The CAN traffic is unencrypted. It was pretty easy to MITM this module with a cheap arm Linux board and a can transceiver to enable writing a two way filter capable of blocking the traffic that didn't raise any DTCs (that I observed) and could be turned on/off by the user. I preferred this approach to complete disconnection of the module (which is noticeable via errors at the diagnostic port) or trying to faraday cage or disable the antennae on the TCU so it can't remotely send/receive. I can also turn off my module or completely remove it before I sell it.
I fear the next version of Miata will be an encrypted CAN like most other cars have moved to and even with my expertise I won't be able to access the latest safety features from new cars without surrendering what little privacy I've been able to claw back.
And you didn't poison their databases and statistics with fake data?? OMG, I'm thinking of buying one of these cars just for this opportunity! (No, I'm not.)
I've had a clean driving record for 30 years and I'm still paying the junk rates most other people get
I do know that the CFAA essentially gets interpreted to mean whatever the corpos want it to mean - it's basically an anti-witch law - so it's best to steer clear. And this goes double with with the current overtly pay-to-play regime. But just saying.
(Awesome description btw! I really wish I'd find a buying guide for many makes/models of cars that detail how well they can be unshackled from digital authoritarianism. A Miata is not the type of vehicle I am in the market for (which is unfortunate, for several reasons))
What about guessing passwords? Should someone be prosecuted for just trying to bruteforce them until one works?
Sometimes a URL can have a password in it.
But when it's just a sequential-ish ID number, you have to accept that people will change the ID number. If you want security, do something else. No prosecuting.
Guessing a URL is an attempt to access (potentially) privileged information which was not secured or authenticated to begin with.
A password is a lock you have to break. An unlisted URL is a sticky note that says "private" on the front of a 40" screen. It's literally impossible for that information to stay private. Someone will see it eventually.
How do you propose the line should be drawn?
there is a line drawn for such things. a fuzzy line. see:
https://en.wikipedia.org/wiki/I_know_it_when_I_see_it
same as this famous case, in which a supreme court justice is asked "what is and is not pronographie" - of course he realizes if he defines "what is not" people are going to make all kinds of porn right on the boundary (see: japanese pronographies where they do the filthiest imaginable things yet censor the sensitive books, making it SFW in the eyes of their law). this judge avoided that.
Anyways, parallel to the fact that filthy pronographies can be made a gorillion different ways, a "hack" may be manifested also a gorillion different ways. Itemizing such ways would be pointless. And also in the same vein, strictly defining a black and white line "this is legal, this is not" would cause hackers to freely exploit and cheese the legal aspect as hard as possible.. businesses and data miners and all these people would also freely exploit it, at massive scale and with massive funding, since it is officially legal. Thusly it must be kept an ambiguous definition as with pronographies, as with many things
And everyone who doesn't have wool for brains knows to not carry large rolls of cash around in a bad part of town, but we can still hold the mugger at fault.
As a pragmatic matter, I do completely understand where you're coming from (my second paragraph). In a sense, if one can get to the point of being convicted they have been kind of fortunate - it means they didn't kill themselves under the crushing pressure of a team of federal persecutors whose day job is making your life miserable.
If your goal is to deliberately "poison" their data as suggested before, it's kind of obvious that you are knowingly causing the transmission of information in an effort to intentionally cause damage to a protected computer without authorization to cause such damage.
>Trying to tie some nebulous TOS to a situation that the manufacturer has deliberately created reeks of the same type of website-TOS shenanigans courts have (actually!) struck down.
This has very little to do with the TOS though, unless the TOS specifically states that you are in fact allowed to deliberately damage their systems.
And no, causing damage to a computer does not refer to hackers turning computers into bombs. But rather specifically situations like this.
Practically any device connected to the internet is a "protected computer". The only case I can think of where the defendant prevailed on their argument that the computer in question was not a "protected computer" was US v Kane. In that case the court held that an offline Las Vegas video poker machine was not sufficiently connected to interstate commerce to qualify as a "protected computer".
Deliberately inserting bad data to mess with their analytics does in fact fit that definition.
> You own the device, so anything you do within that device is authorized
You're very clearly describing a situation where at least some of the things you're doing aren't happening on your own device.
>I do know that the CFAA essentially gets interpreted to mean whatever the corpos want it to mean - it's basically an anti-witch law
FWIW this is simply not true. The essence of the CFAA is "do not deliberately do anything bad to computers that belong to other people".
The supreme court even recently tightened the definition of "unauthorized access" to ensure that you can't play silly games with terms of service and the CFAA. https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf
However, it's worth clarifying that the important detail isn't generating the data, but sending it. Particularly the clearly stated malicious intent of "poisoning" their data.
This seems like exactly what the lawmakers writing CFAA sought to criminalize, and is frankly much better justified than perhaps the bulk of things they tend to come up with.
>(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
Doesn't seem exactly unfair to me, even if facing federal charges over silly vandalism is perhaps a bit much. Of course, you'd realistically be facing a fine.
>(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
>(B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States.
As anecdote, while buying a new car I signed a statement that I'm not going to resell it to russia.
I have been canceling that stupid warning message it presents when leaving it off, every day for several years now.
As I understand it, they're required to do that now if they want to sell in the EU. They emphatically do not want anyone tinkering with their cars.
Bring on the full self-driving cars, or let me drive my own car. This human-in-the-loop middle state is maddening. We're either supervising our "self-driving, but not really" cars, where the car does all of the work but we still have to be 100% aware and ready to "take over" the instant anything gets hard (which we know from studies is something humans are TERRIBLE at)... Or, we're actively _driving_ the car, but you're not really. The steering feel is going in and out as the car subtly corrects for you, so you can't trust your own human senses. Typically 40% brake pedal pressure gets you 40% brake pressure, unless you lift off the throttle and hop to the brakes quickly, in which case it decides when you apply 40% pedal pressure you actually want 80% brake pressure. Again, you can't trust your human senses. The same input gets different outputs depending on the foggy decisions of some computer. Add to that the beeping and ping-ponging and flashing lights in the cluster.
It's like clippy all over again. They've decided that, if one warning is good and helpful, constant alerts are MORE good and MORE helpful. Not a thought has been given to alert fatigue or the consequences of this mixed human-in-the-loop mode.
It constantly got the speed limits wrong, constantly tried to tug me out of the correct lane, and was generally awful. It could be disabled but was re-enabled on each restart of the ignition because it’s mandated by EU regulation.
I appreciate a Greek island perimeter road may be a worst case scenario, but it did the same with roadworks on the freeway and many other situations.
Actively dangerous in my experience…
Forward collision warning has misfired on 2 occasions on me in the last 3 years
The main issue is that so many cars have broken “auto dipping” headlights which don’t dip, or matrix headlights which don’t pick out other cars.
This automation shit should stop, but it won’t.
parking beepers are reasonable, they simply come on occasionally and don’t actually interfere when they go wrong. The rest of it just makes things far worse at scale.
My Lexus is afraid of a bush behind my garage in the alley. It's on a neighbors property and not really overgrown, but my car refuses to get within about 5 ft of it. Makes backing out a nightmare. I haven't figured out a way to disable it, and have considered just selling this 2025 NX.
I found this for the TX, might work for the NX as well?
Try disabling Parking Support Brake under vehicle settings > drive assist.
As an aside, I checked out your GitHub. Cool projects, the vag flashing tool looks super useful, might actually give it a spin in sive development projects.
Use a stand alone generic GPS. Vehicle GPS devices are anti privacy for so many reasons.
Listen to stored music from an SD card if terrestrial radio (NO SATELLITE). Did you know almost ALL late model cars can play a <128gb FAT32 USB drive with non- vbr mp3s? 64gb filled with 168kb mp3 audio would take roughly 3 years at 4 hours a day to listen to.
TURN YOUR PHONE OFF. Your phone does more than track you - the Bluetooth and wifi beacon scanners are always running. When you come across another person, most phones track the intersection of your beacon with theirs making a new data point that compromises both individuals privacy. Now consider sitting at a stoplight; you and and the 10 phones around you have now correlated the time and position you were sitting there. The person jogging by with no phone(but a set of Bluetooth headphones) is also tracked by their Bluetooth signature. Terrifying.
Disable autonomous driving hardware by unplugging the cables from the interior cameras. If your car needs to see and feel you in order to do it's job, it's co-dependent; break up with it.
Ignore your car's complaints and error messages. Did you know Orange dash error lights are non critical?
Your car will happily display an orange light while a bad fuel mixture is poisoning your catalytic converter to the point where it needs replacing to meet any kind of emissions test. Same with other signs of engine stress.
Don't ignore dash lights unless you know what they mean or you're willing to pay the cost of disposing of your car.
Of course many places won't even allow you to disconnect all the antennae as a non-functional TPMS makes your car unroadworthy in various jurisdictions. You could quickly reconnect everything and clear the error codes before testing, but I'm not sure if the hassle is even worth the illusion that of being untraceable.
All phones nowadays have bluetooth/wifi mac address randomization, so it's basically useless for tracking, not to mention google/apple conscripting every phone into a wardriving network will kill battery life. Moreover all this effort in avoiding being tracked doesn't really mean much when all cars have a very visible and unique identifier that's mandated by law (ie. license plate).
See also (222 points, 19 comments, 14 days ago):
And what’s the benefit of it all? Fewer targeted ads?
"Tire pressure low" is one you should probably check out on a regular basis.
All that these sensor-based systems do is train you to be an inattentive car owner.
I do have a walk around the car before I set forth, but stuff happens.
Some drives are very long -- hours and hours between stops. I've had tires that aired themselves down during a drive. TPMS can alert me to that issue before I get an opportunity to have another walk-around, so I can stop and address it before it becomes a safety concern.
It's fine if someone want to live in a world without monitoring systems; anyone is free to drive an old car with points ignition and a carb if they want (or mechanical diesel! with an air starter, even! no electricity needed at all!).
And sure, there's a certain joy to driving something of relative mechanical simplicity.
But I like modern cars. And I like things like temperature gauges, closed-loop electronic fuel injection, oil pressure indicators, ABS, traction control, backup cameras, and [I dare say] tire pressure monitoring. I like cruise control. I like headlights that turn themselves on when necessary, and off again when they're unnecessary.
And as one might correctly surmise: It doesn't have to be that way: There's other ways to live. A person can also choose to walk, ride a bike, use a horse, commit to a lifestyle that is centered around public transportation, or whatever. The world is full of options.
I've chosen my path, and you can also choose yours.
(And no, that doesn't make me inattentive. My path involves both a belt and suspenders.)
Sealed radiators? No way to look for winshield washer fluid? No translucent reservoir of brake fluid?
Falling back to an attitude of not needing automation and instrumentation is a cope, and often a poor cope at that. The problem isn't the dash warning lights of the past several decades, it's the built in corporate surveillance hardware of the past single decade (and the corresponding violation of user trust in favor of corporate control).
I don't think most people know how to do it, to be honest. Partially because people seem to think reading two pages in a manual is some kind of sisyphean task that no mortal should ever be cursed with.
It's pretty crazy how little people care. Even if you don't care about the safety aspect, keeping your tires inflated well saves you a ton on fuel and tire replacements.
In France, we'd check tire pressure at gas stations on nice machines that had built in dial gauges and were free.
In the US, I had to use one of those hand gauges and the air pumps needed quarters (in most cases, especially if you weren't also buying gas).
In Portugal now, the gas stations also have free air and pretty good pumps.
I landed at JFK and was looking for a stroller to stack my suitcases on. The kind of stroller that is free in every single airport I've been to.
I was shocked to see it costs $7. The guy who (I presume) worked there sardonically exclaimed "Welcome to America."
But yeah, free airport trolleys are are an easy marker of evolved civilisations, and the USA fails this test.
Countries that have passed this test for me that I can recall: Australia, Greece, Singapore, China, UK, Thailand, Italy, Spain…
I (again) have a low pressure warning on one tire (getting colder in the Northern Hemisphere). It looks fine but I'll get my compressor out tomorrow and make the computer happy. A lot of modern tires can look pretty good even if, as you say, they can be quite a bit below recommended limits.
And checking tire pressure was a 1x/week thing.
A lot of modern automation is not really automation. A washing machine is automation: it takes a task which would have wasted hours of your day and reduces it down to a few minutes. A lot of modern "automation" doesn't save you any actual time time, but just saves you from being attentive:
- Checking your tire pressure doesn't take much time, but TPMS is a privacy problem and an added maintenance cost that you cannot opt out of.
- A power rear lift gate actually takes _more_ time than just shutting it with your hands.
- Power windows don't go down any more quickly than power windows. The only only benefit here is that you can open all 4 windows simultaneously. However this is a luxury, not something which saves you time. You never _need_ all 4 windows down. So maybe people like it, but it's not like the washing machine that actually saves you labor.
- etc ....
People think that needed to do or attend to anything is wasting time, but often modern automation saves no time whatsoever, and has other downsides. (privacy, maintenance cost, vehicle weight, etc.)
For example, power windows were always handy when getting on/off the highway and coming up to a toll booth where I'd have to give/take a ticket. It's much easier to hold a button (or even have a latching button) while spending my attention on actually driving.
I have one car with TPMS that's entirely done through the ABS controller measuring the relative diameters of the wheels. That's not a privacy or cost problem. Furthermore the privacy problem where wireless TPMS sensors are interrogatable is better framed as a security vulnerability in their design, rather than something intrinsic.
Weight is a red herring as I'd guess the fuel savings from having properly inflated tires outweighs the fuel spent on the extra mass.
ERROR: unable to start engine.
Actually I wonder if cars will just adopt "oh-you-need-anti-theft" like phones do. To prevent auto theft, all cars will be tracked and all parts must match serial numbers.
Well, I suppose that's one way to end third party repairs. Just refuse to turn on if the chip in the new part doesn't match up with a code in the ECU. Like printer ink, but for every major component.
'Error, cannot start engine: Authorised mirror not found. Please visit BMW for an authentic replacement. Driving with non-authentic mirrors may harm user safety.'
What's wrong with GPS in vehicles? If it's not connected to the internet, there is no issue.
What's wrong with playing music from the phone on Bluetooth or Aux? Did you also know you can ride a horse instead of a car?
Bluetooth and WiFi isn't running if you turned them off. Bluetooth also isn't really used for tracking unless someone is looking for you or you're part of some service like AirTags.
> Ignore your car's complaints and error messages. Did you know Orange dash error lights are non critical?
What? Worse advice out there regarding cars.
The GPS module is usually on the same board as the cellular module. Disconnecting the board (usually in the shark fin) disconnects the GPS module too.
It's connected to the Internet. Every car has a SIM card now.
Maybe every new car, but the average car is 13 years old, and the OP made no clarification on whether his advice was for only new cars, or for a 2015 econobox as well.
As long as stations persist that transmit the data (it's sent over RDS), then it will continue to work. There's no subscription involved (or at least, there isn't for my car -- it works where it works, and there's no mechanism by which to pay for using it).
The Wiki has some further reading on the technology: https://en.wikipedia.org/wiki/Traffic_message_channel
I sympathise. However, being able to start de-icing my car while still in bed at 5:30 on a January morning is a powerful feature. And I'm the kind of person who wraps his tin foil hat no less than 10 layers thick.
Ideally this shouldn't involve the internet, because the car is in wifi range, but what can I do about it?
later vehicles "helpfully" removed this in favor of online remote starting (with added telematics)
generally its not hard to disable.
- identify the telematics module in your car - pull the fuse (not always an option, sometimes this disables bluetooth)
- alternatively: identify the 1-2 SMC connectors on the telematics device. this is the LTE and low/alt channel for the cellular communications. disconnect these 1-2 connectors and connect the ports instead to a 50 ohm terminator. the vehicle will simply continue to collect data but never be able to send it anywhere. the system will assume it just cant find a tower.
It didn't work - there was an on-module antenna that it switched to. Might not have worked as well, but it did work and the wifi access point still showed up.
On the other hand, some cars have a self-contained telematics module like you said and you can just unpower the whole thing.
I remember looking at a ford owners manual for a 2019. The fusebox section had a fuse with description "Telematics control unit - modem." I assume you can just pull that fuse.
It's complex enough that I haven't done it yet in my Sienna, but I plan to!
[0] It was my understanding that, like GPS-receivers, Sirius/XM was one-way streaming, only..?
You know we used to have to drive the car... sometimes many miles... to a station, get out, and fill it up with a liquid fuel that costs many times more, and then drive home...
Seriously now- The perceived 'inconvenience' you have is the reason that so many of these connected features are being pushed and then the because the ability is there the business types can't resist the data gathering that became possible because of all the antennas, etc.
Anyone know of any others?
You are not doing anything wrong if you are forced into buying a car due to the circumstances of your living. But voting to continue that makes your culpable.
You mean they're actually asking for 15 minute cities? Yes sir, they are. Very good.
You could “ban” it, but the amount of effort required to raise public awareness for that and actually have our dickhead representatives due things like that is basically the same amount of effort, perhaps more, as building better cities and transportation modes.
We build and subsidize highways, we could do the same with other methods of transportation and have competition instead of big gubmint cars.
Find the cellular antenna and replace it with a dummy load. The car will think it's sending the data just fine but all it's doing is turning radio waves into heat.
(unfortunately it's in German - but there is an english live translation available)
https://chatgpt.com/share/692cde57-0930-800e-b45f-7a41ca5c8e...
I work partly in prehospital emergency medicine and I wouldn't.
I already feel uneasy with our 2017 EuroNCAP 5 star SUV due to the improvements since then, in particular AEB and increased structural crash-protection, which greatly change the injury profiles of accidents.
ABS wasn't even a requirement in the EU until 2004, and American cars could be sold without ABS all the way until 2012, when traction control was also made mandatory (which the EU then also followed).
Things like the slightly-angled side pole crash test was only added to the Euro NCAP in 2015 and was updated five years later to make it a bit more realistic, though cars still woefully fail in many real-life scenarios.
I wouldn't really consider a car "safe" unless it passes the ~2015 requirements for car safety well. A well-designed car full of optional safety features from the ~2010s is probably also safe, but I wouldn't count on it unless you've done research into it.
I believe Volvo has had a reputation of being ahead of the curve with these kinds of crash safety tests, but even they had to improve over time.
Whenever I point out I think this self-surveillance is crazy, the response ends up sounding something like "oh, no big, if I think I did something wrong I'll just hide the evidence and lie to the police and say it doesn't work", which sure doesn't sit right with me.
Or is your point just about the cost of the dashcam being "crazy"? In that case, hypothetically, what if your insurance company cut you a check to buy a dashcam of your own choice and install it on your car?
Since then, I've learned about the 50ohm dummy antennas you can buy. I might try that if my car dies before an AWD/4WD Slate truck becomes an option, and also if my living situation can accommodate charging.
Well, of course all the Garmins and Tomtoms available now have "built-in wifi for updates" and often BT for phone notifications too. Sure, I could just not configure either but what if I want a navigator _without any radios_ and with controlled updates via SD card.
Maybe a dedicated Android phone in the car with offline OpenStreetMaps installed and airplane mode on is more realistic. Or some old 2nd hand navi that's still updateable.
I got a tesla home charger and it had a unnecessary wifi AP that kept showing up in my house. So I figured, I would stop this.
Opened it up, and disconnected the wifi antenna mmcx connector.
Nope, seemed when unplugged, it would switch to an onboard antenna for the wifi module.
so I reconnected a dummy load antenna to the wifi module.
and it still used the onboard antenna.
at that point, I gave up.
I think there might have been a possibility of downgrading the firmware to an older version that could disable wifi, but I didn't try to find it.
I believe this kind of thing happens with onboard cellular, wifi and bt. They are more resilient to degraded or disconnected antennas than you think.
from video games to software to “self-driving” cars, we’re all unpaid beta testers for unfinished and often unsafe products.
There have been a lot of court cases about that law by the manufacturers, so I do not know the status at this point.
So I wonder if that is still the case. If it is and an out of state person buys new there, will that "spying" remain disabled when they bring the car home ?
How would they know you're no longer in Massachusetts, without the spying enabled while within Massachusetts?
It doesn't mean "the car's gps is disabled"
I found this when looking into it more: https://arstechnica.com/cars/2023/06/feds-tell-automakers-no...
"Now, according to Reuters, NHTSA has written to automakers to advise them not to comply with the Massachusetts law. Among its problems are the fact that someone “could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently,” and that “open access to vehicle manufacturers’ telematics offerings with the ability to remotely send commands allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking.”
Faced with this dilemma, it’s quite possible the automakers will respond by simply disabling telematics and connected services for customers in the state. Subaru already took that step when it introduced its model year 2022 vehicles, and NHTSA says other OEMs may do the same."
Car -> unplug the cellular modem (more or less easy)
TV -> used as dumb monitor with a Linux HTPC
Phone -> GrapheneOS
PC -> Linux
Social media -> /dev/null
Email/DNS/cloud -> my own
The real issue is that most people are not aware of these issues and may even (unintentionally) compromise your own privacy by posting information or pictures of you to Facebook or other similar places.
I'm surprised how many people think that keeping a low profile will matter in a society that attacks people for things you could discover from vehicle position data. In that society, you'll get attacked if someone wants to do it and they'll manufacture the pretext.
It's not difficult to imagine something like pandemic restrictions, where a digitally-enabled government could fine/arrest people based on location data, either because they travelled outside an allowed area or into a restricted one. Or they have data showing they were in close-proximity with too many people etc etc.
Carvana knew exactly how many miles I had driven within an hour of me driving my car.
Well in the case of the IRS, that, and you know, Intuit.
In BMWs, the gps antenna is behind the upper lights, the telematics and V2V antenna is in the sharkfin(unplug it from underneath the headliner)
I use Android Auto mostly because I don't trust manufacturers of car components to maintain their software and to put more than bargain bin SoCs in their infotainment consoles. There's no need for your Android phone to have a connection to the outside world if all you're using it for is locally installed apps.
Then on the other hand, who cares about those when your car is already tracking you? /s That kind of helpless reasoning needs to die.
Millions of American households don’t have a car, but you rarely hear about it as a viable option.
In places like Vegas, even on days with great weather, trying to WALK 2-3km in residential areas is a nightmare.
There are certainly people who are OK with living like they did in their urban school for a few years after graduation. But that's not a long-term solution for most people.
Try living without a car in these places, all in the 4th largest MSA.
https://maps.app.goo.gl/mHmGidZRJaKptHeL8
https://maps.app.goo.gl/5P4mW5iM6b5ab9Ve7
https://maps.app.goo.gl/JCiBgESKs5ZWqGny8
https://maps.app.goo.gl/E1iVwLCB28ooGhQL9
These are all in "urban" areas and a part of DFW. But how about Houston, the 5th?
https://maps.app.goo.gl/7yEAimERmyE1EGde6
https://maps.app.goo.gl/UKSQjPqifWUSv82H7
I don't know how one would even get groceries without a car.
And even then, you're then talking about less than 1/3 of Americans living in that mostly car dependent space.
It’s common for people to own a car and not use it for weeks, months, or in some cases years at a time.
Unfortunately it's as likely as this being the year of the Linux desktop because Windows 11.
Autocracy is just everywhere these days, Noah get the boat.
I, too, would rather see this bullshit die in committee before reaching the next stage, but this bullshit can still be stopped.
Also, while the EU does (for now) have stronger privacy protections for citizens against corporate interests, the opposite is true in most EU countries for Government surveillance.
Last I heard they've shifted their efforts to making remote activation of on-board cameras part of the 5/6G smart car bullshit (which will of course be part of road safety requirments not long after).
However, more importantly, it means you can't lawfully disable the modem that the manufacturer uses for its own telemetry.
That’s stated on the eCall page linked above. Do you have a source that contradicts that?
Annex VII only rules out connecting to the PSAP/112 side, not routine network attaches. To detect faults in the “means of communication”, the IVS has to verify that the SIM, baseband and RF path are actually usable, and you can’t test that without a network attach.
In practice that’s what all current eCall implementations do. The modem attaches to the cellular network at each ignition so it can confirm it’s capable of placing an eCall. If you block the modem or antenna, the IVS fails its self-test and the vehicle is no longer roadworthy.
There are always workarounds, of course, but that does pose an annoying problem to patch.
https://www.coro.net/blog/what-new-eu-cybersecurity-rules-me...
https://www.dw.com/en/new-eu-cybersecurity-rules-push-carmak...
> You can opt out
lol
this makes it seem so simple.
I think
- you will never be aware of what data is collected - they want to collect more data and never disclose it
- you will never be able to opt-out. Even if you disconnect from cellular, at service time they will just download what is there.
- car manufacturers will use any and all data to their benefit
You know, here's an interesting story I remember reading:
I will give you a story - buddy owns a shop - buys new M5 - he went out joyriding - warped a rotor - he said it was not from him so he tried a warranty service - BMW printed a page that his car recorded. It had snapped a pic of his face and sent all the data on speed, location, etc every bit of data you can think of to the dealer and his insurance company. He sold the car. That was years ago. Ask any custom tuner today if they can touch a 22 BMW. Nope. It will disable the car if you try and get into the CPU to tune it. This is where the industry is heading
from: https://www.fordtremor.com/threads/disabling-the-modem-pulli...
Flock is already known to assist the government surveilling protestors:
- [CBP is monitoring US drivers and detaining those with suspicious travel patterns](https://news.ycombinator.com/item?id=45996860)
- [How Cops Are Using Flock Safety's ALPR Network to Surveil Protesters and Activists](https://www.eff.org/deeplinks/2025/11/how-cops-are-using-flo...)
- [Amazon has a form so police can get my (Ring) data without permission or a warrant](https://www.theverge.com/2022/7/14/23219419/amazon-ring-law-...)
Flock takes the "do nothing until forced to" mentality.
If it exists in a database, then the government has access to that database if it ever wants to legally or otherwise. It's been like that since 9:11 and probably before.
All we need now is for the right person to walk in and turn the key. We're lucky that Donald Trump is probably too stupid to understand what he's got under his thumb.
Back in august IDF banned Chinese cars from entering bases
https://www.jns.org/report-idf-bans-chinese-cars-from-bases-...
And now banned then from used by officers
https://securityboulevard.com/2025/11/why-israel-just-banned...
I wonder what IDF knows
I wonder what China knows :)
https://www.drive.com.au/news/tesla-vehicles-to-face-entry-b...
They undoubtably said things like "if it saves even one person from falling asleep at the wheel it's worth it" or something along those lines.
as a cyclist and public transport user with no driver license, i hope personal vehicles have so much sensors that they can detect if you are drunk or stressed and limit your reaches. fuck your metallic beetle
What a great illustration of the sort of selfish opinions that people like to peddle under the guise of perceived common good.
Are you willing to have your bike brakes linked up with GPS and red light signals? It's in the name of safety and progress after all.
are you really naive to believe cyclists wouldn't respect traffic lights on a city designed after walk and public transportation? or are you thinking on the minimal cyclists that get killed by tresspasing this rule by vehicles that get a mild scratch? or the light or mild injuries bicycles at 15-25 km/h are gonna cause between each other?
edit: i would even go further and hope personal vehicles production is ceased and their circulation becomes a crime for citizens on non-legal or non essential services duties. i would live perfectly fine in a city without those but who controls the speed of my bicycle on cycle paths or that lock my brakes if i try to cycle high
An excellent demonstration of "cyclebrain syndrome", the urban twin to suburbia's "carbrain syndrome".
> are you really naive to believe cyclists wouldn't respect traffic lights on a city designed after walk and public transportation?
Translation: I am aware of cyclists' ubiquitous poor behavior on the roads but will reach for any justification to shift responsibility to someone else. "Drivers wouldn't be running red lights if you just added a couple more lanes, bro."
> or are you thinking on the minimal cyclists that get killed by tresspasing this rule by vehicles that get a mild scratch?
Translation: And when cyclists' poor behavior causes a fatal collision with a car, nobody cares about the damaged property. Or the mental anguish, or the collisions caused by narrowly avoiding killing an errant cyclist (who survives, oblivious, thanks to the driver's quick action choosing a more costly crash over a "mild scratch" that kills the cyclist).
> or the light or mild injuries bicycles at 15-25 km/h are gonna cause between each other?
Translation: I don't give a shit about killing/injuring pedestrians any more than car drivers do. I only care about collisions with things that are about the size of my vehicle or bigger. And if those other things are bigger than my vehicle--I want them banned! That way I reduce the risk to me, which is what I really care about, and who cares what happens to anything smaller than me?
The USA was designed by Ford motor company, for cars, by cars. That was a mistake.
[laughs in unhinged zealot]
>"It’s hard to figure out exactly how much data a modern car is collecting on you"
You are a globally operating news agency. You can absolutely get some GDPR requests in and look at it. What kind of reporting is this? "We don"t know, but we also have not tried the one way which forces companies to answer this question".
BMW is a German company, just ask them for the information they have on you and they are forced to give it to you.
There's no way even a large news corporation is going to buy every model car from every brand that comes out in a year to get the legal rights to demand data, let alone pursue these data requests in court. Renting cars may be easier, but then your contract is with the rental company and they're responsible for getting you the information you require, and after the first three PII requests you're not going to be renting from them any time soon.
I'm not saying they couldn't do a deeper dive with more detailed research, but it's not an easy task to evaluate an industry like this. All they'll be able to produce is general statements about a limited set of car models that'll quickly be outdated once the next software update comes out.
If you get a car old enough, you won't need to worry about TPMS (but that car will not have been tested against recent crash test scenarios).
My car is old enough that it doesn't have TPMS sensors but I have looked into third party ones. It looks like there's all kinds of systems, from custom UHF to Bluetooth LE. No idea what your car uses.
Ideally the implementation would be immaterial to a ban. The ban (or more likely first, warrant requirement similar to cell data) would be on the tracking database, not the details of how the tracking was accomplished.
Mine doesn't.
My house is fairly close((125') to a rural "highway", and only internet here is mobile data that my phone shares with other devices and mornings(anytime) my older desktop with 2.5 ghz wifi gets bumped off with the passing of every car that has glaring supper white headlights,but, not the ones running yellow incandecents, whatever rf signal is comming of these things must be barely, or completly illegal, and could obviously be tracked in any number of ways, so not so much bieng spied on, as just flat out trasmitting everything you do in ridiculously fine grained detail.
The automotive example shows how even "non-tech" products now collect and transmit data. Each service creates another attack surface, another set of credentials to manage, another potential breach vector.
What's frustrating is that breach response still falls on individuals. When one of these services gets compromised, it's users who have to scramble to change passwords across potentially hundreds of connected accounts. The "change your password" advice is good but wildly impractical at scale.