By on December 18, 2019

Vehicular privacy is one of those things we never thought we’d have to gripe about but, as automotive connectivity becomes the norm, it’s become one of the most nagging issues in the industry.

Taking a cue from tech giants like Google, Facebook, and pretty much every other website you’ve ever connected to, automakers have begun leveraging customer data on a massive scale. Always-on internet connections exacerbated this problem (feature?), but it’s extremely difficult to tell exactly what kind of information is being shot up into the cloud before ending up at a manufacturer’s data center.

While we’ve seen cars hacked for the purpose of assessing how they’d stand up to malicious entities bent on wreaking havoc, few have attempted to decode the surplus of information emitted by your vehicle. We know this because people would probably be pretty upset to learn of the pathetic level of anonymity currently afforded to them. Despite spending tens of thousands of dollars on a new vehicle, privacy is rarely considered standard equipment. 

Borrowing some techniques from crime scene investigators, The Washington Post recently attempted to figure out what kind of information automakers are most interested in. It contacted Jim Mason, an ARCCA engineer that helps reconstruct vehicle accidents, and chose a 2017 Chevrolet Volt.

General Motors has a substantial lead in data acquisition, and it’s been pretty open about its interest in vehicular connectivity. (We’ve covered the evolution of OnStar, the rise of Marketplace, and GM’s research into customer behavior before.) And that background is why The Post went with a Chevy for its tests.

Mason gave the outlet a rundown on how modern vehicles utilize multiple computers and often have an array of sensors (thanks to advanced driving aids) that can store information on internal hard drives in order to be transmitted back to base when convenient. Getting that data as the manufacturer is easy. However, doing so at home requires loads of expertise, time, special equipment, and enough sweat to disassemble part of the car.

From The Washington Post:

It was worth the trouble when Mason showed me my data. There on a map was the precise location where I’d driven to take apart the Chevy. There were my other destinations, like the hardware store I’d stopped at to buy some tape.

Among the trove of data points were unique identifiers for my and [the Volt’s owner] Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.

For a broader view, Mason also extracted the data from a Chevrolet infotainment computer that I bought used on eBay for $375. It contained enough data to reconstruct the Upstate New York travels and relationships of a total stranger. We know he or she frequently called someone listed as “Sweetie,” whose photo we also have. We could see the exact Gulf station where they bought gas, the restaurant where they ate (called Taste China) and the unique identifiers for their Samsung Galaxy Note phones.

Mason said he’s also hacked into Fords that recorded positional data every few minutes, regardless of whether you’re using the navigation system, and German models with 300 gigabyte hard drives exclusively used for data storage. He also referenced Tesla Model 3s that collected video clips from the cameras used for Autopilot. Creepily, Mason added that, in most instances, he’s really only able to get a fraction of the data these cars collect.

GM Onstar Plus

The vehicle’s owner, Doug, contacted GM to see what kind of data was being transmitted from his vehicle and was simply directed to examine the company’s privacy policy. Following up with dual written request to see his data under California’s “Shine the Light” law (passed in 2003), he was reportedly met with silence.

GM spokesman David Caldwell declined to offer specifics on Doug’s Chevy but said the data GM collects generally falls into three categories: vehicle location, vehicle performance and driver behavior. “Much of this data is highly technical, not linkable to individuals and doesn’t leave the vehicle itself,” he said.

The company, he said, collects real-time data to monitor vehicle performance to improve safety and to help design future products and services.

While we absolutely believe the latter claim, the former borders on a bald-faced lie. “Not linkable to individuals?” Get real. Not only does this hacking experiment prove that the data GM is shifting is personal data (names, addresses, emails, locations, etc.), its corporate privacy policy explicitly says it can do this. The OnStar privacy statement claims GM can store and share your information “for as long as necessary.”

But there were clues to what more GM knows on its website and app. It offers a Smart Driver score — a measure of good driving — based on how hard you brake and turn and how often you drive late at night. They’ll share that with insurance companies, if you want. With paid OnStar service, I could, on demand, locate the car’s exact location. It also offers in-vehicle WiFi and remote key access for Amazon package deliveries. An OnStar Marketplace connects the vehicle directly with third-party apps for Domino’s, IHOP, Shell and others.

This would feel a lot less ominous if automakers kept their promises. In 2014, twenty of the world’s largest automotive manufacturers collectively agreed to meet or exceed commitments contained in the Automotive Consumer Privacy Protection Principles and protect personal information collected through in-car technologies. Unfortunately, it hasn’t amounted to much. Carmakers are collecting more data than ever and feverishly attempting to find ways to monazite it in the coming years.

Many automakers, including General Motors, claim they’ve found a way to protect customers by using “anonymized data.” But it’s practically meaningless when all the information being collected is building a user profile as distinct as a fingerprint — which is then shared with third parties GM can’t tell you about.

The Washington Post article goes into additional detail about how these changes are impacting right-to-repair laws, government surveillance concerns, targeted advertising, unsavory insurance programs, and a bunch of other stuff we’ve already complained about. It wants you to be weary of data acquisition and address the need for more transparency within the industry. Right now, we’ve basically given automakers the ability to access the same information phone carriers and social media firms do with less protection.

Mason recommended those interested in maintaining their privacy simply drive an older vehicle assembled before connectivity was a concern. More realistically, one could purchase a lighter adaptor to charge their phone — as simply connecting it to a USB port would be enough for most vehicles to sweep up every scrap of data you had on it. He also suggested telling the dealer you want to become an expert on turning off connected services. However, this would only stop automakers from collecting certain kinds of data (usually location) and isn’t a feature most newer models possess.

[Images: General Motors]

Get the latest TTAC e-Newsletter!

Recommended

51 Comments on “Report: Connected Cars Already Know Everything About You...”


  • avatar
    boxcarclassic

    This is the problem with CAFE standards and gov sticking its nose into your life. Its bad enough everybody uses debit cards everywhere they go. Yes you are being tracked by many entities,The stupid Alexa collecting info. You cant even trust new vehicles. People better wake up because one day this stuff will be used against us all. Just imagine the conversations its recording while your in the vehicle! We do have a constitution that protects us from this crap.Unfortunately too many idiots in America today know very little about it.

    • 0 avatar
      Arthur Dailey

      @Boxcar; What does the government have to do with Alexa?. Or Google Home Mini?
      Or websites that track your preferences?

      These are driven by capitalism. Not government.

      If you are looking for villains, in this instance you are looking in the wrong direction.

      • 0 avatar
        boxcarclassic

        Seriously if I need to explain this to you then you need to wake up and look a bit deeper than the stupid news channels out there. I’ll say this I worked in industries in this market and i have told the truth. Do as you will in your own mind.

        • 0 avatar
          Arthur Dailey

          @boxcar: What other conspiracies do you believe? Rogers, Bell, etc do not share their information with the government. Without a warrant.

          The majority of this information is gathered to direct targeted advertising to you while you visit InfoWars, etc.

          It is gathered predominantly to generate revenue. Not for the government, who cannot even utilize the limited information that they already have.

          And by the way, there is no ‘the government’. There are municipal/local, provincial/state and federal governments. Plus hundreds of government agencies. Many at odds with each other. And quite often ministries/agencies in the same government can’t even share information with each other.

        • 0 avatar
          JimZ

          ah yes, the “I won’t support my arguments, I’ll just tell you to ‘do some research.\'”

          you made the assertion, you support it with evidence.

          • 0 avatar
            boxcarclassic

            Dont give me that nonsense. I dont need to write up 4 pages to a guy who thinks obama fixed the problem,or who believes any politician period. I learned plenty by doing my own research and so can he and you. If your not lazy and truly want to know the truth its out there.

          • 0 avatar
            FreedMike

            Well, at least boxcar’s fully committed to the “I know what I know and I’m not going to prove it” approach. God bless you, sir. And kudos for the brilliant “you must be an Obama acolyte” addendum to said approach.

      • 0 avatar
        Lokki

        Yeah…. about that.

        “ Every day, collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications.”

        https://www.theguardian.com/commentisfree/2013/may/04/telephone-calls-recorded-fbi-boston

        You can be pretty sure that (no doubt only with an almost impossible to get FISA warrant) the government can get access to all those records collected by the evil capitalists too.

        For what it’s worth AT&T recently coughed up President Trump’s personal attorney’s phone records to a member of the House of Representatives without a warrant.

        • 0 avatar
          Arthur Dailey

          From that article dated in 2013:
          “Congress retroactively immunized the nation’s telecom giants for their participation in the illegal Bush spying programs.”

          “Two Democratic Senators, Ron Wyden and Mark Udall” warned the public regarding this.

          So yes surveillance did take place in the USA unlike in Canada, France, Australia, the UK, the Scandinavian nations or other ‘free nations’. Under a Republican President.

          However most reports are that was curtailed. And of course government incompetence and overload prevented what was gathered from being useful or retained.

          And if you used a Canadian designed Blackberry it was encrypted so that it could not be overheard.

          Also as pointed out, there is no one government. And what was collected was still limited when compared to what private, for profit corporations record.

          You should be worried about the disinformation that the Russian and Chinese governments are posting and what they could do to your banking, power grid infrastructures, hospital and air traffic control operating systems with just a few keystrokes.

        • 0 avatar
          Arthur Dailey

          @Lokki by the way that link is long outdated.

          Under President Obama a law was passed prohibiting that type of listening into or collection of phone calls.

          https://www.theguardian.com/world/2015/jun/03/surveillance-reform-freedom-act-explainer-fbi-phone-calls-privacy

    • 0 avatar
      2manycars

      The solution is simple – drive an older vehicle that is not equipped with this garbage. My car doesn’t “know” anything about me, or anything else for that matter. (No, I don’t have a smartphone either.)

    • 0 avatar
      dwford

      The government is all too happy to let corporations spy on us. That’s why the government pushes so hard behind the scenes for side deals with corporations to get your data. It may not matter on a day to day basis, but one day it might matter that these corporations know literally everything about you, and when they hand over your “file” to the government, you’ll be toast.

      • 0 avatar
        boxcarclassic

        You get it

        • 0 avatar
          golden2husky

          While I don’t doubt the Government might be snooping on certain individuals and they often think they are above the laws that they are supposed to protect, your average Joe is not going to be getting a visit from the FBI. That is not meant to marginalize your (valid) concern, but Joe is far more likely to have Corporate America follow his footsteps, bombard him with unwanted marketing, and to package and sell his personal life to others for a buck. Anybody with an open mic to the internet in their home if a fu**ing idiot. Yet, if you package your snooping equipment nicely and offer free services with it the sheep will gladly follow along. And that will not change. Consider that while some here (myself included) consider this a major issue, the total posts on this critical topic is but a fraction of what gets posted on other issues that frankly have far less potential impact on our lives. The younger generation, for the most part, does not care about the loss of privacy. If it is convenient then it’s all good.

          I pulled the OnStar fuse on my car to at least disable it and have located the EDR so I can destroy it if I wreck my car. I do have some thankfully analog cars but the reality is that in another 15 years there won’t be too many of them out there.

          Uncle Sam will never bother with this issue because there is no public demand for action. Even if there was a public outcry, action is unlikely or will be fraught with loopholes for the corporate sbags to continue to milk money out of the sheep. Maybe when people start getting surcharged by dirtbags in the insurance industry because they were subject to unknown surveillance maybe they will get motivated. Till then, forget it.

          • 0 avatar
            EGSE

            @golden2husky

            Completely agree; your treatise is well written.

            I will add that we already have microphones in our homes. They are in our laptops and some tablets. Some televisions have microphones so they can respond to voice commands. I have a so-called “smart TV” and while it does not have a mic, it can connect to a wi-fi hotspot. It has been demonstrated that they can forward viewing information back to some interested party and are vulnerable to hacking. I naively paired the TV with my phone and discovered it was downloading software updates over that link. I cut that connection pronto.

            The “IOT”, the “Internet Of Things”, will open up new challenges for those of us that are concerned about such matters. The legal system is lagging the advances in technology which has always been the case. It will take a pitchfork parade on Congress before any remedy is provided, if one is at all.

          • 0 avatar
            boxcarclassic

            I understand your point and actually agree.The FBI is not looking at your average joe. Problem is its not about that.It comes down to these quantum computers where every bit of detail about each individuals life is being stored. Its for future use like similar to the chinese using their credit score. Simply put this is big brother on steroids one world gov happening. We can pretend its not happening but it is and I pray Americans will wake up understand that beautiful constitution and the people who died for it. Because that is not a nice society.

          • 0 avatar
            JimZ

            yep. I’ve noticed- at least anecdotally- that the people most paranoid about stuff like this are literally the least interesting people that no company or agency would waste time tracking.

            On the other hand, if the government is actively interested in monitoring your whereabouts, you very likely already know it. And why.

    • 0 avatar
      Sceptic

      Only a naive statist could claim that corporate data collection has nothing to do with the government. There are a lot of creative ways to bypass laws and the US Constitution used by govt agencies. For example, govt agencies are banned by law to collect satellite images of US territory. NSA simply financed private enterprises(often run by former agency employees) to acquire high resolution SAT imagery. Then they simply purchase needed imagery from “private” industry.

      • 0 avatar
        Arthur Dailey

        @Sceptic: Conspiracy theorists give US government agencies too much credit. They couldn’t kill Castro. They botched trying to rescue the hostages in Iran. They have a long record of incompetence. And trying to track all the data that you believe they are recording is far beyond their capabilities.

        Otherwise they would be far more successful at stopping ‘terrorism’ and ‘organized crime’.

        In reality the FBI (known for decades among other law enforcement agencies as ‘The Feebs’, are far more like they were portrayed in Die Hard, than the infallible, ‘crime solvers’ portrayed on TV.

  • avatar
    Felix Hoenikker

    This is why I have no “talking coffee cans” in my house – even if they were free. Until we get some honest representation in government, this crap will continue.

  • avatar
    conundrum

    Good article.

    I have no idea whether my new car is spying on me to the extent that it is sending data over the internet to HQ. The owner manual talks about the Event Data Recorder and nothing else. To connect to the internet, the car has to have a modem and an antenna, presumably.

    I am a Luddite in that I don’t connect to my infotainment system like pairing the phone each time I get in the car. I expressly avoided the manufacturer navigation. I’ve always turned off location on every cellphone I’ve ever had once Google decided it knew its way to my then office on my first. I knew the way as well, thanks all the same. Nor do I bother using Android Auto. When you’re retired and have lived in the same area for 45 years, you ought to know your way around.

    The one time I plugged my phone into the car’s USB outlet to charge it, the phone freaked out and thought it was connected to a PC, then went into perpetual reboot! Basically, the hell with it. I managed to drive for over 50 years without all this “helpful” BS, and I have zero interest in letting some doltish company know my every movement. At home, the cell signal drops in and out because I’m in a fringe area (both carriers) so even if the car’s connected, it probably has a lousy connection. Had to get an old-fashioned remote starter because I couldn’t count on a phone app.

    Most people have just given up on their privacy and think all this low level technology crap is fine, presumably relying on the safety in numbers routine. Sorry, I have no interest in targeted ads, or letting anyone know where I shop or visit. whether I’m a creature of habit or not, or play srupid video games un my car. That’s my business, nobody else’s. If people had a reasonable think about it, they’d probably agree, but find it oh so convenient to use those flashy apps and give in like lemmings, hoping for the best and enriching the data miners.

    Is there a list of manufacturers who like GM have internet connect as standard? Whether you buy all the options or not? I can’t find such a list, but maybe others know. I assume for the worse it’s like electric windows, every vehicle has the feature.

    • 0 avatar
      boxcarclassic

      According to Arthur Dailey people like me are crazy and there is no gov doing this without a search warrant. Obama said so kinda like you can keep your doctor if you want and health plans will go down $2500.

      • 0 avatar
        Arthur Dailey

        Paranoia is not always crazy. After all just because you might be paranoid doesn’t mean that there isn’t someone out to get you.

        But you are looking in the wrong direction.

        Do you get malware and blackmail e-mails from the US government? Or do they original offshore?

        Do companies get hacked by the US government or by offshore sources?

        Does the US government hide tracking/listening devices in hardware/software sold to corporations or is this something done by offshore sources?

        Who are the major sources of disinformation on social media?

        And who stands to make money from all this information? Remember, always follow the money.

        Multi-national corporations and governments opposed to democracy, or the USA are the culprits you should be aware of.

        Governments in the USA are so dysfunctional that many cannot or will not share information.

        And thankfully in the truly ‘free’ nations like Canada, the Scandinavian countries, etc we don’t have to worry about our governments spying on its citizens.

        Americans willingly gave up many of their freedoms, and engaged in military excursions that merely enriched those in power, when scared by ‘terrorist threats’.

        • 0 avatar
          boxcarclassic

          Im not paranoid I dont trust the U.S. gov,nor do I trust any gov including the ones who say. I agree Americans stupidly gave up many freedoms because of these false terror wars. We agree on something

  • avatar
    newenthusiast

    I have 3 questions (well, some questions within questions) that the linked article does not get into:

    1) I don’t have a smartphone. I also leave my phone off when I drive. (having been involved in 2 different accidents where the other driver was distracted, I admit I am an outlier here.) We have two 2010 vehicles with no nav systems or OTA capability. I presume that none of my information is getting sent back or even saved, correct? In the future, if I were to purchase a newer vehicle with these features is it safe to assume that nothing like call logs or contacts would be uploaded?

    2) I buy used and go to indie shops. Is it safe to assume that these shops do not have the capability to get to this data, given the difficulty the computer expert in this story had getting to it?

    3) Aside from losing the use of any built in nav system, what, if any, are the ramifications of blocking or removing these systems ability to send and receive this kind of info, if such a thing is even possible? Or removing them entirely? I’m generally outside the OEM warranty, so I’m more concerned with the idea that the car gets bricked because this system is integrated into the same things that looks at the car’s mechanical health and would not allow the car to start if it seems like this system was off line or malfunctioning.

    I believe that some here have stated that they work for auto manufacturers, and I have seen it implied that there are many other employees of those companies who read TTAC, Jalopnik, etc, but generally never post.

    I’m not trying to sound paranoid, I just want to be informed about something that it seems I will not be able to avoid in my next auto purchase. It might be worth holding on to what I drive even longer than usual.

    • 0 avatar
      ToolGuy

      Before the turn of the century at Old GM, a development engineer and a member of the brand team were doing some work on the GMT800 – looking at the compass recalibration procedure (you would drive around in circles). An OnStar representative broke in over the speaker wanting to know “what are you guys up to?” So they not only knew what the vehicle was doing dynamically, they could filter it in near real-time to find the interesting ‘exceptions,’ and they were actively monitoring those. This was twenty years ago – the technology has not gone backward.

      Refer to this document to see just how much your 2010 vehicle might know about that collision you just had:
      https://www.govinfo.gov/content/pkg/CFR-2010-title49-vol6/pdf/CFR-2010-title49-vol6-sec563-7.pdf

      Automakers now regularly hire “data scientists” to work with “big data” – LARGE data sets. Hint: they aren’t there to validate your spark advance settings.

      Slightly off-topic: It is frustrating to lose a file on my computer at home. It is more frustrating to realize that the NSA has a clean copy of the file, but can’t share it with me. :-)

      Further off-topic: Have you ever had your legitimately-purchased music files disappear from your hard drive after a ‘Windows update’? I have.

      • 0 avatar
        EGSE

        I wasn’t pleased that the Android Pie update doesn’t allow installed apps to know what the calling number is. It “broke” my Morse code ring-tone that told me the number or contact name when I got a call. Bastards.

        Interestingly, the number *is* available to the Bluetooth-connected cordless phones I have all over the house.

        And I wish they’d get rid of the “Read all comments” BS.

      • 0 avatar
        newenthusiast

        @Toolguy:

        In termsof your last question,I still buy CDs and rip them to .WAV or .FLAC for the car and the .mp3 player. I play CDs at home

        Out of necessity, I keep them on an external USB drive. I’m currently up to a 4TB drive that’s at 80% capacity. So, I haven’t experienced disappearing files…yet. I know data degradation is a thing.

        I looked at you link. That’s the ‘black box’ used when an accident happens, correct? I was aware of that, but I’m thinking more about personal identifying info. The EDR has limited memory I believe, or did. With ‘connected vehicles’ I assume it just sends it somehow….I assume through a driver’s phone?

    • 0 avatar
      EGSE

      @newenthusiast

      I am an RF engineer by profession and have worked with both ends (infrastructure and subscriber) of cellular equipment and done have some design for equipment that mimics infrastructure equipment. As to (3), I haven’t been inside any of the connected-car systems but (this is a WAG) the cellular transceiver could be built into the unit housing the AM/FM/sat radio; this would be convenient from a design standpoint since the transceiver has to connect with the cell network which means it needs access to an antenna. If the antenna is shared with the aforementioned radio it is easy (using a device called a diplexer) for the two radio devices to share one antenna as long as there is a wide separation in the frequencies each device uses. This is conveniently the case with AM/FM/sat radio on the one hand, and the frequencies allocated for cellular use on the other. I share your interest in hearing from those who have knowledge of the configuration in the car.

      Here’s some more speculation…..it’s probable there is a designed-in feature that can inhibit the cellular transceiver from emitting a signal. Certain customers who would wish to remain “stealthy” could find this useful so as to not alert a technically-sophisticated adversary to their presence. Whether how this could be done is contained in an interface-control document that is available to the public is another question.

      I also don’t welcome this intrusion into my privacy and hope my older Civic lasts at least one day longer than I do.

      • 0 avatar
        newenthusiast

        @EGSE

        Here in Hawaii, Sirius XM is not available here, so anything trying to be sent or received that way would be useless.

        Can the type of info we’re talking about be sent via FM? I worked in radio for 13 years, and for analog FM, that’s a no. I understand how HDradio works, in theory, but in practice I can’t say either way that such info could be sent on a carrier signal, since I’ve been out for a while. Most broadcasters subdivide the digital portion of their signal into “sub channels.” This allows a station to broadcast two or more programs simultaneously. Listeners might have a choice of, say, a sports game or music. Or maybe play an expanded library commercial free. (Many rock stations are doing this. The subchannel might be all classic rock or all new or all 90’s, or simply a random selection from the library, which could be massive if it’s a heritage rock station like WMMR in Philadelphia).

        However, I know it can also send information like album art, logos, weather updates, emergency alerts, or even traffic jams, and road construction to a receiver. But can a car send info back? It would need to be a pretty strong signal…so I’m not sure that cars can.

        That’s why I asked if the phone was the tool being used, and specifically smartphones.

        The idea of a stealth mode sounds awesome. But again, I’m guessing it would take a lot or time, funds, and fairly intimate knowledge of a specific manufacturer’s system to do that.

        I’m asking: what if I just completely disconnected whatever sends and receives? If one were to remove the power to it, or cut any hard (wired) connection to power supply or the on board computer, would the car simply not start?

        Is this even legal?

        • 0 avatar
          EGSE

          @newenthusiast

          It is reasonable to assume the AM/FM/sat radios that come with essentially every new car do not play a meaningful role in this field, if at all. They are receive-only systems and that market is hopelessly fragmented; you would have to organize the broadcasters in North America to use a new over-the-air protocol to serve this use. The cellular networks are already there, they provide two-way data/voice communication and the auto mfrs already use it for the “telematics” systems such as On-Star. The percentage of users of “connected vehicles” that will pair a smartphone with the system in the car will be too low to make it work. The car itself will have to ship with it’s own embedded cellular transceiver from the factory. This means that Ford, GM, Toyota, et al has to register every connected vehicle as a cellular subscriber with a unique ID so it can authenticate itself with the network before any data can be passed through. Otherwise, individual cars could not be handed off between cells as they move about.

          I know of no statutory or technical requirement for the end-user to maintain the ability for their vehicle to connect back to the “mother ship”. For it to be codified into law, legislation would be necessary and it would have to be harmonized between the U.S. and Canada at a minimum assuming that car owners will drive across borders. That legislation would be discoverable and would have already been published.

          I also don’t think the car will brick itself if it can’t establish a connection back to some server. There are still areas of North America where no cellular signals are available and cars can sit for extended periods of time in underground parking garages, etc. Owners wouldn’t put up with that and we’d be discussing it on TTAC and so forth with great indignation if it happened.

          If you could determine how the embedded transceiver reaches the outside world and sever that link, that would thwart their scheme. If the infotainment system shares a cable/antenna with the cell link, putting a band-pass filter in the line to selectively allow AM/FM broadcast frequencies through and reject the cellular bands, that would be a practical solution. Using a diplexer to route the out-bound cellular signal to a dummy load would be advisable from a technical standpoint and simple to do in practice; it is a standard technique in an RF engineer’s toolbox. If a separate cable/antenna is used, then a simple dummy load available from literally hundreds of suppliers for a few bucks would be a bulletproof countermeasure.

          I make the statement about a possible means to turn off the cell transceiver because these vehicles are used by “government” who do their own domestic signals intelligence work in the cellular bands with them. Having a very strong signal pop up in-band during a surveillance mission would play hell with that use. And the cellular providers also measure network coverage with drive-test receivers and as above, having a strong emitter in the band of interest would be intolerable.

        • 0 avatar
          28-Cars-Later

          @EGSE

          I concur the AM/FM head unit is most likely not involved as these can be removed and replaced with aftermarket radios.

          “The car itself will have to ship with it’s own embedded cellular transceiver from the factory. This means that Ford, GM, Toyota, et al has to register every connected vehicle as a cellular subscriber with a unique ID so it can authenticate itself with the network before any data can be passed through. Otherwise, individual cars could not be handed off between cells as they move about.”

          Would it be reasonable to speculate the systems may work more akin to something like OnStar which I was under the impression communicated by satellite?

          • 0 avatar
            JMII

            OnStar works with a combination of cellular and GPS. Even if you turn it “off” its still working. You have to physically remove bits from the car. The problem is GM (and I assume others) have piggybacked multiple useful things (like navigation, door locks, remote start, etc) on this connection. Depending on the vehicle AM/FM and XM might share connections with OnStar in an effort to simplify the vehicles wiring. Its all part of the CAN-BUS these days. There is a processor for the system (a daughter board) and several antennas that make it all work. It collects all kinds of vehicle data and then phones home with a detailed report.

            If you remove the antennas the signal is degraded but still active. This means you have to locate the module, open the case and remove the communications daughter board itself.

          • 0 avatar
            EGSE

            If the head unit is user-replaceable, that would be a good reason for the manufacturer to separate the communication hardware from the “car radio”. I’ve never been behind the dash on newer cars as what I was involved with was “access at a distance” so to speak.

            OnStar uses GPS for location data but uses the cellular network to connect to the service center. As of several years ago (and probably now, it’s been a few years since I was “hands-on” with cell sigint) it used the 800 MHz AMPS (Advanced Mobile Phone System) A and B bands; these bands occupy the former UHF TV channels from 70 to 83 which were reassigned in 1983 and are the original cellular allocations in NA. This freq band propagates farther than the higher-freq bands and is a good choice for a low data load system. First it was unencrypted analog FM two-way radio technology (IS-19/20* sometimes referred to as 1G, now unsupported in NA) and then GM adopted the IS-95/96* CDMA (Code Division Multiple Access) tech (2G). CDMA increases the number of subscribers that can simultaneously get service and also prevents casual eavesdropping. OnStar used the Verizon network and at some point switched to AT&T (Bell Mobility was used in Canada). The incumbent carrier (owned by the wireline monopoly in an area) was assigned the B band and one other non-incumbent got the A band; this was U.S.-wide. The OnStar system could switch between A and B as necessary when roaming as is universal for phones in general.

            An OnStar CDMA system from the early 2000s should still work with today’s cellular system, at least in the Washington MSA. I have an ancient early 2000s Nokia 5185i dove-bar 800 MHz phone that still works. I just lit it up and a synthesized voice said I need to subscribe for service, so Verizon still supports IS-95 and ergo a CDMA OnStar system as well. It has a non-standard feature set (and my nickname is displayed on the tiny screen) and was handy when my then-employer was doing some work with OnStar for a “customer”.

            * IS-blah blah means Interim Standard and the numbers define specific RF modulation standards as established by the CTIA (Cellular Telecommunications and Internet Association).

          • 0 avatar
            EGSE

            @JMII

            “This means you have to locate the module, open the case and remove the communications daughter board itself.”

            Doing that will likely lead to error messages being generated eventually leading to a communications error code being thrown. The communications card will almost certainly have its own embedded controller that returns acknowledgements that data packets were received via the comm buss (possibly with a locally-generated checksum or CRC) and state-of-health values, even if they’re just go/no go such as bits set as flags. If that controller isn’t there then the expected ACKs won’t be either. A lit CEL could prevent me from passing an emissions test. I don’t know how an essentially meaningless code would be regarded at the test facility. Gotta love this state.

            I do enjoy the technical discussion and you clearly have expertise to share. Thank you. I just wish it was more than us TTAC’ers that think it matters.

          • 0 avatar
            28-Cars-Later

            Thank you both.

    • 0 avatar
      golden2husky

      NewEnthusiast: That indi shop may be a contributor to big data as well. A lot of shops, in search of a new revenue stream, scan your registration barcode and sell the information to third parties. Ever wonder why an oil change at Jiffy Lube is so moderately priced? They sell your service records. Who would want that data? Well, companies such as CarFax use this to build their databases but it is much worse than that. Insurance companies use these services to track vehicles that they insure to see if they are mostly located in the area of the policy’s home address. They also grab mileage data as well. You have no say to this. I put paint over my barcode to prevent a friend’s condo assoication from using a reader on my code when I visit. It is getting bad.

      • 0 avatar
        JMII

        I can confirm the oil change places do report your information. When I sold my last car the purchasing dealer (actually a buying service) pulled up a report showing incorrect mileage, hinting that I might have rolled back the odometer. Then he admitted it was likely a typo because the data came from a Jiffy Lube type service place. He showed me the report which I assume they buy for this exact reason and it listed all my information, none of which I ever gave to this particular business. I was shocked! I knew dealers reported service to CarFax but assumed your basic quick lube place didn’t care or wasn’t sophisticated enough. Wrong – they have a computer, the internet, plus software. While I bet the software was sold under the guise of helping them pull the right oil filter and generating loyalty coupons, its also sending back way more data then just which engine you have.

        Now I am not one these tin-foil hat types but at this point you pretty much have to assume you are being tracked and monitored constantly these days thru multiple technologies, services and agencies. You might remember the Patriot Act passed after 9/11… well that basically opened the flood gates.

        • 0 avatar
          Arthur Dailey

          Some great technical info.

          Technology including the photocopier, printer, and television were largely responsible for the overthrow of the Iron Curtain.

          However current ‘tracking’ is much more useful for large multi-national corporations. Facebook, and Google for example are multi-billion leviathans because they track and sell data. And their major customers are not governments but other for profit corporations. Including the owners of this website.

          As mentioned eventually your auto insurance rates will be predicated by this information.

          If you are a consumer then expect your data to be used to sell you more.

      • 0 avatar
        newenthusiast

        @golden2husky

        Its not a Jiffy Lube type place. Its an Audi/VW specialist who will work on all German cars, as well as Mazdas (???) and Lexus (but oddly, not Toyota which I thought more commonality in parts, but maybe not).

        The work is great, for about half the labor costs of the Audi service center.

        That being said, being and indie that has great service, a limited shuttle service, and a business discount on premium rentals for their customers does not mean they do not sell data as you described.

        As chance would have it, I got an email today from them stating that they estimate (correctly) that I’m due for an oil change, tire rotation, and brake inspection. I am also due for the annual safety inspection anyway, so….I guess I’ll ask about what data they might store and how they use it. Their reaction will be what I am watching (60-70% of human communication is non-verbal, if you know what to look for).

        Now, my question is: why is your friend’s HOA scanning cars? What legit use would they need that data for? I assume you are a visitor parking in a visitor spot or your friend’s driveway? That is disconcerting…….

        • 0 avatar
          golden2husky

          They want to track incoming visitors ostensibly for “security” purposes. That is what I was told even though my name is on the “ok to visit” list in the security booth. They also have a camera that records vehicles coming and going. I’m ok with that because if they need the data for a suspected problem they can review the video as necessary by hand. They don’t have license plate reading software. My objection is to having the data of my visits based on my registration. Data in that form can be used for a whole host of invasive reasons. There are no rules on how many times a visitor can visit so there is no reason for data to be stored in such a format. Another reason to loathe HOAs.

          • 0 avatar
            newenthusiast

            I know that the rules regarding pictures and data gathered from them in public places falls in favor of them.

            But….I’m not so sure that what they are doing would be protected under the law. tacking the comings and going of a vehicle via license plate should be all they need to do. Having a database on you, a non-resident, is not the same thing at all.

            So, they want your VIN? What happens if you refuse? I have certainly had temp parking passed with my plate number on it, with a date or range of dates that it is goof for, but I’ve never been asked for a VIN other than at a parts store or for my insurance.

  • avatar
    28-Cars-Later

    “monazite”

    Monetize?

  • avatar
    GoNavy99

    The cat’s out of the bag as far as consumer data is concerned. In many ways, this is like what the digital music environment looked like just prior to iTunes being released. And therein lies the precedent and solution.

    It is not practical for consumers to individually address every holder of their information, or to police multiple independent entities – especially when they don’t know what is even out there (generally, “everything”).

    What we need is either a private-market solution to personal data (highly doubtful), or a legislative one (far more likely) similar to HIPAA.

    Either way, consumers can’t continuously be exposed to this. I have a 2018 Sierra, and I specifically don’t pay for OnStar. I naively believed that this was my private automobile. I know now, however that GM sees MY car as THEIR laboratory for collecting my private data.

    This is exactly why national legislation is necessary.

  • avatar
    tomLU86

    On any given day, there are thousands of cars built between 1965 and 1995 that are relatively rust-free and in good shape, or serviceable.

    As others mentioned, that is your best bet if closing this gaping loophole to your privacy is imoportant to you. If you live in a salt-free area, you can get another 20-40 years out of it, if parts remain available (and the more people who have old cars, the more likely this is). If not, if you have the means and garage space, get two.

    The Air Force is still flying B-52s and KC-135s that predate the Ford Mustang. Of course, their resources are greater, but keeping an aircraft going is very challenging.

    We lived in a ‘golden era’, in North America, from 1945 till now. Especially 1945-1973, the golden summer, which I missed out on, as I was not an adult, with an Indian summer of sort from 1983-2001

    Times change, and people’s increasing wants, driven by personal attitudes and more importantly, the demographics of aging, at the same time as the economy/society’s ability to provide for them is declining is not a happy combination.

    Technology has helped mitigate the gap, but with side effects. Now, technology will be explicitly hailed as the ‘savior’ of our world, if only we accept it (and the big entities than usually control it), and adopt certain changes.

    Data tracking is one way to ‘optimize’, or ‘control’ depending on one’s perspective.

    “Traffic calming” is another one….in the name of ‘pedestrian’ and ‘bicyclist’ ‘road access’, let’s strangle the traffic. In the USA, a suburban society, where much of the country has snow and cold 3-5 months a year, this is pretty stupid, but is is happening. Even in Michigan!

    Even our money is being used to keep things going! We are drowning in debt, yet things are going well. Some countries have negative interest rates, we have near zero in the US. It’s all good! Or is it?

    As a side note, it’s interesting to observe that of the major carmakers, GM is at the forefront of the drive to gather your personal data, monetize it, get you into an electric car, and ultimately into an autonomous vehicle.

    • 0 avatar
      ToolGuy

      Judging by deeds not words, I am not convinced that GM wants to get me into an electric car.

    • 0 avatar
      boxcarclassic

      Tomlu86 well said and funny how under obama GM became literally gov motors. People will point to chrysler in the 80s under Iaccoca.Yet that was a loan and was paid off.. GM was bailed out and is now owned by gov.

      • 0 avatar
        Arthur Dailey

        @boxcar: The US government sold off all their shares in GM just over 6 years ago. During the Obama administration.

        The Chinese government probably has more input into GM’s practices now than the American government. Ask @Deadweight.

  • avatar
    -Nate

    Good thing I keep the ear flaps on my tin foil hat well adjusted =8-) .

    “This is exactly why national legislation is necessary.” So then, more big gub’mint is the solution ? .

    The GM bailout was begun by President Bush, not that uppity guy you’re still afraid of….

    I’m glad I don’t live in the rust belt, “thousands of serviceable vehicles” isn’t going to help the millions of Americans who apparently need data free transportation .

    -Nate

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • MrH42: Now the real question: Will the hatchback be returning? And will a traditional manual stay? A wagon STI would...
  • Jon: EarthRoamer
  • thegamper: My first thought would be one of the German carmakers Mercedes, BMW, Audi. Simply for the variety of...
  • THX1136: A lot of “ifs” for me. If the monthly cost was equal to 1 1/2 times the normal monthly payment...
  • jack4x: “Think of a vehicle you’re interested in. Figure out what it would cost to finance, then triple the...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Timothy Cain
  • Matthew Guy
  • Ronnie Schreiber
  • Bozi Tatarevic
  • Chris Tonn
  • Corey Lewis
  • Mark Baruth