I'm a diesel mechanic by trade. for anyone curious to disable your cars data collection the OnStar systems easiest.
under your passenger dash is a black metal box, usually documented. unplugging the harness and removing it, you can open it to expose a baseboard and a riser. the baseboard is for things like infotainment usually but the riser is your cellular modem. pull it and you'll get a warning light on the dash, but no more data collection. older cars will have a Sim in the riser you can pull if thats less invasive to you.
note: OnStar is also disabled and will not dial 911/999 on collision.
This is the correct answer. Found this out when I was doing a ham radio antenna install on my car. The shark fin for the XM radio antenna (that I never use) sits on top of a hole in the roof, and a nice hole in the roof is a the perfect spot for a ham radio antenna, so I removed the shark fin. After disconnecting it I noticed it also disconnected OnStar, GPS, etc. It's all integrated into that fin.
Once disconnected, the car isn't going to be able to send anything even if it tried. Only question is if your car is gonna bitch at you because it's disconnected (mine doesn't).
What is the current legal thinking on the right to privacy while driving, has there been any legal development recently? In a car on public roads, location (for example) isn’t something we have historically had a right to keep private. Companies could, and the government sometimes does, legally track license plates or RFID tags on some roads (esp. state borders, bridges, HOV lanes).
So we’ve never had a right to not have our whereabouts known or tracked, but companies and the govt have also never been able to track everyone extremely easily until recently. So there’s legitimate concern that the ease and scale of location tracking mean that we should perhaps establish a right to some privacy, but I’m not sure how that stands up to other people’s rights to see you and identify you when you’re in public.
I was just thinking about the famous “Photographer’s rights” pamphlet that has gone around the internet for a while, and people who post YouTube videos of being harassed by police or security guards who claim photos can’t be taken of a building or site when the photographer is standing on public ground. The pamphlet patiently explains that you’re allowed to photograph anything visible from public land. Googling, I see a page at ACLU dedicated to the same idea https://www.aclu.org/issues/free-speech/photographers-rights
I’m thinking about the future: imagine people made a stink about cars transmitting this data, and companies deciding instead to install cheap cameras everywhere on all roads. How do the photographer’s rights interact with people’s expectations for privacy? What should we expect, and what expectations are unrealistic and need adjusting? Are there any developments were lawmakers are addressing where the right boundaries are between public rights, private data, and the scale of cheap ubiquitous digital tracking?
> What is the current legal thinking on the right to privacy while driving
I think it’s pretty clear from precedent you have none.
Every vehicle displays a unique number in large, readable type, and has for longer than any person has been alive. I haven’t seen any objections.
The same applies to driving licenses that are covered in very personal information which is handed over willy-nilly to anyone who asks for it.
In California they make it clear that driving is a “privilege”, not something in which you have any rights.
Edit: another example: notice that the automatic toll collection systems are always implemented as registration+billing based systems rather than as any kind of privacy-protecting cash-like schemes.
> Every vehicle displays a unique number in large, readable type, and has for longer than any person has been alive. I haven’t seen any objections.
Because the bar to getting that data used to be quite high and limited in scope. Now with license plate reader software in conjunction with street light cameras, the dynamic has completely shifted to easily record and store a detailed tracking log for all observed license plate numbers in a city.
Big power dynamic changes like that result in fundamental shifts like “right to be forgotten”, the GDPR, etc.
The only thing that has prevented an uproar so far is that you can’t go type in your neighbor’s license plate into a website and get that detailed tracking log at the drop of a hat. Similar thing for cell phone location records from cell companies.
I mostly agree on precedent, as far as I know, but I would say that recent developments like the GDPR and others targeting digital practices are probably starting to broach this topic of what is public and what is private. And I’m asking because I don’t know whether precedent is changing right now; I imagine that it is changing in some locales. Googling just now I noticed that California passed a new privacy act in 2020. I’ve seen a lot of discussion and debate, and the idea that cheap mass surveillance technology is a marked departure from what was available before this century does legitimately question whether we can continue operating under the framework where anything done in public is free for someone else to record and consume. That idea is now much, much more prone to abuse than it was 30 years ago, right?
I think problem here is one of trying to limit the "pre-crime" instead of the crime itself. We have a problem with companies using mass data surveillance to keep track of the movements, generally of large amounts of people. Trying to stop this by creating laws that prevent taking pictures is almost doomed to fail.
Along the same lines, if an office follows someone (they believe might be related to a crime, etc) around town to track their whereabouts, that seems within reason. If the police force (using advances in technology) tracks the whereabouts of all people at all times, it's unreasonable. It's the same thing, just at a different scale.
We need to find an effective way to allow the "components" of something that isn't allowed, without allowing the thing itself.
This is just my anecdata, but over 30 years of driving, it's only the last 2-3 that have felt like a large percentage of driver no longer care about traffic rules.
It used to be it was rare for me to see a major violation. Now it's is literally every single time I go for a drive or ride my bike, at least in the city of San Francisco, that see (a) someone running a red light, (b) someone turning right from the 3rd lane (meaning they should be in the first lane), (c) someone turning left illegally before the on-coming traffic when the light turns green, (d) driving for blocks in the bus only lanes, I even saw someone drive down the wrong way down a one way street to take a short cut. Often I see 2 to 3 of these during a single outing.
If more surveillance would stop this then I'm for it.
I'm curious what changed (a) my noticing ... I really don't think that's it but it's possible (b) people for some reason no longer giving a fuck (c) too many video games (half joking, half not, personally love video games but of course in a video game you drive however you want. Of course you also kill people in video games (d) cycling culture bleeding into driving culture. (e) ....
Would you mind elaborating? I don’t know what you mean by ‘excuse’ in either example. You don’t need an excuse as a photographer to capture people sunbathing in their gardens, if you’re standing on public land. And law enforcement doesn’t currently need an excuse for tracking location. In both cases, the real issue is that there is currently (as far as the law is concerned) no “reasonable expectation of privacy” when you’re outside and visible to others.
when when in alaska, and the distance is such that technical or mechanical means are required to observe nude sunbathers, there is no public visibility, the offense is with the fault of the eavesdropper, and it is voyeurism.
Totally, there is a line you can cross, and it might require a telescope or mirrors. There absolutely is an expectation of privacy on private property when there is no public visibility. I wasn’t talking about telescopes or mirrors X-rays or any other tricks, just what you can observe with the naked eye. There probably is a gray area here with zoom lenses that would have to be decided in court, it might come down to intent and not who’s fault it is.
I guess that discussion is veering away from the practical question of whether anyone should be able to know who you are if you’re driving on public roads. It doesn’t require any special technical or mechanical means to see people’s license plates and faces from the side of the road or from poles or overpasses, right? What I’m really curious about is whether there should be laws established against such surveillance because it has become too cheap and easy to monitor everyone at once all the time, or whether as a society we deem activity in public space to be public knowledge and not a matter of privacy, whether no privacy should be expected.
there are somethings that are illegal that the public, and enforcement simply ignore most of the time. there are other things that are legal but apalling to the public when they encounter them.
i think this distills to a threshold for surveillance.
there needs to be some discriminator between casual observation, and active surviellance.
there seems to be a need to revisit just what a warrant is, and why it is required. i really would like to see a warrant apply to any means of collection, as in the warrant is allowing posession of the data itself, regardless of the origin as a court appointed priviledge for the term of the investigation, -regardless of origin
I have no idea what current legal thought is, but I would hope that it factors in how data is collected. There is a world of difference between observing someone in a public space and using a device attached to private property to collect data. Likewise, there is a difference between passive observations and what is effectively stalking someone.
As for photographer's rights, I work in a public space. I don't care whether people photograph me unless it crosses the line of harassment. Likewise, if I notice someone taking photographs of other people's children, I will do my best to make them feel uncomfortable with their actions. Context is always important.
The idea of what is public and private data is also constantly changing. I recall governments making public data available online in the mid to late 1990's. Records that you could visit government offices for in prior decades (e.g. certain types of property records) were viewed in a very different light once they became easily accessible. These changes will continue to handle, in part to balance rights but also because we need to address an imbalance of power due to an imbalance in access to information.
> The pamphlet patiently explains that you’re allowed to photograph anything visible from public land.
this might be true in the USA but it is definitely not true in Japan. People's right to privacy trumps your right to take pictures in public. In crowds it's usually not a problem but make a particular person the subject of your photo and you could easily get in trouble. Same for buildings if you publish the photo
There are tech companies that have cameras that track all the vehicles that drive by their campus HQs -- and report the activity back to the city/police
I am not going to elaborate due to the fact that I gave details of such on HN about [Fucking Bullshit] company that was doing this sent their lawyers after me, and I had to ask HN to delete the comment...
Our HOA uses flock safety cameras with car plate readers that are connected to the local police station. I have zero doubt that large tech companies do the same
What do you mean? To the DOT, license plates ensure drivers have had basic training and that the vehicle has been inspected for basic safety and emissions standards. To police, the license plates offer a way to find out who the driver is. You might not see direct benefits today, but there certainly is a point to plates. If you find yourself in an accident that is the other party’s fault, you might understand the benefits to you of their license plate being visible. I hope that doesn’t happen to you, but many people in the past have been glad the offender could be identified.
> They really don’t, because vehicles are frequently driven by people who did not register them.
Someone else driving your car doesn’t prevent the police from compelling you to tell them who drove your car. The point is the police can come to you. Different story if the car’s stolen, of course, but license plates in fact are used often as the first point of contact to identify drivers, regardless of whether it is their car. Without the plate, there might be nothing to go on, right?
Your other corrections are valid, I was imprecise with my point. Do you agree with parent that plates are pointless? I was only trying to point out the utility and reasons for the existing system of licensing and registration, plates, IDs, and stickers. I can see parent is making more of a political statement than one of actual utility, but maybe also important to keep in mind that purpose and utility of the various parts of this scheme look different depending on who you are.
No I think plates are important, for the purpose of correlating a vehicle back to the registered owner.
And this can be used, in turn, to look up a lot of the other data you pointed out, even if it does not do so directly.
> Without the plate, there might be nothing to go on, right?
There’s the VIN, but they’re difficult to see at a distance, and don’t indicate the jurisdiction of registration for out of state vehicles, and so, they’d be a PITA for most things states care about using plates for.
Difficult to see at a distance is a little charitable - all cars I've encountered the vin is in the engine bay.
Without a license plate, all you have to go on is make / model / colour and any obvious modifications, essentially the same as seeing a random human but with less cardinality since vehicles are mass produced
They’re normally externally visible at the lower corner of your windshield. Authorities often do use these numbers when verifying the identity of parked cars or if they suspect an issue with the plate.
In all 50 states, plates represent the registered owner and not the driver, because non-owners can drive cars in all 50 states.
As for safety and emissions, only a minority of states do each of these, and the majority of those denote compliance with a sticker, or have exemptions:
Portuguese license plates for a long time had the month/year of the car manufacture. This been discontinued because apparently no other country in EU does this and it was confused with expiry date.
There is no other indication on the license plate. just the numbers and letters.
I assume that expiry dates on US plates is related to either road tax or vehicle inspection
> I assume that expiry dates on US plates is related to either road tax or vehicle inspection
Usually yearly registration, though some US states do gate the registration completion on some forms of inspection.
California, for example, requires emissions testing every other year for cars older than a certain age, and won't send the new registration until that's been completed. But most states don't require any kind of regular safety or general road-worthiness inspections. I think that's kinda bonkers, but I haven't really looked at stats around how many car crashes are caused by a failure to maintain a car or its safety features. It's possible that the cost of doing such testing is often deemed too high, when considering the benefit.
> ensure [...] that the vehicle has been inspected for basic safety and emissions standards
There is a Youtube channel where someone got a Hummer, ripped off the engine, and transformed it into an electric vehicle. When he went for registration (as a custom car) nobody even asked to see it.
The side effects cannot be worse than the medicine. License plates and modern data collection practices are far worse than any of the purported benefits.
I’m still not following, could you elaborate on the problems with license plates? What are the negative side effects, and how/why is that “far worse” than meeting safety & emission standards and catching at-fault drivers after accidents?
One thing to consider is what would happen if license plates actually did go away. This idea is completely unrealistic- license IDs & license plates (or some way for police to identify you) are never going away. But assuming they did, what would happen? This would mean an astronomical increase in hit and run accidents, in uninsured driving, and in criminal activity from unsafe driving to theft. Do you think that wouldn’t happen, and if so why? Why would having no plates be a better thing than having them?
How about this: e-ink plates plus public-key cryptography.
Your actual license number or other identifier, plus a time-based nonce, is encrypted with the DOL's public key. The displayed value changes as the nonce changes according to its schedule, so third-party observers can't correlate the displayed value across time.
If you get in a hit-and-run and note the displayed plate, the DOL has the other half of the keypair, the time, and the derivation function for the nonce, so can translate the displayed value to the actual owner.
Not being able to publish a single stable value in amber alert cases would be a bit of a regression, but you could still publish what a value would be at a particular time interval.
Doesn't do anything about governmental abuses of ALPR data but could be effective at cutting out corporate abuses. I'm probably missing something but it doesn't seem to increase info leakage w.r.t the status quo either - you'd theoretically be able to figure out when a particular image of a plate was taken, but that source would almost definitely be timestamped anyway.
e: I don't think "just ban private ALPR" is a solution; it's simply way too easy to do with COTS+FOSS and way too hard to enforce against.
How about this: e-ink plates plus public-key cryptography.
You’re suggesting that a solid plate of metal that can sit, neglected, out in the weather for multiple years without much visual wear, and when damaged by the car wash can just be bent back to shape, and replace that with your delicate little piece of electronics and software? And pile on some PKI to boot?
I’m seriously on the fence in deciding if this comment is trolling me, or if this is what late-stage HN looks like. :-)
It was definitely at least partially tongue-in-cheek ^_^
I bet you could figure out the physical aspects. E-ink tech itself has come a long way in the last few years following some patent expirations, and the electronics stuff is basically just a yubikey JB welded to a license plate frame. The cost per unit would be pretty low at scale, so just replacing borked units seems pretty doable.
Imo, a bigger problem is competent implementation. Yeah sure, the DOL is gonna run a bunch of PKI infrastructure and not mess that up. At least in my region, just keeping a largely static website up seems to be a struggle.
> I don't think "just ban private ALPR" is a solution; it's simply way too easy to do with COTS+FOSS and way too hard to enforce against.
Which leads to another issue, that local governments have contracted these corporations to do just this. From red light cameras to suvellience cams, police don't actually store this data themselves, private companies do the bulk of the work here.
It makes sense as a technical solution to the problem of not being tracked / identified by NGOs. Could work but seems a little complicated, and unlikely to end there; car, location & face recognition could achieve the same ends, by and large. (China already does this). However the bigger issue to resolve is the goals and legality. We haven’t yet established that being able to identify someone in public is bad, or conversely that being able to travel anonymously is a goal we want, right?
> car, location & face recognition could achieve the same ends, by and large. (China already does this).
Yeah, I actually started out writing that comment about how license plates are probably unnecessary given the volume of other forms of location data accessible to LE but the peak HN strat was more fun to think about.
> We haven’t yet established that being able to identify someone in public is bad, or conversely that being able to travel anonymously is a goal we want, right?
I don't have full answers here, but I think it's worth considering the modes of enforcement enabled by this change. Despite there being no de jure change in privacy protections while in public, there's been a de facto change from that kind of data only being accessible in cases of specific, targeted investigations to that kind of data being accessible to automated dragnet enforcement. Targeted investigations are inherently limited in scale and there's (at least theoretically) a nexus between the investigation and some kind of probable cause, but dragnet enforcement generally disregards fourth-amendment protections. The Carpenter decision theoretically offers some protection against this, but parallel construction is trivial enough that I'm not exactly resting easy.
So, I think it is possible to be against ALPRs without necessarily being for wholly anonymous travel in public - it's an issue of probable cause and avoiding the fruit of the poisoned tree, not one of absolute lawlessness. My (admittedly silly) suggestion is also problematic because it doesn't address this concern at all. My real feelings are a lot closer to 'calvinmorrison, but I acknowledge that "just get rid of license plates" isn't exactly a winning proposition to the average voter.
The problem is that our government cannot be trusted. The car-ification of the united states in combination with endless driving regulations creates a dragnet for the police to simply stop and detain anyone going about their daily lives.
There's no reason license plates expire, there's no reason we should have to pay for inspection, there's little proof it even is effective in improving safety.
Drivers licenses again prove very little. People are pulled over constantly for suspended and expired licenses, were the unable to drive? clearly they were.
The issue with license plates is that it creates a automatic background check on every person who drives past a police officers with an ALPR. It's about as bad as the slave catching squads from the ante-bellum era. There's no reason I should have a bench warrant from missing a traffic ticket in New Jersey cause a police officer to detain me, arrest me, jail me, and send me back to New Jersey.
The problem is, you cannot separate the benefits from the bad. The problem is the government routinely abuses their power of licensure (see may-issue licenses in new york) to the point they cannot be trusted to license at all.
Given the rampant abuses on our civil rights from the government, especially state and local governments who tend to do the day to day brunt of enforcement, I hesitate to offer them any option to be more efficient.
> The problem is that our government cannot be trusted.
Depends on what you mean, it sounds like you’re saying the government cannot be trusted to be perfect. I’d agree with that. But the counter problem is that the public cannot be trusted either. A huge number of people can and will avoid maintaining their car if they don’t have to, will wait to purchase tires until after they’re bald, will drive with smoky exhaust, will avoid paying sales taxes if they aren’t caught, will crash their cars and run if they can’t be tracked down, etc. etc.
This isn’t really a government problem, it’s a people problem. People just happen to make up the government.
> There’s no reason license plates expire, there’s no reason we should have to pay for inspection, there’s little proof it even is effective in improving safety.
Kind of a lot to unpack there. Contrary to your claim, there are reasons plates & registration & IDs expire. Whether you accept and agree with those reasons is a separate question. Cars do change hands and degrade over time. It makes sense to check in, especially from the POV of the govt who maybe primarily wants to tax any sales, and keep track of who’s associated with each license plate.
Safety and emissions inspections are improving our safety & air, and there’s data over time to show it.
> Drivers licenses again prove very little.
There’s some proof; we have lower accident rates than some other countries where drivers have a lower barrier to entry. Aside from that, licenses are partly for identification. You might not like that, but that is part of their purpose.
> It’s about as bad as the slave catching squads from the ante-bellum era.
Hard disagree. Treading dangerous water with this one.
> There’s no reason I should have a bench warrant from missing a traffic ticket in New Jersey cause a police officer to detain me, arrest me, jail me, and send me back to New Jersey.
Sure there is, you appear to be fleeing when you miss a court date and drive across state lines. I’m skeptical this happens with any regularity over minor traffic tickets with no other context and a clean record. But again you’re saying “no reason” when what you mean is you don’t like it.
> Given the rampant abuses
You’ve established that you have a fear of abuse, but not that it’s affecting you routinely. I haven’t seen any dragnets ever, personally.
> Safety and emissions inspections are improving our safety & air, and there’s data over time to show it.
I'm curious about this. Most US states do not require regular safety inspections, and some of those that do, only require them for a subset of vehicles (only commercial vehicles, only vehicles over a certain age, etc.). Around half of states require emissions testing, though often it's not yearly, and there are often exceptions for newer cars.
Certainly there are political and cost-related drivers to not requiring this sort of testing. But I do wonder what studies have been done, specifically for safety inspections: do they significantly reduce incidence of vehicle crashes, or at least of fatalities or serious injuries when crashes do happen?
These things are all decided by individual states. Permanent license plates and zero inspections are definitely a thing in some parts of the country. Drivers licenses with very long validity periods were too, until REAL ID became essentially required.
Ah, libertarianism coupled with if you cannot solve every case then you shouldn't solve any case.
I can separate the benefits from the bad. The road without rules is a net loss for everyone. Companies and individuals would gladly save on getting inspections if it saved them a few dollars at risk to everyone on the road when their bald tires and bad brakes finally failed them.
True to HN form the proposed remedies tend to be technical in nature (though not necessarily wrong). This is another one of those problems best rectified with legal protections, not blog posts about how to disconnect the antennas. At the state level (in the US) it would be manageable to pass laws limiting or banning these practices, and that should be the first response. Of course backing that up with technical workarounds doesn’t hurt, either…
I didn't see a blog post with instructions on how to remove the antennas. Got one? I'd love to do this. I'd love even more to pay a mechanic to do this but I'm not even sure what I'm asking for. I think there are 3 two way radios in my car, Sirius and 2 cellular modems from what I can glean from the user's manual. It's a 6 month old $50k car; asked about it on a subreddit and someone said it would probably void my warranty - fucking awesome.
Legal protections would be nice, but I'd like to stop being stalked _immediately_.
I will assume removing the radios, or modifying them would indeed void the warranties. On the other hand if the radios were blocked, without direct manipulation (i.e. Faraday cage-ish ideas) if the connectivity fails, is warranty void?
An alternative would be to use something Ms Fried built in 2006[0], but more specific. Come to think of it... this might be a small business idea...
> Vehicle Data... After your Vehicle’s ignition is turned off, the Vehicle transmits the location of the Vehicle and the time it was turned off.
If every car with Sirius installed transmits the time and location when it was switched off to marketers, that would close the loop on all those "I just moved to this place and I'm getting local robocalls to my cell number".
>"I just moved to this place and I'm getting local robocalls to my cell number"
This is more than likely just a combination of National Change of Address database (which is updated daily, I think, and there seems to be a lot of companies selling it) and some marketing information from one of many services that sell it, almost all of which contain your cell phone.
I really despise the "smartphone on wheels" trend. I got a used Mazda 3 which doesn't have any of that, the new models come hyperconnected, so you can "see the status of your car with an App" (no thanks).
Is there a list of cars which don't have remote data collection?
Slightly tangential, but I am beginning to despise "smart" anything, because the product developers don't seem to care at all.
I just got z-wave locks from a company ultraloq, figured I don't want the integration with the app etc. I will just use z-wave and connect to my local offline hub. But once I get down to set it up, I can only connect to the hub via z-wave from the ultraloq app. I install the app and I need to register an account by providing first name, last name, email and phone number, then the only way to pair my lock with the app is by enabling bluetooth and providing location access to the app with gps enabled. I do that and then I find out that once I install the app and register the lock, I am not allowed to use it in standalone/offline mode (setup/change lock codes directly from the lock) unless I do a factory reset. Funny enough, if I factory reset, I lock is no longer connected to my hub on z-wave.
Basically to use z-wave with my offline hub, I need to provide the company my gps location, first name, last name, email and phone number and stream data of lock usage every time the door is unlocked/locked to the company. How is this not a security risk for the company? If they ever get hacked, all their customer PII data including the gps location of where the locks are installed are compromised.
They do care - it is just what they care about is diametrically opposed to your interests. The post-sales revenue stream from collected data is not only profitable, but in some cases more profitable than the sale itself.
Makes me wonder, if people really cared the market should react to it and have products to cater to those needs. Maybe my interests and people with similar interests are a very small minority, everything now is setup via an app - toasters to routers to vacuums. The sad truth is probably that vast majority of people like the convenience of an app and don't care about privacy or data collection and the products/market is heading there.
> if people really cared the market should react to it and have products to cater to those needs
I think the current incentive has warped the market beyond repair for certain products.
Take TV for example, non-smart TVs cost the same or more than smart TVs because manufacturers can subsidise smart TVs’ cost by selling or utilising data. Not to mention other “benefits” like locking consumers into their ecosystem: a lot of Korean newly weds buy all Samsung or all LG for electronics for this reason. With all these incentives, it makes sense for the companies to only make smart TVs.
We need regulations to offset these incentives. There most be a real tangible cost to collecting data and appliances should be required to use open protocols. Then it will make more sense for manufacturers to make just normal TVs that can compete with smart TV.
The sad truth is probably that vast majority of people like the convenience of an app and don't care about privacy or data collection and the products/market is heading there.
I don't really believe in this theory. Certainly the average HN commenter trends more privacy-aware than the average person in our societies but I know many "normal" people who don't like the intrusion but accept it because they don't see any viable alternative apart from giving up a normal life.
The correct solution when competition in commercial markets doesn't solve a problem like this because it's just too profitable for everyone to carry on the abuse is for governments to regulate in the public interest. Of course that relies on elected representatives to do their jobs and not just pander to whichever industry gives its lobbyists the most funding so the success of the strategy is likely to vary wildly depending on which country you live in.
I only buy stuff that I can reflash (tasmota, esphome, or whatever), because everything else will either be deprecated, the cloud will be discontinued, the app wont work on the newest android, or there will be a huge security breach, that the company won't fix for "legacy" devices.
This makes stuff pretty limited, but you can still find atleast some things that are (eg.) esp8266 based.
That is my plan. Their support is Mon-Fri working hours. I want to call their support and ask them if indeed z-wave is only usable if I register the lock, hook it up with their app and give up functionality of using it in standalone/offline mode. If they confirm there's no other way, I will return and buy something from a competitor instead.
You won't find any new vehicles without extensive remote data collection infrastructure, whether or not it is obvious the data is being collected. This has become a necessity for automotive OEMs due both to regulation and economics.
Modern automotive hardware is almost completely undifferentiated, and this commoditization means the hardware is essentially being sold at cost. The only opportunities for differentiation, and therefore profit, in the automotive market involve leveraging the vast quantities of sensor data thrown off by vehicles. In many cases the data of interest is not even about the driver per se but the external environment. There are many use cases for this data, both by the automotive OEM and third parties. In most developed countries, both the automotive OEM and the government have a right to this data. The regulatory frameworks for this were put in place decades ago.
Organizations that work with this data have great difficulty because off-the-shelf data infrastructure can't handle it in a meaningful way. Currently, exploitation has been more theoretical than practical.
And the big thing is after maybe 3 or 4 years its already going to be outdated.
While you replace your phone if its outdated, you don't do the same thing with cars.
A car + phone combination is always more capable, because its almost always up-to-date and the user is already used to it.
Imagine if the whole world refused to use any car older than 2 years... how many cars would have to be made every year? even if that made any economic sense, it certainly doesn't make any environmental sense. You might not think of it this way but those people you know are privileged, they would not be able to get a new car less than every 2 years unless there was a 2nd hand market. Cars need to last.
I'll take just the aux then, at least as long as I can. Aux (as in: 3.5mm jack on both ends or else on one end and the other one cinch or DIN to support even older devices) is something which has been working fairly universally to get music from any portable and even some not-so-portable players to amps in the past 30 years or so, extend to like 60 years to include anything compatible but with DIN (just a rough guess here, I still have some old Telefunken radio with an aux input via DIN and I'd estimate that is it's age; still works, moreover they really figured out nice warm bass from small speakers back then already). It's simple, it's a de facto standard, it really just works, it's a good idea (doubling as headphone out) and well-executed.
Bluetooth audio on the other hand tries to be all of that, but I never quite got the feeling it's there yet, after all those years, and I wonder it will ever be the same level of 'just works'.
The Bluetooth is nice because I don't have to do anything for it to work. I get in the car, hit play on my phone, and music comes out! Only downside is about a one second delay. Also nice for friends with phones that don't have 3.5mm. I've never had trouble with Bluetooth. I have a pair of wireless Sony headphones that really just work. I tap my phone to the side of them and they automatically turn on and connect. Battery lasts about a month.
The one thing I do like about Bluetooth in a car is the ability to skip songs using the car's interface, without having to fiddle with my phone, which isn't particularly safe to do while driving.
You can go slightly more high tech and just plug a USB drive into the port. Still no bluetooth or smartphone but you get more than 700 odd megabytes of mp3s.
I've taken it a step further and now just leave a Samsung external SSD plugged in (and out of sight). Better quality flash than a USB stick, and now the limiting factor for library size is the number of tracks the car can handle, instead of storage.
I asked the sales guy about this when I bought my 2019 Subaru and he was stumped, said no one had ever asked that before. But sure enough, the car could read flash drives similar to MP3 cds.
When it's not that... my dealer tried to upsell some tag protection system... but that's just an excuse for a geolocation harvest racket [1]. You just can't trust anyone today not to abuse their convenience service.
There is a hack[0] that you can do that will give you android auto. I do find maps on my dash is pretty helpful. There's no great place to put my phone to see maps and picking up my phone frequently to navigate isn't that great. Though sometimes I have problems with it disconnecting from my phone (cabled). But then again, I have a Scion iA (rebaged M3). I'm not sure if anyone knows of a newer (and maintained) version of this.
Though there are a lot of things about android auto that piss me off and it makes me feel confident that the engineers aren't dogfooding. I get that they want voice commands, but when those fail the solution shouldn't be "pick up your phone, detach, do the thing, reattach." What a crazy failure mode. Who thought this was okay?
Chrysler/Dodge/Jeep vehicles prior to 2016 used Sprint's CDMA network. Sprint's CDMA network is now shutdown, so they can no longer send any data back but the vehicles still function fine.
That is an interesting way to find more recent vehicles - find the ones who are "smart" but whose "supporting networks" have already died without rendering the vehicle non-functional. Thank you for the perspective.
Of course this does nothing on the security side - the fact that the vehicle is still somewhat accessible from the outside makes it less secure. But not having to worry about privacy at least is nice.
Is there a list of cars which don't have remote data collection?
Here it is:
.
Unfortunately to the best of my knowledge I am not joking. This is one of the big reasons why I haven't bought a new car with modern automation and connectivity for a long time.
I think they will be unreliable.
I think they will be insecure.
I think they will be privacy-invasive.
I think the technology at the original time of sale will age quickly and manufacturers will abuse that to extract more money from current owners or any potential new owners who might buy the vehicle from them.
I think the technology will allow for artificial limitations on vehicles' physical capabilities and encourage manufacturers to make pay-to-play style upgrades and rental models the industry standard.
And I think there is a non-trivial risk that eventually someone will successfully exploit a remote vulnerability on a popular model and gain enough physical control over a large number of vehicles simultaneously to cause injury or even loss of life on a massive scale.
Absolutely nothing I have seen about the auto industry, the people who lead it, or the people who regulate it would undermine any of those claims and apart from the last one there seems to be plenty of evidence that they are already starting to happen.
The newest Russian cars will allegedly not have airbags or ABS, so it's a good bet that they'll be otherwise analog :-)
If they manage to install ABS/ESP, they might actually be an interesting choice, if it weren't for the likely lack of EU market authorisation and spare parts.
This is a great article. I've wondered about that myself:
Forgetting about the smartphone data, many cars have a Navigation system, which means the car itself knows where you are. Is it being communicated in real time, or does the car at least remember?
I actually asked someone who works in car automation this very question, and he said it's really manufacturer-dependent.
The car manufacturers are hoping no one digs into this. So let's dig.
I just started with GM's OnStar. Here's an ominous paragraph in [1]:
If you sell or otherwise transfer your vehicle, it is your responsibility to delete all information (such as contacts, address look-ups, saved map addresses, or preferences) from the vehicle and contact us to transfer or cancel your account. If you do not delete this information, it may remain in the vehicle and may be accessible to future users of the vehicle. For instructions on how to delete information from your vehicle, please refer to your vehicle owner’s manual.
So apparently, if you look a place up (say, the motel where you and your extramarital partner meet), it stays with the car and/or your OnStar account.
> say, the motel where you and your extramarital partner meet
I understand, it’s privacy and stuff, but how does _this_ make a compelling argument? Is covering up that someone cheats on their spouse, beats their kids, and launders money, now some service provider’s responsibility?
many cars have a Navigation system, which means the car itself knows where you are. Is it being communicated in real time, or does the car at least remember?
GPS itself is entirely passive. The last position is definitely stored in the receiver to make it faster to acquire a position fix the next time it's turned on, but the question is whether that is sent outside the car. A standalone GPS unit of the type that people add as an aftermarket accessory, instead of being integrated, will almost certainly not be transmitting its location elsewhere.
Car makers are typically on the conservative side, and they aren't really in a position where their own data would be particularly valuable compared to that of other players.
What mostly happens is that data sharing goes both ways: for instance if your embedded navigation system shows live traffic data, your car is probably sharing its location upstream, which gets aggregated and anonymized according the legal framework and the terms between both parties.
You can do stuff with a car that you wouldn't be able to do with a smartphone, for instance using sensors to scan curbside parking, whereas Google needs to extrapolate street parking availability based on driving patterns. But I'm not aware of anyone doing that yet... I've only seen proofs of concept.
This is what I've seen. It also makes sense from a legal point of view (at least here in Europe) and more importantly, from a practical one. If you're Here or TomTom you want to provide good data and you need OEMs to share theirs in return. However keeping (or worse, sharing) events associated to VINs or other PII is just a liability.
My 2016 BMW 118d has a navigation system and a built-in SIM card. It is used in multiple instances (the listed ones): locating/locking/unlocking your car remotely (all optional), start an emergency call, updating the firmware and talking to a messaging server
I think what we're seeing here with you & @hocuspocus is: no one knows for sure what happens. We can make educated guesses.
If you were sitting on PII location data and no one knew you had it, you'd probably want to keep it that way. Going public would certainly get the authorities after you.
I'm a little confused by the discussion here. Please forgive me if I've missed something obvious.
Much of the discussion seems to be around the government (usually, but not limited to, police) monitoring the location and operation of a vehicle on public roads.
While I'm not a huge fan of government surveillance, registering a vehicle (and obtaining a driver's license) and monitoring the performance of that vehicle (and its driver(s)) are governmental functions purporting to ensure the safe operation of a vehicle.
Corporate entities, like auto manufacturers, dealers and "tech" companies have no such responsibility, nor do they have any role in (except in abiding by the law/regulation -- e.g., emissions standards).
So, unless there is some sort of government mandate to collect such information, corporate entities have no reason (other than their own profit) to collect location, velocity and/or in-vehicle activities.
IMNSHO, that they do so should be much more concerning than red light or speed cameras, being followed for a few miles by the police, or as is popular where street parking is a thing, checking registration/inspection expiry.
Just as one (or should be) is horrified by the levels of tracking by corporate entities on IOT devices, "smart" TVs, dishwashers(?!?), etc., etc., etc., why are folks focusing on the government here?
They aren't gathering the boatloads of information being collected by the corporate entities (and if the government starts buying such data, they should be smacked down hard!) that are invading/destroying what little privacy we might have.
As such, I don't get why the focus is on the government rather than on the folks actually gathering all this data.
>You might change your mind when the government starts tracking the fact that you drove to an abortion clinic.
Where might the government get such data? They certainly aren't gathering it themselves.
Rather, it will come from the corporate entities that are already gathering such data.
What's more, I can organize my neighbors to vote out folks who want to spy on me.
I can't do that (well, I guess if I had a few trillion dollars to buy majority stakes in various corporations, although that wouldn't work with Facebook[0] though) with the corporations that are already spying on me.
Just so I understand your position, you appear to believe that bad things a government might do with the help of corporations that are already doing those bad things is what we should be concerned about rather than what those same corporations are already doing.
Is that your argument? I just want to make sure I understand, as I'd like to have a discussion and not create straw men. Thanks!
For a large number of categories today the most extensive research to identify a decent product has become necessary.
It is a disaster that cars are now part of it, but - the most extensive research to identify a decent product will be necessary.
Edit: what I fear most (second to a market that allows perversions - i.e. buyers of unacceptable products), is cretinous legislation what may remove options.
> what I fear most (second to a market that allows perversions - i.e. buyers of unacceptable products)
I have a hard time buying this (no pun intended). Your greatest fear is other people being able to buy things? I fear very much my not being able to buy what I want, and I can see knock-on effects from other people being OK with (or not understanding) the violation of their privacy and so indirectly violating my privacy, but it's hard for me to see that raising to the level of my greatest fear. So I wonder if I'm misunderstanding you, or we're frightened by different things.
Yes, you misunderstood. I stated that the fearsome weakness in the system is a market which is mostly made by careless buyers who will disregard low quality, absurd specifications and dystopian features in the products.
A product would not circulate in the market if people did not buy it, and people in general most unfortunately tend to buy what is available, without assessing it, without considering the effect of their purchases on the market.
You would not struggle to find e.g. telephones with replaceable batteries in the market if people generally refused to purchase otherwise. The same is valid for bluetooth-operated only washing machines (and other appliances), etc.
Bad products are around because people buy them.
> I fear very much my not being able to buy what I want
Exactly: that is already largely the situation, and it comes from a polluted market, spoiled by purchasers accepting bad products.
Which 'this' do you mean? There is the 'this' where other people buy stupid things (meaning 'smart' things, in the marketing terminology we've had foisted upon us), and there is the 'this' where I can't buy what I want. Phones and TVs are examples of both, to be sure; but, as I mentioned in the comment to which you are responding, these two phenomena seem different, though linked, and it's not clear to me that the former is inherently bad.
> For a large number of categories today the most extensive research to identify a decent product has become necessary.
What exactly are you saying here? Is this a "telemetry is necessary for effective product design" argument?
Apologies if I'm misunderstanding, but if so: I personally don't buy that it is except in very specific circumstances. Gathering data through telemetry to make product decisions, when it's not just about data sales for extra revenue, doesn't always make a lot of sense, particularly when that data gathering capability directly compromises the product quality. I would argue that often it's done because of people trying to cargo cult competence at product design by doing what seems cutting edge, analogous to "architecture astronauts" designing overcomplicated & inelegant software systems with too many bells and whistles.
No, I wrote that nowadays, before buying, as you will need to «identify a decent product», you will have to research a lot, and discard the largest number of - useless - options. If nowadays you are in need of buying an item you will have to do extensive research of what is available in the market, because most of the products around are unacceptable.
The direction OEMs are going is to try and have their cake and eat it too. Data connection is not optional, so security is achieved through an isolated network interface boxe that talks to the outside and is assumed to be pwned/pwnable. The rest of the architecture is hardened accordingly, with a single internal interface to the rest of the vehicle on a secured bus and attestation/secured computing platform, etc.
That's great until an unknowing mechanic connects a pwned device to the secure system that infects it and enables it to receive commands from the "assumed pwned" network box.
I have layman knowledge of this and do not understand. How does this compare to the level of security described in the GP comment (no connection at all)?
It might help to imagine there's a data diode between the interface box and the rest of the system. In an ideal world, there should be few differences beyond the actual data being sent. In practice, the analysis is a lot more complicated. I've also seen cases where there should be no connection hardware at all, but someone forgot to disable Bluetooth on a dev board or something and it shows up in a red team exercise.
TVs between smartphones and cars. There's still plenty of room for expansion, like your door locks and home climate controls, your medical history/treatment, your votes...
but here is a generic article on The Atlantic from 2016 - year relevant, because there had been cases of actual ransomware for some thermostat models then:
> When it comes to connected vehicles, the possibilities are even more frightening. And thanks to an experiment where white-hat hackers remotely hijacked a Jeep as it hurtled down a St. Louis highway, they’re not that far-fetched
Which raises another point: security faults in cars have been used to stop them, to take control of them etc. Among the malicious purposes, one can emerge of ransom: "We now control your car. If you want to drive it again...". Nothing new in the crime scene ("We just stole your car. If you want to drive it again...") - only, now through fully avoidable technical holes which should not be there in the first place.
--
About the thermostats:
Hackers demonstrated first ransomware for IoT thermostats at DEF CON // Ransomware-infected smart thermostats, it's no longer hypothetical. An attacker could crank up the heat and lock the IoT device until sweltering occupants paid a ransom to unlock it (Aug 2016)
I have a car with Here maps, but it never occurred to me that a side effect of it having a data connection is data collection. I’ve been used to car navigation systems being offline, but it seems newer models like to search online for results, which of course exposes a lot of data to their servers.
I wonder if you turned off the “online” search results and routing if it would shut off data collection, or if you’d have to physically cut off the cell connection.
> Otonomo is one example of the dozens of companies that market their attempts at keeping information anonymous. Otonomo describes its platform as having “privacy and security by design” and notes the use of patented “data blurring” technology to protect user privacy.
> It also has an “Otonomo Driver Pledge” page promising drivers the ability to easily grant or revoke access to personal data,
This doesn't add up. If they collect only anonymized data, then they won't be able to find that customer's data and do anything with it.
I’m surprised that all this web of data hasn’t led to the most meaningful and significant improvement we still need in the car industry: have people who drive dangerous pay more for their insurance. It takes very little time near a road to notice that some people present an order of magnitude more risk than others, and no one has ever tried to confront them about it — at least successfully.
With cars and their drivers killing more than a million people every year, a little constructive feedback would be a major help to avoid so many tragedies.
> present an order of magnitude more risk than others
The data really doesn't bear this point out, or the category of drivers your considering are such a small part of the total that changing their behavior will have almost no noticeable impact on the total.
Further.. at least in the US, the majority of fatal accidents are single vehicle accidents where the driver was impaired either by alcohol or other drugs. You don't really need to mine data from the car to figure out who and who isn't the problem here.
> With cars and their drivers killing more than a million people every year,
That's uncharitable. Bad road design and failure to make protected pedestrian paths (16% of all fatalities in the US are pedestrians) definitely deserve some credit here too.
> a little constructive feedback would be a major help to avoid so many tragedies.
Based on US data: If you drink and drive you should be revoked for 10 years. It should be illegal to give people under 24 vehicles with more than 250hp, or any power level with a turbo.
Commercial, fleet insurance works exactly like this.
Back in the 80's there were already such solutions that would monitor speed and location based on cell tower. the data would be chirped back periodically. The price of the insurance would depend on driving speed and postal code for the cumulative information of the entire truck fleet.
Today, this is not even a question. It is the de facto way of charging fleet insurance.
At least three of the companies listed in the article offer apps that track your driving and give an insurance discount if you sign up. This could be seen as effectively the same thing; safer drivers paying less is perhaps equivalent to dangerous drivers paying more. Yes it’s voluntary so this isn’t perfect, but I’d speculate there is some presumption that in general safer drivers are the people signing up for the discount. This unfortunately comes in the form of a privacy trace-off, but if having dangerous drivers pay more is the goal, I’m not sure there’s a way to have that without some monitoring.
Another way your wish already exists partially is that people who cause accidents have higher insurance rates. This isn’t 100% effective, but some of the people who prove themselves more dangerous really do pay higher insurance already.
> safer drivers paying less is perhaps equivalent to dangerous drivers paying more
That’s not what happens in practice: drivers concerned about their privacy don’t use those apps, not those who drive the most carefully. Subscribers remain a minority. This is a shame because careless driving requires very little information, nothing that is genuinely affecting privacy.
How do you know what happens in practice? I have no idea who’s signing up for discounts. I’d speculate wildly that specific monetary discounts win over generic privacy concerns more often than not, but I have no idea.
But if we’re to have dangerous drivers pay more, without it being a voluntary opt-in system, then someone needs to be able to monitor all drivers, right? What information are you thinking of that isn’t considered private? You could have the cars reporting only speed & steering & accel/decel telemetry, but that might be easily hackable. Having GPS to compare against is much more trustworthy. What if primary components of safe driving are where and when you drive? Choice of roads and time of day may matter for some drivers as much as speed. Maybe the behavior in the proximity of other cars is a primary factor, I wonder how that could be reported - how often you pass, how much room and time you leave when changing lanes, how closely you follow, etc.
I wonder what it would really take to identify dangerous driving. The largest factors identified by the NHTSA are: drinking, speeding, being “distracted” (using a cell phone), and driving tired. Speeding might be the easiest, while monitoring for drinking and tired and cell phone use seem more invasive.
> What information are you thinking of that isn’t considered private?
Statistical distribution of the absolute jerk. People who race, and distracted drivers have to correct at the last minute both have sudden changes in acceleration.
That seems pretty reasonable as one valid data point, but unlikely to capture dangerous driving broadly and accurately, no? Certainly location and traffic and speed matter, and jerk might not tell you much about people who drink or drive tired; certainly a large percentage of accidents happen without sufficient deceleration prior to collision. I could be wrong though, maybe the accelerometer data over time is reliable at identifying bad drivers, it’d be interesting to see how well it does.
My kids use the insurance company apps and they are pretty awful in terms of accuracy. The apps nit pick the turning and braking based on acceleration data, and I’ve ridden with them and watched it call out safe driving as bad. One downside of this is that neither my kids or my wife and I trust the insurance company app to understand safe acceleration. I’m a little bit worried about what happens to this data and to the insurance company’s conclusions about what stops and turns were safe or not. It would be bad IMO if this record follows people around informing law enforcement using poorly decided thresholds for safety. The crappy app, of course, does not mean that the insurance company can’t reliably identify dangerous drivers, but there’s no indication to me that they’re using the data in a way I’d want or agree with... even if I’m completely on board with your suggestion to identify dangerous driving and charge for it.
The industry is helping distracted drivers by adding stuff like lane-keeping assistance, AEB and what not. The legislator, by requiring these systems in vehicle, helps people drive while distracted. OTOH, those systems do prevent accidents.
Go after the insurance companies instead. They are highly motivated to pass on the costs to their customers. I don't know exactly what would be an appropriate metric though.
Because that’s not their problem. They want all their customers pay more, because people can change their driving habits. It shall never be the reason for profits to fall through.
Wouldn't this be illegal under GDPR? A license plate number can be linked to the owner and therefore can be a PII, as well as car serial number or other identifier.
Also, this shows that no matter if you pay for the product or not, you become the product for squeezing the data anyway.
Also, this could be a national security issue everywhere except US if US government would be able to track the cars all around the world. For example, what if they will track the cars used by defence industry employees or military personnel?
Such tracking equipment should be banned for import, but it is more likely that local government will just ask to provide the data to them too.
> Also, this shows that no matter if you pay for the product or not, you become the product for squeezing the data anyway.
Because it's not due to money, but power. They have the power to put spy devices in so many cars it becomes (near) impossible to buy one without, and so they do it.
A product only respects your rights if you can control it, if you have the power and leverage to change how it works. If you don't, you get user-hostile features whether you like it or not (the Intel Management Engine, and its AMD equivalent, being just two examples).
I have it on good authority that it's not a monopoly if more than one company exists on the planet. In the end it will just be Monocorp and Mozilla, surviving on yearly half-billion monobuck® checks from Monocorp.
It is hard to summarize the situations briefly, but, essentially, the government can do whatever they want and the courts hardly ever slap them on the hands.
(IJ also _fights_ these issues in court pro bono - they are a law firm! - so supporting them looks like a good idea. disclosure: I am not affiliated with them in any form, just a podcast listener and a very minor donor)
I don't know why I never considered that my car may be collecting data on me. I have a Hyundai, and I just went into my settings to turn off as much of this as possible. I wonder if there's a way to disconnect the antenna or deactivate the cell service since I don't need it...
The simplest solution may be to disconnect the antenna. I would be very impressed if this negatively impacted the actual rolls-down-the-road functionality, since it's always possible that a car is in an area that has no cell service, and it would need to work without an always-on connection.
This is unlikely to be in the service manual, though. Are people identifying where the radios in new cars are?
It's quite possible that the same antenna package providing cellular connection is also providing the antennas for GNSS and radio.
It's also not impossible that you'll start to experience odd behaviors and warnings after a month or two, as the software stack expects connectivity eventually.
All of those separate antennas are typically combined within a single antenna package in the shark fin. Doing manual placement with separate antennas is a huge pain, so e.g. BMW prefers to call Delphi and just buy the hardware to stick on the roof.
> I would be very impressed if [no cell service] negatively impacted
Tesla issued a press release years ago in which they reassured the public that their cars were used in connection-less or heavily-firewalled territories, and they still run.
While on the one hand those reassurances are sinister ("our new feature will not impair function"; "our electronic systems will not fail when driving in the desert" - which was false for some manufacturers), also note that - as one poster nearby notes - that the item seems to work properly at some point in time is not a warranty for the future.
This month I just got a new car to replace my 18-year-old Honda, which was, as you'd expect for a 2004 model year car, not connected to the internet at all.
The new car sometimes feels more complicated than my smartphone, and data collection was one of my first worries. Of course there's an app that comes along with it, and while the information and remote functionality it provides is interesting, having done without this stuff for the first 25 years of my driving life, I feel like I can easily do without it.
Another poster talks about removing the cellular modem to ensure the car can't phone home, and I'm seriously considering doing it. Though I imagine when I bring it in for service, the techs will want to reconnect it. I'm even afraid that they'll claim they can't service my car without doing. In addition to that, I do want to receive OTA updates to the car's software.
I'm curious to know if it's possible to opt out of all data collection (perhaps aided by the CCPA, as I live in California), without modifying the car's hardware. Sure, in that case I am then relying on trust (trust that is so far unearned), but I'm curious nonetheless. The thing that worries me most is location tracking, followed by the possibility that my driving "style" could be sold to my insurance company. I've filled out the CCPA opt-out form from my car's manufacturer (though that's about sale of information, not collection), but I'm sure that's woefully insufficient to actually protect my privacy.
If the car sends data back to the mothership, then who pays the phone bill ? Say's it's about an SMS size each time I use a car so maybe 0.02$ a day ? 200 days/year, 10 years => 0.0220020=80$ and they sure have discount, so it's very cheap...
IS there a way to know where the chip is ? Is there a way to jam it so it can't send information back ?
> If the car sends data back to the mothership, then who pays the phone bill
You do. The bill is included in the purchase price of the vehicle. The manufacturer sources data SIMs, pays for data ahead of time, and that’s to the cehicle price.
Suppose it depends on your car. Mine did nothing when I removed it. Of course you may lose access to some things you want, like XM Radio, OnStar, GPS, etc (usually all these are integrated into the same board in the shark fin on top of the car).
I installed a dummy load instead the cellular antenna in my vehicle. In theory it should not be able to connect back to my automaker's virtual mobile network.
it's weird that they missed Autonomic in this article; they're outright owned by Ford. pretty much every new Ford is sending to Autonomic before you even drive off the lot
This. I went to get an inspection at a Valvoline place and the final part involved plugging their device to the car's computer. They were clear that it had nothing to do with the inspection, just "policy". I didn't push back since it was the last day for inspection,
but honestly. Our culture keeps is of isolation and siloed personal lives, except for corporations, they have their fingers in the details of all personal affairs.
It is worth noting that pretty much all the "quick oil change" brands have horror stories associated with them. Everything from minor ("they didn't notice my air filter needed replacing") to fraud ("they tried to get me to pay for an air filter that was replaced the week before; and showed me a dirty one that wasn't mine") to outright dangerous ("they left a tool on my engine that could have (or did) destroy when it fell into the workings, later" [1]). As a general rule, they tend to hire people without any _real_ training or motivation to be good at their job. I highly recommend being very wary of such places.
To be clear here, not all of them are like this; possibly not even most of them. But enough of them are that I generally try to always go to a local shop to get my oil changed. It's not worth the risk to me. If you have one that you know enough about to be comfortable with, none of this applies to you.
[1] I had this happen to me. Got home, popped the hood, and there was a screwdriver sitting on top of my engine. If it had fallen in on the highway, it could have caused some serious damage/injuries. Luckily, it didn't.
I would also recommend looking up the procedure for changing the oil and doing basic maintenance on your car! On most modern cars it is very easy, and then you can trust it was done right.
Honestly, as someone who's been involved with designing some of the internal systems and seeing how effective they can be, the large majority of the time a car either has the potential to be able to detect or already knows where the problems are located. The facilities to detect that are simply not in place or exposed to end users/techs in enough detail.
"emission readiness" is a specific state of the computer where all of the sensors are reporting "good for an extended period of time". It takes several drive cycles to get into that state. So that you can't, for example, reset the ECU and drive in for an inspection right then.
They do also do live tests with a sensor, but the "ECU says car is emissions ready" is an additional requirement. At least in many US states...maybe not yours?
> all of the sensors are reporting "good for an extended period of time"
Not exactly. Boring monitors like those for sensors or actuators are excluded / always reported as ready. Even misfire is always ready, and fuel was, too, until recently.
But of course since the more intersting monitors take long to complete, when they do reach ready, simple sensor checks would long have set at least a pending code if there was a problem.
Next update in california will likely require all monitors to be included in the readiness status latest for model year 2027.
Hrm. I've done this myself with the OBD-II reader and some do come up pretty quickly, but they took all some amount of running/driving to be ready if you reset the ECU...which people would try if there's a code stored / check engine light on. Some of them take quite a while to be ready.
under your passenger dash is a black metal box, usually documented. unplugging the harness and removing it, you can open it to expose a baseboard and a riser. the baseboard is for things like infotainment usually but the riser is your cellular modem. pull it and you'll get a warning light on the dash, but no more data collection. older cars will have a Sim in the riser you can pull if thats less invasive to you.
note: OnStar is also disabled and will not dial 911/999 on collision.