• perviouslyiner@lemm.ee
    link
    fedilink
    English
    arrow-up
    79
    arrow-down
    1
    ·
    1 year ago

    Nissan apparently collects “Sensitive personal information, including driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information.

    I guess Subaru don’t need telemetry to guess your sexual orientation.

  • Hirom@beehaw.org
    link
    fedilink
    arrow-up
    72
    ·
    edit-2
    1 year ago

    If a car is advertised as smart or connected, there’s a good chance it collects too much personal information.

    That’s too bad because most new cars are, and it may cause some people to keep their old polluting but privacy-friendly car longer.

    • Mysteriarch ☀️@slrpnk.net
      link
      fedilink
      arrow-up
      40
      ·
      1 year ago

      Really goes for almost everything. I don’t want my machines and appliances to be ‘smart’ and ‘connected’. I just want them to do the thing I use them for, that’s it.

      • Rai@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        15
        ·
        1 year ago

        Fuck IoT

        All my homies hate IoT

        The only things that are allowed internet in my house are computers, and phones. (And game systems, if someone brings one over.)

        Not our cars, not our dash cams, not our fucking refrigerator.

        • piotrek416@szmer.info
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 year ago

          IoT itself isn’t bad. It’s the companies that are using it to spy on you. If IoT is FOSS/Libre it is good.

          But I agree that not everything should have internet access especially if it’s proprietary.

          • Rai@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            16
            ·
            1 year ago

            None of my appliances need to be connected to the internet. That’s asinine. (Not directed at you, more “old-man-yells-at-Cloud”)

            • Dudewitbow@lemmy.ml
              link
              fedilink
              arrow-up
              7
              ·
              1 year ago

              I think the distinction is need. I dont like it when its mandatory, but i dont mind that the option is there. E.g some people like preheaing their oven on the drive home(or a warning that something on the stove is on if accodently left on), or in case of the dryer, when its done.

              One common one I think is helpful is those who may have forgotton to close their garage. Easy way to check without having to drive back and do so.

    • perviouslyiner@lemm.ee
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      All new cars - Bruce Schneier wrote in cryptogram that he tried to buy a new car without a permanent internet connection to the manufacturer and it wasn’t possible.

    • SenorBolsa@beehaw.org
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      I’m probably never buying a car newer than the one I have. Everything is so ridiculous now. Though if I can just physically disable the WAN communication it uses I guess that’s fine too, though it would likely be expensive to get working again for resale.

      It bothers me enough that my car is even capable of doing any kind of steering input I didn’t give it myself, brakes are by wire too, but fully depressing the pedal still connects you to the hydraulics directly so kind of a non issue, it allows for AEB which is a good safety feature though I’ll likely never trip it.

      My current car I think can do some kind of connection but I disabled it in the firmware when I flashed the BCM. Not missed, did nothing of benefit to me afaik.

      • Hirom@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Physically disabling WAN can be a workaround, assuming is can be done and reverse without damage. But it’s not a good solution.

        Manufacturers have ways to degrade experience/features when the owner physically disable WAN: deny features and security updates (by doing OTA updates only), drag their feet or void warranty if WAN is disabled, design some features to be unnecessarily dependant on some cloud/online services (eg navigation, media features, …).

        • SenorBolsa@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          They cannot void your warranty over that, maybe for the computer you modified but the Magnuson Moss warranty act means they have to honor the warranty unless they can prove your modifications caused the damage.

          Also, who cares if it gets updates? It will continue to work as it did from the factory indefinitely. Security updates aren’t necessary if the car isn’t connected to the internet and those updates cant change how the immobilizer/keys work anyways.

          • Hirom@beehaw.org
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Things can suddenly or progressively break after a while if a system gets too far behind regarding updates.

            A few plausible examples:

            • The navigation system can send you to non-existing road if it doesn’t know about recent major roadworks. Or give you old/bad speed limit and cause you to get a ticket.
            • The GPS receiver may fail to obtain a location if satellite orbit or other parameters shifted too much since the last update (happened to me once after several years).
            • A bug may manifest itself only after a while or a given date (similar to y2k) and break some features.
            • A vulnerability may be discovered, which make cars that aren’t updated easy to steal as knowledge of the vulnerability spread
  • PeutMieuxFaire@kbin.social
    link
    fedilink
    arrow-up
    44
    ·
    1 year ago

    Thanks a lot for your post ! The future of cars looks grim.

    Serious and naive question: how could I get rid of the tracking at the hardware level when I will have no choice other than to buy a connected car?
    Is there an antenna or a SIM card somewhere that I could disconnect/remove? Would the car continue to work if the connection to the manufacturer’s server is lost?

    • jherazob@beehaw.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      No idea, but for starters say goodbye to navigation, it likely uses an internet connection

      • PeutMieuxFaire@kbin.social
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        For recent cars I am afraid you are right. My current and “old” car has a built in navigation system with the map on an SD-card. No need for a connection to a smartphone - which I do not own. Therefore I suppose it is not communicating with the manufacturer.

        Then, someone in my family with a more recent car got several “firmware updates” out of the blue, hinting to a ‘permanent’ connection to the manufacturer.

        I have the feeling we need to start organizing and claim a “right to disconnection”. Having the car dial for help after a crash is one thing but what Mozilla’s report describes is at another, much higher level.

    • DaGeek247@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      I can’t speak for the more modern cars, but my 2019 corolla had a cell phone connection which could be cut by pulling a single fuse. Idunno if it’s a universal name, but it was called the DCM module. The emergency button in the roof was wired through it, and so was one of the right speakers and the built-in microphone. None of them work with the fuse removed. I’ll route the speaker and mic wires around it at some point by going through the glove box, but it hasn’t been a priority for me.

      https://www.toyotanation.com/threads/how-do-i-locate-the-dcm-telematics-unit-on-a-2020-corolla.1693507/#post-14400614

      I’m happy i did that too. Apparently toyota is still leaking the location history of a bunch of their cars and i’d hate to see that get abused.

    • algorithmae@lemmy.one
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Cars are built in modules, so there is definitely something you could disconnect to prevent it phoning home. You might need to take the dashboard apart though.

      There is nothing preventing the car from starting and running without it. As long as you have a key fob it will attempt to start.

      • PeutMieuxFaire@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Thanks! Knowing that what I might be searching for would be somewhere under the dashboard is a good first step.

        Then I am not an engineer nor have any experience in electronics BUT I know from my dad that taking the dashboard apart is not an easy task. If I would succeed I do not know what I would be looking for… Would tan antenna look like a piece of wire? Or could it be embedded in the ‘copper’ circuitry of a PCB? Do cars use regular SIM cards like the ones found in phones or would they look different?

        The maintenance manual would probably be a good place to start before trying to put anything apart.

        • algorithmae@lemmy.one
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Every platform is different. The maintenance manual won’t tell you as it’s not part of maintenance. If you really want a piece of literature then you’ll need a factory service manual, but no offense if you don’t know what you’re doing you WILL cause damage to your vehicle (or even yourself if you accidentally mess with the airbags)

          • PeutMieuxFaire@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            Valid point, no offense taken. I did not think about the airbags! As for damages to the vehicle, this is something I understand an am willing to accept. If I do stupid things I have to face consequences.
            Anyway, getting the help of a mechanic would be point number 1 on my list. If can find one willing to take the challenge :)

  • gt5@beehaw.org
    link
    fedilink
    arrow-up
    23
    ·
    1 year ago

    Tangentially related: I have a 2022 Subaru, I used to have a 2021 Subaru. Subaru has a mobile app where I can start the car, locate it, unlock the doors, etc. When I traded in the 2021, it never removed it from my app. I’m able to see where the car is parked, and presumably start it, open the doors, whatever.

    I tried contacting Subaru, I looked for a bug reporting or bug bounty but couldn’t find one anywhere. All I could find was instructions to remove the car off of my app. I view this as a huge privacy breach, it shouldn’t be my responsibility to remove the previous owners info from the app.

  • adora@kbin.social
    link
    fedilink
    arrow-up
    19
    ·
    edit-2
    1 year ago

    maybe its just me, but as useful and nice to know as this is, I really want Mozilla to focus their efforts on making a good browser, not to spend money doing everything but that.

    There are a lot of anti-features (studies, pocket, telemetry, “sponsored suggestions”, etc…) that are justified in “we have to make money somehow” but then they spend it on this stuff.

    [edited for clarity]

      • adora@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Sure, I mean I want them to focus their energy on it.
        There are a lot of anti-features (studies, pocket, telemetry, “sponsored suggestions”, etc…) that are justified in “we have to make money somehow” but then they spend it on this stuff.

    • ono@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      This particular issue is important enough that I’m glad they did it. We needed somebody to do it, and if that means a tiny bit of funding was diverted from browser work, I think it was more than worth it.

      (Also, the Mozilla Foundation is not the same as the Mozilla Corporation.)

  • bedrooms@kbin.social
    link
    fedilink
    arrow-up
    18
    ·
    1 year ago

    asking you to do things no reasonable person would ever do – like reciting a 9,461-word privacy policy to everyone who opens your car’s doors.

    If this is what they say we agree by tapping that license button, how about they put this on their TV ads?

    • Landrin201@lemmy.ml
      link
      fedilink
      English
      arrow-up
      21
      ·
      1 year ago

      We desperately need laws to regulate these kinds of privacy policies/user agreements. The VAST majority are way too long and complicated for a normal person to actually understand, let alone read. We need to limit what companies can/can’t do with them instead of letting them do whatever they want to.

      We also need a law that prevents them from changing the terms of service on a product someone has been using, then locking them out of it if they don’t agree to the new terms.

      • Radiant_sir_radiant@beehaw.org
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        We also need a law that prevents them from changing the terms of service on a product someone has been using, then locking them out of it if they don’t agree to the new terms.

        This. So, so much.

        With mandatory jail time for the managers of companies who break this law, and/or fines that are guaranteed to send the stockholders howling and demanding the executives’s heads on spikes. The current fines clearly aren’t enough of a deterrent and just considered the normal cost of doing business.

  • MNByChoice
    link
    fedilink
    arrow-up
    17
    ·
    edit-2
    1 year ago

    I skimmed the article. Some manufacturers are not listed. Mazda for one.

    Edit: I am unclear. Should I presume Mazda and others that are not listed are doinga good job?

    • ono@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      Should I presume Mazda and others that are not listed are doinga good job?

      Doubtful. Absence from a list like this usually just means that the people investigating had limited resources, and therefore chose a representative sample instead of doing an exhaustive survey.

      If this report gets much attention, it would be a good opportunity for any car makers that do well on privacy (if they exist) to start boldly advertising it.

  • confusedwiseman@beehaw.org
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    I wonder if this is part of the reason Chevy dropped Android Auto and Carplay. Can’t lose out on data collection.

  • senoro@lemmy.ml
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    Make sure to sign the petition at the bottom of the mozilla report.