I bought my tesla used, directly from Tesla (for the warranty etc.) The previous owner's address and other sensitive information was still listed on the "My Tesla" pages at tesla.com when I logged in to my own account.
Comically, on the car itself, the previous navigation searches were not cleared and included a nearby strip club that my wife found before I did.
On my wife's X (also bought from tesla.com second-hand), she was sent a whole bunch of financial information about the previous owner, both through text messages and on the online portal.
They really don't do an especially good job of securing customer information.
Regarding the car itself, shouldn't some responsibility lie with the previous owner? The first thing I do before selling a phone or laptop is wipe or factory reset it.
We rented a car last week that had 11 paired Bluetooth devices and like 1400 entries in the phone book. I was kind of jealous because my Leaf only allows 3 devices. I wiped it all out before returning the car.
> shouldn't some responsibility lie with the previous owner?
If the secondhand purchase was a general person-to-person sale, sure.
If buying secondhand from a dealer, or the manufacturer, I'd be expecting some sort of refurbishment. At the minimum a proper detailed cleaned, full service, and software factory reset plus latest software upgrades at the relevant price-point.
Have anything I can read instead of sitting through 12 minutes of a talking head?
If it is a true certified, the checklist (standarized by the manufacturer) will have to be signed off by a factory-certified technician, so there is a paper-trail.
No, there is no responsibility with the previous owner. If I return a tesla, to tesla, its entirely reasonable, and in the UK at least a legal requirement, that they clear out my data before reselling it.
What's this law you mention? While Tesla shouldn't be sending you other customer info (against GDPR), I'm not sure it would actually be their responsibility to wipe data, I thought it'd be the previous customer's.
If there is a law covering it, I'd be interested to know it.
The pre-GDPR UK Data Protection Act obliged companies to hold data for no longer than necessary and not to transfer it to other parties, and is generally interpreted as requiring companies to wipe drives of computers it's disposing of. Difficult to see how a repair outlet selling on a disk drive full of its client's data as a "refurbished computer" would be exempted from that
>Regarding the car itself, shouldn't some responsibility lie with the previous owner? The first thing I do before selling a phone or laptop is wipe or factory reset it.
Sure, but considering that most users don't even know how to pair a device without step-by-step instructions, I find it highly unlikely that they'll understand the implications of the car reading and storing personal information provided by their phone much less how to delete it.
And given that this is Tesla we're talking about, whose products directly encourage you to have your phone paired (more than any other car of its type), even more people would be affected than they would be from, say, a Leaf (where you don't have to do that, and where it's unlikely to be as easy as it is on a Tesla).
> whose products directly encourage you to have your phone paired (more than any other car of its type)
They do? The cars all come with wireless data, streaming, maps, and internet. In the Model 3, using your phone as a Key is done via BLE and doesn't involve pairing which is a sperate function.
I would say they're indifferent to your phone but let you use it if you choose.
You would need some understanding of the device/car interaction to know this is necessary. For example you might assume that any SMS content the car displays is fetched in real time from the device.
Rich Rebuilds vidéos about his Tesla purchase suggests that Tesla’s used car market is just a front-end for Mannheim, the same auction house that every other car company uses to buy/sell its used working cars.
This is not only Tesla. I bought a used Mercedes from a Mercedes dealer and the navigation system still had the previous owners address and every other data that was synced (like smartphones) were all visible.
I've a similar experience with my CPO Tesla, though in my case it's limited to the previous owners Spotify music being still there, and I've had lots of trouble trying to remove it - random shuffle picks their music as often as mine
In my state, there is a public record of all car sales so if you have a car you can look up the address and names of previous owners.
Names and addresses are generally not even considered 'private' information here; its only that the situation for apartment dwellers are inconsistent so no one bothers with record keeping there.
That is quite shameful. How to store data in the car is at least a complex problem. Theoretically I might want the data there and other car companies might be doing the same. I assume the GPS devices store previous navigation that is readily accessible in case of a crash. But not wiping data on a refurbished device has no excuse.
Hey, I find it alarming that someone smart enough to accumulate that much money is stupid enough to blow it on such a car. We're all very alarmed these days I guess.
Funny coincidence - I went to see a talk by Rich Benoit (of Rich Rebuilds fame) just the other day. Rich used this security loophole to find the key for one of the donor cars that he used to build his franken-tesla. After he swapped the electronics from a crashed car into a water-damaged car he was able to power it up enough to get the navigation to work but couldn't drive it without a key. The previous owner's house was still listed as "Home" in the nav system so he was able to get in touch with him and get the key.
> You can opt out of all data collection. But then you lose [over-the-air software updates] and a bunch of other functionality. So, understandably, nobody does that, and I also begrudgingly accepted it.
Here is the relevant passage from Tesla’s owner’s manual;
“Our collection of Tesla vehicle data. If you no longer wish us to collect Telematics Log Data or any other data from your Tesla vehicle, please contact us as indicated in the "How to Contact Us" section below. Please note that, if you opt out from the collection of Telematics Log Data or any other data from your Tesla vehicle, we will not be able to notify you of issues applicable to your vehicle in real time, and this may result in your vehicle suffering from reduced functionality, serious damage, or inoperability, and it may also disable many features of your vehicle including periodic software and firmware updates, remote services, and interactivity with mobile applications and in-car features such as location search, Internet radio, voice commands, and web browser functionality.”
Also worth nothing that agreeing to the telematics / monitoring is part of the purchase agreement.
“Telemetry” in this case is the entire uplink functionality. You are severing the entire connection with the mothership, so of course you lose all the cloud functionality that goes with it.
I actually really like that they offer the option to run the car totally dark. Of course you don’t get your GPS maps, or streaming radio, or software updates in that case.
I would assume software updates could still be installed by a service tech using a direct connection if the remote uplink is severed. Obviously automatic updates are a non-starter for a system which you are not connected to.
Keep in mind this opt-out is separate from the auto-pilot opt-in which lets your share short video clips and associated sensor data with Tesla to help them improve their lane tracking and feature detection algorithms.
GPS maps themselves don’t require any uploading. Not sure how Tesla’s implementation works. It would be smart if they cached as much map data as possible while over wifi to save them OTA data charges.
This is indeed how it works. Search functionality (POIs) is greatly enhanced with internet access and you also get real-time traffic with more accurate ETAs.
Thanks for the clarification. I think the wording can be much more clear and neutral.
As a sidenote, I guess it's just a sad reality that 'automatic updates' are phrased as necessary for safety on a car... this implies Tesla originally shipped a broken / dangerous system (or at least a high enough chance of that to include this language).
I mean this is what happens when lawyers write your terms. An update could increase safety, therefore a delayed update could result in death.
For example Model 3 got an update which reduced its stopping distance under heavy braking. If you don’t get this update in real-time and instead don’t see it until your next service interval, that’s a time period where your car was actually less safe than other Model 3s in the road.
Other than tire rotation, the maintenance schedule for the Model 3 is check brake fluid every 2 years and replace as needed, and once every 4 years or 50K miles to change the battery coolant.
You could easily go 4 years without bringing the car in to Tesla for service.
There's been ample discussion about their "autopilot" whose behaviour changed significantly enough between updates, and in a bad way, that owners noticed.
This is really problematic with totaled/stolen cars, but really not specific to Tesla as other brand cars have a significant amount of information in there too.
When you sell a device, any kind of device (car but also computer, hard drive, TV, ... event flat!), you reset it or remove all your stuff. That's your responsibility.
But when the car (or device) is not going out of your hands while you manage it, it's a totally different question and not a simple one.
Of course on computers/phones/hard drives we have encryption now, maybe it's time for cars to have that too? linked to the finger of the driver? maybe time for something like Touch/FaceID?
Otherwise it'll be fun to wander in a scrapyard in the next few years with a computer and see what you can gather... won't be for spare-parts anymore :-/
Every modern used car on every lot in the country still has the previous owners phone book transferred via Bluetooth along with their navigation destinations and probably garage programmed too. This isn’t new or unique to Tesla.
Most modern vehicles have event data recorders built-in. The video is somewhat new, but other new vehicles have built-in dash cams as well including GM vehicles like the Corvette which has had it since 2014.
And many rentals too. It's easy to hit yes transfer contacts when you pair to play music...then forget to wipe before you return it. Easy to sleuth who that person likely was based on their contacts...and their favorite strip club.
Not that wipe always wipes. In my second hand BMW i3, I wiped it to delete the last owners contacts. The wipe missed one thing : the map locations it was charged at. Likely that included their home.
Ideally there's a standardized wipe feature that really does it.
And wouldn't encypting this require the user to enter a password on each trip where they want to make use of the info?
Ultimately it doesn't strike me as unreasonable for the user to need to wipe their info from their car when they sell/scrap it, just as they need to remove their physical belongings from the interior. (Although I'm sure things could be designed better to make the wipe process easier to accomplish and harder to forget.)
It seems like cars should have some sort of “remote wipe” feature that is automatically triggered by the owner or insurance after a vehicle is totalled and sold/scrapped.
It’s an interesting thought to get a junk car a rich person owned for cheap and then trace the location data back to their house and other places they frequently visit. It could be useful for espionage, extortion, theft, etc.
Or car markers could just stop being stubborn and greedy with their proprietary trash and just support Car Play/Android Auto. That way the car acts as a dumb terminal for displaying stuff from the phone and nothing is actually stored in the car.
But no, gotta charge hundreds for in-car map updates (that only get updated as often as you purchase them) and radio/traffic subscription that mobile apps charge a fraction of and always up-to-date for as long as you keep the apps updated.
They're more slave than masters though, pretty much relayers in a sense. They're also more standard. For some reason standardization is always underappreciated
I agree with you that car makers should stop trying to provide piss poor alternatives to our phones and instead acts as conduits for them and I remember things like PlaysForSure so I am much more in favor of an open standard like Bluetooth that doesn't live or die by one company.
I'm pretty sure the phonebook thing is OBEX. You probably don't want the car hitting your phone for the phonebook every time you want to make a call. IVI systems are slow enough as it is.
Yeah, I was reluctant to say Bluetooth because it implied that we should stick with existing protocols but that isn't exactly what I meant to say. Rather we should have some forward thinking protocol that works over multiple interfaces and is still open and platform independent like Bluetooth. Maybe even just a baseline Car Dock standard requiring Microphone, Speakers, and a Touch Display.
Bluetooth is just so encumbered with legacy concepts and limitations. It hosts a myriad of protocols that don't benefit users but are easy to implement to check the Bluetooth feature checkbox. There's a full generation of Bluetooth equipped cars that only support headset or handsfree protocols but not A2DP or other useful protocols people want.
I was really hoping for Apple and Google to create a bidirectional standard similar to PCoIP (a la VMware), and be able to essentially use the car’s touchscreen as a thinclient to the phone.
I like the idea of a remote wipe, but foresee issues if the part of the car required for remote connectivity gets broken in the crash too.
It would be nice to have a way to physically remove the data from the car if remote connectivity is down. Some kind of FRU part in the trunk where all the user specific data for the car lives.
Get in a crash and just make sure to take the "hard drive" out of the car and then you dont have to worry.
If I were a young turk looking to get started in a life of crime, I could do worse than to get a job washing cars at a high-end dealership. Never mind the customer cars, the various telematics memories in the service loaners are always fun to surf through.
When I take my car in for service, they get the address of a gas station down the street.
This is a dumb story, ginned up because it’s “<bad thing> + <apple|tesla>”.
This happens with any rental car or and car transaction.
Also, end of the day, this data isn’t particularly sensitive. Your state DMV provides your registration and license data in real-time to third party data brokers. Cellular carriers sell geo data. Its pretty common for folks to have contact lists slurped up by third parties.
There is: the author of the article could be cherry picking the data.
TTT the article is pretty convincing to me and its conclusion doesn't surprise me. But I thought rather than be immediately downvoted for criticizing T I could pose a more open-ended statement and see if anyone had a counterexample. Doesn't look like there is one.
Can someone knowledgeable explain to me: How offline can you run a Tesla? Is there an off button? Can you disconnect the networking entirely? Can you download updates externally, review them, and somehow manually feed them to the car? Does the owner have access - read and write - to logs and video and whatever else gets stored onboard?
For that matter, what is the situation with other newer cars, electrical or of the exploding chemicals persuasion?
I guess, but I worry more about the car sucking out data from my phone than I worry about it potentially recording a video of me driving. It really feels like a minor detail compared to everything else.
Another commenter on this thread said "the previous navigation searches were not cleared and included a nearby strip club that my wife found before I did." In one previous comment you say you're an [Tesla] insider. I'd rather see data encryption being used, even for music titles and dash cam footage, then dismissed as non-issue (at every car company).
Good question, but theoretically the user is in possession of that data (while the car is with them). Allow for the user to be able to extract the data might be mandated by it though.
I expect that a company buying a car and onselling it to a new customer has a duty of care to not expose the data of the original seller to the new buyer. So that’s the dealer’s responsibility. It sounds like Tesla itself also has some work to do given other comments in this thread indicating they could see the previous owners info on the My Tesla website.
Comically, on the car itself, the previous navigation searches were not cleared and included a nearby strip club that my wife found before I did.
On my wife's X (also bought from tesla.com second-hand), she was sent a whole bunch of financial information about the previous owner, both through text messages and on the online portal.
They really don't do an especially good job of securing customer information.