[StupidOne]

I think we should separate telemetry from spyware. It is not close the same. We all have telemetry is our cars, yet nobody is making any fuss about it. Even in software engineering profiling database queries or active memory is not something anew and I don't recall we had any problems with that.

[dhagz]

I'd argue that if the telemetry is opt-out rather than opt-in it has (just _barely_) crossed the border into spyware. Sure it may not be tracking anything more than usage data, but I'd rather see a pop-up/dialog saying, "we'd like to track X, Y, and Z - we'll be using Q to identify your data. Is that okay?" And make a choice than to have that choice made for me.

[mindslight]

What is with this idea that software has some interactive install process where I would want to be asked questions every time? Blast from the oughts! If you have to ask, the answer is 'no'.

Your software is either trustworthy, part of that being that it doesn't perform surveillance on me, another part being that it installs through well-known automation (apt, nix, etc). Or it will never become part of my trusted computing base (yes, that term is another blast from the past).

If I am forced to use it, it will end up in some isolated VM or throwaway tablet, with the minimum of access required for the functionality I need. I will consider it a second class citizen and generally deprecate it as much as possible (eg for communication apps, work to move the conversation to a different medium).

[dhagz]

Nothing saying it can't be in a config file. Really all I care about is opt-in over opt-out.

[EdwardDiego]

...do we all have telemetry in our cars, really? I mean, we have data that can be read via ODBII, but it's not exactly connecting via the cell network, it has to be retrieved with a plug.

I can't think of anyone I know who has a car that needs to phone home. But that's a very limited sample size, so you know. Also, I'm most likely in a different market to you, we've never had anything like OnStar make inroads here into domestic vehicles - some commercial operators are using telemetry on their trucks etc.

But rest assured, if all our cars were phoning home, I'd be making a massive fuss.

For example, an insurance company in my country has recently launched an app that will "measure" your driving and offer lower premiums if your driving is "safe" according to their algorithms. It's obviously opt-in, but at some point, the difference between a discount for opting in, and a penalty for opting out, becomes hard to differentiate.

You don't have any rights to review their algorithms if you feel that they got it wrong, it's a combination of Hail Corporate and Hail AI, and context is lost because it's impossible to capture that. E.g., does heavy braking indicate you were driving poorly, or did you encounter a situation where heavy braking was necessary, such as the damn cat down the road that thinks it's invincible deciding to make a sprint for it in front of you? Is acceleration in excess of their defined limit unsafe? Or were you accelerating more than you normally would, because someone gave you space to turn into the road and you didn't want to needlessly hold them up, given their courtesy?

And given what I've seen of the FAANG algorithms, I don't want algorithms from companies nowhere near FAANG level making decisions about me. A personal favourite of mine was FB removing a comment of mine, because my sister said she'd totally marry my wife, on account of how, well, pretty damn awesome my wife is, and I'd replied "Haha, I'll fight you" - and FB had flagged that as "hate speech/incitement to violence".

Anyway, thank you for coming to my TED rant.

[dahart]

> I can't think of anyone I know who has a car that needs to phone home.

You don’t know anyone with a Tesla? https://www.tesla.com/support/connectivity

Or a Honda? https://hondalink.honda.com/#/

Or a Bmw? https://connecteddrive.bmwusa.com/app/index.html#/portal

Or a Toyota? https://www.supraconnect.com/app/index.html#/portal

You don’t know anyone with a Chrysler, Dodge, Fiat, Jeep or Ram brand vehicle? https://www.driveuconnect.com/

You didn’t hear about the remote control vulnerability 6 years ago? Chrysler recalled their entire fleet to fix it. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...

[EdwardDiego]

No, I don't know anyone with a Tesla. I do know people with Hondas, Beamers, Nissan Leafs, and I own two Toyotas and a Mazda.

Definitely no Chryslers, Dodges, Fiats, or Rams. They are very limited in market reach indeed in NZ, unless we're talking vintage cars, then there's a few more.

I also had the, ahem, "privilege" of owning a GM built "Toyota" previously[1]. It was... shall we say, a cacophony of interesting and bemusing engineering choices - the boot/trunk lid was incredibly heavy, yet the latch mechanism was made entirely of plastic, and to turn on the interior lights, you had to turn the dashboard brightness dial all the way up, and then a bit more, and then the interior lights would turn on. Only took me 3 months to figure that out. Admittedly, was handy for turning on the interior lights without looking away while driving, but was not at all intuitive.

Oh, I do know someone with a couple of Jeeps though, the poor bastards.

I guess you could rephrase my statement as "I don't know anyone with a car built after 2016", although as far as I can tell in NZ, Toyotas, at least, ship with telematics as an option for fleet management, rather than a default.

[1]: https://en.wikipedia.org/wiki/Chevrolet_Cavalier#Toyota_Cava...

[dahart]

I guess I've lost track of your point. You were trying to suggest cars don't phone home, based on your experience and assumptions, but the fact is that nearly all major manufacturers are selling cars today with systems that phone home for various reasons, whether you're aware of it or not. How does you not knowing anyone with new cars meaningfully inform this thread? The manufacturers are becoming aware of privacy issues, and trying to make some kinds of collection and access opt-in, but basically all of them now offer some services that phone home by default and are opt-out or not optional. Hopefully that data is reasonable and private and protected... hopefully.

A lot of consumers (I would guess most) prefer to have default-on connectivity to provide services like theft protection, automatic emergency support in case of accidents, and up-to-date navigation maps, among many other modern conveniences.

[EricE]

"I can't think of anyone I know who has a car that needs to phone home. "

As others point out, it's almost impossible to get a new car these days that isn't connected. Anything in the last five years in particular. It's pretty disgusting and one of the reasons I'm in no hurry to own anything new. I have a '97, '02 and '10 and they all work quite well for me and I intend to run them into the ground. And if I'm diligent they should last me until I am no longer fit to drive.

[EdwardDiego]

Yeah, I think that's more likely the case - I don't know anyone with a car younger than 2016. My three vehicles are 2005, 2006 and 2008, and they're all sauntering along with nearly 300,000 km on them each. God bless Japanese engineering.

In NZ we tend to buy used Japanese imports because they're so damn cheap (IIRC, Japan has very strict rules about the age of a car for pollution control purposes, so they get shipped off to Australia and us after hitting that age limit, and we don't charge tariffs, unlike the Aussies), most people here would be lucky to buy a new car once or twice in their life.

Unless you go the usual route and start a building company, tick up a new Ford Ranger on the company's credit, transfer ownership to your spouse/partner, and then go into liquidation leaving behind devastated people who were trying to build their first home - and subcontractors who really need the $12k you owe them.

[ip34162]

In future, we are gonna have a blast. Some lucky ones already are. :) /s

Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military:

https://news.ycombinator.com/item?id=26492322

One company wants to sell the feds location data from every car on Earth:

https://news.ycombinator.com/item?id=26511649

Military Unit Conducting Drone Strikes Bought Location Data from Ordinary Apps:

https://news.ycombinator.com/item?id=26367747

[danielsamuels]

> ...do we all have telemetry in our cars, really? I mean, we have data that can be read via ODBII, but it's not exactly connecting via the cell network, it has to be retrieved with a plug.

Nissans do, my Leaf does. They connect to a mobile network or WiFi and upload data.

https://www.nissan.co.uk/ownership/nissan-infotainment-syste...

[gabereiser]

Yup. My Nissan gives me a monthly nag screen to accept terms in order to use my navigation map and audio system. The car has its own 4G connection (I don’t pay anything, it’s not usable to me) in order to download traffic data, send telemetry home, and I believe SiriusXM radio.

[Bishop_]

I'm currently imagining a nightmare scenario where those gas station tv ads are playing inside of the car. I sincerely hope that day never comes.

[steelframe]

> gas station tv ads

I've been driving EVs for the past 10 years (LEAF -> Model X -> I-PACE) during which time I haven't used a gas pump. After reading your comment I had to go searching for this thing about ads playing while you're filling up. I found this Reddit post about being forced to watch ads before being allowed to even start the pump!

https://www.reddit.com/r/assholedesign/comments/819tcf/forci...

Oh. My. God. I'm disappointed. Not surprised. But disappointed.

> playing inside of the car

Yeah, that's definitely going at the top of my list of car "misfeatures" that would make me run screaming to another brand.

[WrtCdEvrydy]

Speed = 0, Display Ad = True?

Goddamn, I don't want this post to be a screenshot for someone to point out that we can see the future.

[gabereiser]

Speed=0,Fuel_Cap=OFF,Display_Ad=True. - well, if anyone is going to get it first, its those Tesla owners lol.

[EdwardDiego]

Yeah, I'm unsurprised a Leaf does. I also remember that Nissan had a security hole back in 2016 that meant that a bad actor could drain your Leaf's battery with only a VIN.

It's definitely the way the industry wants to go - I mean, free data, why not? Bit like the FAANGs, dress up the data collection with some features people want.

Might just be a case that no-one I know owns a late model car :D We're big on older Japanese imports in NZ, god bless our lack of tariffs. Although RIP our local car manufacturing industry, god bless neoliberalism.

[Silhouette]

We all have telemetry is our cars, yet nobody is making any fuss about it.

That is very much not true, on both counts.

There is a lot of nuance in this area.

Monitoring how well your own systems are working and how they're being used is one thing. It's obviously reasonable and necessary for a variety of practical reasons.

Monitoring how someone else's systems are being used, even if they happen to be running some of your software or incorporate some equipment you made, is something else. If you're no longer responsible for those systems and ownership has been handed over, including remote access or phone-home functionality means crossing some lines that maybe shouldn't be crossed, particularly not without the full knowledge and genuine consent of the person whose system you are communicating with.

[mindslight]

> We all have telemetry is our cars, yet nobody is making any fuss about it

This is like saying nobody cared about mass surveillance before Snowden. The problem is apparent, but the realization isn't evenly distributed.

The only difference between this Lua server and other Software Augmented with Additional Surveillance (SaaS) is your trust. You apparently trust them to not sell the data trove to a surveillance company (or to a VC who eventually will), but I see no reason to. Heck, I've been answering no to popcon for over a decade now, even though Debian is outstandingly trustworthy.

Even Backblaze, a company whose core product is securely storing your data, just recently suffered from an in house attack - apparently their security team didn't foresee the need to protect against javascript injection by their own marketing stooges. When data is there for the taking, most people cannot restrain themselves - the problem is endemic. The only solution is to assure the privacy of data, through means such as Free software, E2E encryption, and not collecting it in the first place.

[yellowapple]

> We all have telemetry is our cars, yet nobody is making any fuss about it.

I sure as hell am making a fuss about it, which is exactly why I drive a car that's old enough to vote (and pretty soon will be old enough to drink, smoke, and/or buy a handgun in California).