> The letter comes in response to an inquiry by Sen. Wyden’s office, which asked the association representing automakers how their members respond to law enforcement requests for location information collected from internet-connected cars and trucks. He found that only five — GM, Ford, Honda, Stellantis and Tesla — require a warrant to provide location data to law-enforcement. And only Tesla notifies auto owners about government demands.
So, if the truth is being told, then some car manufacturers are breaking promises.
#1 - You need a new car
and
#2 - All your new car options are connected
then
#3 - See #1
Or, maybe those cheap new Chinese EV's I've been hearing about will not be connected, nor connectable, "because cost-cutting". That trick might also save the Chinese manufacturers a load of legal headaches and issues.
That has also crossed my mind in the past. The Chinese government being the source of conserving privacy from an acceleratingly authoritarian, western world dominating centralized government is rather ironic.
I could see it happen just for the Chinese to enter the U.S. market. It would also at the same time cause massive rifts in the west’s self-image of openness, equality, non-discrimination, anti-racism, etc (just like the TikTok ban is exposing) and the public will become painfully aware of the false and fake nature of our governments, if they block cars/Chinese companies without a legitimate justification.
If I were the Chinese I would do just that, not only offer cars that are not connected other than if one wants to connect their phone, but even make it a major issue and part of their identify and advertisement campaigns.
There is nothing particularly ironic about that - it's in the Chinese government's interest to control its own citizens and subvert its adversaries' control over theirs, and vice versa. See also Russia granting asylum to Snowden, and the myriads of Chinese, Russian, Middle Eastern etc. dissidents sheltered by the Western bloc. I imagine we would see more of the converse were it not for the language barrier, too.
If anything, we should be grateful for this situation; in a worse world all these governments would abide by gentlemen's agreements to not act against each other when it comes to controlling their subjects, notwithstanding their differences.
You probably don't need a new car. A lightly used connected car with a 3g modem is no longer a connected car. I've got two now; one of which had a 3g modem added as a factory recall because 2g was shutdown and the connected features stopped working.
Depends in which country you drive. Germany has still 2G enabled (at least for some networks) while they removed 3G. Other countries did the opposite, but many European countries will still have 2G or 3G for a few years.
US car sellers seem to like ATT and Verizon. My personal experience with T-Mobile was that 2G became unavailable; maybe it worked in some places, but my 2G only phone would never connect anymore.
The coverage footprint was never as large as LTE or NR. They also never added new 2G coverage later on, some markets started with LTE-only.
If your device is 2G only, needs an older SIM containing the SIM application that T-Mobile doesn't activate anymore. (I only have one of these still working). However 3G phones with 2G fallback will work on new sim cards through the USIM application (technically even esim through stuff like esim.me).
Yea, it's gotten to the point where recent cars are such a minefield of misfeatures and unwanted features. Traditional car buying sites like Autotrader need to offer better filters. I should be able to check a box that says "No touchscreen," "No microphone," "No cellular connectivity," "No telemetry," "No account[1] required" and so on. Without this, you need to filter by year, but that's not really precise.
1: Aside: The idea of having to have an online account with the manufacturer in order to use a car is so ridiculous, I can't even believe I'm typing it.
At this point I've considered building a mostly finished kit car. These privacy violations should absolutely be illegal. I shouldn't have to deal with GM selling my driving data to my insurance provider. I can't just buy a different car either as they ALL do it now.
Also, a car should not be like setting up an iPad. Dedicated buttons are superior and safer, but it won't happen again at this point outside of an act of Congress as the manufacturers found out it's cheaper to make just a single touchscreen.
> The idea of having to have an online account with the manufacturer in order to use a car is so ridiculous, I can't even believe I'm typing it.
Where is this the case? I haven't heard of this before, granted i haven't bought a car in about 8 years. My 2016 4runner has the little mayday button and gps aftermarket thing but you have to pay for the service, if you don't pay then my assumption is it's not transmitting anything. I know Tesla does OTA updates so they must be connected 24x7 but I haven't heard of that requirement for any other cars. Is it just an EV thing?
I know there are still plenty of places in the US with absolutely no cell phone much less data service, i'm assuming these cars are drivable there with maybe a "no connection" indicator. I wonder if there's a way to disable the ability to get a reliable connection without actually removing power to a component.
On the other hand, if you're driving a car with your phone in your pocket then it's a moot point. Your phone is the best citizen tracking device ever invented.
edit: i want to be clear and I agree, having to have an online account to operate a car is _absolutely_ ridiculous!
Of course not! The Chinese will surely connect their EVs and report everything back to China if they can. We're talking about a country with mandatory PC (and probably phone) spyware.
Unfortunately Honda's been responsible for some questionable actions (along with other cos) in the US in the past (I think it was an anti-repair bill/lobby involving Louis Rossmann). However, apparently Honda US operates semi-independently vs Honda Japan/Global.
(Highlighting this because I'm a huge Honda fan and didn't know of the US/Global separation till I read up. Please correct me if I said something inaccurate, I'm going off memory here.)
speaking as a diesel auto mechanic, these systems exist in the big 4 truck makers as well. The premise for them is useless. no one uses the SoS button, you have towing and repair service you pay for through your company or as part of your owner/operator insurance (probably similar for regular cars too.) everyone hits this button by mistake though, because its next to your sunglass holder and other buttons you actually use.
ive pulled dozens of these things out for customers. For people looking to gut the spyware from their car, The "phone box" as professional drivers call it is separate from the rest of the vehicle and often located in or near the glovebox. it typically contains a riser board you can remove to disable the cellular communications for the vehicle. barring this, it has a SIM card you can physically remove as well.
note that removing either will trigger a dashboard light. you can ignore it so long as you get regular maintenance, or occasionally pop the board back in to verify youre not throwing other codes for the engine/etc...
edit: customer support scumbags for truck companies will often warn you this will "disable" your hands-free calling. it absolutely does not, as handsfree is a feature of the info-tainment and NOT the modem.
In emissions control areas it possibly prevents the vehicle registration from being updated, depending on the light, the policy, and the interpretation by the guy working the booth that day
According to the Mozilla report on privacy in cars, Spet. 2023, in some countries several automakers do not even need a formal request - informal contact is sufficient, they say. Legal procedure is cultural and local.
> Hyundai’s privacy policy says, for example, that they can share data with law enforcement and governments based on “formal or informal” requests. Kia’s policy says they may share data in many scenarios “if, in our good faith opinion, such is required or permitted by law”
I drive a Jeep. Jeep owners tend to skew libertarian & DIY. Owners have found you can bypass or cut power to the modules via fuse pulls. I bet you can do this on other makes.
If anybody cares, I can post more. I have not done this myself.
Please do. Information circulated that attempting to disable modules (e.g. the e-call) resulted in the vehicle returning a "cannot start" or "degraded mode", "core component missing" (or similar).
This thread has links from how to opt out, where Stellantis is selling data, to potential module pulls, and possibly faraday cloth attempts, attaching resistive dummy loads for antennas, pulling 4g modem. [it's a smorgasboard... you're going to have to parse it to find what may interest you]
And then there's VW who decided that the Bluetooth microphone should be on the same fuse/module as the CAR-NET modem, so it's hours of work if you want to be precise about what you disable.
Slightly off topic, but you you mentioned fuse pulls in a Jeep...I'm a glutton for punishment and I've always driven a Jeep (though I do have a 4Runner for my reliable car) - learned to drive on a CJ.
Anyway, the head unit in my JK stopped turning off when I took the key out - so that was a fun battery-draining episode. I've been waiting for the weather to get nice to pull the head unit and put something else in there, so in the mean time I just pulled the fuse.
Of course the head unit is responsible for publishing outside temperature to the CAN. I don't care that the dashboard says --F instead of a temperature now, but on a cold start, the ECU doesn't know if the oil pressure is high because of a fault of just because the oil is cold. So if I get on the throttle even a little before the engine is warm, I get a CEL now. The joys of Jeep ownership.
I think those electronics are in the head unit mainly to provide interior weather resistance - just a feature other car designers don't generally need to worry about.
JK may have more CEL's than a CJ, but a lot more comfortable ;) but probably slower than the CJ
I’m extremely skeptical that the head unit pushes to the ECU.
To me, it sounds like you might have a faulty coolant thermostat. This part physically expands as engine temperatures increase. It’s essentially an analogue part.
It's the ambient temperature sensor, not the engine temperature sensor. My guess is that the head unit either contains the sensor or is responsible for broadcasting it. The head unit talks to the dashboard to redisplay nav instructions, I'm guessing it's also responsible for sending the temperature info to the dashboard. And since I pulled the fuse, all I get is --F, so the information isn't available on the CAN. Don't know why - I'm not an automotive engineer :)
I also have not done this myself but I see lots of folks asking for more info. Dug this up a while back when I was considering buying a Jeep (still am, haven't made a purchase yet)
A family member owns a Jeep (2016). It's been nothing but problems for them. They were brand loyal. But they've really gone off the rails lately. Jeep ranked 34/34 (dead last) in consumer satisfaction in Consumer Reports' 2024 rankings.[1]
Jeep has never been top o' Consumer Reports. If you want to increase the odds in your favor:
- Wrangler or possibly Gladiator only [high volume production]
- Lower tier trims to reduce electronic malfunctions
- No diesel
- No first 2 years of new model
- No Covid years
I've mainly driven Wranglers my entire driving career and had very few problems
This is a dual post from another comment in the same thread:
Jeep Wranglers & Gladiators are very similar.
This thread has links from how to opt out, where Stellantis is selling data, to potential module pulls, and possibly faraday cloth attempts, attaching resistive dummy loads for antennas, pulling 4g modem. [it's a smorgasboard... you're going to have to parse it to find what may interest you]
This kind of abuse will keep me driving and buying used cars far longer than I would otherwise. That means I'll be driving more with lower emission and safety standards. For me that's an ugly but good trade to evade making big brother my copilot. I don't know if there are enough like minded drivers to make this a large effect.
> I don't know if there are enough like minded drivers to make this a large effect
The disaster is that there has been a large enough component of buyers that did not care about the issue, and that had no idea of the possibility of the issue.
It created this perverse market together with many others.
No, they also don't care. Talk to most people. They literally don't care and will say things like "Well let them have the data, what will they do with it?" Especially when you save a few bucks with something like a "loyalty card."
If, if this disastrous piece of history ends up well, the reaction to it will be a market that demands repairability, vendor agnostic.
Among the circulating information about new vehicles is, for example, that * batteries may tend to drain in days and * a flat battery cannot be simply replaced or restarted: the car must be brought to its manufacturer's service premises. Evident absurdities like this could trigger a reaction, they should wake up people...
It could and should make people want to be able to fix their car themselves.
We recent;y let our 1999 Honda go, which we bought used in 2007. Our choice for a replacement was no replacement. We've been able to just go car-free. The current state and expense of car ownership just doesn't provide enough benefit to us to be worth it.
Modern car ownership sucks. I’m sticking with my 2016 model year vehicle that has no internet connectivity for as long as possible. The only nice feature it has is a backup camera.
Just as third party shops can repair any vehicle and have access to the physical parts. Consumers and repair shops should have access to the firmware that control the features of the car.
I should be able to reflash the firmware with a compatible replacement and be good to go.
The integrated car system is just stupid. Your "opt in" to smart systems should all be done through a mobile phone that can be easily upgraded and replaced.
At most a car system should just be a dumb interface to a console screen, microphone, speakers, via bluetooth or plugged wire.
Also, keyless fobs are terrible, their failure conditions around battery failure and hardware failure are awful, they can't be replaced easily, they are outrageously expensive, and they open up far too many vectors for electronic theft of cars. Every fob I've had has a shelf life of about 5-7 years, while keys will last decades.
How is there not a "low tech" option for all the boomers? Kind of like the manual vs automatic transmission option?
Advertise a brand of auto that isn't capable of spying or conspiring against you, has a full set of tactile controls, infotainment is special order - and that doesn't blind oncoming drivers.
Make the ads a parody of everyone else' driving experience.
Is there a list somewhere of what year the tech was implemented, on a model by model basis [a.k.a. snitch-free rides]? Because regardless of what the manufacturers say, it seems like the data's going to inevitably leak out by some means, intentional or otherwise.
Hyundai, which was not listed, is in the similar category as Volkswagen.
"If Law Enforcement requests access to real-time information for a period of more
than 48 hours, HMA reserves the right to require that Law Enforcement obtain
appropriate legal process (e.g., a subpoena or search warrant) or customer consent
within the initial 48-hour period to authorize continued disclosure of real-time
information."
Cynic in me: so, if law enforcement requests list of 47-hours periods its all fine then? And what about not real-time records, all history of driving is available for free then.
It's not that they will require a warrant, just that they "reserve the right" to require it. Your rights as an owner of one of their vehicles are not reserved in any way.
Because you are the product they sell to other people.
The government privacy/rights exposure is just a side effect, it's not some governmental conspiracy.
They want to sell you. Your location information, implied demographics, etc inform advertising and marketing.
Even if they said no to the government, the government can either get it from the second-line databases that track you, or in sufficient cases, the three letter agencies certainly have all the information from either the automakers or, again, the next round of consumer information databases that buy the info from the auto companies.
That OnStar button is a service, it needs location. Other mfgrs have some kind of remote assistance service too. Now, what if the owner have not subscribed?
Why does it need to keep a long-term history, though? Isn't an ephemeral ping to get the current location enough? Or if you're trying for better resiliency, let it ping as often as you want but be responsible and only cache it for an hour or a day or whatever. Even a day is probably too long to be practical. They're not going to send help to a location ping from 18 hours ago...
> As far as the law is concerned, GM's data center is a secure repository
Well, of course: I meant "a secure repository /for the user/" :) I.e.: you could trust the law (as well done and respected), or you could stay on the safe side. Taking a look around, I'd take the safer side.
> "wow this parking lot is huge..."
Like opening a trunk through feed waggling or radio control of windows for those who are prone to leaving open sunroofs during storms - at the cost of adding complexities and possibly exposure to faults and malice... The first violently blinking one being "no need to press a button to open the car anymore, proximity suffices".
Everyone makes their own decisions on tradeoffs: the option - which they may like, which may leave them indifferent, which they may not want at all - should not be shoved in the throat of the users.
Those fraud/embezzlement executions aren't looking so bad now, huh?
(This warrant-less data sharing increases contact with the police, which increases the chances of a fatal encounter, and the incidence of them overall. So, if it's life-and-death on one end...)
Not in Irish law anyway -- a verbal contract can absolutely hold up in court. Anything including a recording or witness can corroborate this -- not a jot of ink or paper required for enforcement. Still a good idea as writing is just simply a useful flexible and convenient storage mechanism but there are a lot of nuances beyond your 'if it's not written down it doesn't count' sentiment.
FWIW I've investigated disabling the connected features on my 2019 Subaru Outback. The relevant module is the DCM, or Data Communication Module. It is physically located behind the infotainment system (what was once called the radio). There is a fuse that you can pull which will disable it (#9 I believe), but it will also disable the front speakers and microphone. This will break in-car navigation and Bluetooth phone calls.
Alternatively, if you're willing to disassemble the dash, you can remove the DCM entirely and replace it with a dumb plug that just reconnects the front speakers and mic directly to the infotainment system. One more caveat - some cars are missing a 5V power supply for the microphone, which is otherwise generated by the DCM. The signal exists on the head unit but is missing a pin, probably to save the $0.001 that this pin costs in quantity. You need to either add this pin, acquire that 5V supply from elsewhere, or install a voltage regulator that steps the 12V IGN supply down to power the microphone.
It seems that very slightly older Subarus have a problem with the 3G shutdown where the DCM goes into a braindead loop, trying to establish connectivity continuously and draining the battery. As a result, many shops are familiar with the procedure of finding and removing the DCM (to replace it with a newer one or reflash it, not sure which). Perhaps I'll see how much my local independent auto repair place would charge to remove it and replace it with the dummy plug.
You were downvoted, but it's true. The per-mile tax that states have been trying to push for years will make location tracking a requirement to getting registration for your car. This legislation gets pushed to states every year because EVs aren't paying any gas tax, which is what funds road repairs. So the legislators see this as revenue for the state. I'm honestly not sure what has stopped this from happening yet.
Idk if this is worth the trouble. Isn’t a judge just going to stamp these requests anyway? Like sure maybe it’s better if they do but probably won’t be groundbreaking
Yeah because of the famously extreme consequences if they act outside of it?
They don't give a shit lol. They will talk up "the rule of law" but all they mean by this is order. They can arrest who they want for whatever and the courts have to sort it out.
Outside of work they know they can get away with anything up to murder. In fact on this specific subject while we're on it, having volunteered extensively with domestic violent victims it is unreal how many of them are the spouses or girlfriends of police. Cops using surveillance systems to stalk women is routine.
I think there’s a fine line between protection of the public against tyrannies and protection of the public against themselves. People like to play ‘what-if’s’ but it’s not useful when people are immediately dying around us at this very hour.
It serves no one if criminals are protected under laws that are designed to protect the innocent.
You clearly don't understand the first thing about the legal system then, innocent until proven guilty is kind of a vital tenant of it. The protection of innocents applies to all.
"Why can the government force me to display a license plate on my car? I'm an innocent citizen; they have no right to force me to bear a code like I'm a criminal."
The privilege of operating on public roadways imposes some obligations on vehicle operators. What those obligations should be is a pros-cons trade-off that has little to do with the criminal-guilt threshold.
If the tech is cheap enough, there are a lot of hypothetical upsides to constantly tracking every multi-ton machine on the road. Observe, for comparison, the FAA requirements for flight plans and running a broadcasting transponder to safely operate an airplane.
> If the tech is cheap enough, there are a lot of hypothetical upsides to constantly tracking every multi-ton machine on the road. Observe, for comparison, the FAA requirements for flight plans and running a broadcasting transponder to safely operate an airplane.
If the tech is cheap enough, you could argue that there are hypothetical upsides to having a tracker implanted inside every citizen as well. After all those citizens are capable of illegal behavior and must be monitored.
Sure could. There's a reason the Constitutional protection is against "unreasonable" search and seizure (with the definition of what that word means left up to the courts).
If, some day, most people decide it's worth it to track every individual, the law will bend to allow it.
> Observe, for comparison, the FAA requirements for flight plans and running a broadcasting transponder to safely operate an airplane.
If you're talking about ADS-B, the only parallel to a database that is owned/operated by manufactures of the vehicles is that they broadcast a signal -- but that's where any form of parallel stops/ends, because the signal from vehicles is not intended not to be broadcasted in such way as to be publicly consumable; which is precisely why the car manufacturers control a monopoly on that data and why law enforcement goes to them for the data.
Planes could arguably operate just as safely before those transponders -- they just couldn't be tracked publicly by anyone (or each other) in real time. Being able to track something doesn't - automatically - infer any upsides, whatsoever, just that we know where the plane is and/or went.
Nope, TCAS has always been based on secondary surveillance (i.e. transponders). Before ADS-B, it was based on Mode S. Air traffic control has used primary radar and even more primitive methods (position/speed/bearing reports over radio) to maintain separation since long before transponders. The in-cockpit automated "traffic traffic" advisory and "climb climb" or "descend descend" resolution advisory come from TCAS, which relies on transponders.
So, if the truth is being told, then some car manufacturers are breaking promises.
Vote your car purchases accordingly?