standard, that is a huge foot in the door! It means people in other US states could buy a California-spec car. If the momentum builds enough, maybe companies would say screw it and sell the privacy-spec cars everywhere. That happened in the past with car safety regs. It went from auto companies whining about it, to the same companies featuring it as a selling point. Look how well our cars do in crash tests!
I agree car privacy is going to be a hard fight. Auto companies will fight dirty to avoid privacy regs. But we can push on this. A groundswell of public support can’t hurt.
Weird how Renault and Dacia scored least creepy, Nissan most creepy. They’re in quite a tight alliance these days.
Other than that, completely in line with big tech and governments: most US brands are more creepy than most European brands.
Renault at least has to apply French privacy laws, which are pretty tough.
We just got a new car, first “modern” one I’ve had basically ever, and this has been one of my biggest concerns since we got it, but there really don’t seem to be any straightforward solutions yet.
Constantly play music/fart noises/whatever from an external source while you drive to minimize the audio data collected.
For sure. We’re in a difficult place. Arguably the ultimate solution has to be regulatory, but we don’t have that yet. All we have is whatever the community can figure out on its own. The more surveillance gets integrated into complex automotive systems, the less approch-able it is for average people to yank a fuse or unscrew an antenna coupler.
My next car will be an air cooled Porsche for many reasons this being but one.
I really would like to do an EV conversion on an older car. Maybe a 240SX or a 350Z. Or a Honda Insight. Or even a Nissan GTT (which I only just learned existed). But you’re talking $$$$ there for what is (most importantly) a relatively unsafe vehicle to drive.
There’s a Canadian gent on jeep forum.com converting a CJ5 to electric that you might want to check out. He’s using pretty standard industrial stuff to do the conversion and it looks like it’s going pretty well for him, a welder and math can get you a long way in an EV conversion
I would need a place to do any of that first. And a whole lot of cash. You can’t finance an EV conversion.
