No, a software switch is not enough. We need to be able to physically unplug the cellular modem entirely and have the vehicle work with 100% functionality (barring features which inherently require cellular connectivity like turning the heating on remotely)
Car manufacturers' features are mostly useless anyway thanks to Android Auto/Apple CarPlay
In Spain they soon will require V16 [0] too. Originally it was just a flashing light but then it was improved to use mobile networks to send an emergency call to authorities. And proving, that technically, it is possible to have something like ECall without deep integration into the car.
No need of having always on connection to the network, enable on emergencies only. Thus no remote hacking of SIM/base band possible at random times, or broadcasting presence until used. Mechanic or user can check battery periodically, replace if low, just like refilling wiper fluid. Car could even cut all other electric systems after deploying the integrated autonomous V16-like system.
Car manufacturers deciding to make their ECall implementations complex and privacy invading was their choice.
That's difficult because both will need to use the cell network.
But I guess you mean on the car side like two modems? Yeah that would be nice, or at least to mandate the option to turn all manufacturer telemetry completely off. The EU never bothered to do this for computers and phones either though.
I know, and they can be hacked too through sms messages.
But the sim card doesn't have access to the car telemetry. Probably even the whole baseband module doesn't. It just gets that data to transmit when an accident happens.
The worst you could do by hacking the SIM is to make the modem send nearby cell data somewhere. Which is serious enough because the rough location can be derived from it. But it's a far cry from what these manufacturers collect.
Just enable it by default and put a warning in big red letters that disabling the cellular modem will also disable the ECall system, which may mean you might not get the emergency assistance you need and therefore die.
That shouldn't have to be linked. You should be able to turn off manufacturer telemetry while keeping ecall. Ecall doesn't even talk to the manufacturer. It just calls the emergency services directly.
Of course when the modem is on you can't be sure that it's not doing that but that's what we have laws for.
AFAIK ECall uses a voice call with data encoded on the audio channel. This is not what telemetry does, it should be doable to leave the voice channel and disable any data connections. (But it's probably very hard to check for someone who has no background in emebedded systems). Plus, in theory an emergency call can be done without even using a SIM card, right (if network allows)?
What do Chinese vehicles have to do with this, or the ability of US Senators to "provide" alternatives? Sorry wasn't aware that the Ford family has someone in the US Senate.
Okay fair enough, I didn't realize that that's what you meant. I agree, there should be a more coherent industrial policy that's nested with some specific national objectives. I too am very concerned about the lack of industrial capacity in this country. Feels like the lead up to WWI, in many ways.
No device should be allowed to be sold without the ability to function without telemetry or sale of data to third parties. And telemetry and any data sharing should be opt in, as part of configuring the thing the first time. With a one click opt out of all.
Expand this to any product. I should be able to use ANY product fully, without maintaining some kind of communication channel to and/or from the product's manufacturer. When I buy a hammer from Home Depot, I take it home and hammer with it. The manufacturer doesn't know I have it, doesn't know how many nails per month I hammer with it, how many swings it takes on average for me to drive in a nail, how often I use the claw side. They don't know if I use it for other purposes besides hammering nails. They don't know if I lend it to my neighbor. I can sell it to someone else without the manufacturer's permission.
Somehow hammer manufacturers can live with this. Why can't automakers, tech device manufacturers, and software developers live with this?
They wouldn't. Instead, they'd try to keep charging you automatically for out-of-plan extra nailing, and if you denied them the ability to charge your CC, they'll put your debt to collections by the end of the month.
Features should not be rented, and should be delivered as purchased with the car. Shipped but disabled features that take up additional vehicle weight (relative to lacking the feature) should not be allowed. (This phrasing is precise, to allow for silicon and software enhancements which are not a material change to vehicle manufacturing / design.)
Setup processes should always empower the user. If there are multiple choices or paths a default may be indicated, but alternatives MUST NOT be in other locations, and MUST be displayed with equal prominence in a logically adjacent section of the dialog.
Example from a website: 'Paperless' should not be force enabled by default; the ability to have paper or paperless billing should be radio boxes next to each other. Additional benefits (E.G. higher account interest rates) should not be tied to either selection.
Although I'm generally pro coming down hard on dark patterns, I'm uncomfortable with that last example. To me, it's just differentiation. You can have the bare-bones service (digital only) with a higher interest rate, or the deluxe service (paper statements, in-country phone support, etc) with a lower interest rate. That doesn't seem inherently bad to me, it seems like a company offering two different products.
It's a question of ownership. If I see fit to modify something I own, as has always been done, why am I not free to utilise a particular piece of my purchase?
If I'm not free to do so - then do I actually still own my own product? Or is it now a lease?
Why should the era of rebuilding your car simply end? There are already safety regs you need to comply with. The average hotrod modifies a considerable proportion of the car. Reusing the majority of the structure in ways the manufacturer did not intend.
I think you're talking about something related but not discussed here, which would be making car modifications illegal. Let's say BMW make heated seats an optional extra, which it already is. What if they also install them in every car because it's cheaper to have one build, and subsequently are able to sell them more competitively - none of that would require making it illegal for you to get the seats working yourself.
Not illegal, in so far as I don't believe it's been tested in court - but it is an explicit breach of the giant terms and conditions contract that they require you to sign, when purchasing the vehicle. There is an attempt to prevent you from doing so.
I do this all the time. Don't even have a fob to begin with but it's very convenient when you're in a shopping mall and are going to make your way back to the car, for example.
Also handy to find your car if you manage forget where you parked for some reason. Or to set a destination for GPS navigation.
The risks are not even comparable, IMO. I would rather take these conveniences because I don't think anyone would care to use that information against me if it was leaked. But many people would gladly use a credit card with PIN written on it.
An analogy does not mean it is around the level. ;D
It wasn't even the point of analogy dear. Help: the benefit/risk ratio is the point.
What you think about using information is different to what criminals think about using the information of anyone using the product. Not you is the point here, wrong orientation again. Everyone have the superfluous knicknacks, and everyone had their data leaked.
Maybe if you think you will not loose your credit card, you are much more organized for that or whatever superpower makes it so, or there will be no-one to take significant ammount from it, then please, write your PIN on the back. For you precious convenience. Better yet, have everyone's PIN written on it!! : /
Sorry for the bitter sarcasm, but I hate so much the self centered reasoning in something that is for everyone, you kind of people ruin things for all of us by allowing, even asking for fiddle-faddle tacky things, that expose all the rest to risks and dangers!
That's two different components, so they're made by two separate cottage industries in two different states to make sure you have leverage on more politicians. Connecting the two would increase the BOM by $0.1, which means a $1000 increase in retail price, and customers don't want to pay that, so clearly everything is the customers' fault.
I like the 'call emergency services on airbag deployment' too, on the fence about removing it, I guess if I had an apple watch that could do the same thing but then I'm just moving the surveillance from one ecosystem to another
Sure that takes a lot of time but why would the car be out of fob range? If you care about 15 minutes of scraping snow why is the car parked out of fob range and also still in cell service somehow?
People hating having to scrape their car in the morning doesn't help them getting a parking spot closer to their work place or their home.
If they had a garage next to their house to park their car they wouldn't need either. However there are lots of situations where the car isn't close yet it need pre heating. For me this is driving the car to and from work in the winter, and certain one off situations (going home from the hospital, picking up the car after avriving at the train station).
I live in an apartment building on the side that faces the woods. I obviously have to park on the other side, and my fob doesn't reach. I don't care about remote start anyways, but there are absolutely situations where fobs can't reach but cell service can.
I believe my new car has a fuse you can pull to disable the remote telemetry. However, it disables some useful features, like being able to set valet mode from the Toyota app (useful because some dealer service departments will take cars joy riding) and track the car usage. it also tracks tire pressures. sure the tire pressure can easily be checked manually with my Slime gauge but having it on the phone is handy.
I pulled the DCM fuse on my GR Corolla. I can confirm that it disabled the microphone. One of these days I might get around to pulling the car apart and popping in a resistor in place of the antenna.
I'll never trust some rando working at a valet to treat my GRC right. I've seen too many dashcam horror videos of even people working at dealerships failing at manual and safe rev temps.
Beyond any reasonable doubt any verbal conversation you have in your Toyota is being parsed by one or more LLMs. Anyone who believes otherwise is either room temp IQ or severely autistic.
It should have a standard UI for doing so, but if you are technically inclined it is usually trivial to do- pulling a fuse, or changing a setting over the OBD port.
However, you will lose useful features like advanced charging controls, and starting the HVAC remotely on EVs.
It's pretty much industry standard for all consumer products to deliver metrics back to home base. Honestly there are many good reasons to do so and it does result in finding real problems and solving them. While I understand the argument that we did fine in these products for decades without them, the complexity of the products was also a lot less back then. Finding issues via metrics from the production fleet is an incredible tool and anyone who's deployed software to a server probably understands this.
I'd rather focus on standardizing a transparent and privacy safe way to gather these metrics. Consumers would know what metrics are collected and there would be guarantees that privacy is kept. There are ways to accomplish this today.
Providing a way to disable metrics is never going to be sufficient for anyone other than a power user.
> I'd rather focus on standardizing a transparent and privacy safe way to gather these metrics. Consumers would know what metrics are collected and there would be guarantees that privacy is kept.
I'd rather see laws to have it disabled by default. People who don't mind can then opt-in again.
If we do that the relative cost of software will increase and reliability will overall decrease. This doesn't sound like a great outcome for end users who will end up dealing with both of these things.
My point is that it's done this way for a reason beyond the nefarious ones that people in hn always seem to assume. Engineers want this data because it helps them do their job, bit because some product person wants to use it to sell it or use it to train an ML model. There is certainly extraneous data collected because the incremental cost of doing so once you've established the pipeline is small and eventually someone does make a bad decision, but that's where we should focus our energy. Otherwise you're just making a lot of folks jobs harder because their software runs doesn't run in the cloud. An unintended consequence of this might be to push even more software into the cloud which would otherwise run on client side.
I'm not sure I can defend all choices various vendors make, but there are plenty of signals that are helpful. Precise gps coordinates seem unnecessary, but some sort of region based information can help correlate whether there is a particular problem that might happen at far higher rates in hilly terrain or specific humidity levels. Users also often use products in a way that doesn't line up with how the product owner thinke it should be used. Metrics don't replace interviewing people but it might help you craft the right questions. In the case of a Logitech mouse, it might be useful to understand if people are actually using those extra features you've added or maybe it's worth removing in a future version.
The most obvious metric that everyone wants to know is failure or crash rates. After a software update it's always good to know if those rates went up. Those errors may be recoverable, but it's good to try and understand them to improve reliability. Maybe pairing android auto with specific phone models is more problematic, or maybe trying to pair Bluetooth is particularly bad under specific conditions like high thermals in warmer climates. It's pretty difficult to interop testing with all possible parties in all conditions.
> some sort of region based information can help correlate whether there is a particular problem that might happen at far higher rates in hilly terrain or specific humidity levels.
You know what will help in those situations ? Testing.
It is expensive, i know. Why not skip it and just analyse the KPIs from the telemetry. /s
Testing is not really an economically viable option in all cases. Ecosystems are simply to diverse and products are so complex that covering every case is not really possible. There is likely no software you use today short of projects like sqlite which don't leverage user reported bugs or telemetry to improve the software.
I would love a wiki of vehicles for simply 'how to rip out the SIM card'
I thought I saw instructions somewhere for my 2020 prius but can't find it now. a few reddit threads asking about it, I like the suggestion that even if its eSim or somehow embedded in the cellular modem, "Disconnect the antenna! / shunt the telecommunication modems antenna with a resistor shunt. It will trick the radio into thinking the antennas still connected but won't allow any data to be going out they just won't get signal"
To a large extent this depends on the car and depends what you mean by "old". Modern cars vs. 1970s cars? The older cars are completely hopeless. Modern cars vs. 15 year old cars? The older cars may have had things like ABS and side airbags as options rather than as standard, but you can find one that has them that doesn't have cellular telemetry.
IIRC, there is for Europe a directive which requires 60/65% (?) of the force within a crash must be absorbed by the frame/chassis. It came into action around 2015, IIRC.
That's when it became mandatory on all vehicles, not when the first vehicle to satisfy the standard became available on the market.
As another example, side impact airbags have been mandatory in the US since 2013, but the Volvo 850 had them in 1995 and they were present on something like half of new cars a decade before they were mandatory and >97% of new cars three years before the mandate.
I think there have been considerable improvements in basic things like frame materials & airbag placement in the last 15 years. Certainly in the last 20.
Although, it seems to have been only available/produced in Brazil, Columbia, Russia, Uzbekistan, which I'd argue is in line with my original sentiment.
That was the second generation which started in the 2011 model year. The first gen Cobalt was made and sold in the US into 2010 (the last year the first gen was made anywhere). That was also the last full year a car without ABS could be made in the US, since 2011 is when it became required by law.
Hmm yeah but anything over 15 years isn't really viable as a daily driver anyway. Then you're getting to the point where you start having serious issues every year at the mandatory mechanical check. Then you're getting into old-timer drive once on a sunny day territory.
I always bought medium sized cars at 10 years when they're already only a grand or two. The smallest ones are made so cheaply that they're already too tired at this age and strangely enough they're more expensive due to the lower road tax. So more people want them.
And then I used to drive them till the maintenance becomes too expensive, for 5 or 6 years or so. And just scrap them then.
I guess if I still owned a car I could still do this for a good while without having to get spyware. But not too long.
Yeah at that point I'd just go for another 10 year old car.
My last car was a Volvo S40, had really nice leather interior, nearly full option and cost me €2000.
I only had a few brake pads an a broken trunk cable to deal with (super common issue on this model), the latter I did myself for €40 in parts. Ran great for years. But yeah there's an element of luck also.
My previous car was an Octavia, that had more issues. Electric window broke and I replaced it all myself. But it was a pretty nasty job. Eventually the gearbox started whining and when I brought it to the shop it basically blew up. But it had served me 5 years at that point. Cost me €1200 to buy.
There are “modern” cars (~5-10 years old) that fit most of the modern safety standards and are effectively not transmitting things due to 3G no longer being much of a thing, coupled with automakers being glacially slow at replacing certain electronic components.
Best of from 38th CCC: every three letter secret service of the country seems to be spyied out by this. And a secret VW testing facility in sweden was uncovered.
Also, effects mostly EVs, but not only. (If the EV motor was the group usually logged to the opened AWS bucket, I don't understand how there were ICE or possibly hybrid cars involved in the leak.)
https://streaming.media.ccc.de/38c3/ had a german language video on it, live, but will surely add english translation and permanent video link soon.
> I don't understand how there were ICE or possibly hybrid cars involved in the leak.
The data-collection has nothing to do with the used engine, but the software-platform. Basically, the "OS" on which the car is running. EVs and premium Cars where the first to modernize this platform, and for obvious reasons they all use the same platform. After that, other cars are moving on to this platform too, so they now have a mix of different car-models who are mainly defined by their price-category.
> Also, effects mostly EVs, but not only. (If the EV motor was the group usually logged to the opened AWS bucket, I don't understand how there were ICE or possibly hybrid cars involved in the leak.)
I can't parse this. Is there a missing word? Mostly implies other possible inputs but the last part of that sentence specifically says this is confusing. Why is it hard to understand how ICE or Hybrid groups also had access to a bucket EVs mostly had access to?
Many Volkswagen cars somehow report telemetry. Looks like there is data not only from the EVs based on the MEB plattform?
But for a Name/email to be associated with the VIN of the car, the owner has to register and use the app (once). Many EV owners did, but fewer of the non EVs did.
The answer is simple: No matter the reason, if you have a data breach you must pay each person 100$ min with higher amounts depending on the information lost. Additionally, if that information is used in a crime then you are liable for further damages. Car companies, and other data vacuums, will just stop collecting it if they are liable for what happens to it.
I will not buy a car that does this. I am starting to turn my phone off when I am not using it as well. Being tracked every second of my life is not acceptable.
The $100 thing is kind of a standard that a European court just established in a Facebook data leak case!
In the case of full location data, it would need to be a lot more though. Yes, that might bankrupt the company. They should have thought about that before they illegally stalked nearly a million people then put their highly sensitive data on the Internet.
If I did this to one person, I'd probably (and rightfully) go to jail. I'd like the same standard applied here.
Ugh, I would love to see more companies bankrupted. How much more dynamic the economy might be if all of Volkswagens assets were put up for bid at government auction.
Adbusters magazine (credited with spurring occupy wallstreet with a solid meme campaign) tried to get inertia going around revoking corporate charters, stop acting like we don't have power, corporations are borne into existence by acts of government, we are not powerless to punish them for crimes against humanity (to be dramatic about it, I don't know what language would be appropriate for collecting location information for a million individuals without disclosure), but didn't see much traction about it.
Governments aren't powerless to revoke corporate charters. They're powerless to implode the livelihood of large chunks of their electorate.
A dynamic economy is great on paper where you don't have to worry about disrupting the lives of tens of thousands of people. Call that a political moat.
This is made worse by the fact that they created a really bad UX for their cars in the name of data protection (at least in Germany). Example: you have to accept the T&C of the online services with every(!) start of the vehicle. If you don’t press either the accept or reject button, you can’t enter any of the nav / entertainment/ … screens.
In the name of data protection, you are not even allowed to have two main users of the car. As a result, it’s either me or my SO being able to see the car‘s state of charge in the mobile app. It’s impossible for both to see it except you do account sharing
My theory is that most people think about data misuse, perhaps unconsciously, from the viewpoint of your average good person. E.g. "if I got a hold of a stranger's bank information, then I'd be tempted to steal from them."
Instead they should think from the perspective of an evil person. E.g. "how can I proactively use whatever data that I can get to hurt someone."
For example, at a previous job I went to my managers and pointed out that every developer working on our system had access to our user's names and their involvement with racial justice programs our client was running. By guessing someone's ethnicity from their name, a bad actor could target minorities involved in racial justice. The response I got was not to fix the security issue; instead it was horror that I would ever conceive of such a scheme.
> Instead they should think from the perspective of an evil person
From experience, they usually come up with some variation of "If you have nothing to hide, you have nothing to fear" [1]. And even those who buy the idea that private information could be used against them, most of them don't believe that someone would do this to them. What seems to be missing is understanding of how scalable and automated these attacks can be in the digital world.
[1] Amusingly enough, one of those "I have nothing to hide" people was pretty shaken when they asked me to take a look at a scam email that said "Hello <firstname from leaked database>, we have photos of you watching porn. Pay us or we'll post them on Facebook."
Has anyone had success with informing people about these types of abstract dangers? I find that people either get it almost immediately, or they never really get it until it happens to them.
I hate those management arrogance. Reminds me a teacher that amply mocked me in front of the class to have mentioned Light Pollution [0] (I heard about in a youngster science magazine) during a chapter about... "various pollution type"!
That's just bad opsec. I would have thought rule number one of soliciting was to be cash only.
Ignoring of course that the amount of aggregated surveillance makes it impossible to escape monitoring. Credit cards, license plate scanners, phone GPS, airtags, doorbell cameras, "Eye in the Sky" spy planes, etc
The exact example IS bad opsec... however assume some example fuzzing for good opsec.
Trip to McD's with a price of exactly happy meal + tax one day, and a recurring payment for XXX website OnlyFans access the next. Adjust the values to taste/theory. Sometimes a credit card is just a credit card.
EVs are topping the list of (imho) useless extras in cars. I'm still cherishing my Honda Fit pre-touchscreen edition. I'm going to drive it until it will fall apart.
My next car will be an EV but I have yet to find one that still comes with mechanical features (door handles, knobs/buttons), without a whole battery of surveillance/telemetry tech and (crossing fingers) exchangable batteries. Simple electric propulsion ...
Fully EV, real buttons and knobs, and of course the model is cancelled.
The original tracking was 2G cellular, later updated to 3G cellular. 2G is long depricated, and 3G is already shutdown in many places.
This is a great car! Which explains why it's no longer available. It doesn't meet modern american needs, like being at least as large as a small building, or having 0 visibility over the hood, or costing at least $75K. (p.s. I paid $15K for mine, with 18K miles on the odometer and 150 miles of battery range)
But if you're into retro, like buttons and knobs, I highly recommend it...
p.s. I have to wonder if the data breach doesn't affect ICE cars as well? Would they use a separate surveilance system?
I bought a used '14 Leaf in '16. It has been a great car with very little battery degradation. Sure, I'm not going to be taking it on any long trips, but for 90% of my driving it is great. I paid $11k for it. Best car purchase I've made in 30+ years of car ownership.
I've owned two LEAFs. Fantastic vehicle. I only got rid of it when I realized all the cars around me were only getting bigger and heavier, and I felt I needed to get an SUV to defend myself against that.
Just to be clear, this breach mostly affects non-EV cars. Even my stick shift, manual window crank car came with a hidden cellular data modem, collecting my GPS location by default.
Peak old manning would involve locating all the information needed to be able to identify and remove all the components used to facilitate the tracking (or other bullshit that complicates vehicle ownership) and then following the documented procedures and updating other like-minded owners on vehicle forums so that everyone else can do the same.
In the process some forum threads would pick up hundreds of posts over a decade or more so that removal of every nut, bolt, screw, plastic plug, etc is documented with photos, allowing anyone with the vehicle to see exactly how to take ownership of the vehicle from the manufacturer.
True old-school old manning involves not only removal of all the bullshit, but also covers all cosmetic changes to the vehicle that would be needed to eliminate all signs that any of the offending components were ever installed and would include things like how to accomplish all the trim and body work necessary to permanently fill all the holes in the vehicle like antenna penetrations through the vehicle body and plastic trim mods to fill holes that formerly held buttons or switches that no longer exist.
In the process, old-school old manning would attack the software used in the vehicle, removing all the offending functionality with a custom flash tool so that the only software running on the vehicle after all the mods are completed would be that which controls and monitors engine and transmission functionality since that is actually the only software on a vehicle that adds value by allowing the vehicle owner to track operating efficiency in real time.
I hate touchscreen buttons too and unfortunately all EVs I've seen have adopted that. I wonder if there are EVs with good old fashioned mechanical buttons.
The Polestar 2 is pretty good in this regard. All the most important things are on the steering wheel stalks, steering wheel buttons, and a few buttons for things like demist, play/pause and volume control on the centre console. There's still a lot on the touchscreen, including climate control, but it seems to hit a pretty good balance for me (and I'm not a fan on car touchscreens).
I love my Polestar 2. But there's gotta be a better way to do touchscreen climate controls. I've had mine for 8 months now, and had to google in order to figure out that the car had dual-climate zones—it's really hard to tell from the swipe-up page, so I just assumed it didn't have that feature for a while. Plus, I don't feel comfortable changing the climate settings while driving, because I might hit the wrong touchscreen button when I'm not looking at the screen.
But hey, maybe if I wait around another 5-10 years, there'll be more than 3 mainstream electric sedan options available for the US market and I'll be able to find the perfect car.
Recently drove a Dodge Hornet rental and it had a slew of physical climate buttons, most of which didn’t make sense or didn’t control what I wanted. In the course of trying to just turn on the defrost from the touchscreen, I turned on the heated steering wheel, stopped the airflow to the cabin, adjusted the driver side temperature way higher than I wanted, and probably subscribed to Disney+
Many EVs have a sensible amount of buttons, and you generally don’t need the touchscreen for driving or much else for that matter.
I can even keep driving while the whole system is rebooting. Around here (where we have many immigrants and some odd practices) I’ve seen people with a towel hanging over their screen while driving, to protect it like a dust cover I guess.
The one thing you might argue I do need from my screen is the speed, which is very easy to see and usually not needed in the flow of traffic.
The outcry against screens is just misinformed imho. My car has plenty of mechanical buttons.
I can even keep driving while the whole system is rebooting
At least you're still acknowledging the abysmal state of modern cars by including this statement. Why on earth would anyone expect otherwise from a car?
if you are ever in the middle of highway (especially if you are traveling with loved ones) when your EV suddenly reboots you will understand why one does not expect shit to work… the anxiety is unlike most thing one can experience… I think 100% reverse of your comment but talking from a different real experiences.
EVs are computers on wheels, expecting them to work during reboot is not unlike expecting vim to work during a reboot :)
I'm pretty sure they're talking about rebooting the console system, not the entire car.
EVs are not computers, they have computers. The controllers that make it go should stay on during a "sudden reboot". Expecting them to keep working is like expecting my coolant pump to work during a reboot, not vim.
I would expect the drivetrain components (including computers) to be essentially bulletproof and only the unnecessary components like infotainment and maybe the dashboard displays to even have the option of crashing.
you are 100% right in theory. in practice the car is the computer. when my 2014 tesla s rebooted while I was going like 85mph on the highway it is a moment I’ll never forget. the car is running but everything is dead, quiet, have no idea what the speed is, all systems are shut down, a/c is out (I was in the middle of a desert in Utah)… EVERYTHING feels wrong and every instinct you have tells you to pull over immediately. no chance I would drive any distance other than maybe a quick 1-mile radius errand in that state of the car
Ok but how is this failure mode unique to an EV? Modern ICE cars are highly reliant on computers as well. Maybe even more than EVs since they have transmissions and timing and fuel injection and exhaust monitoring.
oh I don’t think it is, this thread was discussing EVs but yea, I don’t think it is unique to EVs. not sure how often on other cars you have to reboot (soft and hard) and when you do reboot what is “off” and what is “on” on any given modern car - I soft reboot couple of times per month at least (it is an OG tesla s, 10 years old now…)
You’re right that it’s not inherently unique to EVs, but it started with EVs and now this new dangerously fragile design (of having a single monolithic computer console handle display and control of everything from critical drive modes and gauge display, to non critical things like music and playing fart noise jokes) is infecting ICE cars too (e.g. BMWs new touch screen AC controls and unified touch screen dashboards rolling out to all new cars, Audi doing something similar now, etc. — all following after Tesla, but with crappier software).
I’ve owned and driven EVs from several brands. Prior to this, I could pretty much always expect the following from my car:
1. The drivetrain always operates normally and safely (aside from some actual mechanical failure) with no computer glitches.
2. I can always see my speed and gear selector state on a dashboard somewhere, even when (not if) the infotainment screen crashes and reboots. I’ve had (2010-2020ish era) Lexus, Audi, and others have infotainment glitches, crashes, and reboots, but the speedometer, drive train, and AC all had physical controls running on isolated systems and so they always continued to work through a reboot or glitch of the infotainment.
3. The AC is always operating (aside from some actual mechanical failure) with no computer glitches or lag to my ability to control it. I consider this a critical safety system given that many drive in climates with weather that can be dangerously hot or cold.
In pretty much every EV I’ve owned, none of these have been true except maybe #1, and that is pretty sad to say that the only thing that hasn’t happened is my entire cars wheels locking up on the highway (and yet still this is reported happening for many EV brands, Tesla, Audi, and Porsche at least come to mind where I’ve read stories).
It’s insane to me that it’s even possible for the cars computers rebooting to entail AC shutting down, not being able to see your speed, etc. If this EVER happens, the entire vehicle line should legally require a recall until it’s guaranteed this won’t happen. We have ways of guaranteeing computer systems don’t fail like this to extremely high probability — car companies only don’t do it because it’s expensive and more complex than just throwing all the same crappy software into one single system rather than designing multiple isolated fault tolerant systems.
Less horrible but still shockingly bad regression is how almost all modern cars AC is controlled through an often laggy computer system (not to mention the almost universally despised move of AC controls to touch screens, instead of physical controls). Maybe not so laggy on Tesla, but in my experience both BMW and Audi have AC control touch screens which sometimes respond but occasionally can have 1-10 second random lags before anything responds. Presumably due to garbage collector lag or something. But this is also a mild safety issue since the lack of predictable behavior from common controls makes it very distracting when trying to so something so common and simple as adjusting the temperature that should just be as simple as a simple physical button or knob.
Kia is the company that gathers “information about your race or ethnicity, religious or philosophical beliefs, sexual orientation, sex life and political opinions” and “trade union membership”.
I don't want to have anything to do with a company like that.
I agree it shouldn't be necessary, but its not like replacing a motor and drivetrain on a vehicle is some super rare thing either, and often still far cheaper than buying a brand new car.
me thinks anyone with a cell phone in this year of our Lord 2024 should not say they worry about privacy in any context. instead of converting old car to EV I’d start by converting a rotary phone to a portable one :)
Why the sideways fuck did they even have location data to begin with? It's like the checklist for buying a new car starts with figuring out what circuit drives the cell modem and pop that fuse out before taking a test drive to confirm it doesn't brick anything critical. Fucking ridiculous.
Repo isn't a customer's concern and is thus irrelevant. Incidentally I walked to the window and I can see where my truck is without my phone. Is there really no limit to the bullshit folks will allow themselves to be convinced to install on their phones?
Those are mostly things that require the car to know its location. They don't require that the car share the location with the car's maker except possibly sharing what region the car is in.
The region sharing might be needed to efficiently update things like the map and the speed limits.
None of that requires cellular connectivity. It can and was accomplished using only wifi sync at home. Live traffic information is (was?) broadcast on AM radio.
was it ever AM? info I can find points to traffic info being encoded in FM broadcast, as "audio" but above audible frequencies, 57khz, same as any metadata you get with modern digital radio - station name, song name, artist name etc.
Oh! Maybe it was FM. I always thought it was on the same band as the "Tune AM <whatever> for traffic information signs" but as you say outside the audible frequencies. Regardless the point is that the relevant information can be broadcast publicly and does not require location or cellular connectivity to function. My 2010 BMW knew about traffic jams but had no cellular connectivity to my knowledge.
It had the ability to call emergency services. But I don’t think it got map or traffic data through the cellular radio. If it was getting data through the cellular radio it wasn’t very much data.
EDIT: Just noticed this is an ISO9001 certificate. Though on their job offer site they do ask for "Foundational understanding of security related regulations and standards preferred (e.g. ISO21434, ISO27001, NIST-800)". Unclear if they are actually ISO 27001. Found the 9001 one by fluke, they don't seem to list that one on their site either.
Not sure about 27000, but ISO9001 is a paper audit only: you pass or fail them based on your defined business processes. The technical configuration of your systems is outside the scope of the audit.
TÜV certification has always been more about certification theater and being able to verify that you don't have egregious amounts of negligence than certifying that you are doing your work well.
edit: I've never prepared for our audits and we always get our certification, no matter what they find as long as you say "yes, we are aware"
I wonder if they were all petrol vehicles, or all diesel if that would be so prominent in the headline. The drive train has nothing to do with an unsecured s3 bucket, and if you think that electric vehicles are the only “connected” cars in 2024, you’re in for a shock.
Because EVs are new-ish and so mentioning them specifically is aproximate shorthand for "consumers of a certain tax bracket" so it's useful for getting those people to click on the article, hand wring, re-tweet and do all those other things that make money.
Why is nobody talking about the fact that this should not be possible? There is precisely zero reason for them to have this location data. Give the CEO one year of jail per person whose location was illegally tracked.
On the contrary it's relatively simple to understand how it got there trivially.
Most modern cars, especially ones that fit into more "luxury" brands have an app. That app gives you telemetry and location data for a price. It's rather convenient to be able to pre-condition your car, or figure out where you parked in a massive unlabeled parking lot, etc. This is all consented to, but regardless the data is tracked anyway via some GPS/cell system modern cars have. When you pay for it you get more stuff - anti-theft, better tracking, service tracking, etc.
It's a convenience. I'm not entirely comfortable with it but if you want a better-than-decent car made after 2016 you probably have it on-board and unless you rip the ECM out you're stuck with it. Personally, I'd rather pay BMW, for example, for anti-theft and tracking than pay OnStar or another service that is gonna stick me with a ridiculous contract and stuff my car with even more buttons.
Eh, "consented to" is rather weak when you are forced to hit the "I agree" button to be able to drive the car you bought. That and forced arbitration need to die posthaste.
Back in the day, during the original Browser Wars, when the US Department Of Justice was trying to force Microsoft to detach Internet Explorer from Windows, Microsoft argued that it was impossible for Windows to operate without IE baked in. Well, it took a couple of "hackers" about a day to prove them wrong. I ran Windows XP without IE for years just fine. So yeah, cars can run without the app.
The data is collected even if you don't use the app or hit agree. The manufacturer has your personal info attached to the car from the warranty info. They're required to collect it so they can send you recall notices.
It's trivial to put a car in limp mode if the vehicle computers don't detect all the modules the manufacturer put there. It's slightly less trivial to detect missing antennas, but that tends to disable other features people enjoy like directions and data. Manufacturers simply don't care to cat-and-mouse this right now.
You're being deliberately obtuse and that kind of contrarianism is 100% correlated with douchebaggery IMPE. Be better.
Unless you somehow aren't kidding, in which I'll clarify: I'm skeptical that a modern electric vehicle that goes to the trouble of being a computer on wheels can work without an app. And I'll even clarify "can" - the car manufacturer allows you to operate the car without using its app.
I so hope this will start an avalanche and car companies will not be able to get away with collecting so much data about users (cars, but that's pretty close).
Especially in the EU, the hypocrisy is jarring: on one hand, GDPR, protecting users from surveillance by businesses, etc, and on the other hand, car companies get a free pass, because they are car companies, and the EU likes car companies.
As a former owner of 3 VW vehicles, it does not surprise me that they have skipped obvious steps needed to secure owner data. They cut costs across the board on everything involved in producing vehicles for sale in the US to the point where their interior plastics were half the thickness of competitor's interior furnishings and their wire harnesses used the smallest gauge wire possible to carry the loads expected.
It was a very clear prompt during initial setup, and it shows me a very unambiguous notification that it's enabled every time I start the car. If I click on that it takes me to the setting.
edit: might even have been opt-in during initial setup, now that I think about it. I do recall it being a very deliberate thing during setup.
Of course I'll have to trust that turning it off actually turns it off, no way for me to verify that.
The reason I keep it on is because my SO is a bit absent minded to where she parks the car, and I value not having to run around in the streets trying to find it when I'm in a hurry over the potential privacy loss.
edit: Renault was found[1][2] to be the "least problematic" with respect to privacy by Mozilla last year.
That’s a much harder problem than VW would need to solve. Also, Find My substantially predates the Find My network and AirTags.
There are very straightforward solutions, depending on the threat model. For example, the app could send VW a private key every day, and VW would send that key to the car. Then the car sends periodic location reports, encrypted to that key. VW can, upon request, send the report to the app, which decrypts it. But VW can’t decrypt the report itself, so they don’t know the location of the car. Also, it’s forward secure in the sense that a leak of VW’s database is entirely useless after a day.
You cannot establish a private channel between app and car if you don’t already have either a pre-shared secret, or pre-shared trusted certification authority keys (such as to allow TLS-like tamper-resistant encrypted communication between app and car) that VW can’t replace.
Otherwise, if there is no pre-existing private channel, the key (which by the way would have to be the public key, not the private key) could be switched out by VW acting as a man-in-the-middle, allowing it to access all encrypted content going through it.
The same is true for Apple. There are parts of the protocol or the pairing where you have to trust Apple, either their servers, or if the establishment happens locally via bluetooth or similar, their software that runs on the local devices.
This argument seems like a fairly extreme example of the perfect being the enemy of the good. Sure, it would require a more advanced system for VW to prevent themselves from silently compromising their own system to learn everyone’s location. But the design I outlined will prevent a passive compromise of VW, and even possibly a court order, from learned everyone’s location, and it prevents even an active and highly malicious compromise from learning past locations.
"Shipping the private key" does not meet the bar for "good". You still need a way to establish trust in your key distribution and also implement the system correctly. The proper way to secure access to a physical thing you own is to only communicate directly with that thing.
This is ridiculous. It would take heroic effort for VW to prevent themselves from silently uploading malicious firmware to VW cars. There are ways to do this, but it’s also a separate problem from the problem that should actually be solved here.
I was triggered by the argument “Apple knows how to allow one to find one’s devices without Apple knowing where they are. It’s not that hard.” People misunderstand this as Apple having no possibility to learn the location if they wanted to. And that’s just not the case.
It would work exactly like how you can send an encrypted email to multiple recipients and each of them can decrypt it despite having different private keys. That part isn’t rocket science.
This is not hard. App login sets up a session with VW (which is surely already does), except the session needs a database entry and not just a JWT-like token. (Many auth frameworks do this anyway.) The database row needs to add a public key, and the server needs to send all the key changes to the car. And that’s about it.
What, exactly, makes it hard to get this to work reliably in the real world? The app already won’t work without a valid login session. The car is already sending a little blob of data to the mothership containing a location. If the communication to the mothership changes to having the mothership send a list of keys and the car encrypt its blob, that’s basically it. The total increase in communication needed is one round trip to revalidate keys.
I realize that modern development has layers and layers of documents and teams and overcomplicated interfaces, but this is the kind of thing that could be done by one developer, using two servers and a load balancer (or a more creative HA scheme with client assistance that can easily survive complete loss of a datacenter or two), that can handle the entire fleet.
The app and car will have intermittent connection to the internet.
My car for example doesn't have reliable connection when it's parked in the garage, which is where I charge it.
Your solution would add a lot of extra edge cases that needs to be considered.
You have to ensure the updated key is reliably transferred to the mothership in a timely fashion, and subsequently that the key is reliably transferred to the car in a timely fashion.
That's the back-end stuff. There's also the front-end stuff, like will my SO understand why her app isn't showing the car's location but mine is?
Not saying it's impossible, but it adds a lot of complexity beyond simply encrypting the location with multiple keys.
If the car has enough signal to report, it has enough signal to get the key update. I don't see the problem.
Losing connection for extended periods of time can get in the way of "timely" key updates but they won't cause the encryption to fail.
> That's the back-end stuff. There's also the front-end stuff, like will my SO understand why her app isn't showing the car's location but mine is?
Well the reasons I can think of are either things like the server being broken, which can happen without any encryption, or she didn't finish setting up her app and waiting for it to sync which can also happen without encryption. Or she was removed from the list because she didn't open the app for a year... which can also happen without encryption.
> Losing connection for extended periods of time can get in the way of "timely" key updates but they won't cause the encryption to fail.
To be fair, if the car is offline while a newly installed app logs in, then the app won’t be able to locate the car until the car checks in. Which is not actually the end of the world, and there are ways to mitigate this. (See iMessage and Keybase for a couple of different approaches to this. See Signal for a shockingly poor group of bizarrely mutually incompatible solutions that barely work. I think that Matrix tries, too. MLS should be able to handle it, and piggybacking off an existing standard like MLS might be entirely reasonable albeit dramatically more complex than the simple solution I outlined.)
Dangerous as hell. Imagine there’s a runaway truck behind you and you can’t speed up to avoid or at least soften the collision because of some government enforced handicap.
It would also give local governments a power they never had before: To directly control your behavior in the moment, with no judicial control or oversight.
Interval cameras (checking your speed over a length of road, using ANPR) are very effective at slowing traffic in the UK. Although you still get people in expensive cars driving 20mph faster than others; maybe undeterred by fines, or using false plates.
The system can tell you if there was a runaway truck (at your time and location), so an appeal should be easy for that uncommon situation.
I like that solution much better. I find that a driver should always be free to make a cost/benefit calculation. The ideal, in my view, would look something like this:
- Speed of every car on the road is recorded continuously.
- If you stay within the limit, you pay nothing.
For each second that you are faster than the limit, you incur some financial penalty, where the amount is calculated based on both the speed difference and the purpose of the limit (pedestrian safety vs. noise pollution, for example). In extreme cases, you can lose your drivers license.
- Speed data is also made available to your insurance. So drivers know they won’t get away with somebody else paying for any damage they may cause.
As a driver, I very much prefer this not to exist. But I think it would be the right thing from a “veil of ignorance” perspective of justice.
I don’t care about this particular edge case. The idea of being remote controlled by buerocrats is appalling to me.
I live in Europe. Regulations here make Teslas slam on the brakes when the road is curved by more than x degrees, and break off a lane change apruptly if they take longer than x seconds. The intentions behind these rules written by some buerocrat in Brussels surely were as good as those behind the cookie banner.
I’m glad I still get to override those rules with my pedals and steering wheel.
That’s a “think of the children” type of an argument. Remind me: how many people die because of guns every day in the US? On a serious note, how many of those road accidents are caused by exceeding the speed by less than 10%? You see, there is a difference between speeding and reckless driving.
Neither you nor me live in the US. They have other options to reduce those deaths. There’s no reason to drive a 4 ton EV truck made out of stainless steel doing 0 to 60 mph in 3 seconds.
Knowing exactly which lane you're in and the actual speed limit of that particular lane can be tricky for an automated system, at least in any of the systems I've seen implemented.
I've had cars with both automated speed limit sign readers, GPS+map databases, and more show me two different speed limits and neither one was actually correct for the lane I was in. This is a somewhat common occurrence on the highways around me.
That would risk unintended consequences. For example, suddenly slowing cars on the highway down to 30 kph because a small road with that speed limit runs right next to the highway.
This becomes a thing and I'll have a 25mph sign hanging off the back of my truck. I eagerly await starting a youtube channel of new cars losing their shit on jammed tailgating attempts.
Or in Germany, if you live in the village, put up a 60 sign by your driveway and when confronted just say someone is having their 60th birthday… Germans for whatever reason like putting up a speed limit signs by their driveway when celebrating birthdays.
As long as it’s accurate. The current technical implementation is a joke. The car has no idea what the speed limit is.
A few examples:
1) drive past the end of town sign in a particular German town, the car thinks it is 30kph, but only during the day because at night it doesn’t see the sign so it thinks it’s 50 where in reality it’s a 100 until the next speed limit,
2) driving between a couple of roundabouts inside of a town in the Netherlands, the car thinks it’s 30kph even though we stay within city limits and there’s no sign so the speed limit remains 50kph,
3) this is the funniest one so far… driving in Antwerpen along the Turhoutsebaan, there’s a massive 30 sign painted on a red painted road surface, the car insists that the speed limit is 50kph.
Those are just three out of a dozen examples happening consistently within 30 square kilometres I normally remain within. And I drive this car for 2.5 weeks. I have seen the future and I don’t like it. Number 2) happens routinely inside of the city limits after right or left turn. Car drops the speed limit to 30 just to realise a 100m down the road that it is 50.
Apologies for the ad hominem, I normally stay away from such tone. I genuinely hope that such pseudo cops like you get a grip. Because it’s my life you’re talking about and I already use speed limiter routinely. Every idiot around me on the road has exactly the same choice as me: curb the ego down and slow down or behave like a douche.
> but it would be even better if all cars' speed were automatically limited to the speed limit of each road
Yeah, you just described the ISA of 2027. This is going to be a tough year for car manufacturers. I forecast a ton of unsold new cars remaining on parking lots because one has to be really technically illiterate to buy something so dangerous willingly. Either full self driving or give full control. Everything in between is a disaster waiting to happen.
By the way, here’s a funny thought. So what is going to happen when that mythical zero casualties is reached and more people will be dying on bicycles than in car accidents? An implant in the brain? Where does it stop?
> So what is going to happen when that mythical zero casualties is reached and more people will be dying on bicycles than in car accidents?
I don't think anything will need to happen at that point. We wouldn't need to tackle down the top causes of death if the numbers were low, as seems to be the case of bicycle deaths not caused by cars. And when it comes to speeding, it's already against the law, so the technology is only trying to help prevent it. But of course, my enthusiasm is tied to a future where this technology works reliably, so I don't really expect anything like it with all the problems you're describing with current models.
The problem is that it doesn’t matter what you think, or what I think. What matters is what the bureaucrat in Brussels thinks. The bureaucrat doesn’t care. They are driven everywhere and fly on their private jets.
It’s also illegal to participate in the traffic drunk yet I routinely see drunk people riding bicycles and scooters in regular traffic, often ignoring traffic lights, often with their face glued to a phone. That’s half a problem, the other problem is those same people with those same things on the sidewalk. I bet you, a ton of those people do not even have a driving license and/or understanding of traffic rules. Humans will be humans. First they cry for cycling paths, when they get them, they don’t use them. Cannot win stupid.
As a pedestrian in the city I want scooters and bicycles regulated AND enforced. But nobody cares. I stopped counting how many times I have to do acrobatics to walk around scooters and bicycles left in the middle of the sidewalk.
This summer Apple Maps believed I teleported 200m into a corn field for long enough it told me to return to the route. The location kept updating, moving in parallel to my real location.
What is the speed limit in that field?
Would a car suffer from similar problems? Should it continue at the original rate of speed or slam the brakes?
Huge privacy violation. I would just close down this business. Unfortunately it's a state cartel, and even part owner. They'll change the constitution to save those criminals
VW do use opt-in. In fact it is so annoying that you get asked every time when you start your car. So basically every time your car start it says „do you want to use the profile connected with the vw service“ if you do not accept it than the car will be in a dumb mode.
One of my coworkers was annoyed by it and „reset“ the car to use a non connected profile which does not do that.
I’m a owner of a id.4 (or rather a user of it, since my company owns it)
actually in that case its more the other way around. its easier to drive with a profile that is not connected, you only loose the app functions like heating and knowing how much you still can drive and other things that are not 100% needed.
with a not connected profile the car starts and you dont need to press an additional button to access your media stuff. so far only vw does that in the german market. everbody else uses agb's/eulas and stuff to tell you about the connection.
vw is just bad when it comes to software.
VW paid "$14.7 billion to settle civil charges in the United States" and was ordered "to pay a $2.8 billion criminal fine for 'rigging diesel-powered vehicles to cheat on government emissions tests'."
https://www.enforcementtracker.com/?insights shows breakdown by country, type, industry sector. "Highest fines: individual" top 10 list is all international companies (Meta, Amazon, TikTok, LinkedIn, Uber) and those make the news. Smaller European companies hardly make the news.
Not surprised- VWs CarNet app for interacting with the car is the single worst software I have ever used… I would literally believe that their entire software engineering team consists of a single 11 year old with 2 weeks of coding experience.
I had to opt in to this shit to get firmware updates. I'm very angry. This explains the laggy infotainment on my id.3 if these idiots were involved in its creation.
I can't seem to find a link to the leaked data. I want to see if I'm in it.
Yep, and this will be the end of CARIAD. Volkswagen has already b decided to bleed them to death with the Rivien joint-venture. I guess they'll shut down the rest of the operation much, much faster now. This is the perfect reason for them to do so and what they have been waiting for.
That's not how the GDPR works. Cariad may be a subcontractor (data processor in GDPR speak) for VW, but the driver does not have a contract with Cariad -- their contract is with VW (the data controller in GDPR speak). The data controller is always jointly liable with the processor for 3rd-party data breaches.
Too big to fail and too much of it is state owned, either directly, or through government-owned retirement funds.
The government will investigate itself and find no wrongdoings, let's go after the journalists who committed the ultimate crime: Embarassing Officials.
Way to miss the point. Governments giving semi-private companies blank cheques is the worst possible combination, because nobody's incentivised to care about laws in such constructs.
supervisory board of VW has 20 members, state of Lower Saxony appoints 2 (as a minority shareholder), workforce elects 7 among themselves, and 3 are trade union representatives also elected by the workforce.
no one is denying it's a for profit company, but its governance model doesn't really scream "neoliberalism". assuming you're from the US, (German) enterprises like VW are vastly different from what exists in the US, not just in the terms of their structure but also their influence on Germany and EU.
The EU will play favorites. There will be a slap on the wrist. Some probation. Maybe a CEO or high level C* person will step down in disgrace with only a few hundred million in severance. Then everything will go back to normal.
No, a software switch is not enough. We need to be able to physically unplug the cellular modem entirely and have the vehicle work with 100% functionality (barring features which inherently require cellular connectivity like turning the heating on remotely)
Car manufacturers' features are mostly useless anyway thanks to Android Auto/Apple CarPlay