Hacker News new | past | comments | ask | show | jobs | submit login

Yeah there should definitely be a better governance structure preventing employee access without a structural justification like a law enforcement request, customer service request, etc.

As an owner of a model Y, I’m beyond pissed off they’re so lackadaisical with this stuff, to the point where I may just buy a different car.




> to the point where I may just buy a different car.

I love this line of rhetoric. Seriously, I doubt that you will. If you consider all of the shenanigans that Tesla is known to do, you shouldn't have bought the car if you're concerned about privacy. Any car that has cameras on the car that looks at the interior of the car should not have been purchased in the first place. OF COURSE they will be looking at video when they shouldn't be. Has there ever been an example of a company that hasn't? Ring has done it. Roomba has done it. Open it to any data not just camera, and people like Uber have used that data for nefarious purposes.

Any device that sends back data to the home office is just too ripe for misuse. Then, when it comes out in examples like this that it has occured, there is 0 liability for the company involved. Maybe the company makes an example out of the employees in various ways up to dismissal, but the company just shrugs it off.


It should be encrypted and the owner of the vehicle should be in control of the keys.


You can decouple the encryption and decryption keys such that the private key would never be present in any Tesla system at any point in time[1]. And you can introduce a ratchet such that compromising the Tesla car at time t0 would not enable the attacker to decrypt any encrypted data at t[n < 0].

[1] Asymmetric crypto KEM + ephemeral symmetric key + encrypted block. eg. <https://libsodium.gitbook.io/doc/public-key_cryptography/sea...>


That works right up until the user loses the key and demand access anyways. Or they sell the car and keep a copy of the key.


Updating a car with a new key would fix both problems. Old recordings would be lost, of course, but customers hearing "I can't unlock that without your old key" may be necessary to re-establish trust.


Absolutely and that is why you can't use an HSM. Thankfully generating keys on device and storing them on the cloud account encrypted by a passcode works. As the keys are a predictable size you can encrypt them multiple times with different passcodes.


Or just disable the data sharing option in the UI?


If you trust that button is actually wired up to anything, then you put way more faith in people than I believe is warranted.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: