[peripitea]

This has been the number one thing stopping me from getting a Tesla. I can't believe how little privacy concerns have come up with them. Until I can have fine-grained control of what data gets sent to the mothership, or opt out entirely, I can't see myself buying one.

[brandonagr2]

https://www.tesla.com/ownersmanual/model3/en_au/GUID-2E8E5E0...

[zaroth]

You know you can just touch a toggle on the UI to turn on/off data sharing?

You can opt-out entirely too, but you won’t get software updates.

[ryanwaggoner]

Yeah, you can definitely trust Tesla to keep their word and safeguard your data. I mean, otherwise there would be stories of employees passing around video footage stolen from customer’s cars, right?

[zaroth]

I personally see a big difference between the reliability of the software enforcing the opt-in/opt-out, and the reliability of young humans hired cheaply to label video clips that were opted-in for sharing, who then see something salacious in the clip and can’t resist copying it. I assume this happens universally with all these cloud connected microphones and camera products.

My general approach is I can trust that the data is not being exfiltrated from my device/car/network if I have configured it not to be uploaded to the cloud.

But if agree to share the clips and have them viewed by humans, then I certainly expect those humans to look at them, and yes potentially even laugh at them.

[ryanwaggoner]

I see your point, but for me they both speak to a culture that has no respect for their customer.

[peripitea]

As far as I can tell this is misleading? Look at the manual brandonagr2 linked for example: https://www.tesla.com/ownersmanual/model3/en_au/GUID-2E8E5E0...

Data Sharing you can turn off, but Data Sharing is different from data sharing as a concept. The telematics appear to get sent regardless of what you do. It seems they intentionally chose this Data Sharing label to deceive people into thinking that all data sharing would be turned off.

[Karsteski]

Is there a way to verify that all data sharing is turned off?

[zaroth]

What would satisfy you that this was the case?

Third parties have analyzed the firmware and sniffed the traffic logs on their network to confirm it.

You could go as far as to snip the LTE antenna.

[Shocka1]

Can you clarify on this and give some kind of citation or security audit of opt-out testing? Which third parties were these? Working with Tesla or auditing as a separate entity?

The biggest part of my question and what holds me up the most, if the entity was able to verify the metadata from a certain application/process on Infotainment - what if the manufacturer enforces the opt out at the server level? What if it's a server that Tesla doesn't own and belongs to a company are selling their data to? I could go on and on with these questions. The truth is that nothing should satisfy you if you simply opt out from a button on the Infotainment system.

My last position involved creating and enforcing security specs at one of the biggest auto manufacturers on what was then fairly cutting edge Infotainment systems. I also did MITM stuff to verify encryption of third party applications from suppliers. This was something I did on the side, not instructed, as protecting customer data was very important to me. One of my least favorite pastimes was arguing with managers over customer data and opt out/opt in. You may or may not be surprised about the rhetoric of the auto manufacturers - they don't look at it as the customer's data. It's their data and you are a product they can keep making money from, long after you bought the car. I lost these battles, and was one of the bigger reasons I left the company.

The only solution is to remove the Infotainment system from the car totally. Removing the antenna won't work on it's own. They have auto connecting WiFi's, bluetooth, etc.