Privacy on Cars. How to stop data collection and transmission?
from cmgvd3lw@discuss.tchncs.de to privacy@lemmy.ml on 05 Jul 2024 20:04
https://discuss.tchncs.de/post/18426073
from cmgvd3lw@discuss.tchncs.de to privacy@lemmy.ml on 05 Jul 2024 20:04
https://discuss.tchncs.de/post/18426073
Couple of months prior, I read an article on Mozilla, where they did a research on automakers and found none comply to good privacy measures. I am planning to buy a used car. I want to know how the data is collected and transmitted.
The car comes with a connected app though I am not planning to use it. It also has apple car play and android auto. Should I use those? The article states some manufacturers even records sexual activities. How are they transmitting these informations? Through connected phones?
My use is fairly basic, I want to use the Bluetooth audio system in the car for listening to music on my phone. I use maps on my phone.
What about car servicing? Can they access stored information?
#privacy
threaded - newest
Don’t buy cars that have this shit.
That’s becoming less feasible with every day that passes.
Yes, with emission standards, old car purchases are not really encouraged here. I am looking for a fairly new used car and these features are already included in most of them.
Buy a used car, or don’t buy a car at all and ride a bike, walk, or use public transit. Might have to move to a place that has busing, subways, bike lanes, etc. but it isn’t impossible.
Depending on what you’re trying to avoid, even 18 year old cars had OnStar gps that could in theory always track you unfortunately
Pretty much any device could also be removed, disabled, or prevented from transmitting/receiving.
This is what I do, but sometimes you have to ride in someone else’s car. Trying to tell them you don’t want to speak because its a god damn surveillance capsule doesn’t go over well
A 1999 Honda crv can be made to run forever
Until someone blows a stop sign and turns it to scrap. You can only account for so much.
The fuel economy is infinitely worse than a bolt
Parts will fast become an issue.
No they won’t. Many many parts are shared with accords, there are so many parts in junkyards it’s insane. The engines are still being made too.
Right, because that’s a viable option. Worked so well for smart TVs too.
Honestly there is more options for smart TV alternatives than cars.
Buy commercial grade TVs or a projector: They don’t have that garbage.
You can also just buy older used cars, which are still perfectly good and do not have invasive surveillance that companies use to profit off of you with no benefit to you.
Not only those two, but almost all manufacturers are guilty, with Nissan I believe, worst of them.
While editing my comment I deleted it by mistake lol. Here is what I was trying to post:
Don’t buy a Tesla or BMW. Done.
Edit: im joking, but you can just not connect your car to any internet. Most casual brands have literally zero outgoing connections if you don’t add or connect them to a network. Androd Auto and Apple Carplay are just displaying what your phone sends to the screen, the car itself doesn’t access the internet through those. Think of android auto and carplay like “HDMI monitors for your phone that have touch too”. Your phone does everything the car just displays it.
Connecting via bluetooth should also not be any problem since bluetooth doesn’t include internet access (unless you activate that ok your phone but Im sure the car will not use it). Bluetooth only sends and receives small bits of data that your phone chooses to send, not what the car chooses. Contacts names, phone numbers, audio and microphone are the only few data that gets sent to your car and only during phone calls or audio listening.
In the end, just avoid cars that have always connected systems like Teslas or modern BMWs or similar cars. Most Volkswagen, Audi, etc etc are 100% offline cars when you don’t connect them to a network. Most now can do it, but most its a subscription service that you can just not buy, and some even need SIM cards to work, that you just not use. Unless its a Tesla, those are connected even if you don’t pay the subscription.
Test drive the car. Disconnect it from all networks or don’t turn them on. Try to use all features. If the car constantly complains that it has no internet access for all of them, thats good.
Note that GPS access is always on and doesn’t require any subscription, so maps and navigation will still work. However that is not really a privacy violation by itself because GPS on cars and phones only receives signal, doesn’t transmit anything. You wont have traffic information or weather or anything tho. If you have traffic info, the car is connecting to some network, find how to deactivate that.
Many modern cars are too connected, thats true, but with the exception of a few brands, most cars go 100% offline the moment you disconnect them from their data services or don’t pay for that upgrade/subscription. So you will be fine even with a modern car.
Thank you for the info. Much appreciated.
Excellent write-up and thank you.
If you drive a Toyota and the infotainment system has a “DCM” icon in the corner, your driving habits and location are being recorded to their servers.
E: this is happening via their own cellular modem built into the vehicle, with its own separate SIM or eSIM. Getting at the module seems to require access behind the dash, almost purposely making it difficult. Pulling the fuse will kill the front passenger-side speaker, though there are YouTube vids on how to reactivate the speaker while keeping the DCM module dead.
How are they connecting to the server, though the connected phone’s data via Bluetooth, carplay or satellites?
Most likely a cellular data service. That’s what GM uses for the OnStar stuff.
At least with OnStar you could unplug the antenna to neuter it (No idea if this still works with 2020+MY vehicles).
Esim
Sim card but prolly via your phone if it is connected to the car.
The people saying it uses your phone’s Internet connection are incorrect. The vehicles have built in cellular modems and connect directly. The OEMs negotiate cellular contracts to provide service in their vehicles with ATT, Verizon, etc.
Features like remote locking/unlocking, etc. would not work if it relied on being connected to a phone.
There was a Defcon talk a few years ago (oh god it was 8 years ago) where someone found a way mess with Chryslers because they were all on the Sprint wireless network. Things like lock out the physical controls on the radio then max out the volume, or turn it into a GPS tracker, or disable the brakes! The cars had some service listening on port 6667, there was no way to stop them from accepting malicious connections so Sprint just blocked all traffic on that port on their network at the request of Chrysler. The speaker mentioned they were sorry if you were unable to use IRC any more on Sprint wireless.
DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle
Not the exact (and only) solution, but some manufacturers may have a Do Not Sell My Information request form. Subaru has it on their website and I submitted a request for myself. Obviously we won’t know if they actually follow through, but it’s worth a shot. Some people have experimented with going in and actually disabling the antenna that the car uses for telemetry, but that’s at your own risk and likely voiding warranties in the process.
I think using carplay/android auto isn’t as bad since the infotainment system is just projecting your phone’s display, so your phone’s privacy policies apply. Whether you trust those policies is of course up to you. Cars that force their own systems (like GMC I think) are more risky because you are using it directly.
Its better to disconnect the sensors than to trust policy
If buying new, I believe you can ask to have the modem removed from the vehicle, which wouldn’t allow your car to access the internet. Haven’t had the opportunity to try this myself yet, but very much plan on it for whatever vehicle I purchase new in the future.
I find it very hard to believe anyone selling a new car would pull the modem out of one.
I find it very believable they would tell they will pull it out. They really don’t give a shit and will say anything to get you buying a car.
Ha! I agree with you on that
Maybe an independent mechanic can do so then?
Maybe. I’d read a few of the other comments here though that seem to know what’s involved first.
Number 1) find the fuse that controls the modem and pull it. Without this your car can only report when the service techs hook it up to their diagnostics, and what is reported there versus what reports on the regular from the modem is a huge difference. You lose a lot of convenience this way, but that’s to be expected. CarPlay and auto give you a lot of that convenience back, but now you’re giving a lot of that same data to Apple and Google, even if all you think you’re doing is projecting maps from your phone to your infotainment. Do you trust them? You can use Bluetooth audio in most cars without using CarPlay or auto, that should be safe. Stick to maps on your phone if you don’t want Google or Apple getting your driving data.
Off topic. I saw a few comments about disabling or removing the modem on the car. How about removing where the telementry code resides in? Is that feasible?
Wouldn't removing the sim card be easier?
These days they would be using an esim rather than a physical sim.
Probably not. You’d have to figure out how to jailbreak your car and figure out how to remove that code. Then a software update could potentially undo it, or you could brick it while trying. A hardware fix on the other hand is often much simpler and is far easier to revert
Ops. Missed important keywords. I mean replacing the hardware which contains telementry code. Like the infotainmemt system, or the ECU, or something else.
P.S. Not too into the car world so please forgive some misunderstandings I might have.
I wonder if what you could do is look into a Stingray device and plonk that in your car to make it to connect to that instead of local cell towers?
sls.eff.org/…/cell-site-simulators-imsi-catchers
cc !ReveredOxygen@sh.itjust.works
!cmgvd3lw@discuss.tchncs.de
edit: whoa, I just looked at the prices of them. Surely there’s something a clever Trevor could put together here…
edit II: As someone else mentioned, Femtocells.
I’ve always wondered about buying one years ago but they seem like a rarity here these days. Also, manipulating that data / telemetry to show you in Antarctica has got to be on someone’s fun list?
For my truck, I ended up looking in the owners manual and found a fuse that is for the modem. I removed it and the vehicle functions without issue.
I know it works because when I brought it to the dealership to get serviced they said they couldn’t connect to it via their online service app. They also asked if I had tried to connect to it via the company app on my phone. I just told them I never needed to.
Just to be sure I verified they didn’t reinstall the fuse and they had not.
You cannot stop the collection. It ALWAYS collects. It may not transmit, even if connected. For example the black box in many cars is really an assortment of ECUs that contain fine grained historical data. It does eventually roll over and get replaced but the data is there.
For example there are public cases you can find where the police, not even needing a warrant, were allowed to dump this data off of a rental vehicle that a suspect, not convicted just suspected, was thought to have been in. Of course the copaganda story showed that they the used this data which was mostly location by gps and speed by the wheel sensors and gps to get a track of everywhere that vehicle had been in the last 6 months. Every person who rented it and drove it somewhere had their privacy violated. But I guess that’s normal now.
The infotainment systems are the biggest jerks for data storage as they’re just mini generic computers today with lots of storage.
To stop wireless transmission you can remove the sim card from the modem. Many vehicles won’t work or even start if the modem is disconnected (unplugged or unfused). A Nissan for example will drain its 12v battery overnight trying to find the modem if it is unplugged. But if the sim is bad or disabled, it will try and fail to communicate, then retry later which won’t kill the battery.
You lose a lot of convenience and the data is still there. So the answer is basically you can’t drive a new vehicle without it violating your privacy with collection. You can only make the wireless transmission more private or disabled. I suppose you could buy a scanner yourself and before you leave the vehicle, factory wipe all ECUs. But even then you’ll need to enable them for emissions testing and such if that’s in your area.
I think the only good way to go is to break the transmitter inside the car and hope it doesn’t brick it.
You can probably cut a cable going to the transmitter than break the transmitter itself. Low voltage cables can be reconnected trivially.
Yea that’s the best way.
Maybe but my guess is a lot of that stuff is Integrated onto a single board.
My solution is to continue to only own old (mid-2000s or older) cars in perpetuity.
(And also use a bicycle instead for most trips.)
I recently bought a 2021 vehicle that has OnStar. I knew this would be a concern, but luckily there was a guide online to replace the antenna with a dummy antenna that isn’t ever able to connect to the network to send data.
So that might be an option! It’s still collecting but it’s not sending anything back.
I bought a 2024 vehicle with OnStar, I wonder if the process is comparable… Could you share your source please?
-source via a private proxy to that other site
Why would you host this on imgur?
Here’s the Guide I used! I had to wing a little bit for my vehicle but it was still really easy quigs.blog/how-to-disable-onstar-on-the-chevy-bol…
You can do that on a Chevvy bolt? Fantastic
Why the dummy antenna?
I think it throws an internal error if you pull the fuse or cut power to it? I’m not entirely sure. I did it so I could disable it and if I needed to re enable it for any reason it would be really easy.
Can’t you just snip the OnStar wires?
As long as you have a Google or Apple phone in your pocket… The car will actually not gather much more than your phone already does… So don’t overthink it.
Most of us degoogle our Androids. No reason we can’t also de-spyware our cars
You really can’t
Also don’t start breaking your own car like some of these comments suggest. It can go wrong in many ways and may even harm the value of the car.
Oh no! Not the value of the car! /s
Some people have disposable income
We need an online guide, based on make and model, on how to disable the transmission of this data.
There’s a few youtube tutorials, but not many. Also, dissableing these will break certain features of your car.
I would be happy, to make it simpler, to have a set of instructions for how to disable transmission of all data. Basically I just want to know which cable to unplug or cut so the car cannot access the internet
Sometimes its just a fuse…
I found a guide for disabling the transmission!
Drive older cars and learn how to fix them!
I prefer not burning fossil fuels
So electric derived from coal is much better?
Oh come on don’t be annoying
Oof guys. It was an honest question. Thank you all for the insight.
What a terrible take.
First off, unironically yes on account of higher efficiency in electric engines over combustion engines.
Second, what grids still run on 100% coal? And why would they keep doing that long-term, given that coal is just shit on its own merits?
Where I live in Colorado, the grid is dominantly coal but they are slowly transitioning. Thank you for your insight.
32% coal vs 39% renewables, with natural gas making up the majority of the remainder - www.eia.gov/state/?sid=CO#tabs-4
Looks pretty good, but the western slope is seriously lacking the infrastructure so far.
Sorry, I am not current. Didn’t know that solar is a lot more efficient and cheap nowadays. popsci.com/…/cheap-renewable-energy-vs-fossil-fue…
#1 yes
#2 it can come from other, cleaner sources
Thanks!
No, electric derived from solar or wind or hydro is best. The easiest way for homeowners to charge their cars is solar.
That’s dope. I didn’t know that was realistic.
So walk.
Older EV?
For example I think the old leafs use the 3G data connection. Now that the 3G system has been retired no more data collecting!!
At least that is what I understand.
Most parts of Europe still have 2G service, so 3G isn’t fully dissapearing for at least the next 20 years there.
USA still has 2G, but 3G is definitely no longer around. Those frequencies have been portioned out for 4G LTE and 5G.
You’re right. I had a quick look on Wikipedia and it seems that 3G is getting shut down sooner due to frequency overlap with newer generations as you’ve said. 2G seems to not have so much overlap so it’s living longer.
I thought "if 2G is still around and is x years old and still isn’t fully disabled, then 3G which is y years old must have at least y-x years left. But alas, I was wrong, and thank you for correcting me.
Easy - just keep pouring money into them, always, forever.
Edit: yes yes but this anecdote where an old car you heard about/own works forever for free
Depends on the make and model. Some cars can just keep going with low maintenance, but I do see your point!
You could get yourself a RF analyzer or an old Hammy (Ham radio enthusiast would likely have something you could borrow)and find out what they are using then that would allow you to figure out your options such as removing the antenna, sim card, or the module in some manner. The problem with removing modules could be they are tied into the cars electronic controller which could cause issues with the car even working.
RF analysis is kinda difficult, you’d need to take the car out into the middle of nowhere and have access to fairly good equipment. A tinySA would maybe work if you’re very patient but data transmissions are generally very bursty so it may be difficult to nail down where it’s coming from in a sane amount of time.
One option would be to try to figure out if there are any FCC filings for your car. All filings will have pictures of whatever module is being used and what antenna systems it uses which may give you a good idea of where it is and what it looks like. There should be an FCC ID mentioned somewhere at the beginning or end of the cars manual. Googling that should bring up some stuff.
Or you could just wrap your car in aluminium foil like a giant burrito
Ah, the tin foil car method
This is what you are looking for: youtu.be/pA0zYTmi5ck
I’m looking for an article or non-video documentation
One issue with “hacky” methods suggested here I can see is they might disable eCall in the EU. And eCall is actually a safety improvement so for some it might be a very suboptimal compromise. But maybe if enough people show resistance to uncontrolled data collection then some meaningful legislation will be passed.