|
|
Subscribe / Log in / New account

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 6, 2023 18:03 UTC (Wed) by dskoll (subscriber, #1630)
In reply to: Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy by pizza
Parent article: Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

My car has no OnStar or equivalent. It's too low-end a model to come with fancy stuff like that.

Yes, the VIN is associated with me, but those records are not public. They are accessible to law enforcement and my insurance company, but not to average people AFAIK. (Ontario, Canada.)

It does make me think that next time I buy a car, I'll consider these issues and if necessary, try to disable any wireless communication devices embedded in the car. I don't need OnStar or cell service in my car; I have a cell phone for emergencies.

to post comments

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 6, 2023 18:25 UTC (Wed) by farnz (subscriber, #17727) [Link] (17 responses)

Note that there's a move, starting in the EU, to equip cars with accident emergency call systems like eCall, where if the car detects that you've been in a crash, and you don't tell it you're OK, it'll both send an SMS to the local equivalent of 911 carrying the sort of data specified in ITU-T Y.4467 (current location, 2 recent locations, each at least 5 seconds before the time of crash, and at least 5 seconds apart, direction of travel at time of crash, VIN, number of people detected in the car before crash, fuel type) and start a voice call to 911 using the in-car speakers and microphones.

The idea is that if you crash the car, it'll tell the authorities where you crashed, if the airbags (or other safety systems) deployed, and set up a voice call between the driver and the authorities, so that appropriate emergency services (ambulance, fire) can get to you quicker than possible if we were dependent either on you being uninjured enough to make the call yourself, or on a passer-by noticing the wreck and calling for help, and also get to you fully prepared to get everyone out of the car.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 6, 2023 18:54 UTC (Wed) by dsommers (subscriber, #55274) [Link] (7 responses)

All that has a valid use-case. But it still should be an opt-in feature with a disclaimer that you know what you are missing out of if disabling it. Much rather that than making it enforced.

Next thing to appear in this scope is law enforcement agencies remotely monitoring cars, where they then can track where you are, how you're driving and plausibly even listening to what's happening in the car. All such related policies will come wrapped in all the good endeavours of fighting bad criminality, etc.

Just like Australia and now recently UK with laws to enforce companies to have a backdoor to encrypted data (aka "Online Safety Bill); similar discussions are already happening in EU (aka Chat Control).

https://proton.me/blog/australia-anti-encryption-law
https://proton.me/blog/online-safety-bill-encryption
https://chatcontrol.eu

"The road to hell is paved with good intentions"

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 6, 2023 19:02 UTC (Wed) by farnz (subscriber, #17727) [Link] (6 responses)

The trouble with making it opt-in is twofold:

  1. It's a life-saving feature. If you don't opt-in, then you get left to die when other people get rescued, which is bad publicity for the car maker and for the government.
  2. Most people don't get their cars in a factory-fresh state - the dealership who sells it to you does a pre-delivery inspection, where they get to opt-in to things they think you'd like. This is something that they'd always opt-in to, since if it saves your life, you might come back and buy from them again, while if you die in a serious single-vehicle crash, you're not going to buy another car.

You could make it opt-out, however. Practically, because of point 2 above, if you make it opt-in, it'll become opt-out in the marketplace, anyway (unless it's opt-in once for life of vehicle).

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 6, 2023 19:10 UTC (Wed) by dsommers (subscriber, #55274) [Link] (4 responses)

These are all solvable.

If this feature is disabled: Show a 5 second warning each time you start the car, with a possibility to get to the right settings screen.

When the car is new or being factory reset, present a screen when the car is started (or after a couple of days) and ask about this setting. Or if this feature is enabled (the previous owner enabled this), the car could see that the driving pattern is quite different (different hours during the day, different routes, speed, etc) and could then re-trigger the info screen about this feature.

Even today's cars with such tracking capabilities will sometimes ask you to approve new Privacy Policies or changes in some ToS.

In regards to "bad publicity"; I don't buy that. The car manufacturer can easily use this in their market response as "Unfortunately, in this incident the rescue team got information too late since the user of the car had explicitly disabled the automatic accident reporting. We recommend car drivers to let this feature be enabled to better assist if you happen to have an accident".

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 6, 2023 19:24 UTC (Wed) by farnz (subscriber, #17727) [Link] (3 responses)

None of those are solutions, and several of them are bad UX, likely to result in excess deaths.

For the first, you do not want to train drivers to ignore warnings from the car, since they are usually safety-critical. Thus, you can't put a warning up when you start the car, because the car needs to reserve warnings at this point for "do not drive the car at all"; at best, you might get a 1 second window included in the manufacturer's splash screen as the car computers boot, but before the car is started and driveable, but with EVs that window is going away.

Anything you do when the car is new is something the dealer can cover in their PDI. If you trigger it after people have been driving for some days, you have a problem - either it's a trigger for something I know is in place, and it's irritation (see previous point about not training me to ignore warnings from the car), or it's too late, because I've already been driving with the car in this case.

And this is not a "tracking capability". This is something that, per regulations, is only to deploy when the car has been in a sufficiently bad accident - typically one in which an airbag would have deployed (bearing in mind that some airbags can be turned off for child seat safety reasons).

The bad publicity is why this is coming in, and why car manufacturers brought suitable systems to market even without regulatory mandate - the grieving family of someone who died in the crash (thus can't confirm that they turned it off) saying "my son wouldn't have turned it off - the car manufacturer is lying" is a very emotive scene, and is going to override anything the manufacturer can say about the system being configurable.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 6, 2023 21:13 UTC (Wed) by brunowolff (guest, #71160) [Link] (2 responses)

Unfortunately it probably is enabling tracking. Most likely the cell modem will be on when the car is on and will be pinging cell towers even if it is not trying to make a call. Cell tower pings are logged and telcoms sell that information to data brokers.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 7, 2023 9:27 UTC (Thu) by farnz (subscriber, #17727) [Link] (1 responses)

Less likely to be happening in the EU than in the rest of the world, because such a sale of data is unlikely to meet any of the 6 tests for a lawful basis under GDPR.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Nov 15, 2023 0:30 UTC (Wed) by Rudd-O (guest, #61155) [Link]

The sale of the data isn't the problem. The problem is the tracking. We all knew how that went during corona times — governments around the globe just gave themselves permission to use that data, because it was already being collected.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 29, 2023 1:46 UTC (Fri) by ghane (guest, #1805) [Link]

> This is something that they'd always opt-in to, since if it saves your life, you might come back
> and buy from them again, while if you die in a serious single-vehicle crash, you're not going to buy another car.

Citation needed :-)

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 6, 2023 20:33 UTC (Wed) by dskoll (subscriber, #1630) [Link] (8 responses)

As long as that's all the system does (alert in a crash) then I'm fine with that. I'm not so fine with something that sends back information on a regular basis during normal operation.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 7, 2023 6:07 UTC (Thu) by oldtomas (guest, #72579) [Link] (7 responses)

Problem is, once the infrastructure is there, there is an alignment of interests between states and surveillance capitalism (Shoshana Zuboff [1] describes pretty well how Google was allowed to grow in the shadow of three-letter agencies, because the former could do things the latter were not allowed to).

Believe me -- once the "infrastructure" is allowed to (or even forced to) collect the data for the case of a crash, they'll find creative ways to sell it to a data broker. Again recommended: Zuboff

[1] https://en.wikipedia.org/wiki/Shoshana_Zuboff#Surveillanc...

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 7, 2023 9:51 UTC (Thu) by farnz (subscriber, #17727) [Link] (4 responses)

This is why the GDPR, for all its faults, is a step in the right direction; by establishing that you can't collect data until there's a lawful basis to do so, and restricting the reasons that make it lawful, it prevents EU entities from extending such data.

And the infrastructure you're talking about is 112 or 911 depending on country - it's existed for a very long time. All that's new is that the car will contact 112 for you if certain conditions are met.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 7, 2023 12:05 UTC (Thu) by Wol (subscriber, #4433) [Link]

> And the infrastructure you're talking about is 112 or 911 depending on country - it's existed for a very long time. All that's new is that the car will contact 112 for you if certain conditions are met.

Don't forget 999 ... (although your two also function perfectly well in the UK.)

Cheers,
Wol

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 7, 2023 14:02 UTC (Thu) by paulj (subscriber, #341) [Link] (2 responses)

We're talking about cars with GSM (or later related standards), so 112 always works - part of the standard.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 7, 2023 14:06 UTC (Thu) by farnz (subscriber, #17727) [Link] (1 responses)

I'm referring to 911 as well, simply because I've noticed that North Americans don't necessarily recognise 112, but do recognise 911.

In the actual network layer, the established call is not to a number - it's a special call type for "emergency operator", not a call to 112, 999, 911, 111, 08, or whatever the dialled number is. GSM devices recognise 112 and translate it to a special call - this translation also means that the network knows to prioritise resource allocation to the call, and (e.g.) drop other calls if needed to let the emergency call get through.

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 8, 2023 14:05 UTC (Fri) by Wol (subscriber, #4433) [Link]

Not all Europeans recognise 112, I expect ...

I know it's the official Europe-wide number, but many countries still use their pre-112 number as a matter of course. I can remember being shocked when I found out that 112 worked (as did 911) over here. Back in the day of public call boxes - I just happened to notice the notice about emergency calls, and it listed all three numbers, 999, 112 and 911.

Certainly no-one in my circle ever mentions 112 should the topic come up.

Cheers,
Wol

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 7, 2023 13:14 UTC (Thu) by dskoll (subscriber, #1630) [Link] (1 responses)

Public transit is looking more and more attractive.

Oh wait... we use smartcards to pay for that... D'OH!

Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Posted Sep 9, 2023 11:04 UTC (Sat) by ibukanov (subscriber, #3942) [Link]

In Norway one typically uses a smartphone to pay for a monthly public transport ticket and the smartphone is not scanned when one boards a bus. Only in the case of a rare control one is supposed to show the app. So most of the time one can travel with the smartphone off.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds