197

Couple of months prior, I read an article on Mozilla, where they did a research on automakers and found none comply to good privacy measures. I am planning to buy a used car. I want to know how the data is collected and transmitted.

The car comes with a connected app though I am not planning to use it. It also has apple car play and android auto. Should I use those? The article states some manufacturers even records sexual activities. How are they transmitting these informations? Through connected phones?

My use is fairly basic, I want to use the Bluetooth audio system in the car for listening to music on my phone. I use maps on my phone.

What about car servicing? Can they access stored information?

top 50 comments
sorted by: hot top controversial new old
[-] SecurityPro@lemmy.ml 62 points 4 months ago

We need an online guide, based on make and model, on how to disable the transmission of this data.

[-] delirious_owl@discuss.online 10 points 4 months ago* (last edited 4 months ago)

I would be happy, to make it simpler, to have a set of instructions for how to disable transmission of all data. Basically I just want to know which cable to unplug or cut so the car cannot access the internet

load more comments (1 replies)
[-] HurlingDurling@lemmy.world 10 points 4 months ago

There's a few youtube tutorials, but not many. Also, dissableing these will break certain features of your car.

load more comments (1 replies)
[-] Steve@communick.news 44 points 4 months ago* (last edited 4 months ago)

The situation here is rather bleak really.

Generally these cars have their own always on cellular data connection paid by the manufacturer. So they don't depend on. Your phone for anything.

What they do is record and transmit any sensor data they can. The sexual activity you mentioned, comes from the sensors in the seats that are required to activate seatbelt warnings, or disable the airbags if a child is in the seat. Data from those pressure sensors can be used to determine if there's a certain kind of rhythmic motion happening in a given seat.

They also collect any and all data they can from devices they connect to. Like phones. So don't use carplay, or android auto. Don't use their app. When using Bluetooth audio don't give permissions to make calls or access contacts.

It should be possible to physically disable the onboard cellular radio. That will prevent any live data tracking. Exactly how depends on the specific car you're looking at.

I would assume the dealer can access and download the data manually. Use private non-dealer repair shops for any regular maintance or any repairs possible.

[-] xkbx@startrek.website 48 points 4 months ago

So you’re saying if I fuck the same way Fremen walk the desert, they can’t track my car sex…

[-] RubberElectrons@lemmy.world 41 points 4 months ago* (last edited 4 months ago)

If you drive a Toyota and the infotainment system has a "DCM" icon in the corner, your driving habits and location are being recorded to their servers.

E: this is happening via their own cellular modem built into the vehicle, with its own separate SIM or eSIM. Getting at the module seems to require access behind the dash, almost purposely making it difficult. Pulling the fuse will kill the front passenger-side speaker, though there are YouTube vids on how to reactivate the speaker while keeping the DCM module dead.

[-] cmgvd3lw@discuss.tchncs.de 12 points 4 months ago

How are they connecting to the server, though the connected phone's data via Bluetooth, carplay or satellites?

[-] wesley@yall.theatl.social 36 points 4 months ago

The people saying it uses your phone's Internet connection are incorrect. The vehicles have built in cellular modems and connect directly. The OEMs negotiate cellular contracts to provide service in their vehicles with ATT, Verizon, etc.

Features like remote locking/unlocking, etc. would not work if it relied on being connected to a phone.

[-] nik282000@lemmy.ca 14 points 4 months ago* (last edited 4 months ago)

There was a Defcon talk a few years ago (oh god it was 8 years ago) where someone found a way mess with Chryslers because they were all on the Sprint wireless network. Things like lock out the physical controls on the radio then max out the volume, or turn it into a GPS tracker, or disable the brakes! The cars had some service listening on port 6667, there was no way to stop them from accepting malicious connections so Sprint just blocked all traffic on that port on their network at the request of Chrysler. The speaker mentioned they were sorry if you were unable to use IRC any more on Sprint wireless.

DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle

[-] seathru@lemmy.sdf.org 19 points 4 months ago

Most likely a cellular data service. That's what GM uses for the OnStar stuff.

At least with OnStar you could unplug the antenna to neuter it (No idea if this still works with 2020+MY vehicles).

[-] n0cturnali@lemmy.world 4 points 4 months ago
load more comments (1 replies)
[-] AquaticHelicopter@lemmy.world 37 points 4 months ago

I recently bought a 2021 vehicle that has OnStar. I knew this would be a concern, but luckily there was a guide online to replace the antenna with a dummy antenna that isn't ever able to connect to the network to send data.

So that might be an option! It's still collecting but it's not sending anything back.

[-] Hellmo_Luciferrari@lemm.ee 10 points 4 months ago

I bought a 2024 vehicle with OnStar, I wonder if the process is comparable... Could you share your source please?

[-] brbposting@sh.itjust.works 20 points 4 months ago

I made a step by step guide to disable OnStar on my 2022 Bolt. Easy to do, not permanent, and doesn't disable the cellphone, Bluetooth, GPS, compass, or hands free microphone.

-source via a private proxy to that other site

load more comments (1 replies)
load more comments (1 replies)
[-] MigratingtoLemmy@lemmy.world 4 points 4 months ago

You can do that on a Chevvy bolt? Fantastic

load more comments (3 replies)
[-] TechNerdWizard42@lemmy.world 32 points 4 months ago

You cannot stop the collection. It ALWAYS collects. It may not transmit, even if connected. For example the black box in many cars is really an assortment of ECUs that contain fine grained historical data. It does eventually roll over and get replaced but the data is there.

For example there are public cases you can find where the police, not even needing a warrant, were allowed to dump this data off of a rental vehicle that a suspect, not convicted just suspected, was thought to have been in. Of course the copaganda story showed that they the used this data which was mostly location by gps and speed by the wheel sensors and gps to get a track of everywhere that vehicle had been in the last 6 months. Every person who rented it and drove it somewhere had their privacy violated. But I guess that's normal now.

The infotainment systems are the biggest jerks for data storage as they're just mini generic computers today with lots of storage.

To stop wireless transmission you can remove the sim card from the modem. Many vehicles won't work or even start if the modem is disconnected (unplugged or unfused). A Nissan for example will drain its 12v battery overnight trying to find the modem if it is unplugged. But if the sim is bad or disabled, it will try and fail to communicate, then retry later which won't kill the battery.

You lose a lot of convenience and the data is still there. So the answer is basically you can't drive a new vehicle without it violating your privacy with collection. You can only make the wireless transmission more private or disabled. I suppose you could buy a scanner yourself and before you leave the vehicle, factory wipe all ECUs. But even then you'll need to enable them for emissions testing and such if that's in your area.

[-] UnexploredEnigma@lemmy.ml 28 points 4 months ago

Drive older cars and learn how to fix them!

[-] delirious_owl@discuss.online 9 points 4 months ago

I prefer not burning fossil fuels

load more comments (17 replies)
load more comments (2 replies)
[-] scytale@lemm.ee 17 points 4 months ago

Not the exact (and only) solution, but some manufacturers may have a Do Not Sell My Information request form. Subaru has it on their website and I submitted a request for myself. Obviously we won’t know if they actually follow through, but it’s worth a shot. Some people have experimented with going in and actually disabling the antenna that the car uses for telemetry, but that’s at your own risk and likely voiding warranties in the process.

I think using carplay/android auto isn’t as bad since the infotainment system is just projecting your phone’s display, so your phone’s privacy policies apply. Whether you trust those policies is of course up to you. Cars that force their own systems (like GMC I think) are more risky because you are using it directly.

load more comments (2 replies)
[-] grue@lemmy.world 17 points 4 months ago* (last edited 4 months ago)

My solution is to continue to only own old (mid-2000s or older) cars in perpetuity.

(And also use a bicycle instead for most trips.)

[-] halfwaythere@lemmy.world 12 points 4 months ago

You could get yourself a RF analyzer or an old Hammy (Ham radio enthusiast would likely have something you could borrow)and find out what they are using then that would allow you to figure out your options such as removing the antenna, sim card, or the module in some manner. The problem with removing modules could be they are tied into the cars electronic controller which could cause issues with the car even working.

[-] potatopotato@sh.itjust.works 13 points 4 months ago* (last edited 4 months ago)

RF analysis is kinda difficult, you'd need to take the car out into the middle of nowhere and have access to fairly good equipment. A tinySA would maybe work if you're very patient but data transmissions are generally very bursty so it may be difficult to nail down where it's coming from in a sane amount of time.

One option would be to try to figure out if there are any FCC filings for your car. All filings will have pictures of whatever module is being used and what antenna systems it uses which may give you a good idea of where it is and what it looks like. There should be an FCC ID mentioned somewhere at the beginning or end of the cars manual. Googling that should bring up some stuff.

[-] Tangent5280@lemmy.world 10 points 4 months ago

Or you could just wrap your car in aluminium foil like a giant burrito

[-] delirious_owl@discuss.online 5 points 4 months ago

Ah, the tin foil car method

[-] _haha_oh_wow_@sh.itjust.works 11 points 4 months ago

Don't buy cars that have this shit.

[-] deranger@sh.itjust.works 52 points 4 months ago

That’s becoming less feasible with every day that passes.

[-] cmgvd3lw@discuss.tchncs.de 12 points 4 months ago* (last edited 4 months ago)

Yes, with emission standards, old car purchases are not really encouraged here. I am looking for a fairly new used car and these features are already included in most of them.

load more comments (9 replies)
load more comments (3 replies)
[-] umami_wasbi@lemmy.ml 10 points 4 months ago

Off topic. I saw a few comments about disabling or removing the modem on the car. How about removing where the telementry code resides in? Is that feasible?

[-] ReveredOxygen@sh.itjust.works 6 points 4 months ago

Probably not. You'd have to figure out how to jailbreak your car and figure out how to remove that code. Then a software update could potentially undo it, or you could brick it while trying. A hardware fix on the other hand is often much simpler and is far easier to revert

load more comments (2 replies)
load more comments (3 replies)
[-] invertedspear@lemm.ee 7 points 4 months ago

Number 1) find the fuse that controls the modem and pull it. Without this your car can only report when the service techs hook it up to their diagnostics, and what is reported there versus what reports on the regular from the modem is a huge difference. You lose a lot of convenience this way, but that’s to be expected. CarPlay and auto give you a lot of that convenience back, but now you’re giving a lot of that same data to Apple and Google, even if all you think you’re doing is projecting maps from your phone to your infotainment. Do you trust them? You can use Bluetooth audio in most cars without using CarPlay or auto, that should be safe. Stick to maps on your phone if you don’t want Google or Apple getting your driving data.

[-] repungnant_canary@lemmy.world 7 points 4 months ago

One issue with "hacky" methods suggested here I can see is they might disable eCall in the EU. And eCall is actually a safety improvement so for some it might be a very suboptimal compromise. But maybe if enough people show resistance to uncontrolled data collection then some meaningful legislation will be passed.

[-] GolfNovemberUniform@lemmy.ml 6 points 4 months ago

I think the only good way to go is to break the transmitter inside the car and hope it doesn't brick it.

[-] delirious_owl@discuss.online 4 points 4 months ago

You can probably cut a cable going to the transmitter than break the transmitter itself. Low voltage cables can be reconnected trivially.

load more comments (2 replies)
load more comments
view more: next ›
this post was submitted on 05 Jul 2024
197 points (98.5% liked)

Privacy

31995 readers
1305 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS