The question that is always missing from these conversations is "Why should we care?" That isn't a popular question in communities like HN, but it is how the average person thinks.
On a philosophical level the "if you have nothing to hide" argument is flawed, but from a practical perspective it is kinda true (edit: in the context of corporate data collection). People who actually want change need to be able to communicate this to the average person in a clear and concrete manner how this negatively impacts their life. Once that reasoning starts getting into hypotheticals about a future totalitarian government or philosophical points about the nature of privacy, you have already lost people.
You need to be able to tell normal people why they should care about their privacy before they are motivated to protect it.
You should care, but spend some time to appreciate the issue before rushing to judgement. There is too much armchair laweying going on in this area. I just watched louis rossmann's vid about cars collecting sexual histories. Too many people don't know what these user agreements are in the real world. BMW doesn't want to monetize your sexual history. They probably couldn't do that even with user consent. This sort of language is about protecting the car company from the user when the user is suing the car company.
Example: Car company collects location data for legitimate uses such as safety, product development or legal requirements. Then a leak happens. Some blogger looks at the data and notices that the local mayor's car parks at a gay bar ever Friday night, often remaining there until saturday afternoon. The implications are clear. Mayor then sues car company for collecting his "sexual history". The car company can then point to the user agreement. They are covered for not just the location data, but all the things that can be inferred from that location data. These seemingly outrageous agreements are more lawyers covering their asses than companies actually attempting to collect.
A better answer may be to adjust laws not to ban or unban such tracking, but simply to mandate off switches. A mechanical switch that disables the GPS antenna would cost maybe 10$ per car, comparable to any number of rarely-used mandatory features in cars these days.
I don't understand this argument though. The car company did not disclose any sexual history and only the location data that it says it collected. That things can be inferred from the data seems like a legal slippery slope. Are there examples of such cases going to trial without being thrown out?
Folks don't realize all the things they are hiding — and can be extraordinarily important to hide — even when they're actively hiding them! My personal favorite anecdote here is comes from a debate with a friend who was staunchly asserting that she had nothing to hide. I just blindly suggested — hypothetically — that one example would be if she were in early stages of pregnancy. Seven months later, guess what she was hiding during the argument.
This is part of what I'm talking about. Hiding something from an individual you know is very different from hiding something from a faceless corporation. There are obvious practical implications from someone you know finding out that you are pregnant before you want them to know. Why does it matter whether your car manufacturer knows if you are pregnant?
Unfortunately it can also matter if your boss knows. Or the company you’re interviewing with. It shouldn’t matter (and would be illegal if it could be proven), but it matters.
The problem is that the more people know a secret the less likely it is to stay secret. I don't want the people I know to be able to download a profile about my from their local data broker. Even if my car company doesn't sell my data (which they probably will) one of the companies that do know it will eventually leak it and it will be slurped up and be made available to people that I don't want it available to.
Now you are arguing separate issues. There are three concerns here: data collection, data brokering, and data security. Your complaint is about the latter two. Addressing the data collection would certainly address the other two, but if those are the concerns why shouldn't we make laws focusing on them rather than the collection?
We have already seen the privacy implications of this at the private and government level at the same time. There is data that the government isn't allowed to collect, but it is allowed to purchases that data from 3rd parties. If the government having access to your data isn't a concern, what should be is that if the government can purchase it, anyone can.
Yes, people generally don't care if others know they shop at Target and the mundane details of their kid's softball practice, but they don't know what else is available:
- When nobody is home and their house is empty. Not only can they do this in real-time especially if they can track car data, but they use see time data to determine when you're least likely to be home in the future.
- Your medical history. You car was parked outside of a cardiologist and a pharmacy. You probably have high blood pressure. Did you go to an obstetrician's office for the 3rd time? Maybe you're pregnant.
- How about existing and future interstate crimes? You go to a shooting range every week and since the recent passage of a law banning ammunition purchases without a background check in your state, you've started making regular runs to a neighboring state. Is this probable cause to show you're breaking the law? What about a woman going to the doctor in a state that bans abortions who makes similar trips out of state? Have you been posting about your recent bourbon tastings and making trips to the nearby state known for having better alcohol availability?
- People don't care about strangers having access to boring personal details, but what about people you know? There's nothing stopping your mother-in-law from snooping on your life and asking personal questions they have no business looking at. Maybe this is cumbersome and expensive today, but considering how tech makes things easier and cheaper over time, will it always be this way? Once data is out there, it's out there forever.
Maybe people aren't concerned because these laws aren't being enforced, but how much of that is a chicken and the egg? Are they not enforced because they don't want to enforce them or because or because it's difficult to ID the people breaking the law. Data like this makes it easier.
>Once that reasoning starts getting into hypotheticals about a future totalitarian government... you have already lost people.
You can't start talking about states arresting people for going to a bourbon tasting and have people actual care about your argument. People have way too many more tangible and more pressing concerns than this type of weird hypothetical.
I'm not saying your argument is wrong. It just isn't going to actually motivate anyone to action.
While I do think that is a great example, it would appear that your peer group might have a self-selection bias for increased security, vs the normal population.
A quick google search leads to multiple articles suggesting that the vast majority of people do not lock their phones.
As to whether they would give you their phones or not is a different question, but I would wager that many (most?) of those who don't lock their phones would also not necessarily care if someone looks at their device, or at the very least do not take measures to prevent others from doing so.
This is a valid point, and the people I talked to tended to be younger. I assume older people don't lock their devices? Or maybe its a regional thing? In Germany I (anecdotal) have met maybe a handful of people under 40 who didn't lock their phone and one under 30 of a 100+ people.
End of the day, ICE cars are getting more reliable due to emissions controls, and EVs are much more reliable. So the ongoing revenue stream for car companies (service) is a dead business.
The "why should we care" is the same as many other things -- the car company is going to use technology and tracking to monetize valuable features and experiences. There's few if any scenarios where this is good for you.
>"Why should we care?" That isn't a popular question in communities like HN, but it is how the average person thinks.
This is an oft repeated sentiment that really needs to be questioned. And I don't mean by posting some survey where the questioning is as nebulous as the privacy policies and EULAs that the average person is manipulated into accepting without a clear understanding of the implications.
My one piece of counter data today is that I was at the gym and saw a TV commercial for DuckDuckGo that was painting Google for the privacy thieves that they are.
Daytime TV is a demographic of boomer average users. DDG is actually paying for airtime to target them with a value prop of "we don't invade your privacy like this big thug over here does."
Maybe there is a sea change coming and we might soon see what average people think about how much value they put on their privacy.
Did I blink and miss when cars stopped being purchased, and started being licensed like software?
Most of this research is about manufacturers' legal cover (privacy policies).
If I owned a car like this I would have my lawyer send a formal letter to the manufacturer explaining that I disagree with their terms, and opt out of all this garbage. Clarifying they do NOT have my consent, regardless of what buttons their UI forces me to push to drive my vehicle.
If they tried to tell me I'm no longer allowed to use the vehicle, it would be a delicious lawsuit over what exactly my $50k or whatever bought me (that they'd effectively sold me a lemon).
From what I can tell they basically just went and read all the manufacturers privacy policies - that seems to be the primary source of their data. With some background sprinkled in of known breaches / past news.
I was hoping there may have been more reverse engineering or packet sniffing going on, or some other deeper means of investigation.
Don't get me wrong I care about privacy and this is important information which is great to highlight to the average Joe. But it's not like it was hidden (some of us actually do read, care about, and even send critiques back to vendors about their legal policies).
The way that multiple (I counted 4) articles of theirs talked about it as though it was a report I was expecting a deeper analysis but they just presented keywords pulled from privacy policies and extrapolated.
The tone used was also oddly casual and blog-like for an important topic ('ugh', 'yikes', 'wtf', liberal use of exclamations—even double exclamations), apart from hypothetical scenarios which don't help ground their points. In the AMA they admit they're unaware what various aspects mean yet the articles present findings emphatically.
Mozilla recently published[1] a page about how they had four lawyers and three 'privacy experts' analyze a Microsoft service agreement and yet the page contains zero comments or analysis from them, merely containing two paragraphs that the conclusion was indecisive.
I do appreciate Mozilla bringing attention to such topics, though for all the money and effort they put in getting people to analyze things I kinda hoped their articles would be more substantive than what a reader can similarly determine.
This is the part I have been most curious about. How does the data get exfiltrated. Here is their link to explain the different levels of car connectivity.
According to that link, the majority of cars on the road are currently "level 1." Which can connect to phones, but cannot use them to "phone home". But that is of course changing with the cars sold today.
My biggest question is which makes/models can have the surveillance anti-features disabled by unplugging a specific module or two, while losing as little legitimate functionality as possible.
Using products the ways we want rather the way manufacturers tell us to is what the tech community used to focus on. It's certainly not a panacea, but it is better than news articles remarking how everything is so broken but in the end just giving in. Barring something like a non-loopholed US GDPR making the surveillance business illegal, self help against corporate control is all we've got.
Also there are a lot of people comfortable working on cars for which this could be a gateway to seeing tech as something that can be modded and controlled rather than an impenetrable black box.
> My biggest question is which makes/models can have the surveillance anti-features disabled by unplugging a specific module or two, while losing as little legitimate functionality as possible.
Onstar usually lives in a box that can be physically disconnected. That'll keep them from spying on you/your car even if you've never activated or used their service. I never enable bluetooth on my phone, but my car still has an AUX port and I'll plug my phone into that. If I charge my phone by plugging it into the car's USB ports I use a data blocker.
Seem like time to start prioritizing projects like restoring an old car, maybe even pre-ECU/fuel injected, or doing an electric conversion, just so we an have a car that is a car and not a spyware platform.
I can certainly appreciate how a car company would find all the data fantastic for legit purposes of understanding how their products are used and improving the products. But the externalized costs on the customer of the inevitable data breaches... at least make the data connection and collection opt-in.
Was looking into this a few motnsh ago, but a conversion kit for an ICE car was around 10–20k + labor (or tools if you’re DIYing it)… that’s pretty steep.
Seems steep, but since good used cars are well into 5 figures, but one with a blown motor can be had for a few $k, add $10-20k and we're still in range of a good used car or bottom-of-the-barrel new car, and below most electrics... and batteries are getting cheaper, e.g., by 10% in August alone [0] — this could be good!
Most normal people I've talked to about this have a deep sense of defeat. They care a lot, but also don't think that there's anything they can do about it -- so it often doesn't figure into their purchasing decisions.
It's a position I can understand. How can anyone who doesn't do a deep dive like sniffing network traffic actually know that they're not being sold down the river, privacy-wise? They can't.
Agreed on how I feel most people perceive this stuff - they care but they are also resigned, whether that's expressed as active disapproval or accepting cognitive dissonance. To me the real crux of the matter is how to turn that caring into any sort of feeling of having choices.
It's not even a terribly hard model - if a device has an Internet connection and is running proprietary software, it's only a matter of time until it spies on you or otherwise betrays your trust. But it sounds way too abstract and technical for the average person to act on it. And even in the case that there are off the shelf libre solutions, they still don't compete against all of the advertising pushing surveillance based solutions.
To me the real crux of the matter is how to turn that caring into any sort of feeling of having choices.
A good start would be actually having a choice. In several markets that are effectively essential products for a lot of people to live a normal life today - including transportation - that choice no longer exists in practice because the whole industry is on board with doing this stuff.
Every time these subjects come up someone says this should make us angry and we should push our political representatives to legislate or regulate in response to these threats. And then someone else reminds us that it's 2023 and most people have slightly higher priorities like being able to afford to keep their homes and feed their kids so even if issues like privacy matter to them a great deal they will rarely swing enough votes to carry any real weight politically. Unfortunately these problems demonstrate a failure of both our commercial and economic systems and our political and democratic ones.
You can build your own car in the UK. If you build from a kit then the kit will typically have type approval and you just pay for your build to be inspected. If you create something unique it needs a more expensive inspection that incorporates type approval. Open source would be like a kit where you make the parts. I think legally this would be treated as a custom build. The full inspection is £450, which seems quite reasonable.
In the US, in every state that I'm familiar with, you can register/title/legally drive nearly any vehicle. There are some basic "road worthiness" conditions that have to be met, but they're usually simple and straight-forward, like "vehicle must have a rear view mirror". [1][2][3]
Good point. Is servicing still needed for Tesla? I know there’s no oil changes but if the tires can be handled by a tire company could you get by without Tesla getting involved
I would agree that it's brand isn't a browser, considering most people have never heard of it. Makes me wonder what they could do if they actually advertised it.
Most people don't give a shit about browsers and only know about chrome because the multi-tens-of-billions of dollars advertising and web search behemoth plastered ads on every search for a decade.
Strange. I've been using Firefox on macOS for the last 10 years and it's still working well for me, including to access Google services.
Tabs work very well in Firefox for me. I have 17083 tabs open at the moment, on my 2013 Macbook Pro, still going strong.
The Containers are great for separation of concerns and for multiple accounts like work vs personal, business shopping vs personal shopping, etc.
I tried Safari for a while but switched back to Firefox. I use Ungoogled Chromium occasionally to generate PDF invoices and have used it for a better Google Hangouts experience, but otherwise rarely open it
I have no idea if the situation has changed there, but in the early 2010s when I worked for Mozilla there was an ongoing issue where Windows was the less exercised platform internally because almost everyone had a MacBook on their desk.
huh? My main browser is FF on macOS. I currently have ~350 tabs open across multiple windows. I have zero bugginess.
I consider Chrome primitive because it lacks vertical tabs (kinda necessary with >10 tabs open at once). You can't even get workable vertical tabs with an extension on Chrome!
On a philosophical level the "if you have nothing to hide" argument is flawed, but from a practical perspective it is kinda true (edit: in the context of corporate data collection). People who actually want change need to be able to communicate this to the average person in a clear and concrete manner how this negatively impacts their life. Once that reasoning starts getting into hypotheticals about a future totalitarian government or philosophical points about the nature of privacy, you have already lost people.
You need to be able to tell normal people why they should care about their privacy before they are motivated to protect it.