"It is important to note that the exposed details do not constitute personally identifiable information, so it wouldn't be possible to use this data leak to track individuals unless the attacker knew the VIN (vehicle identification number) of their target's car."
Am I dumb or are they? If you know someones home address, then all you need is a geo lookup, and a filter which selects for cars parked near that address at 3AM over some time period. Which then gives you the VIN and the entire location history, right? Sure you might get more than one car if the someone lives in a city and uses street parking but its still going to reduce down to just a handful of cars which can then be cross referenced against place of work, relatives, etc.
And of course home address lookup can be made with any number of public databases with little more than a name and maybe some additional filtering (age, city, phone number, etc).
> its still going to reduce down to just a handful of cars which can then be cross referenced against place of work, relatives, etc.
You are correct, but I can't imagine why anybody would go to that much trouble for a speculative answer. Your idea requires quite a bit of intelligence collection as well (relatives' addresses, addresses of known hangouts, etc. that you have to vet for accuracy).
If you have a confirmed home or work address, just go to their home or work and take a picture of the target VIN through the windshield.
Reidentifyig anonymized location traces has been common for many years in the gray data market world. If you have multi-year traces, it’s not too hard. You just need some sparse location data for the target and then if the sparse data matches the trace at 4-5 times you can be pretty sure it’s the same person.
For example, if you ever use public wifi, and you hit a web page with real-time bid ads on it, your ip address and tracking cookie will be reported. The IP can be geolocated, and presto, you have one time/location datapoint. Credit card transaction data can also be bought, and a cc transaction often gives you a location and a time.
I’ve had to relay this on to people I train: It’s their job. It’s a business and it’s unreasonable for you to be better at aspects of it than they are.
I think the slide is titled “Someone is going to be the goose, hopefully not you”.
It seems like the old Bell system with its monopoly rents was a feature then. Scams like this were impossible economically since even the cheapest long distance phone call rates were high enough to discourage scam call centres.
I’d imagine the play here would be to search known people of prominence/public figures/clergy/politicians/etc and then review the logs for signs of I’ll doing. Most likely infidelity. Then blackmail ensues.
Going to everyone's house seems multiple orders of magnitude more trouble than looking at where a car is most often parked, and seeing if you have anybody in your database that lives, works, or has relatives (or facebook friends) that live at those addresses. I bet you'd get a unique hit 99.99% of the time if you have 10 years of data.
I think his point is just because the data in isolation isn't identification, we live in a world where multiple public datasets are easily used to make 99.9% correlation, yet laws still act like these associations are "technically challenging"
Most of the problems are from actors who are very specifically motivated and we need to start a less isolated view of data breaches .
More accurately, you can’t alter or remove the VIN. I don’t believe it has to be visible at all times. Some car owners obscure their VIN because of public sourced databases like Vinwiki.
I don't know if there's any liability for doing that, but some of those car owners occasionally find out that their car was seized by the cops to "investigate". This might depend on state law, too. E.g. in New York:
"Members of the state police, any local police department or any peace officer acting pursuant to his special duties shall seize and confiscate a motor vehicle or trailer if any original identification number or special identification number is destroyed, removed, altered, defaced or so covered as to be effectually concealed."
Okay, massive tangent, but it's been bugging me for a while and this has finally tipped me over the edge - why is it called personally identifiable information? That would be information that someone can personally identify surely? Shouldn't it be personally identifying information?
Yes, all location tracking data is personaly identifiable.
Given any dataset like this it is trivial to pick any entry and trace where is home and where is work thus de-anonymizing it. Conversely given any home or work addreas it's trivial to find all other related entries for the individual.
Definitely agree. If I have a time series of geo location information, which visits point x,y once per day at 5:00pm I can probably conclude they probably live at this location.
Of course it would all be incredibly boring to analyze. We can conclude that people live at a certain location, (dumbly for no good reason) drive to another one 5 times per week and go a few other places.
Sure you might be able to find the odd person that is doing something weird or illegal but if you already know location x1, y1 contains bad guys might as well just go there and arrest them instead of creepily analyzing data that you know you shouldn’t have.
Yes people can finally see if their spouse was cheating. Or learn when a target is typically not at home. Or what church they go to. You are not dumb. The statement in the article is dumb however.
If you commute from home to a job I think even with somewhat coarse information it’s easy to figure out who you are. The NYT did a story like this based on advertiser data.
All car shrink-wrap licenses that I have looked at are similar. That's why I think it is funny when people freak out about Android Automotive. The Android Automotive terms are much, much better for customer privacy.
The EULA for my Honda says that Honda can and will share all available data with itself and third parties, named and unnamed, for any or no reason.
How does these EULA’s work if you buy a used car? I suppose manufacturer doesn’t really know if the car has been sold and the new owners haven’t accepted the terms?
Well, how do the shrink-wrapped EULA's work when you sell a computer? What is Microsoft's position on you selling your windows license to a third party? I expect that car manufacturers will eventually take a similar line. But it won't be a big deal for very long. As we will soon all be paying subscriptions to use our cars, license transfers will be balled up into the transfer fees paid when you move your ongoing subscription commitment to the person buying your physical car. The manufacturers will supervise the process.
>>What is Microsoft's position on you selling your windows license to a third party?
It's 100% allowed within the EU, even for OEM licences. There have been multiple court cases about this and microsoft lost every single one. But I guess that's not what you were implying?
Because while the courts agree that legally licences are transferable, they haven't ruled that Valve and others should build a technical facility to allow this. Microsoft put themselves in this position by accident because they allow licence keys to be activated multiple times - so you're free to sell your licence to someone else and Microsoft has to activate it. While Valve can just refuse to build this functionality into Steam and no court has ordered them to do so.
This is incidentally often the real reason why big companies refuse to release seemingly 'obvious' features their customers would value.
Because of some adversarial legal precedent in a major market that would impair them more then the expected benefit.
Microsoft probably is moving away from selling permanent licenses partly due to this, for everything except those to large customers they can individually keep tabs on.
You absolutely can. If a game comes with a real license key (not an [insert platform here] activation/import key), you are entirely free to sell it the same way you can sell your Windows key.
Hm, what's going to be the relevant factor, a lowest-level court decision from Germany or the EU rules and the (binding) decisions of the highest EU court interpreting them that the German court bases its decision on?
> "games are art, not computer software"
That's not the legal interpretation of the topic, no.
What does this mean? How do you "not accept this"? Are you jumping up and down now interior pictures are leaked from your Toyota? Do you not pay for recurring fees of licenses? Do you send an angry phone call in the general direction of Toyota HQ?
I drive a 30+ year old car. It can easily last another 10 years.
0 tracking by the manufacturer. No subscription services needed. No annoying beeping when you forget to put on your seatbelt for 10 seconds. No touchscreen, all physical buttons. No Android/Apple spyware. No cameras. No ads on any display. No car-key that can run out of battery.
Same bucket here. But what do we do when it does need replacing? I don't own an old car because it's a hobby, I don't have a garage, and I also think that safety has improved a lot. There's a sweet spot to be found for cars with modern safety technology but without telemetry, subscriptions, or computerization (other than OBD-II). But these kind of cars seem to be on their way out. For now, I'll enjoy my manual transmission and roll-up windows!
Don't buy a new Toyota. Make it widely known why you're not buying it. Remove the modem and publish instructions on how to do so. Start or join an initiative to legally punish this.
Literally anything is better than sitting and solemnly spelling out what "will" and "must" be.
There's clearly no meeting of the minds (I didn't even know about this "agreement", let alone read and agree to it) so I don't understand how the terms could possibly be binding. Failure of the courts, I guess.
Funny, I looked around and couldn't find an equivalent for Honda motorcycles. Perhaps Honda understands their customers better than we think. Honda seems perfectly willing to build tracking-free products when the customer base cares enough. I have never met any sportbike rider willing to share one iota of ongoing GPS data with anyone.
~~~ Their's is a lot better, does still include Geolocation, audio recordings, navigation usage, however the usage looks limited to just Honda and the obviously required services: ~~~
> We will not use Geolocation Information for our own marketing purposes or disclose identifiable Geolocation Information with third parties (except our service providers) without your consent.
> These companies may use Covered Information for their everyday business purposes, including marketing, customer service, fulfillment and related purposes. These disclosures may qualify as a sale under certain state privacy laws.
Also their definition of "Service Provider" is way too broad (see below comment). So I might need to retract my statement on their policy being good.
> or disclose identifiable Geolocation Information with third parties (except our service providers) without your consent.
There's also that little qualifier "identifiable" in there. Companies usually take a very different stance on what constitutes "identifiable" than people think.
What that's really saying is that they will share the geolocation information with third parties without your consent, but they'll probably do a little handwavy "anonymization" thing on it first.
> they'll probably do a little handwavy "anonymization" thing on it first
But… it’s just metadata. It can’t possibly be cross referenced, in bulk, with high accuracy, in 5 minutes, right? And even if it could, I bet there’s no money to be made selling people’s data, so there will never be any shadow industry that “brokers data” of regular uninteresting people, that’d be ridiculous!
Satellite, traffic, and telecommunications companies;
Roadside assistance vendors;
Contact centers;
Research and development vendors;
Providers of software integrated into our vehicles and systems;
Marketing and non-marketing communications, analytics, and consulting firms;
Professional service firms such as attorneys and accountants;
Day-to-day business operations vendors such as courier services, facilities management suppliers, and information technology and network support.
Although it's worth mentioning:
> These companies may use Covered Information for their everyday business purposes, including marketing, customer service, fulfillment and related purposes. These disclosures may qualify as a sale under certain state privacy laws.
So I might need to retract my statement on their policy being good.
As for law enforcement:
> We may use and disclose Covered Information and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate to respond to legal requests (including court orders, investigative demands and subpoenas), to protect the safety, property, or rights of ourselves, consumers, or any other third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with law.
Well, the motorcycle community is overstocked with privacy lunatics, preppers, gun nuts and other extremists, so this makes sense. Also I can't think of any Honda motorcycle with a GPS aside from the Gold Wing, which stretches the definition of motorcycle in numerous ways. On the other hand every motorcyclist I ride with carries a Garmin inReach, which is the very definition of sharing your GPS with someone.
But the difference with handheld devices is that if Garmin misuses the data, the cheap device is tossed aside. One cannot just abandon a motorcycle as one would a handheld device. The day that Garmin starts handing out speeding tickets is the day that every motorcycle rider smashes their devices.
Every person that I've ever met who calls themselves a "prepper" has been what most would call an extremist. (I'm not calling you an extremist -- I've never met you.)
That's a different crowd from someone who is just prepared for emergencies and disasters.
> Every person that I've ever met who calls themselves a "prepper" has been what most would call an extremist.
It seems like you have a cognitive distortion to work out. Amplifying an anecdotal sample to classify all people with a shared interest as having other characteristics of your sample is understandable but also misguided.
This is an absolutely unbelievable level of privacy intrusion IMO. I 100% support very heavily fining this sort of behavior, otherwise it will continue to proliferate.
We need stronger laws about protecting user data. Like HIPAA but for everything. Storing millions of hours of video of people driving and their GPS should be a liability. I did not consent to any of this, but I'm certainly on recordings for drivers who did, that should also be an enormous fine.
Where would the support for fines come from? When government understands these issues at all, they only want more control and restriction. The only thing I can imagine legislators getting upset about is they the car manufacturers are not sharing all the info with government by default. Next steps will be mandating tracking, not fining for it.
Probably when a legislators private graphic videos with an escort or drug dealer or something more interesting gets leaked. Perhaps some government officials data is present in the leak as we speak. It might be harder to spot if not a personally owned vehicle or still cloud registered to a previous owner.
That's how video rental records became private when Supreme Court justice nominee Robert Bork's records were leaked and suddenly everyone in Congress panicked that it could someday happen to them. Bork turned out to have mundane tastes in movies but obviously members of Congress were renting movies a bit more wild.
> When government understands these issues at all, they only want more control and restriction
CHIPS Act of 2022 allocated money to support US semiconductor manufacturing. Right-to-repair laws have been gaining traction even though it can't benefit any large economic interest directly. Those are two recent examples off the top of my head that aren't a reflection of a government that "only want more control and restriction."
I get that politics is frustrating but this kind of blanket caricature just relieves people of the responsibility for engaging with specifics, and when people commit to it that actually covers and enables real corruption.
Yes? When was the last time people were satisfied with the candidates available to "represent" them and were doing anything other than choosing the "lesser of two evils" to try to keep it from getting worse?
Voice recording without explicit consent of all recorded parties is illegal under wiretapping laws in my state, and my state is pretty aggressive about it.
When you look at the specific uses, I think it's a bit less unbelievable. I think the important piece is that they should more clearly stipulate how the data is used and what controls are in place to protect it. Even more importantly, opt out by default if there's any chance of the data leaving your vehicle and a clear mechanism for wiping all collected data.
> Your Facial Geometric Features will only be stored on your vehicle.
> Vehicles equipped with Teammate use sensor and/or image data from the vehicle’s interior and exterior to evaluate the vehicle’s surroundings
The way "representative democracy" (in quotes because both words are a lie) works at scale of any large country is as follows: you elect people based on simplistic promises that they make, and if they win and you're lucky, they kinda sorta do something that's vaguely like half of what they promised. Your only recourse is waiting for N years to vote for someone else who will almost certainly do the same thing.
Not only is this all by design, but in many countries, the "free mandate" - i.e. the notion that the politician can say A before the election and then do ~A after - is even legally codified. In theory, this is supposed to allow the elected representatives to apply their own judgment based on nuances of the moment instead of pandering to the mob. In practice, it means that your representative is free to pander to people other than those they "represent" while still claiming a public mandate based on the votes received.
This is a bad take. Representative democracy works and we have plenty of examples of that happening even within our lifetimes. Your negative outlook is a choice and it’s wrong. Do better.
We elect representatives at every level of government. In a country of 335,000,000 people a slow moving central government is a feature. If you really want to make a difference pay attention to your city council.
My outlook is from experience. I used to be a believer in representative democracy, but I simply cannot reconcile that with observations anymore.
Note, by the way, that I'm not claiming that changes don't happen in this system. What I'm saying is that changes happen when the ruling class is convinced it's time for them, not when the populace as a whole is - and no amount of voting changes that.
The fewer people each representative represents, the closer it is to an actual democracy, which is why city councils etc generally work better (although they are still far from ideal and have the same fundamental problems I described). But the nature of modern politics weaves local issues into broader ones on higher levels, and what ought to be local politics increasingly becomes national.
I honestly can’t even follow this. So you agree democracy works but it’s bad for… reasons? Can you be more specific? You have “experience” but you can’t articulate it. Sounds like you’re just jaded. That’s not democracy’s fault.
I was complaining about representative democracy specifically. There are other forms that do not have the problems that I specifically outlined. For representative democracy, those flaws become more prominent as you scale it up, so on very small scales (like a small town) it works reasonably well, but it quickly breaks down once you have "representatives" claiming mandate on behalf of many thousands of people.
Direct democracy doesn’t scale. It can and is employed locally but at the scale of the US it’s impossible. Our representative system accounts for that and is effective. None of your complaints are insightful or even coherent. You’re just whining. It’s not constructive, and I think it’s actually harmful. If you can’t be constructive then just be quiet.
I've purchased a few Toyota models, with the first having the connect service being a 2014 model. The sales rep asked for my phone so they could download the app that works with their system. The manner in which it was asked was interesting to me in that they clearly had not had someone so much as flinch as to giving them their unlocked phone and access to an app store. Maybe I was the first person not a grandparent they had worked with, but they obviously were not handed my unlocked phone. Since it was my first car with a connected system, I tried it out but was very unhappy with it. Their GPS required you to use your phone to enter a location and provide GPS. The in car system was basically just a screen for the services your device provided. The next time I purchased a car, I never even connected a phone to it.
That sounds perfect. How could a car system be better than just be a screen and interface for the functionality your phone provides? It's literally the dream.
If it's a particularly cheap car I wouldn't even mind if it doesn't have a screen or interface, and just supplies an API to the phone and a holder for it.
Either way would be a million times better than any car made between 2005 and 2015 has to offer.
> How could a car system be better than just be a screen and interface for the functionality your phone provides? It's literally the dream.
This is how Apple Carplay works. It just streams the phone to the display, and accepts input from the car's buttons. I think Android Auto does the same.
The caveat being that it requires the use of their app to run the system. Using an app is exactly the thing that gives them access to so much personal data.
if you own a car from 2008 or newer the government essentially mandates it to be a privacy nightmare. If you care about privacy don't buy a modern car. Throw in the Vault 7 CIA leaks about how they explicitly had programs to research how they could hack modern cars remotely
you have to wonder how many vehicle 0-days nation state actors have saved up for when they need them, even just displaying the ability would grind the country to a halt because people would be afraid to even drive
> This Privacy Notice DOES NOT apply to:
>[...]
> Any Toyota vehicles equipped with Connected Services located outside of the continental United States, Alaska and Hawaii.
If companies want to collect such personal data it should not be by default, and each clause should have to be independently validated by the customer including what data, how it's used, where stored, for how long, who it's shared with.
Nobody will accept basically so that says something about the asymmetry here.
The privacy policy looks really reasonable and mostly only collecting the data that it needs to provide the services. And the most cloud-based / privacy concerning stuff (e.g. external video capture, and usage-based auto insurance) is listed as opt-in.
I'm not sure the location data aspects are great but yeah, there is some discrepancy between what the parent post was claiming and the policy states:
> Certain vehicles equipped with an interior, driver-facing camera [...] If you opt-in and link your user profile using the in-vehicle “Setup Face” process, the Face Identification feature may use your Facial Geometric Features and Profile Data... Your Facial Geometric Features will only be stored on your vehicle.
> External Vehicle Video Capture. Owners of certain vehicles equipped with [...] may also opt-in to participate in External Vehicle Video Capture...
> To use the App Suite, you must download the application and accept the End User License Agreement... We will use Voice Recordings to improve our responses and voice recognition. To facilitate functionality of your App Suite and linked third party services, your vehicle may share your Location Data and Voice Recordings transcriptions with your third party services...
Owners may want to disable this in hardware rather than relying on a sketchy opt-out mechanism. The relevant part is the "data communications module". It has an LTE modem and a backup battery, so it's able to transmit even if the car battery is disconnected. It requires a little bit of dashboard disassembly to access. You can either remove it or disconnect the LTE and GPS antennas. Toyota has technical documents available for $25 at https://techinfo.toyota.com.
It would be great if there was some website that collected all the detailed instructions for removing the spy devices from different car models.
do you know if there are easy equivalents for other car brands? when I bought my new car in 2019 I also wanted to disable any built in GPS/Data connection but it was hard to find any instruction if nobody else had done it or documented it yet. subaru if you happen to know!
edit:
hah, should have just googled it first. looks like people are trying it out more now
Do you have a source for it being illegal for an owner to disable it on their own vehicle? Your link talks about it being required in new cars but I didn't see anything that said you couldn't deactivate it.
ecall is a functional safety feature of your vehicle, which, like tire pressure sensors or abs or ESR or whathaveyou has been prescribed to save human life's. it only phones home, so the logic, in case of a severe accident. automatic registry of any sim card with mobile network towers is just a technicality, according to that logic.
ecall is a prescribed feature for homologation (German: Typzulassung). if you manipulate a homologation relevant feature of the vehicle, your general operating license becomes void ("allgemeine Betriebserlaubnis erlischt")
in other words: you can sure disable it on your own car --- but that car in that moment loses insurance and you're no longer allowed to operate it on the road, except to bring it to the workshop.
that's the mechanics of "homologation" and "general operating license", i.e. the mechanics of road safe vehicles.
now, are you looking for a source of these mechanics? or a source for where ecall is listed as generic mandatory feature?
In many cases this isn’t viable. On my car for for instance - a 2016 Subaru - removing the telematics module also disables all front speakers because the audio signal is routed through it.
> It is important to note that the exposed details do not constitute personally identifiable information, so it wouldn't be possible to use this data leak to track individuals
The data included timestamped GPS data, which has been demonstrated to be easy to de-anonymize.
Yeah, companies seem to think that "personally identifiable information" is basically just your name. That's clearly wrong because GPS data and VIN make it extremely straightforward to figure out who a car owner is.
As far as I'm concerned, this is PII. That statement is a bald-faced lie and a state AG should bring charges over this - it's extraordinarily irresponsible for Toyota to collect this data and then leak it for TEN YEARS.
"Personally identifiable information" is a legal term with a legal definition[1], and location data is not PII. Companies think that PII is basically just your name because that's literally true: PII means name and government-issued ID number. That's it. Everything else is not PII.
Relatedly, PII sucks as a basis for privacy law. The laws enshrining PII were made in response to identity theft[2], and that's the "threat model" those laws are protecting against. They do a reasonable job protecting against that threat model, but are very narrowly-focused on that threat model.
Fine-grained location data is absolutely sensitive data, and any non-braindead privacy legislation would consider it as such. The US lacks such legislation. It would be considered Personal Data under GDPR, and Personal Information under CCPA.
[1] Actually like 400 definitions in 400 different laws, but there's a lot of similarity.
[2] Specifically, the first data breach notification law was made in response to lawmakers being the victims of identity theft. This is a common thread in US privacy laws. See also Robert Bork.
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
GDPR accepts that person can potentially be identified with reference to location data.
Anyway, "Personally identifiable information" is a weird term. Person can be identifiable in various ways. Information is just information. GDPR doesn't use this term.
Personally identifiable information" is a legal term with a legal definition
In the U.S., the definition of PII varies depending in which federal department regulates your company.
My company's legal department recently sent down new PII rules, with links to the relevant federal agencies policies. Much purging of log files ensued.
I think most tech people would be shocked to see what very basic information some federal agencies consider PII.
But the VIN number was available, as it says right below that
I mean does anyone think there HASN'T been a leak of VIN numbers and owners that would be trivial to join with this?
It's also kind of staggering how long this was a problem
Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.
In my state, anyway, vehicle registrations are public information. If you have a VIN or license plate #, you can get the identity and address of the person the car is registered to, and if you know the name and address of a person, you can get the VINs/plate #s of the vehicles registered to them.
I don't think it's any indicative of how long this problem has been here? Unless I misunderstood, because after re-reading I guess I see how you did read it.
I do the same thing, there's a small historic landmark several blocks from me but on the right streets to be useful for traffic scanning. I'm not really sure why I do it, it can't fool anyone, but it also amuses me slightly.
It is clear that automakers are utterly failing at technology.
In-vehicle control systems are typically garbage.
Several hacks have been shown where vehicle data is exposed over cellular links, in some cases with remote attackers being able to actually control elements of the vehicle (eg: Jeep).
Software updates are rare, with manufacturers often trying to charge exorbitant amounts for basic updates.
Data breaches of various customer data, credentials, PII, etc. are repeated.
IMO we are at the point where in-vehice technology is a thing that is never going away. Auto manufacturers need to become bona-fide software developers and take development, QA, cyber security, etc. far more serious than they have so far.
So I don't work in automotive domain, but I work in Controls Engineering. Basically everything you just said relates to my work as well, and based on tidbits of anecdotal info I've picked up through various technical forums it sounds like automotive & controls are quite similar in that regard.
The dirty truth is often times these domains were designed and chiefly operated by non-software people. Not to say a mechanical engineer or electrical engineer can't program, it's just that their focus is on their work, and the software is but a tool to accomplish those means. So the world of software has leapfrogged over PLC and automotive design and gone to run laps around it several times since the 90s. It's only in say the last 5 years or so that I've seen a cultural shift in controls towards embracing the modern realities of software, networking, security, version control, databases, etc.etc.etc.
I'm not going to go too much further into this, but this is why Software Engineering as a regulated profession is going to be a necessity as much as civil engineering or electrical engineering has been. The digital world is just too vast and complex now with so many pitfalls for those who only ride the edges can handle. And people's lives are starting to matter. It is no longer safe to treat security as secondary with an "oopsy" anymore. We don't tolerate bridge collapse or electrical design that can destroy livelihoods, why do we still tolerate hacks governing data and safety of public?
But it's not nearly as prescriptive as what you have in DO-178C for example.
Nevertheless most of these telematics systems are not "considered" safety-critical in a hazard analysis unless you have OTA updates or something similar so large chunks of of 26262 would also not be applicable.
>Wouldn’t it be easier to regulate the quality of software used in critical products?
Sure, but who is responsible/accountable?
Often times I bring this topic up to have a bunch of people looking for gotchas in my overly broad wishful thinking. I don't want Engineers to be a requirement to work in software as a whole. I don't even think being an "Engineer" makes you better in any functional way than your peers. But I do believe in ideas of accountability, responsibility, ownership, and all the legalese involved with taking that seriously.
If the software is holding people's personal info, say to the point where a leak would constitute real risk, I want a Software Engineer stamping the security design to show they follow best practices and the company isn't taking shortcuts. If the software is controlling a robot that could maim someone, I want to know that some intern wasn't the one signing off to say its safe.
We aren't there yet. And there's lots of work that needs to be done to get us there. I recognize that. But I want to keep putting the bug in people's ears to have that thought for the years that come as we watch more software glitches cause harm to people, to the environment.
this is why Software Engineering as a regulated profession is going to be a necessity as much as civil engineering or electrical engineering has been
Unfortunately the challenge with this is still the same as always: do we even know how to engineer software, in the sense that established engineering disciplines use the term, yet?
If we started permitting only “qualified” software engineers to make the big technical decisions, who would decide on the required qualifications? Would it be the few experts who really have spent whole careers successfully developing genuinely high-reliability software in industry or researching innovative techniques for improving quality in academia? Or would it be people like career consultants who write popular books on “best practices” and give keynote speeches at conferences with big name sponsors?
The dominant trend in the software industry for years has been towards short-termism and ad-hoc everything. That often makes sense as a business strategy, at least given the current financial incentives, but it’s not necessarily the best way to promote robustness, predictability and longevity. Prematurely trying to codify accepted practices for engineering software might end up entrenching the status quo, when what is really needed as software eats the world is disruption by people who have demonstrably figured out better ways to do it.
So while I strongly agree that we need to raise standards in parts of the industry where Very Bad Things can happen when software fails, I don’t think regulating software engineering in the same way as more established engineering disciplines is a viable way to do that. Not yet, at least.
> Auto manufacturers need to become bona-fide software developers and take development, QA, cyber security, etc. far more serious than they have so far.
Follow the money.
Their core business depends on the sale of a manufactured good, software is not the product. Software in Automotive is a cost centre.
They will absolutely contract out to the lowest bidder (coincidently probably the least capable). Cost downs in BOMs/features are trimmed to the cent because they are manufacturing in volume so manufacturing cost per unit is King.
What we define as sane Software best practices™ is a result of an industry were Software or services via software are in fact the product.
Also people won't vote with their wallet because we absolutely post-rationalize features and UX in a car. Most people don't realize or won't admit how reptilian their decision process goes in buying a car it's 80% "do I like the looks of it" and 20% the price tag.
I hope regulators fine the hell out of these companies. Enough to make them think twice about offering these upload everything to the cloud services no one really asks for.
This is how engineers think executive decisions are made and it is just not accurate.
The CEO of Toyota plays golf with the uncle of the head of the “we track you forever” group. They both feel like the nephew has a big future and there is a ton of money to be made over the next 5 years before the CEO plans to retire.
Plus, according to their marketing team, Volkswagen is worse. Much worse.
There is way less science and way more emotion at play.
The Ford Pinto scandal was found to be a pretty clear cut case of an auto company refusing to do a recall because dealing with the expected number of injuries and deaths would be cheaper.
So the OP's perspective is accurate. It's not all just golf and nepotism.
"The evidence suggests that Ford relied, at least in part, on cost-benefit reasoning, which is an analysis in monetary terms of the expected costs and benefits of doing something."
It has less to do with just emotion and more to do with politics. Maybe something is a marginal idea but you approve it because X is a good VP you want to reward.
A simple equation but no one actually operates that way. Except for maybe auto manufacturers from late-90s books-turned-movies starring Brad Pitt and Edward Norton.
Most variables are impossible to accurately predict. e.g. "Cost/probability of fine" -> how do you model the cost of brand tarnishment?
I think for a lot of tech products, it's more that the profit margins are tight and competition is fierce, such that spyware integration is needed to subsidize what would otherwise be a money-losing product. At which point the only remedy may be to impose regulations telling companies that no, you can't sell customer's private data without their permission -- and then the price of electronic goods should stabilize at a somewhat higher price but without the user-hostile features.
There's some really active community discussions around disabling the Data Collection Module, discussing everything from simply pulling the DCM fuse to disabling only the antenna.
If you pull the DCM fuse, you'll loose the microphone and potentially one of the right-hand speakers - these can be fixed by jumping the wires in/out of the DCM.
What's concerning to me are reports of the car still uploading all the collected data if you attach a cell phone to the radio's bluetooth. Apparently the car just relays all the info.
I kinda want to snoop that data and see what it is, at least collect the encrypted packets... but my car is from 2007 and has no connected features, so...
> What's concerning to me are reports of the car still uploading all the collected data if you attach a cell phone to the radio's bluetooth
This must be if you have the car manufacturer's app installed. I can't think of any other way for it to phone home from DCM via buetooth if the cellular module is disabled.
Doesn't doing things like this void your car's warranty (at least to those units that are hooked to said wires you're cutting/bypassing?) I'm sure the fuse removeal is fine though. You should put up a dislaimer for unknowing people that this will make their warranty reimbursement tough or impossible. If it's out of warranty of course it doesn't matter.
Unfortunately as far as I can tell it only actually stops after the "remote connect" trial period ends one year after you buy a new vehicle that opts you in automatically. There are probably ways to physically disable the data collection modules for this, if you're comfortable tearing apart your car's dash. https://www.tacomaworld.com/threads/2020-data-transmittal.63...
Does the California CCPA apply here? I've only seen it discussed for websites, but does it work for any company doing business in CA? Wondering if California residents could send a delete request to Toyota (and other companies like Samsung for data gathered by smart tvs).
If a lot of people start regularly sending CCPA delete requests to these companies maybe they will stop gathering this data.
Japanese auto completely missed the memo on software. Many of them won't make the ev transition. It's hard to imagine what Japanese economy is going to be like once their auto industry is gutted.
Toyota's hybrid tech is and has been the best and most reliable for a very long time.
I think it's a shame that the EV regulations and incentives (at least in America) are not as friendly for traditional hybrids and plug-in hybrids. They have basically zero downsides compared to full ICE or full EV, and would still make a massive dent in emissions.
PHEVs in particular - most people are going under 100 miles a day, so there would be 0 emissions.
Toyota has only recently put into production PHEVs that seem a lot more practical.
For example, the electric-only range for the 2012 Prius PHEV is 15 miles, not enough for many people's daily commute unless you can plug in at both destinations. The 2023 Prius Prime is around 40, which is much better, so maybe you can just plug in at night at home.
It is only the 5th generation Prius that is truly designed around having a higher capacity battery pack, ditto for the recent RAV4 PHEV model. The 4th gen Prius fits in the larger battery pack as compromise, with reduced cargo area and wasted volume.
I would have bought a Prius Prime in 2017, and tried to get the tax credit, but there were several issues. There weren't many available in my area, the standard 2017s had driving and parking assist, while the Prime did not, reduced cargo area with no spare tire, and the price, because even with the tax credit was a bit too high for my liking. Just went with a standard Prius instead, and definitely have not regretted the choice. Today I'd buy a PHEV RAV4 or 5th gen Prius though.
Toyota just has to extend the range of the various plug-in hybrid "Prime" models to 100+ miles on EV, which is totally doable. Right now it's already 25-40 miles. In the US in particular that's going to be a good compromise for a lot of people.
FYI, 40 miles is not plucked out of a hat. Scientists specifically mention that number because it exceeds the daily average driving distance of >90% of people. It is basically the point where any further increases in range becomes unnecessary cost.
That's interesting. Yeah, I know it's probably a more complicated drivetrain, but PHEV to me are the absolute sweet spot for US drivers. Enough to electrify most of the time while enabling longer commutes if needed. Too bad there doesn't seem to be one with 40 mile range under $50k.
A 24 kwH pack (or less) along with a https://www.liquidpiston.com/ engine could provide for an amazing hybrid platform. I think these large battery packs are an obscene waste. Even the 24 kwH pack should be running in 24 electric assist bicycles. Anything over 50 kwH is waste and preventing someone else from going electric.
The average person is extremely concerned about their ability to take that 1,000 mile road trip they’ve never even considered before. This waste also makes cars heavier than they need to be which requires special tyres (more expensive, of course), does more road damage, results in worse braking performance, and more impactful in accidents. And for people who care about driving, the added weight makes the driving experience worse. No driver has ever wanted a heavier car.
Once we collectively get over range anxiety a whole new world is going to open up in EVs.
1,000 mile road trips actually happen, and until recently it was never a problem we had to deal with.
I very much doubt we will ever get over it. We are specifically asked to abandon a feature we enjoyed for a century. We will likely only get over it when there are EVs that simply do not have this sacrifice.
I never said they don’t happen. I said it isn’t average to take one, and the average person is concerned about their ability to do something they’ll never do.
The average person doesn’t need hundreds of miles of range on a single charge assuming the charging infrastructure is there, and it’s getting there.
I’m not sure what your point is. You are in favour of wasting limited non-renewable resources because you personally take road trips?
"Never" is a strong word. People do need it every once in a while. You are taking the idea that people don't drive that much too far.
The point is that the convention BEV is not that desirable, and that people will never accept its limitations. The solution is simply producing another kind of zero emissions vehicle without this problem. That is something we can easily do now. The only opposition at this point seems to be BEV fanatics who have basically closed their minds to this fact in the same way ICE car fanatics closed their minds to EVs a decade ago.
Those Liquid Pistons are probably the most interesting engine design to come a long in a long time, but they're still unproven technology. I haven't kept up on it but I think they've been working on figuring out how to get the engine to survive any significant length of time.
I agree that huge batteries are a waste, but I think there's basically no future in fossil fuel ground transportation. Hybrids are a transitional technology we might use for awhile because we don't have the EV production capacity.
In the long run I think we're better off electrifying our major highways so cars and trucks can charge without stopping. There are several ways to do it, of which induction is the least practical and most expensive.
We should be open to manufacturing liquid fuels or growing them. Esp if they are used sparingly as a backup source. They are energy dense, portable and transferrable.
All machines of meaningful complexity need maintenance if you expect them to last, including EVs, and a fluid change that happens twice a year for most vehicles isn't exactly a huge inconvenience.
IMO getting under your vehicle twice a year is a good thing and more people should be encouraged to do it. Getting eyes on the stuff hidden underneath before it gets bad enough to start breaking is always useful.
> All machines of meaningful complexity need maintenance if you expect them to last, including EVs
This is honestly not true - there is an order of magnitude less parts in an EV drivetrain vs a modern ICE car. You can go a decade between seeing a service center in an EV, largely thanks to regen braking/one pedal driving allowing you to avoid new pads or discs. There is no transmission in virtually all EVs, with drive direct from the motor through a fixed gear etc. The motor's moving parts are effectively friction free - the rotor and stator in an EV never touch, so there is no wear.
I think anyone currently running both an EV and a gas car will have similar experiences; The EV needs tires, cabin air filters and wiper blades from new to the 10 year mark, there are no other regular trips. The only scheduled fluid change on a tesla is a relatively inexspensive 10 year battery coolant swap.
My suspension and brakes get inspected for safety issues every time I get new tires on the EV - I'm fine with not getting under it too.
the biggest opportunity for clutch wear is starting. If you can be easy on the clutch during start, and rev match very well the rest of the shifts, and shift infrequently, (highway miles) they can last a long time. How many miles in 15 years?
> Getting eyes on the stuff hidden underneath before it gets bad enough to start breaking is always useful.
For people like myself, looking at the underside of a car is worthless. I wouldn't even begin to be able to recognize something needs attention until it's very obviously broken. And even then, I might not know.
If you're looking at it a few times a year even if you don't know what you're looking at after a few times any substantial changes should be notable. On top of that I'd imagine most people who do their own oil changes are going to lean in the direction of mechanically inclined or at least willing to learn things.
If you're paying someone else to do it, presumably they're a set of eyes that's a bit more experienced with cars and can more confidently identify the sorts of things one could see from the perspective of an oil change.
They often have no spare tire to fit the battery. Quite a few don't have battery thermal management, so the packs will degrade much more quickly. It seems like they have all the downsides.
New Toyota Corollas don't have spare tires. They're not an outlier. Are there available (new) EVs other than the Nissan Leaf that doesn't have active thermal management?
This is a valid concern. My Tesla has had zero maintenance in the 50,000 km since I bought it. Even as a former gearhead, I love not thinking about it.
PHEV sounds like best of both world on paper but actually worst of both worlds in reality. You are hauling a massive dead weight. Very little useful space inside. Most of them don't make past 10yrs due to the cost of complex system and battery replacement.
2022 Prius Prime gets better mpg than 2022 Prius, not worse.
And that doesn't count how much better things get if you fully charge the electric 25-mile range battery and measure the mpge.
Additionally, I offer into evidence what happens if you rent a Prius Prime and drive up to the valet at the hotel of your choice. Answer: they won't come and help you. Reason: they'll think you're an Uber driver. Upshot: the idea that Uber drivers could or would eat the cost of worse gas mileage due to dead weight is fatuous.
Toyota does a 10 year manufacturer warranty; the availability and price of used ones older than 10 years (I think they're called Prius Plug-in) should tell you that Toyota has a handle on the complexity of the system they built.
Toyota. Oh what a feeling.
Also, anyone who has one: hit me up if you're thinking about getting rid of one of these pieces of dead weight.
Is the likelyhood of my vehicle, be it ICE, Hybrid, or EV catching fire higher or lower than me getting struck by lightning, or getting eaten by a shark/bear/goat?
Japan generally. They tried to pull a great leap forward move with AI a few decades ago, but just ended up wasting billions on dead end approaches right on the cusp of the AI winter. My personal opinion is that really top notch breakthrough software engineering and computer science is susceptible to an exponential cascade butterfly effect.
Yes you need big teams to deliver huge projects. Operating systems, compilers, languages, etc all take huge investment to build out. The thing is though the initial conditions have a massive downstream effect. The core contributions by genius 10x computer scientists and software engineers set the pace for everyone else. Unix, C, Linux, Git, LLVM, Perl, Python, who knows what else. It's the individuals or small dedicated teams doing it the 'wrong' way, or going for a weird untested approach that starts a small speck that snowballs into huge multi-billion industries.
The culture and economic conditions in the US are perfect for this to work. Japan, and for different reasons and certainly not the the same scale Europe, not so much.
I feel like it’s an architectural change, similar to how smartphone transition wasn’t just about touchscreens. Many flip phones in Japan gained touchscreen after iPhone like wings on a dragon, and died anyway.
If you mean battery EVs, it very likely won't happen. I would even go as far as saying it cannot happen. They are highly resource dependent and too expensive to make. Hydrogen EVs make significantly more sense once you realize renewable energy is going to be nearly free and "efficiency" is most a distraction.
I worked for Toyota Infotechnology Center in Sunnyvale in 2016/2017 on a robotics research project involving their HSR robot running ROS.
The robot had odometry from the wheels, though it was a bit noisy due to the construction of the omnidirectional mechanism. They decided to ignore wheel odometry and use only an odometry module based on the planar lidar, essentially visual odometry. This worked fine in most circumstances, but basically completely failed in hallways as they lacked distinctive features. This interfered with my work which involved the robot navigating around the office.
I had worked on this problem before, and ROS has an excellent sensor fusion library for dealing with multiple noisy sensor readings. You just need to combine wheel odometry and laser odometry with a kalmann filter, and the sensor fusion library makes this relatively easy.
However even though I worked at a Toyota office with full time Toyota employees, and the code was pretty much off the shelf ROS code, and the robots were produced in very low volumes and only in use at Toyota, they wouldn't give me the source code. I think maybe they wouldn't even give me root access.
Still, I was able to control the names of ROS topics using the ROS launch files (it has been a while since I worked with ROS and I forget some of the terms). I remapped the lidar odometry topic to an intermediary topic name instead of /odom, then directed the intermediary topic in to the sensor fusion module along with the wheel odometry, then mapped the sensor fusion output to /odom. The system got odometry information but now it did not come from the lidar odometry but from the sensor fusion module, so it was happy.
The fix worked great. It had normal behavior when lidar was good, and had reliable odometry in long hallways. I was finally able to implement my office navigation code.
I did my best to communicate these changes back to Toyota. They had not been very helpful when I was asking for help solving the issue, but I had hoped that since I had it working they would appreciate this. I asked where I could file a git issue or otherwise push the code to some private git repo.
They were not using git. Ultimately I was instructed to email the raw code files I had used along with instructions for how to integrate it. I found this quite surprising. I have no idea if they ever implemented the changes I suggested, but I kind of doubt it. From what I have heard of japanese software practices, they basically do not accept code suggestions from the bottom up.
I know of some people who worked for Toyota Research Institute who said they were trying to get the Toyota folks to integrate silicon valley coding rigor in to their systems. Maybe they had success, I don't know. But certainly 6 years ago things were a total mess.
That's not "silicon valley", that's "anywhere remotely modern" coding rigor. Sounds like they need to get with the times, especially with regards to developing systems with software stacks that are a couple orders of magnitude larger than in the recent past (like 15 years ago).
The place I worked next was google, which has probably some of the most rigorous software practices in the industry. Not everyone is going to be like them, but one of the absolute basics is using revision control for code!
Do you have any sources for that claim. Because the big 3 are CATL, LG, BYD. Panasonic is the only notable Japanese supplier but it's trending down fast.
No one needs to bother with that race. It is just a ploy by China to gain marketshare in the car industry. It won't work because it ultimately creates a massive new resource dependency. One that just happens to shift everyone's supply chain to China or Chinese controlled companies. I believe Western companies will eventually walk away from pursuing battery cars, at least in the sense of them being the only solution. it just has too many obvious problem.
Expensive, limited range, slow recharge times, huge dependency on a battery supply chain, etc. Right now, people are obsessed about them but I think this is just temporary phenomenon. Once people realize that there are cheaper forms of green transportation that avoid those above issues, the obsession with battery EVs will end.
Battery EVs probably won't go away, there would be too much backlash against politicians saying "Actually, let's not bother," even if/when the US finally understands and embraces sane intra- and inter-urban transportation modes.
Toyota in particular has wasted a ridiculous amount of time and money on consumer-level hydrogen tech. As a result competitors that focused on battery EVs over the last few years have a decent head start.
The other companies are wasting their time. Battery EVs are a dead end and they will all have to move to hydrogen tech eventually. It is the other companies that are way behind.
In EE terms, betting against batteries is like betting against CMOS. Progress will go where the industry's money goes, not where any one company's money goes. If I could say just one thing to Toyota's management, it would be, "Stop trying to make hydrogen happen. It's not going to happen. There are just too many technical and economic drawbacks."
But any of their engineers could tell them the same thing, so what'd be the point?
The most prominent alternative (fuel cell EV) are also EVs. There are no fundamental downsides in comparison either. To continue your EE analogy, you're betting against another kind of CMOS which also happens to be made of far cheaper materials. Like your CMOS is made of germanium but the competition is made of silicon.
If the US blocks China, the Chinese government will just kick all the Americans out of the Chinese market and nationalize their Chinese plants. I'm sure the big three won't be happy about that. Since corporations run the US, they will give the US Govt its barking orders and the Chinese cars will be let into the US.
Dear lord. The fact they even had this much data means I'll never even think about buying a Toyota in future no matter how many grovelling apologies they issue now.
I used to have a Ford. Their app was generally good but I think all you need is the VIN to add a new car. Now you have the ability to track that car, lock the doors, remote start it, and so on.
All second-hand car buyers should get their car's app and activate their car on it to lock out all other sessions - hopefully.
I have an Audi from ~2017. Then, a few years ago, the 3G network was shut down in the US. Can't use the app to unlock the doors or check the car status. I think I prefer it like that. Interestingly, on the center console screen, it shows an LTE connection - must be for something else? Then why isn't the unlock/lock function over LTE? Who knows.
Fact of the matter: at this point if you’re buying anything with telemetry or cloud services, the only safe assumption is that your data may become public at some point in the future, with or without your knowledge.
Just once I'd like to see a company like this sued out of existence. It's not just that they are incompetent with customer data, it's that they essentially forced everyone to give them this info in the first place by default. What if you're an expatriate Chinese dissident? Maybe your ability to hide just got harder.
Does anyone have a guide to modding vehicles to prevent them from collecting data? I would be willing to snip the microphone in the cab and remove the gps receiver if I knew where it was.
It is highly dependent on make/model but most of the time the data is transmitted through the telematic control unit (TCU) which often has a cellular modem that can connect to cellular networks and you might be able to remove or disable/cut power to the TCU.
There can also be other devices similar to a black box in the vehicle which record data and store it in case of a crash for forensic purposes. I would leave these alone as long as they don't have network connectivity.
Every major privacy disaster that does not lead to dramatic repercusions convinces CEO's (and the shareholders that pay their salaries and bonuses) that the "move fast and break things" strategy is the winning strategy.
The result is that that we are no more than five years away (at most) from the surveilance economy getting a terminal stranglehold on society.
You will not be able to buy a car that is not always dialing home, the same way you already cannot buy a mobile that is not always dialing home.
In any case you will not be buying a car. You'll be buying a subscription to a car, renewable annualy under certain (small-print) terms of service.
Cars will not work without some insurance conglomerate receiving all information it wants and trading your behavioral data in opaque insurance markets.
Cars could stop working at any point. A digital roadblock is much cheaper and more comprehensive that a physical roadblock.
Taking public transport was never private (its in the name after all) but this mobility mode too is getting deeply integrated in the surveillance economy: you will only be able to pay for a trip using identifying mobile devices.
The argument is that people "don't care" about the direction things are taking. This is the most evil argument ever advanced.
All of this is being done in some level of secrecy so they're conflating not caring with not knowing or even worse people know something is going on but not the full details.
Society only works because there is massive amount of trust. It is mostly implicit trust, people don't sign fully-informed contracts left and right. People operate under the assumption that (during peacetime) they can go about their lives without worrying about a specific other subgroup organizing to systematically and explicitly work against their interests. I.e. they don't feel under attack and so they don't behave as such.
I hope jailbreaking and disabling this data collection becomes the norm in the future. It is obvious companies do not prioritize the security protecting our data.
It's a matter of time before that is legislated away as an option. Drunk driver detection and remote disable for law enforcement and other rights-trampling "safety" features will be always-on, probably by law. If it's not those, always-on comms will be mandated to help go to a self-driving fleet. One way or another, they'll force us to have spyware cars.
yeah i've always thought self driving and autonomous car fleets would be a godsend to governments. One order and you can immobilize a street, neighborhood, city or whatever. I bet it's hard to escape oppression on foot.
As someone who worked for one of the big Japanese auto manufacturers less than five years ago in Infotainment, in the exact domain of what this thread is talking about, I agree wholeheartedly. You all may or may not be surprised about the philosophy behind this. Your data is looked at as their data... In the company I worked for, this was all driven by a small sect of executives in Los Angeles.
This is one of the biggest reasons I left, as I couldn't agree on an ethical level with the decisions around customer privacy.
Look at the really opaque language in the table under 12. DISCLOSURES FOR INDIVIDUALS IN THE UNITED STATES:
Summary of Prior 12-Month Personal Information Handling Practices
For example, under the category:
Sensitive personal information or data, such as precise geolocation data, biometric information for the purpose of uniquely identifying an individual, account login information, driver's license, and financial information.
...
> Purpose of Processing: For location tracking, to identify you, and to provide services to you.
> Other: We may have used and disclosed your Personal Information for other reasons described in the How We Use the Information We Collect and How We Disclose Information sections.
...and the section 'Sensitive Personal Information' for their explanation of limits on what they do with it.
...and:
Your Privacy Rights: 4. Right to Know and Access... You may have the right to request that we provide you with the Personal Information we have collected about you, including the categories of Personal Information; the categories of sources from which the Personal Information is collected; the business or commercial purpose for collecting, selling, or sharing Personal Information; the categories of third parties to whom we disclose Personal Information; and the specific pieces of Personal Information we have collected about you.
>This incident exposed the information of customers who used the company's T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2, 2012, and April 17, 2023.
>T-Connect is Toyota's in-car smart service for voice assistance, customer service support, car status and management, and on-road emergency help.
I'm sorry, what? No one thinks about what data is being sent back to the manufacturer when buying a car. Now I need to know what my car know and what is being transmitted back. It would be nice if I could turn off this functionality.
This is what I think about most when buying a car. This is why I plan on keeping my current car for as long as possible since it was one of the last Toyotas to not be connected to anything.
When I set up my Corolla the app made me go through and enable/disable a bunch of things. I declined most of the connected technology at setup time without any issue.
It would be nice to know if this was a misconfigured AWS S3 bucket.
My money would be on that.
Companies are still learning this lesson, slowly and at all of our expense.
If it is anything after about 2012 it probably does. Also if this hack is out of the software I think it is, I am not surprised. Some of the main devs were more worried about what a function was named than how to make it work correctly and securely.
LTE/3G/CDMA modem hanging off the can bus usually with some sort of controller. You do not have to enable it. The original use was to track vehicles during the loan pay off and remote shut them off for lack of payment. This includes GPS and other telemetry. They then added the 'buy wifi' package that talked to that. They basically wanted their own onstar. It made it easier to sell the cars/trucks into fleets such as rental companies. If I put anything on the CAN bus that device can see it all. Decode what this spids mean is a diff story, but it is pretty raw and unencrypted.
> The Toyota Production System (TPS) [..] is based on the philosophy of the complete elimination of all waste in pursuit of the most efficient methods [it] has evolved through many years of trial and error to improve efficiency based on the Just-in-Time concept developed by Kiichiro Toyoda, the founder (and second president) of Toyota Motor Corporation.
> It is important to note that the exposed details do not constitute personally identifiable information, so it wouldn't be possible to use this data leak to track individuals unless the attacker knew the VIN (vehicle identification number) of their target's car.
Or their home address? Location data is absolutely PII and easily deanonymized. Am I missing something?
It's bad enough if you know you're being tracked for some kind of "customer service."
But I've asked people who work with automotive computers whether any cars just automatically track you and store the information in some on-vehicle storage. No one seems to know, but they all think if any did, it would be manufacturer- and model-specific.
The only way to prevent this in the future is to dig thru the leak, it will leak sooner or later, and scrub for every Toyota/Lexus driving: politician, judge, higher up executive branch and military personnel, Toyota employee plus their closest families and plaster this data all over the net. Bonus points for additional analytical work finding treasure like mysterious regular trips to a motel just outside of town etc.
My current "solution" to this is driving a 16yo car, before all this stuff became ubiquitous and impossible to opt out of, but obviously it gets harder every year to find cars from that era that still run reliably.
What other options are there? I would SO willingly pay thousands of dollars specifically to have these features disabled on a new car, but it seems like they're actually designed for that to be impossible.
What options are there for acquiring and driving a car with no internet or satellite connections?
(I'm not trying to stop some other-purpose satellite from being able to see my car if it wanted. I'm trying to prevent a car company--which is NOT a security company--from having a record of everywhere my car has been at every moment of every day where someone can steal it.)
That’s my solution too. I love my old cars. I did get a newish (2012) Jeep to build onto an off road rig. It happens to be the one that you can hack by knowing the VIN which is displayed in the windshield. You can connect to the CAN over the air and unlock and start it with a program widely available on the internet. Luckily, because it’s a Jeep the antenna mount rusted and the antenna fell off. I can’t start it over the air since it no longer talks to the network.
I guess that’s a long way of saying that if we ever have to get new cars, all we need to do is find the wireless antenna and disconnect it.
Reason why I still have and use a “dumb” car, no screens, no software, nothing except what CANbus logs, which is still a lot but nothing clouds based or breached unless you physically access the car.
Car companies seem to just not be very good at things other than bending steel, marketing that bent steel on TV, pushing costs and risks into suppliers (and forgetting about it), and running the insurance companies that their corporate entities have become.
I'm sure their internal incentive structure also does not reward people to join/stay at the company who would focus on the problems that this story points out.
You can't really claim something is end to end encrypted if you don't have access to the client source code to verify that this is the case. There is no good reason to trust any company for sticking to their words, especially under pressure from the government.
Because that’s what Apple says and Apple generally doesn’t lie about their products. If you don’t believe them then the onus is on you to prove it, not for someone else to disprove it.
We do have clear evidence that Apple devices track our location, and we do not have ability to turn it off. We do not have evidence that logs are not kept or shared nor of the E2EE of those recordings. This is not conspiracy theory. We are asked to be credulous of how the largest market cap corporation in the world handles this valuable and sensitive data. The onus is on them to prove what they say, and if they cannot, I do not buy it.
Very timely as just today we had multiple threads where commenters were decrying the EU for creating laws like the GDPR to protect people from negative consequences just like in this case, arguing that it slows innovation or some such.
I have a 2014 model but the exposed data was between November 14, 2016, and April 4, 2023.
I wonder how long they hold onto the data before erasing it or if they hold onto to it indefinitely. I don't remember seeing specifics in the EULA about the length of time they hold your data - only that they can and will sell it to 3rd parties.
That's not all that Toyota should be held responsible for. Corporate issues service bulletins about parts under warranty and their certified service centers ignore the warranties, charging customers full price for replacement. I caught a local service center doing just that in January of this year.
The thing that’s infuriating me is that some random sweaty dude might have access to imagery taken by my car and I cannot.
I would love to be able to download the whole shebang of telemetry so I could reassess the quality of my driving, but no, no can do, secrets much.
I need to have a whole dashcam of my own to film my trips, run the cables for it myself, while Toyota is just hoarding this data for itself and some random dude on the internets can just view it.
I am so angry that Toyota required me to sign up for their connected services to use remote start. What a joke. The leadership at the company responsible for this should resign.
There needs to be massive lawsuits over this stuff to the point where companies should consider it a serious liability to hold customer data for anything other than material purpose.
I think there are two key aspects to data breaches; privacy and fraud. The solution for the latter is simple; the liability is on the organisation that uses that identity data rather than the one that stores it. If the bank lends money to a criminal using my data, that's on them. I see no reason why any of the random bits of data that identify me should be of any use to someone else claiming they are me. These things shouldn't be considered secrets as they're always shared with at least one other party.
Just this would reduce the value of obtaining such data.
The privacy aspect is harder to deal with, but it's not obviously clear that a majority of people care. GDPR helps focus minds in large corporations s and maybe that's enough.
At this point I'd like reviewers to start disclosing how difficult it is to remove the LTE antennae and whether or not the car degrades itself when you do.
Am I dumb or are they? If you know someones home address, then all you need is a geo lookup, and a filter which selects for cars parked near that address at 3AM over some time period. Which then gives you the VIN and the entire location history, right? Sure you might get more than one car if the someone lives in a city and uses street parking but its still going to reduce down to just a handful of cars which can then be cross referenced against place of work, relatives, etc.
And of course home address lookup can be made with any number of public databases with little more than a name and maybe some additional filtering (age, city, phone number, etc).