I wanted to get others’ takes but it seems like the only real way to get a non-spying car is to get an older car without any sort of telemetrics. I saw a video about different car companies’ security policies, well specifically the new Mental Outlaw video, and it just blew me away how even our cars aren’t safe. Anyone got tips for how to anonymize their car?
Mozilla Foundation did a deep dive into this. And the results where abysmal. The only brands not completely horrifying where Renault/Dacia because they are European and only serve the European market so they have to follow GDPR.
Wait, Renault doesn’t ship anything outside the EU?
It does, to India.
They used to but stopped AFAIK. I am not completely sure but that’s what I read when the Mozilla Foundation report came out. The other reply said to India so maybe my information is not completely accurate…
Nice to know
The problem with the “just buy old cars” is that I want a used electric car for like $10k.
We need a wiki of EVs that.has a section on each model enumerating which components are used to spy on you and videos showing how to neuter them.
The best privacy from an EV is an electric bicycle
Well, would be nice to be able to haul drywall and not get wet. There are some projects for this, but they’re a bit immature and documentation is lacking
You can haul a lot of weight by bike, especially if you use a trailer. How often do you really haul things? Just rent a panel van on days you want to move shit.
I live on a bicycle, but I’m going to be building a house soon, which is why I was looking at buying an EV.
An EV van has the same privacy issues, and we’re back at square 1
And then they’ll add the same tracking to them too.
My ebike comes with a GPS tracking app to locate it. Luckily it’s optional but it’s already begun
Not all. Bosch equipped ebikes send name/address when they get serviced.neither rad nor aventon have systems smart enough to record data at all. I dont think shimano ebikes are smart either.
I’m saying in the future.
We need a wiki of EVs that.has a section on each model enumerating which components are used to spy on you and videos showing how to neuter them.
I have been thinking we need something like this but for all new vehicles, not just EVs. Like instructables but for how to locate and rip out the cellular radio/antenna on every make and model that has one.
Definitely. But its more complicated than that.
My understanding is that many cars store the information airgapped and then upload it to the dealer when the mechanic pluggs into the car doing routine service checks.
So we need the wireless/radio neutering, but also someone needs to hook up to the car and see if/what data can be leaked via hard wire. And possibly find ways to disable the sensors, send random/nonsense data, update the software to not store sensitve data, automatically wipe the data every time the car turns on, or at least document how to manually wipe the data when you pull into the shop for maintenance.
Oof, yeah, didn’t think about that. Much more complicated.
Exactly. Like I got a new android phone last week and I want to make it more.private. I want be afraid of making mistakes. Any mistake I can do can be undone.
Yeah fortunately there’s tons of info on the internet on how to security harden phones. Its down to a science
Hardening cars is wild west right now.
Hardening cars is wild west right now.
The cars should not need to be hardened. That is what needs to stop, imo!!
Remove the cellular modem.
What are the chances the software is designed to throw errors and “See a technician” messages if you dk?
I’ve heard it can cause problems in some models, so people need to do their research. With my truck it’s dead easy and are no drawbacks.
We need an iFixit-like database giving each car a score about how easy it is to unplug the telematics units and what errors it may result in, complete with a score.
My suggestion, if you’re looking for a new car, is to research where the modem in the car is, and unplug it during the test drive (assuming it’s reachable).
I unplugged the one in my work truck, 2023 Ford F150. They call it the “Telematics unit” and it’s on the rear cab wall on the right side, hidden behind the sound deadening foam. I did this after it was bought, but if I had known about it before my boss paid it, I definately would have tried it before the test drive to make sure, and I plan to do it if/when I look for a newer car!
I unplugged every cable coming into it - power, antennas, data, all of them! The only issue that comes up is the center screen on the dash crashes back to the main menu when you try to open the data/wifi settings.
No other issues so far after almost 5k miles! No warnings, no lights on the dash, nothing! Android auto/carplay even still works! Don’t know yet if the dealer will try to plug the unit back in during the next service, but I intend to raise hell if they try!
Not small, but I think you’ll have better chances with the mid level commuter cars. You’ll probably get some error messages on some of them, but if you can ignore them, they wouldn’t stop the car from running.It’s the high end ones and EVs that have a higher chance of bricking if you disable the antenna.
Depends on the car but I’d say the chance is above 50%
Most of the cars will still try to connect to open Wifi when available to upload data.
Very nice ! That’s when you can start spying on your car’s behavior.
Not really. If they use TLS / HTTPS then you won’t see a damn thing.
Yeah. Believe me most of these embedded controllers are not very well programmed. Play a bit with fake certificates and I won’t be astonished if you to catch something.
Get rid of the car
And add a Faraday’s cage. There are other things except for cellular connection used in cars such as WiFi and Bluetooth.
That’s impractical. Bluetooth and Wi-Fi also needs modems so just remove those too.
I mean sure if you can find and remove them. They’re very small.
They’re going to be in the same location for a given model year, which somebody will likely have documented online.
I’d want bluetooth for music from my phone though. And it’d be nice if my phone’s cellular and GPS didn’t get blocked.
Isn’t your phone far more connected to your identity than your car? As in, if your worried about Toyota or Ford tracking your vehicles driving statistics it seems using GPS and wifi and Bluetooth on your phone that also has all your payment info, browsing history, and all your passwords saved defeats the entire purpose of worrying about your car. However, at least your phone gives you a benefit to using it like navigation and music, your car just mines your location data.
Privacy is not just black and white.
But then the car can send the data via unprotected WiFi spots. I don’t think you can turn off autoconnect.
Perhaps disconnecting the RF antenna, and replacing it with an appropriate termination?
ITT people are all dismissive because you can’t actually be anonymous on the road (license plates, speed cameras…), but, honestly, I just want a car that doesn’t listen in on my conversations, sell my data to brokers, require any passanger to accept the privacy policy, or record the times I have sex (jk it won’t be able to if I don’t have any)
It’s possible to get cars as new as 2019 where you can just pull a fuse. But it starts to get tricky.
Example my C7 Vette it only took about that (it was a bit of an ordeal to not brick the car) but it’s not connected to shit anymore.
Telemetry data will still be saved in the car systems, but not broadcast anywhere. So not too bad
Right to repair must apply to cars as well.
Buy an electric bicycle and use the money you would have spent on a car to run for a seat for local office on the platform to improve local transit infrastructure
How good are they in ice and snow? Probably a bit dangerous and cold I’d think.
There are studded tires you can get for ice but I’m not certain about their application on electric bikes.
The problem with that though is they aren’t legal everywhere. I know where I’m at we can’t have studded tires.
Bicycles can’t or vehicles can’t? There’s a vast difference in weight and I imagine most wouldn’t even notice.
I know you can’t on a motorcycle so I’d assume you can’t on an ebike as well.
I don’t live in the snow so never tried in real life, but local laws usually classify different levels of two wheeled vehicles. Some laws treat level 2 and under, where most e-bikes are, the same as bicycles. Mopeds and motor-driven cycles are a level above that are allowed on surface streets the same as cars but too underpowered for the highway. Then the level above that is the traditional motorcycle that are allowed on streets and highways.
tl;dr, it might be allowed for e-bikes to have studded tires depending on how local laws classify it.
Yes buy studded tires will help a lot
Depending on the car you might be able to physically disable telemetry. Here are some thoughts/ideas I’ve been collecting:
- Hit “SOS” button and opt-out of all services through customer service. This of course requires trusting the company to actually do it.
- It’s possible that the info could be stored locally and then uploaded when it gets serviced though
- Remove the fuse to the modem/data communication module (DCM)
- Disconnect wiring to the LTE antennas
- A number of people have mentioned that they can get the dealer to disconnect the telemetry as a precondition to buying. For instance, here.
- Jump the data communication module (DCM) cable with a ~$70 dongle to bypass just the telematics components
- Disconnect the DCM cable, which will likely gimp the infotainment if not other systems, or remove the entire DCM unit
Quite a few cars also still have a SIM card hidden somewhere, which can be removed. The location of it varies widely though and they’re usually pretty hard to find.
- Hit “SOS” button and opt-out of all services through customer service. This of course requires trusting the company to actually do it.
I’ve got a 2009 dumb car and I am babying it because I dread having to try to buy a new to me car that isn’t full of telemetrics and other modern car garbage.
Learn how to work on it
I already do. I’m no mechanic, but I’ve made numerous repairs over the years and am familiar with and can do basic car maintenance.
As long as data harvesting is legal and profitable, privacy will be a cat and mouse game. Gotta wonder how much capital and human effort is invested into all these anti-consumer innovations.
I plan to buy 2003 Skoda Octavia for obvious reasons or some car with automatic transmission.
My car is built in 2003 and I don’t think I’m ever moving it on.
It peaked in 2005 before the driver inputs got overrides and and speed outputs started lying to you.
I couldn’t even imagine a car connected to the internet.
I don’t recall what kind of car it was, but there was one that saved the phone number associated with any phone that connected via Bluetooth.
While I don’t think it’s likely as a way to trick people to connecting to get their phone number, it was a rental car which opened them up to impersonation scams. Knowing they just rented from the company and where in the city provides quite a bit of information on you.
Android has the ability to deny this information. If iOS has one it does jack shit because Apple doesn’t care about your privacy.
Should be quite easy to remove any WiFi/cellular/satellite antennas from the car’s computer. (Might be trace/chip antennas, so make sure to get those). If you’re extra paranoid, get the GPS antenna too, so it can’t simply record data indefinitely.
Might take a few hours to go through the car to make sure you get everything, but you won’t be limited to super old cars.
I don’t believe for a second that the car won’t be sending either an unremovable error message, a constant and un-mute-able audible alarm, or a complete lockout of subsystems or the entire system itself. The best case scenario is that this is a mild inconvenience.
Does your car lock up outside of cell coverage? I’m not suggesting removing the radios themselves, just the antennas. To the car, it will just always be out of range.
The antenna used for talking to the keys might cause trouble, but those are either inherently short range inductive systems or are receivable using a 20$ RTL SDR to verify it’s not sending anything else.
I was driving in a rented car and just decided to start randomly singing and… yeah, the car’s AI asked me to repeat.
Cars have had GPS capable black boxes for a long time. They claim it is for the same reason as airplane black boxes, but I call bullshit on that.
Would be interesting if people demand their car modems disconnected enmasse contractually before they bought newer cars. Then have an independent mechanic confirm its disconnected or dealer pays out the arse. Make em think twice about this crap
I did not watch the mentioned video so I am not sure if what I am about to mention is discussed there or not. Also, sorry for the really long reply!
I am not aware of any available truly privacy respecting, modern cars. However, assuming theat you obtain one or you can do things like physically disconnect/remove all wireless connectivity from the car to make it as private/secure as possible, there still is little you can do to be truly anonymous.
Your car likely has a VIN and license plate as well as a vehicle registration. Assuming you legally obtained the vehicle and did not take any preventative measures prior to purchasing the car, those pieces of information will be tied back to you and your home address (or at least someone closely connected to you). You would need to initially obtain the vehicle via a compsy/LLC/partnership/etc. as the owner/renter/leasee of the vehicle and an address not associated to you. Additionally, you would need to find some means of avoiding or limiting the additional information connected to you that is likely required to obtain the vehicle like car insurance and your drivers license.
Additionally, any work that certain mechanics perform may be shared (either directly or indirectly) with data brokers - even just routine maintenance like an oil change or alignment. Hopefully you didn’t use your credit card, loyalty rewards program, etc. when you had any work done!
There is also CCTV, security cameras, and other video recorders that are nearly impossible to avoid. Given enough time/resources and maybe a little bit of information, your car could be tracked from its origin to destination locations. This location history can be used to identify you as the owner (or at least driver/passenger) of the car. Unless your car never leaves your garage, you can almost guarantee that your car is on some Ring camera, street camera, etc.
Furthermore, anything special or different about your car (custom decal, unusual window tinting, funny bumper sticker, uncommon color for the car, uncommon trim/package for the car, dented bumper, fancy rims, replaced tires, specific location of toll reader placement on the windshield, something hanging from your rear mirror, etc.) all help identify your car. The make/model and year of your car can also be used to identify your car if its not a common car in the area. These identifiers can be used to help track your car via the video feeds mentioned above.
Then there are license plate readers which are only slightly easier to avoid than the video recordings. Permanent, stationary license plate readers can be found on various public roads and parking lots. There are also people who drive around with license plate readers as part of their job for insurance/repossession purposes. You may be able to use some sort of cover over your license plate(s) to hinder the ability of license plate readers to capture your plate number, but that could be used to help identify your car in video feeds/recordings.
Are there any write-ups on the situation in Europe under GDPR-legislation? Mostly I read about the US-situation which seems like the wild west, but I can’t imagine that it is perfectly fine in the EU either even if you opt-out of using their apps etc.
