Can you clarify on this and give some kind of citation or security audit of opt-out testing? Which third parties were these? Working with Tesla or auditing as a separate entity?
The biggest part of my question and what holds me up the most, if the entity was able to verify the metadata from a certain application/process on Infotainment - what if the manufacturer enforces the opt out at the server level? What if it's a server that Tesla doesn't own and belongs to a company are selling their data to? I could go on and on with these questions. The truth is that nothing should satisfy you if you simply opt out from a button on the Infotainment system.
My last position involved creating and enforcing security specs at one of the biggest auto manufacturers on what was then fairly cutting edge Infotainment systems. I also did MITM stuff to verify encryption of third party applications from suppliers. This was something I did on the side, not instructed, as protecting customer data was very important to me. One of my least favorite pastimes was arguing with managers over customer data and opt out/opt in. You may or may not be surprised about the rhetoric of the auto manufacturers - they don't look at it as the customer's data. It's their data and you are a product they can keep making money from, long after you bought the car. I lost these battles, and was one of the bigger reasons I left the company.
The only solution is to remove the Infotainment system from the car totally. Removing the antenna won't work on it's own. They have auto connecting WiFi's, bluetooth, etc.
The biggest part of my question and what holds me up the most, if the entity was able to verify the metadata from a certain application/process on Infotainment - what if the manufacturer enforces the opt out at the server level? What if it's a server that Tesla doesn't own and belongs to a company are selling their data to? I could go on and on with these questions. The truth is that nothing should satisfy you if you simply opt out from a button on the Infotainment system.
My last position involved creating and enforcing security specs at one of the biggest auto manufacturers on what was then fairly cutting edge Infotainment systems. I also did MITM stuff to verify encryption of third party applications from suppliers. This was something I did on the side, not instructed, as protecting customer data was very important to me. One of my least favorite pastimes was arguing with managers over customer data and opt out/opt in. You may or may not be surprised about the rhetoric of the auto manufacturers - they don't look at it as the customer's data. It's their data and you are a product they can keep making money from, long after you bought the car. I lost these battles, and was one of the bigger reasons I left the company.
The only solution is to remove the Infotainment system from the car totally. Removing the antenna won't work on it's own. They have auto connecting WiFi's, bluetooth, etc.