| > You're missing the part where it's not inherently linked to your PII without your consent (for example during a troubleshooting session). No, I'm not missing that. It's just not a significant point to me, in large part because I think that the definition of "PII" is too narrow. For instance, I consider the identity of the specific car I drive as being PII. > you just don't want data collected and Tesla hasn't done anything to earn your trust. Yes, exactly. And that's not a special stance about Tesla. It's my stance with most companies. > I think this is a blanket assessment that comes from an uninformed position about how Tesla's product actually works I'm sure that's true. But, honestly, I have no motivation to spend the time and energy to inform myself about how Tesla handles this stuff. To do so in any meaningful way is a moderate research project that I'd have to have some real reason to engage in. I don't think it's unreasonable to follow a larger heuristic until there's some reason to pay attention to a particular product or company. > I can't help drawing the conclusion that your position on this topic boils down to that of a HN curmudgeon. Draw whatever conclusion you wish. I haven't arrived at my attitude arbitrarily or through some sort of "big tech bad" mentality. It's due to years of actual experience. > Serious question: have you ever built a product? Not that it matters, but yes, many. Several rather successful ones. The odds are reasonable that you're even using one or two of them. > You have absolutely no way to help them so your response is limited to "we don't collect software telemetry in any way sorry frustrated user, you're SOL". This just isn't true at all. I've never had to say anything like that. Blanket telemetry is not necessary to help customers with malfunctions -- if it were, then all the software that I (and everyone else) sold and supported before telemetry was even possible would have been impossible to support. That said, I have occasionally gathered telemetry as part of the support process. But it's on a case-by-case basis with the full cooperation of the customer, not a blanket thing the I subject all customers to. And, to be clear, I'm not opposed to telemetry in general. I'm opposed to forcing it on people, or engaging in it without their informed consent. > I think this idea that the "good" state for software products is zero data and anything more than that is abusive is in fact harmful. My position is certainly not that all data collection is abusive. My position is that our industry has been widely abusive in terms of data collection. |
So VIN (vehicle identifier) is not included in the data collection, and, though Tesla collects the anonymized data by default in the US (this is not true in countries with stricter laws requiring any data collection to be opt in instead of opt out), you opt in to sharing anything that de-anonymizes it as needed. You also generally opt in to the collection of larger or more sensitive data (even in the US), on a use-case bases. I can go into settings and enable/disable road segment data, for instance. The Tesla privacy policy is a 5 min read and deliberately accessibly worded.
I know you're acting in good faith, but I see this theme reappear on HN (and generally) where people cry out for change, society responds, and then the people who asked for change are too jaded to believe that it's possible that somebody listened. Or it's "too big of a research project" to care. That's the reason I'm even arguing the point here. If we were talking about Facebook I wouldn't give it the time of day because there just isn't anything redeemable about their past actions or current product. But you're talking about how you are compelled to go buy an old used gas guzzler as your next car because there isn't a car company today that is possibly trustworthy. As a person who cares about privacy and security, and as a Tesla owner, I'm simply challenging you to maybe check your gut heuristic on Tesla, because they make a really good product, have been positively received in the security community, and have a privacy policy that reads like they care about treating your data with respect. I could be wrong in the future and you get to say I told you so. But if not, they might be a solution to your problem once you're in the market.