[HN Gopher] A CBP contract shows the risks in connecting your ve...
___________________________________________________________________
A CBP contract shows the risks in connecting your vehicle and your
smartphone
Author : jbegley
Score : 202 points
Date : 2021-05-04 16:39 UTC (6 hours ago)
(HTM) web link (theintercept.com)
(TXT) w3m dump (theintercept.com)
| swader999 wrote:
| Slightly off this topic. What amazes me is that our phones are
| surely capable of knowing when we are driving but they still
| allow texting. Seems like an easy win for safety yet crickets is
| all we get here.
| eikenberry wrote:
| How would they know we are driving and not a passenger?
| swader999 wrote:
| GPS, accelerometer, AI. It can't be impossible.
| frankydp wrote:
| More importantly who cares, a couple 10k dead people a year
| is probably worth a tiny bit of inconvenient, not to
| mention the 500B in insurance waste.
| novok wrote:
| One day, I hope radios / networking off, telemetry off and logs
| off and still as functional as possible with those options off
| will all be legally mandatory options in any device that can do
| any of those things.
| velosol wrote:
| I remember reading about being able to pull a fuse to disable
| cellular connectivity on Teslas a few years back and you could
| also opt-out of data collection but it was apparently an
| involved process over email.
|
| Has anyone been through going 'radio silent' in a Tesla more
| recently?
| salawat wrote:
| You better fight for it. Otherwise industry is likely to lobby
| those become mandatory to prevent competition from heopardizing
| potential revenue streams by couching them as public safety and
| sustainibility features.
| Animats wrote:
| _"Your phone died, you're gonna get in the car, plug it in, and
| there's going to be this nice convenient USB port for you. When
| you plug it into this USB port, it's going to charge your phone,
| absolutely. And as soon as it powers up, it's going to start
| sucking all your data down into the car."_
|
| That used to be just something seen in hostile devices. Now it's
| standard equipment.
| philsnow wrote:
| This is why I use a 12V-to-5V USB charging adapter in my 2019
| model year car that absolutely has usb ports and supports
| android auto / carplay. I have connected it with bluetooth but
| only for calls and audio, no contacts / call history / etc. I
| trust apple enough to not screw that last part up and let my
| car get my contacts.
| josephcsible wrote:
| How effective is this today? Don't modern phones refuse to do
| anything except charge over a USB connection until the user
| unlocks the phone and trusts the connected host?
| x86_64Ubuntu wrote:
| Yes, but we are back at square one, where if I want to use
| "Chevy Play" or whatever their music player is, I have to
| battle a legion of dark patterns reaching for my data i.e
| "Allow this Stop Watch app to not don't allow prohibit from
| reading contacts"
| dylan604 wrote:
| How I miss the ol standby Aux port with a 1/8" cable.
| mixmastamyk wrote:
| I was going to ask this. My iPhone will charge but won't talk
| to my computer unless I type my PIN and confirm a trust
| dialog. Don't these cars work the same way?
|
| Or is this an Android/BlindlyHittingYes situation?
| Isthatablackgsd wrote:
| Note 8 here, my phone will not communicate with the
| computer that I am plugged to unless I give it permission.
| It been like that since years ago.
|
| Educated guess is that it is generally people blindly
| hitting yes situation. Often people just want to quickly
| setting it up and ready to be used. They don't want to wait
| 30 sec or more to look through the dialogs. They want
| instant results, that what they get for blindly hitting
| yes. In my experience, most of my friends and family are
| impatient when it come to pairing the phone to the head
| console.
| josephcsible wrote:
| It's not an Android situation. Android makes you do the
| same thing.
| pdkl95 wrote:
| Maybe those of us that understand this problem can and should
| help friends and family buy making/buying them a "USB
| condom"[1] and strongly encouraging that they use it anytime
| they want to plug something into USB for charging. This type of
| device can be as simple and cheap as a USB connector/cable with
| the data wires cut.
|
| [1] A USB dongle that only passed the power pins through for
| charging. Data is either blocked or physically disconnected.
| Animats wrote:
| Doesn't work for all the higher-power USB-C charging options
| that require negotiation before the higher voltage turns on.
| SAI_Peregrinus wrote:
| There are "smart" ones that MITM the power negotiation. IE
| they negotiate with the Devices for a particular PD
| profile, and with the Host for the same PD profile.
| maze-le wrote:
| I'd still call it hostile though...
| LinuxBender wrote:
| You can get a USB Condom [1] for this purpose.
|
| [1] - https://www.amazon.com/PortaPow-3rd-Gen-Data-
| Blocker/dp/B06X...
| soco wrote:
| Thank you, I just bought two! But any idea for if you're
| connected via Bluetooth?
| throwawayboise wrote:
| Bluetooth is always switched off on my phone unless I am in
| a situation where I explicitly want to connect to something
| (this has not happened yet). General good advice is to go
| through you phone settings and turn off everything you know
| you don't need. If you don't know, turn it off and see if
| anything you need stops working.
| LinuxBender wrote:
| Probably not without controlling one side of the
| communication. On the cell phone, you would need something
| that enforces mandatory access controls on what data can be
| sent over Bluetooth. Ideally a smart phone hacker could
| chime in. I've never owned one. Another potential option
| would be to root the car, likely voiding any warranty and
| potentially creating other liability implications.
| sagarm wrote:
| You have to ok sharing contacts with "normal" bluetooth
| pairing. For a personal vehicle most people would.
| swiley wrote:
| Buying a USB Condom for a piece of equipment you own is
| absolutely ridiculous and unacceptable.
|
| This is like having sex with your wife through a condom
| because you're worried about STDs.
| LinuxBender wrote:
| I absolutely agree, one should not have to do this.
| caseysoftware wrote:
| I started bringing and charging off those little external
| battery backup on trips years ago. Not perfect but great in
| hostile environments.. which is more and more.
| thinkling wrote:
| How do CarPlay and Android Auto integrate with the car's
| entertainment system? My sense is that CarPlay mostly treats the
| car as an external display (and input device) and I would hope
| that Apple has thought about the amount of data that is exposed.
| 1024core wrote:
| From the marketing material: _iVe currently supports AUDI, BMW,
| Buick, Cadillac, Chevrolet, Chrysler, Dodge, FIAT, Ford, GMC,
| HUMMER, Hyundai /Kia, INFINITI, Jeep, Lincoln, Mercedes-Benz,
| Maserati, Mercury, Nissan, Pontiac, Ram, Saturn, SEAT, Skoda,
| SRT, Toyota and Volkswagen_
|
| Now you know which brands to avoid!
| annoyingnoob wrote:
| My Volvo has a cellular radio in it that I cannot disable with
| pulling a fuse for a bunch of things. I've always assumed that
| the car uploads everything to Volvo without my knowledge or
| permission. I'll bet law enforcement can just ask Volvo for my
| data without needing a tool.
| throwawayboise wrote:
| Wirecutters. Find the antenna and clip the wire.
| specktr wrote:
| Ill be buying a new car this summer and seriously
| considering doing this or other hardware mods to disable
| any modems/telemetry. Does anyone know of any forums or
| something similar dedicated to these types of car hardware
| mods?
| leesalminen wrote:
| I've seen some posts on the various Toyota 4Runner forums
| about this. I'd check out the forums dedicated to your
| specific make/model.
| bellyfullofbac wrote:
| Apparently new cars sold since 2018 have to have a way to
| automatically contact emergency services after a crash, so
| they all probably come with a SIM card:
| https://en.wikipedia.org/wiki/ECall
|
| My guess is the manufacturer wants to upload "diagnostic"
| data, they would just use that same SIM card. And you
| probably can't disable it because it's a legal requirement
| (or, maybe you can on your Volvo?).
|
| Maybe one could just put a prepaid SIM card with zero
| bandwidth quota/zero call credits, because those are still
| able to call the emergency number.
|
| Interestingly the automatic "call the cops" function means
| hit and runs would be a lot harder, since the cops would get
| a timestamp of an accident, and a phone number as a car
| identifier...
| garaetjjte wrote:
| It seems there are eCall dedicated SIM cards, which cannot
| be used for other purposes. Though I'm confused why it is
| required at all, as you don't need any SIM card to call 112
| emergency number.
|
| >The in-vehicle system has a valid SIM that enables the
| provision of the eCall service. It is to be configured only
| for making an eCall, or it could also be used, in addition
| and as optional, for commercial service provision. In the
| first case, the IVS will be in a dormant mode (not
| traceable and active only in case of eCall triggering)
|
| https://eena.org/wp-content/uploads/eCall-and-open-
| issues-20...
| StavrosK wrote:
| I mean, though, you can always disable a cellular radio, it's
| just a matter of finding it.
| annoyingnoob wrote:
| There is a SIM card in the glove box that supports the
| Infotainment system and in-car hotspot if you want. I
| pulled that one out. The car still has another one,
| somewhere, as I occasionally get calls into the car but I
| don't pay for that service. I found the fuse for the
| factory phone but not the SIM, you're right its somewhere
| but for all I know its not removeable.
| StavrosK wrote:
| You'll probably need to do at least some disassembly to
| get to it (maybe next time you take the car for
| servicing). Then you can either wrap the antenna in some
| aluminum foil or just cut it (which would probably fry
| the transmitter).
|
| I agree, though, all our devices are becoming hostile to
| us.
| kgwxd wrote:
| So that leaves Hot Wheels.
| 1024core wrote:
| Honda, Subaru, Tesla too.
| twobitshifter wrote:
| Tesla may not work with this tool but they're definitely
| beaming data home all the time. If your privacy Conscious I
| wouldn't think Tesla spoiled be on your list.
| quickthrowman wrote:
| Don't forget Mazda!
| soco wrote:
| Any one left out of that list? Should I assume if I see one
| PSA-owned brand (for example), all PSA will be under contract
| and just not named because the list was too big? I'm just
| confused...
| 1024core wrote:
| Honda, Subaru, Tesla to name some.
| yeetawayhn wrote:
| Mazda, Mitsubishi, Nissan
| Forbo wrote:
| Nissan is in that list, along with Infiniti.
| soco wrote:
| Nissan is in the list but Datsun is not... I really think
| they trimmed down the list to the bigger brands.
| macintux wrote:
| Datsun _is_ Nissan.
| malcolmgreaves wrote:
| Well, at least that leaves Honda & Acura as well as Subaru and
| probably a bunch more regional brands I'm unaware of. Also I
| suppose Tesla...but we all know how much telemetry data those
| cars send back to base.
| mywittyname wrote:
| Subaru is partially owned by Toyota and is slowly being
| absorbed into the company.
| RyJones wrote:
| I included a sample of what Honda[0] records when you pay for
| Honda Navigation System. It spams your VIN every minute it's on
| WiFi, though, regardless of trim level.
|
| [0]:
| https://gist.github.com/ryjones/73739f6a7e662b9ed9ba64d9141f...
| jmnicolas wrote:
| So do I have to ride horses to get my privacy back now?
|
| I would totally buy a brand new car without all the "visible"
| electronics (by visible I mean all the screens and doodads. I
| don't mind ABS and other "invisible" electronics as long as they
| are reliable which is not a given nowadays).
|
| I don't get the point of turning the interior of a car into a
| smartphone experience.
|
| I watched a YT video of a Mercedess class S review. So many
| screens, leds, buttons etc. The reviewer was so busy fiddling
| with the controls that he never saw a pedestrian woman wanting to
| cross the road. If she hadn't payed attention he would probably
| have hit her.
| Loughla wrote:
| Honestly, non-tactile buttons on a car seems ridiculous. You
| HAVE to look away from the road to do anything. Tactile buttons
| let you feel around to do things if you need to. That change
| has made zero sense to me.
| virtue3 wrote:
| Especially with the shit microcontrollers they put into the
| toyota mid range cars and their lack of responsiveness.
| Really forces you to look at the screen when you fidget with
| it.
| Silhouette wrote:
| It's also scary just how many controls there are now, tactile
| or otherwise, that have little to do with safely driving the
| car and navigating efficiently to your destination. Until we
| have truly autonomous vehicles, all those distractions are
| accidents waiting to happen (or sometimes, sadly, not
| waiting).
|
| Touch controls for anything a driver needs to manipulate
| while driving are obviously ridiculous, so there's not much
| else to say there. But given how dangerous using a phone
| while driving is under most circumstances, what on earth are
| phone-related controls doing taking up prime real estate on a
| steering wheel in so many modern vehicles, even if they're
| tactile? Either way, it's like the car makers said "OK, we
| get that using these features while driving is about as
| dangerous as driving while you're drunk, but the kind of
| person who will buy our premium vehicles is going to be
| grossly irresponsible anyway, so they might as well have an
| easy time doing it."
|
| And then after distracting the driver's attention and giving
| them lots to look at other than what they actually need for
| driving, they act all surprised that the driver who was
| "required to be fully aware and able to take over control of
| the vehicle immediately at any time" was messing around with
| the infotainment system with lane keeping, cruise control and
| automatic distance keeping turned on instead of watching the
| road, and point to the legal small print when the inevitable
| tragedy happens because of course the driver was not actually
| able to take over immediately when something unexpected
| happened.
|
| This whole issue makes my blood boil. It's like the worst
| example of prioritising flash and gimmicks at the expense of
| making something that actually works properly, and in a
| context where safety is a huge factor and people are
| literally dying unnecessarily every day. These kinds of
| idiocy should have been regulated out of existence the day
| after they were announced.
| bashinator wrote:
| Isn't Mazda discontinuing use of touch screens?
| sokoloff wrote:
| > I don't mind ABS and other "invisible" electronics as long as
| they are reliable which is not a given nowadays
|
| These are pretty damned reliable, IMO, in absolute terms
| (before even giving credit for the fact than an automobile is
| pretty harsh environment for electronics with temperature and
| humidity swings, large voltage transients, poor grounds,
| mechanical shock/vibration, road salt, corrosion, etc). I've
| probably changed more power window regulators than ABS or EFI
| modules.
| throwawayboise wrote:
| I've never had an EFI fail (knock on wood) but my main car
| right now has had a failed ABS for several years (too
| expensive to repair vs. value of the vehicle).
| myself248 wrote:
| It's almost certainly a wheel sensor rather than the ABS
| module itself. They can be damaged during a brake job, etc.
| epanchin wrote:
| or cheap, vs the cost of running someone down.
| sokoloff wrote:
| ABS does not significantly shorten stopping distances. It
| does provide improved steering control during brake
| applications that would otherwise exceed available
| traction, but I think it's extremely rare that ABS would
| be the difference between a pedestrian collision vs not.
| (They could just as easily choose a car that didn't have
| ABS as originally equipped and no one would say anything
| about the omission.)
| cnasc wrote:
| > They could just as easily choose a car that didn't have
| ABS as originally equipped and no one would say anything
| about the omission.
|
| That's the kind of failure case I wish fancy electronics
| had. Component breaks = now you're driving a lower trim-
| level. As opposed to $5000 touchscreen module dies and
| now you can't use the car.
| paaakthecaaa wrote:
| Unfortunately, modern regulations forbid manufacturers from
| easily making a "dumb car". For example, backup cameras are
| required in new cars.
|
| It's the same deal with avoiding wire insulation that rodents
| enjoy eating. Your only option is to buy a car from before
| 2000-ish.
|
| I'd actually like to find a DIY subculture of taking old car
| frames and swapping in newer features a bit at a time. People
| do it with electric motors, but it still seems hard to get
| decent range/mileage/etc on a DIY EV project.
| wyager wrote:
| Absolutely insane. I wonder how much cheaper and better a
| modern car could be if I didn't have to pay for legally-
| mandated safety features that A) are probably not utilitarian
| B) I don't even use.
|
| For example, I am 100% certain that the benefit of having an
| airbag between my legs does not outweigh the monetary cost
| plus the comfort cost of not having an AC vent under the
| steering wheel.
| pa7ch wrote:
| I understand the sentiment. However, are you saying that
| you think AC between your legs is a worthwhile feature but
| airbags are not?
| sjg007 wrote:
| >Unfortunately, modern regulations forbid manufacturers from
| easily making a "dumb car".
|
| This is not true.
| nomuthetart wrote:
| It is true as of 2018:
| https://www.nhtsa.gov/equipment/driver-assistance-
| technologi...
|
| Does NHTSA recommend rearview video systems? Yes. As of May
| 2018, NHTSA requires this lifesaving technology on all new
| vehicles. We recommend you look for RVSs that meet NHTSA's
| performance specifications when shopping for a vehicle.
| OldHand2018 wrote:
| The actual requirement is a series of rear visibility
| tests that are done on a vehicle through the full range
| of seat adjustability.
|
| A rear view camera allows any vehicle to meet the
| regulation regardless of vehicle styling and design. They
| are cheap, too.
|
| But they are not strictly required. Your average 1980s
| sedan probably would meet the requirement as long as it
| had mirrors on the driver and passenger side.
|
| Here is the regulation:
| https://www.law.cornell.edu/cfr/text/49/571.111
| lozaning wrote:
| In the US, it's absolutely true as of May 2018.
| https://www.nhtsa.gov/equipment/driver-assistance-
| technologi...
| sjg007 wrote:
| A backup camera does not make a car smart.
| tremon wrote:
| See https://globalcar.com/11-car-safety-systems-to-become-
| mandat... . I won't list them all, just the non-dumb
| features:
|
| - Alcohol interlock installation facilitation and
| _attention detection_
|
| - Emergency stop signal (aka autonomous braking)
|
| - Intelligent speed assistance (aka adaptive cruise
| control)
|
| - Lane keeping assist
|
| - Reversing camera or _detection system_
|
| All these systems require the car to be aware of its
| surroundings, i.e. require some "intelligence" in the
| control systems.
| ashtonkem wrote:
| And buying a pre-2000 car involves giving up a lot of safety.
| That's before regulators started looking at partial offset
| crashes, so older cars perform poorly if you clip a pole or
| oncoming vehicle with one of the headlamps.
| second--shift wrote:
| > So do I have to ride horses to get my privacy back now?
|
| You say this in jest, but depending on your locale and
| transport needs, you could consider a motorcycle or bicycle.
| The interface is a bit like riding a horse, just more 21st
| century (obviously).
|
| Modern bikes come with ABS and fuel injection, and tires these
| days are great. Motorcycles don't come with any of the annoying
| road-car nanny-state stuff. Riding a bike is cool too.
| silicon2401 wrote:
| If I lived in the countryside (which I wouldn't mind) I would
| consider this, but otherwise I personally couldn't justify
| the risk. I forget where I read it, but the phrase "right of
| weight, not right of way" comes to mind. It's also why I love
| that my hometown allows riding bikes on sidewalks.
| kroltan wrote:
| > It's also why I love that my hometown allows riding bikes
| on sidewalks.
|
| This would be a dream.
|
| I live in a reasonably deserted/seasonal neighbourhood, so
| it has a neat 2-lane divided avenue down the middle, but it
| is usually very empty (a car maybe every minute).
|
| This doesn't mean I can ride anywhere but the very edge of
| the asphalt, almost tripping my pedals on the sidewalk rise
| (I forget the word in English), since drivers love to pick
| up some speed in the avenue and drive at frankly
| disrespectfully close distances, even though they could
| have almost entire lane of distance to a cyclist.
| hoseja wrote:
| Reminds me of a Rubberbandits classic.
| _Microft wrote:
| I wonder if there are ways to ... _improve the aesthetics_ of the
| files in the infotainment system.
| gkfasdfasdf wrote:
| And yet, hitting 'next track' on the bluetooth audio still takes
| 1-2 seconds to register?
| yardie wrote:
| One of the cars I rented (A Ford using the Sync console) had
| bluetooth contacts synced from the previous renter. It was just
| sitting there: names, phone numbers, addresses, email addresses.
| Being privacy conscious I deleted the contacts and the 20+
| bluetooth profiles stored in the console.
| ocdtrekkie wrote:
| I am always shocked when people make these sorts of pairings
| with devices they don't even own. I often see employees pairing
| person phones with corporate fleet vehicles too. It's
| unfortunately an example of where people rank convenience over
| privacy almost every single time.
| Taek wrote:
| People aren't at fault here. These systems are deliberately
| designed to put the user in a compromised position. Designed
| by behavioral experts using techniques the business world has
| been building up for decades.
| pa7ch wrote:
| Agreed, the expected outcome of pairing your phone is that
| it just streams music to the stereo like an aux jack. Its
| extremely unexpected that it will steal your contact and
| private messages.
| vkou wrote:
| > I am always shocked when people make these sorts of
| pairings with devices they don't even own.
|
| I'm not, because of all the random technology trivia and
| footgun crap that 'everyone' _should_ know, any random person
| is not going to know a lot of it.
| spookthesunset wrote:
| I mean, most people wouldn't suspect all their contacts would
| get copied over to the rental car. Before CarPlay I'd
| routinely "just hit okay" my way though pairing my phone to
| the rental car.
| FreakyT wrote:
| Agreed, this seems more like a UX problem than a "people
| don't value privacy" problem.
|
| No reasonable person would ever expect that connecting your
| phone to a car's wireless audio system would transfer all
| your contacts -- but that's Bluetooth for you!
| calvano915 wrote:
| Every phone I've ever had on every car system I've ever
| paired to via Bluetooth has requested permission for
| contact sync before it would happen. Windows Phone and
| Android. Perhaps iOS works differently.
| yardie wrote:
| It's the same for iOS. But, I'm also guilty, most users
| configure their bluetooth while leaving the parking lot.
| If you're reading the request you aren't looking at the
| road, and vice versa. I've been quick to press OK before
| fully reading what the car is asking simply because the
| car and the phone are asking similar questions.
| zerkten wrote:
| I agree that it's primarily a UX problem driven by the
| _context_. Someone designing the UX might not fully
| appreciate this, or be told to optimize for the best
| experience in particular situations.
|
| Someone has just rented a car and is likely in unfamiliar
| surroundings. I guess some renters will renting
| regularly, but let's assume not. The want to hit the road
| while getting their seat in the right place, fixing
| mirror positions, familiarizing themselves with the dash,
| etc.
|
| They also want to listen to some podcasts and in the back
| of the head they think they need to let someone know of
| their arrival time when they are closer to the
| destination. The fumble through the BT connection menu
| while multi-tasking. They are always going to do what's
| most expedient unless they are security conscious and
| know about this issue. Their contacts get picked up.
|
| This is the manufacturer optimizing for the car being a
| single person machine. They often don't support multiple
| family members sharing a car. It's interesting to see how
| some sales people handle this situation when giving a
| test drive. Many are aware of the issue because there was
| one customer who spent time clearing things up before the
| test drive.
|
| Can this be fixed? Technically, yes. It won't be fixed
| because manufacturers don't seem to care. The only option
| is for Apple or Google to make it part of qualification
| of some kind for CarPlay or the Android equivalent.
| gnfargbl wrote:
| I'm not sure that most people would see taking a copy of
| their phone contacts as a serious invasion of privacy. Maybe
| your mind (and the mind of many HN readers) quickly skips to
| the various social engineering and metadata attacks that such
| a dataset could enable, but the average guy on the street is
| more likely to think "what are you going to do, call my
| hairdresser?"
| m4rtink wrote:
| With a phone contact book it's not about you, it's about
| protecting the personal phone numbers others entrusted you
| with. If you are careless and loose them (for example by
| using any of these "modern" IM systems that insist on
| getting all your contacts so you don't have to add people
| you know one by one) it's you fault friends will be getting
| advertising phone call at 3 in the morning or worse.
| mixmastamyk wrote:
| "Deleting" is probably not good enough in modern devices with
| cheap copious storage.
| Kenji wrote:
| So he was correct in being completely unconcerned about
| uploading his contacts - after all, you deleted them all
| without doing anything malicious ;)
| gowld wrote:
| "The right of the people to be secure in their persons, houses,
| papers, and effects, against unreasonable searches and seizures,
| shall not be violated, and no Warrants shall issue, but upon
| probable cause, supported by Oath or affirmation, and
| particularly describing the place to be searched, and the persons
| or things to be seized."
|
| CBP's warrantless searches are plainly unconstitutional.
| cronix wrote:
| NSA has been illegally spying on US citizens for 20+ years, in
| direct violation of the constitution.
| https://arstechnica.com/tech-policy/2020/09/nsa-spying-expos...
|
| President Obama signed off on a drone strike on foreign soil
| targeting and killing a US citizen, in direct violation of the
| constitution depriving a citizen of a fair trial.
| https://en.wikipedia.org/wiki/Anwar_al-Awlaki
|
| We didn't collectively do anything about it then, except cheer
| it on or say nothing, so it will continue and expand until, and
| if, we do.
| klyrs wrote:
| A few months later, Obama codified indefinite detention
| without trial. Some of us sounded the alarm, but it seems
| that politicians are still drunk on power post-9/11 and
| neither party is interested in the "rule of law" as set out
| by the constitution.
|
| https://www.aclu.org/issues/national-
| security/detention/inde...
| mondoshawan wrote:
| The constitution is dead, and we the people, are left holding
| the bag.
| WarOnPrivacy wrote:
| Hence why land within 100mi of the border is known as the US
| Constitution Free Zone.
|
| ref: https://duckduckgo.com/?q=+constitution+free+zone
| heavyset_go wrote:
| Which also contains areas within 100 miles of the coasts,
| international airports, and other "ports of entry".
| toss1 wrote:
| Probably true, but good luck with that.
|
| As my grandfather said: "You might be right, but you don't want
| to be dead right."
|
| CBP already have extra authorities due to border control
| because crossing the border is not a constitutional right.
|
| The most egregious expansion was the declaration that all
| territory within 100 miles of the border is 'authorized' for
| all CBP's nonsense. That happens to cover about 90% of the US
| population.
|
| There is a lot of anguish about the intelligence agencies doing
| their jobs against very serious threats, including Nuclear,
| Biological, Chemical. Meanwhile the real damage to civil
| liberties is from the CBP and INS, who literally storm homes
| every day, and engage in this kind of 4th amendment trashing.
| mssundaram wrote:
| I'm having trouble understanding how 100 miles from the
| border covers 90% of the US population?
|
| Edit: I see - I was thinking only in terms of e.g. the
| Arizona southern border, however looking up the Constitution
| Free Zone shows that it means the entire US - California, all
| states connected to Cananda etc.
|
| Eidt 2: Would this mean ALL of Hawaii is in this Constitution
| Free Zone?
| heavyset_go wrote:
| > _Eidt 2: Would this mean ALL of Hawaii is in this
| Constitution Free Zone?_
|
| And the entirety of a handful of states in the Northeast
| US, as well.
| quickthrowman wrote:
| It is all of the US land, sea, and lake (Great Lakes)
| borders.
| toss1 wrote:
| Hawaii? yup, I'd expect that is a solid YES.
|
| I'm curious how much and how long it takes for this to
| drive migrants inland away from the border... and then how
| long it will take for them to make an excuse to make it
| 200mi...
| triceratops wrote:
| Don't international airports count as "the border" too?
| heavyset_go wrote:
| Yes, they're considered "ports of entry".
| rsync wrote:
| " ... because crossing the border is not a constitutional
| right."
|
| Yes, it is.
|
| "In Nguyen v. INS (2001), on a separate matter of
| citizenship, the Supreme Court put down, in writing, that
| citizens of the US have the absolute right to enter its
| borders. It was in recent times more or less presumed to be
| the case, though historically there have been a wide range of
| decisions that did deny entry by citizens, mainly by denying
| the underlying citizenship. This right extends to lawful
| permanent residents, so long as they maintain their
| status."[1]
|
| [1] https://www.quora.com/Can-a-U-S-citizen-be-denied-entry-
| into...
| toss1 wrote:
| Good point
|
| I should have said 'crossing the border without being
| searched is not a constitutional right'
|
| I can't cite chapter and verse, but I'm pretty sure that
| you do effectively consent to search in the act of crossing
| the border -- if you don't want to be searched for
| controlled or taxed items, you can choose to not cross the
| border, so...
| wolverine876 wrote:
| Is there a reliable list of cars that do not surveil me, or that
| can be modified to not surveil me? I read a Bruce Schneier
| article a little while ago (maybe the article was much older)
| where he said that he looked, but didn't find one that met his
| other needs.
| kyleblarson wrote:
| Anything built before 2000.
| mywittyname wrote:
| Unlikely. Based on the article, it sounds like the data they
| are "vacuuming" up is telemetry data captured and stored by the
| car itself. Every manufacture is different, but they all are
| storing at least some information. I suspect there are
| regulatory requirements to keep such information for the
| purposes of public safety (see: analysis of Toyota unintended
| acceleration situations)
|
| This information has been captured, stored, and made available
| for analysis since at least the early 00s. I remember the first
| time I hooked up VAGCOM to my 03 VW, it has data from so many
| sensors available for the tech to look up and could turn on and
| off hundreds of different features, it was like going into the
| VW equivalent of chrome://flags. And this was in a 2003 car!
|
| You'd probably have to go back to pre-ODBII days (mandated in
| 1996 for the US) to really get away from this. In my experience
| (which is not comprehensive) 90s cars tended to keep telemetry
| mostly on engine performance (timing advance, cam/crank sensor
| positions, throttle position, etc).
| 13of40 wrote:
| I wonder if you could at least do something petty, like swap
| the +12v and GND pins with the Bus+ and Bus- pins on your
| OBDII connector so it would fry their fancy tool when they
| tried to read your data.
| mixmastamyk wrote:
| Smog check will be a problem.
| Judgmentality wrote:
| This also makes it impossible for other mechanics to
| diagnose and fix your vehicle. It also makes it much harder
| for you to use that port to diagnose and fix the vehicle
| yourself with readily available tools you can buy. The
| OBDII port is a blessing, not a curse. There are things you
| can do to limit the telemetry (this will be on a case-by-
| case basis for the vehicle and manufacturer, so I'm not
| going to detail specifics) but that is one of the sillier
| things you can do.
| garaetjjte wrote:
| >to my 03 VW, it has data from so many sensors available for
| the tech to look up
|
| There's a lot of sensors and flags, but it isn't really
| logged anywhere in significant amounts. It just stores log of
| occurred errors, and dump of selected module parameters at
| the moment of error entry.
| yardie wrote:
| Car telemetry, until recently, is still kind of basic and
| from a surveillance standpoint not that interesting. It's
| usually just speed, angles, performance, and electricity. It
| can tell you when the car was started and how long it ran,
| but not where it went.
|
| On the other hand, the MIB or stereo, has a lot more
| interesting stuff: contact lists, GPS data, media, bluetooth
| devices, and even Wifi. The clock is GPS synced and it logs
| every time you touch the console: change radio, enter POI,
| phone calls.
|
| And you can stick one of the new Carplay headunits into any
| old pre-OBDII car and now enjoy the same level of
| surveillance. Sony, Kenwood, JVC are all running QNX or Linux
| . And all of them just has a plethora of information behind
| some very basic security.
| kingsuper20 wrote:
| I suspect that insurance coverage is going to require strong
| telemetry at some point.
|
| Obviously a person could pick a car of a given year/model that
| meets their needs and rebuild it forever, at least until the
| government or (once again) the insurance companies regulate you
| out of it. It's for the children after all.
| sagarm wrote:
| I actually already use Metromile, an insurance company that
| charges per mile and uses GPS tracking to measure that
| mileage. I'm very happy with it.
|
| I no longer have to subsidize heavy drivers, and my rates are
| much lower as a result. I can always check the location of my
| car (in case of theft or forgetfulness) and there are other
| smaller benefits like diagnostics being pushed to my phone.
| As a bonus, they allow you to change your policy at any time,
| enabling me to opt in and out of comprehensive and collision
| based on the time of year.
| marcod wrote:
| https://ondatashop.com/ive-vehicle-system-forensics/
|
| says "iVe currently supports BMW, Buick, Cadillac, Chevrolet,
| Chrysler, Dodge, Fiat, Ford, GMC Hummer, Jeep, Lincoln,
| Maserati, Mercury, Pontiac, Ram, Saturn, Seat, Skoda, SRT,
| Toyota and Volkswagen vehicles generally as far back as 2008
| models" - so older might be better :)
| harikb wrote:
| Used cars are already selling like hot cakes! now this!
| a_e_k wrote:
| I live in Washington State, where the state legislature recently
| voted to ban sales of gasoline powered cars after 2030.
|
| Aside from the fact that I enjoy drives through some pretty empty
| parts of the country, especially in the Southwest, where range is
| a concern (e.g., I drove the Great Basin Highway a few years
| ago), what bothers me about that measure is this sort of data
| collection thing.
|
| I wouldn't mind a move to all-electric vehicles nearly so much if
| it were possible to get a "dumb" electric and the range was
| better.
| kgwxd wrote:
| You can't really buy a "dumb" gas car anymore either. I'm
| holding onto my 2011 Nissan Versa to the bitter end.
| saruken wrote:
| Same here with my '93 Saab. I replaced the smart (for its
| time) HVAC control system with an Arduino running software I
| wrote, but otherwise it's bone stock.
|
| I'd love an electric too, but the way I figure it, continuing
| to use a fairly efficient vehicle that already exists is
| probably better for the environment than buying something new
| anyway. It takes a lot of resources and material to build a
| car.
| NortySpock wrote:
| Can you share more of the Arduino HVAC setup, possibly even
| the code and the wiring? I married into a family of
| classic-Saab-lovers and am curious.
| tashoecraft wrote:
| The problem with older cars, is that safety standards have
| improved dramatically in that time. So while you might have
| a "dumb" car that isn't spying on you, in the event of an
| crash, you are going to be much more likely to be injured.
| If I had to weigh being spied on with being injured, I'd
| guess the odds of being injured actually impacting my life
| negatively as greatly higher.
|
| I do miss my old Saab though...
| thatcat wrote:
| What about when the data is collected from all the spying
| and used to deny your claim?
| userbinator wrote:
| "Those who give up freedom for security deserve neither,"
| as the saying goes, and these recent years that saying
| has gotten quite a bit more meaningful, I think.
| thatcat wrote:
| Car wrecks are a safety concern not security.
| InitialLastName wrote:
| From now on, you only get to pull that quote out if you
| make literally no compromises to your freedom for the
| sake of security. Lock your car doors, thus making
| yourself less free to open them in favor of a bit of
| security? Run a firewall on your server, reducing your
| freedom to connect frictionlessly however you like in
| favor of that also being true of others?
| ethagnawl wrote:
| That sounds very interesting. I don't own a Saab but I'd
| still like to see a write-up on your project.
| saruken wrote:
| I haven't written anything up for it yet, but I've been
| thinking about a hackaday post. Ideally I'd like to
| integrate the other chassis electronic systems at some
| point too - lights, radio, ignition, pretty much
| everything but engine management. Then you could add
| support for a yubikey or something before it would start,
| but it already has a manual transmission to that's
| probably sufficient antitheft these days.
|
| [Very relevant BlipShift t-shirt I saw
| today](https://www.blipshift.com/products/enable-2fa)
| throwawayboise wrote:
| You can buy dumb cars, they just won't be new cars.
| mywittyname wrote:
| Your Versa isn't exactly dumb either. It's younger than the
| iPhone.
| tga wrote:
| You can still buy a brand new Toyota Land Cruiser J70 in
| 2021. Even though it will be newer than the iPhone 12, it
| won't spy on you -- because it was designed in 1984.
|
| https://en.wikipedia.org/wiki/Toyota_Land_Cruiser_(J70)
| 4ad wrote:
| Unfortunately, only in Australia and parts of Africa and
| a few other select markets.
|
| I've been trying to buy a new J70, but AFAICT you can't
| buy a new one in the EU or US, and it's practically
| impossible to import one either. I'd be very happy to be
| corrected.
| Zhenya wrote:
| Mechanical design of original platform does NOT limit the
| OEMs ability to install telecommunications modules and
| other upgraded electronic.
| jmnicolas wrote:
| You mean older?
| ahlatimer wrote:
| A 2011 Versa is younger than the iPhone which launched in
| 2007.
| Taek wrote:
| By 2030 gasoline cars are going to be just as equipped to
| violate your privacy as electrical cars. Many of them already
| are.
| Robotbeat wrote:
| Get a plug in hybrid.
| userbinator wrote:
| I guess it's only sales of new cars? Otherwise I can't imagine
| the classic car community is going to be happy about that...
|
| And laws like that will just make even older vehicles more
| desirable.
| advisedwang wrote:
| It's just a target [1], and isn't even set as a target until
| some other tax stuff changes. See section 6 of [2] to really
| see that nothing is banned.
|
| [1] https://www.reuters.com/world/us/washington-state-passes-
| bil...
|
| [2] http://lawfilesext.leg.wa.gov/biennium/2021-22/Pdf/Amendm
| ent...
| lazyasciiart wrote:
| There's already a classic car exception from a lot of road
| rules, there's a special numberplate for them.
| kingsuper20 wrote:
| Those rules are radically different depending on state or
| country (dunno if non-US countries mess with automotive
| rules depending on region).
| advisedwang wrote:
| The legislature voted to set a _goal_:
|
| > ... a goal is established for the state that all publicly
| owned and privately owned passenger and light duty vehicles of
| model year 2030 or later that are sold, purchased, or
| registered in Washington state be electric vehicles.
|
| http://lawfilesext.leg.wa.gov/biennium/2021-22/Pdf/Amendment...
| Black101 wrote:
| That's from 2014: "Ford Exec: 'We Know Everyone Who Breaks The
| Law' Thanks To Our GPS In Your Car"
| https://www.businessinsider.com/ford-exec-gps-2014-1
| zie wrote:
| I was surprised that WA did this, so I went to check if what
| you said was true, turns out, they actually didn't ban non-
| electric vehicle sales in 2030.
|
| The actual bill:
| https://lawfilesext.leg.wa.gov/biennium/2021-22/Pdf/Amendmen...
|
| On page 12:
|
| line 36 & 37: Nothing in this section: a) Authorizes any state
| agency to restrict the purchase, sale, or registration of
| vehicles that are not electric vehicles;
|
| and the actual quote around 2030(starting @ line 16):
|
| "... then a goal is established for the state that all publicly
| owned and privately owned passenger and light duty vehicles of
| model year 2030 or later that are sold, purchased, or
| registered in Washington state be electric vehicles."
| gscott wrote:
| California is running an experiment that collects all of your
| location data while in a car to collect a gas tax. Of course
| once they have it they will make it available for any
| government agency.
| weaksauce wrote:
| you have a link to that claim? all i've seen have been for
| electric vehicles and a mileage at the end of the year on
| your taxes.
| bb123 wrote:
| Why not just tax gas? It's the perfect solution. The more you
| drive, the more you pay. The more polluting your car, the
| more you pay. Long term it seems inevitable that tax will
| need to move onto the electricity used to charge cars.
| Forbo wrote:
| I really, really hate this. Why not just require an annual
| odometer reading and multiply by vehicle weight to determine
| how much should be owed to cover road and transportation
| infrastructure costs?
|
| Far easier than maintaining a complex system to track every
| drivers' location over time. Ugh.
| elihu wrote:
| The usual explanation is that they want to tax only in-
| state travel, so they need the location data.
|
| That seems like something that one ought to be allowed to
| opt out of in favor of an odometer reading; I do something
| like 99% of my driving in my home state, and would rather
| just go with an annual odometer reading and maybe slightly
| overpay on my road taxes than have a tracking device in my
| car.
| ocdtrekkie wrote:
| I suspect being able to assign infrastructure money to the
| correct county public works departments is a thing. And
| even on the more simple sense, your odometer read would let
| California tax people for miles they drove outside of
| California.
|
| Not that I support this initiative at all, but your
| suggestion misses some key issues.
| nomel wrote:
| Assuming the tax rate was flat, regardless of the road,
| usage could be found as it is now, with road sensors and
| cameras. If they want to have different rates for
| different roads, then that could make sense.
| nick_kline wrote:
| Just because its convenient doesn't mean I want that. I
| want less tracking. At least let people opt in to
| reporting their mileage and paying an annual tax instead
| of even more tracking.
| mandelbrotwurst wrote:
| Because the goal is as much to collect the location data as
| it is the tax.
| sthnblllII wrote:
| No I think collecting the data is much more the actual
| goal and the tax is a flimsy pretext.
| bdavisx wrote:
| Because the next logical step is to allow jurisdictions
| (cities/counties/whatever) charge more tax on their roads.
| 83 wrote:
| Oh boy just wait until the ultra wealthy realize they can
| lobby to have a $50 per mile road tax going into their
| community to discourage the poors from using their
| parks/beaches/public areas.
| philsnow wrote:
| do you have more information on this? what's it called? this
| one? http://caroadcharge.com/
| nick_kline wrote:
| We should get a WA state law passed controlling information
| access for cars. I'm sure it will be really hard with all the
| usual suspects against it. Most recent cars have a privacy
| policy and have some part of opt out. But it's unclear what you
| really get. A customer friendly law would be something like you
| can opt out and have your private tracking info deleted
| whenever you want. We should have a law against phone company
| tracking too. A year later and they have no reason to know what
| cell towers I was at, unless they are selling tracking on
| people. You've always paid the bill in a couple of months at
| most anyway.
| grecy wrote:
| Think about how much the iPhone improved over 9 years of sales
| from the original in 2007 to whatever model they had in 2016.
|
| Given how many manufacturers are jumping on the electric
| bandwagon, the extremely fast decline in the cost of batteries,
| the rate of progress to date AND these kinds of laws to give
| some good motivation, I think it's very safe to say the
| electric vehicles on sale 9 years from now (2030) will be
| vastly superior to today's offerings.
| pgrote wrote:
| >on sale 9 years from now (2030) will be vastly superior to
| today's offerings
|
| I hope you are right. Discounting the environmental and
| societal impact of mining the materials needed for these
| advancements and the electrical generation, my concern is
| selfish. We drive for vacations and sometimes push 12 hours a
| day. A quick fill up of gas in the minivan seems better than
| an hour or two of charging.
|
| Others have mentioned hybirds alleviate the long distance
| concern. There are minivan and larger vehicles already using
| hybird technology, so it should work out. It is such a wild
| change to think about.
| Forbo wrote:
| The environmental and societal impact of EVs are largely
| localized. The impacts of internal combustion engines have
| been almost entirely externalized. While EVs will still
| have some negative impacts, it's a huge improvement over
| the status quo.
| BlueDingo wrote:
| And, aside from the range like the GP said, will still be
| fully tracking all usage. Why does the car manufacturer get
| to see and sell my location information?
| rthomas6 wrote:
| Aren't electric vehicles a lot simpler conceptually? No
| engine, no transmission, etc. Maybe someone could start a
| company that made the equivalent of a battery with wheels
| for very cheap.
| saruken wrote:
| I'd buy one
| vkou wrote:
| > Maybe someone could start a company that made the
| equivalent of a battery with wheels for very cheap.
|
| Those cars exist in India and China, but for some reason
| Americans don't want to buy them. It could be that
| outside of the techie bubble, nobody cares very much
| about this problem, and within the techie bubble, most
| people stop caring the moment that they can be the first
| person on their street to own a Tesla.
| jerf wrote:
| Yes, it's probably true, the iPhone of 9 years ago probably
| collected a lot less information, and the cars of 9 years
| from now will also collect a lot more.
|
| However, less on the original point and more on yours, the
| iPhone of 9 years ago didn't have _that_ much worse of a
| battery than today. Batteries have technically been
| progressing, but it 's slow.
| neither_color wrote:
| Looks like I'm switching back to AUX. I had no idea cars were
| scooping up this much data. I wish the article went into more
| detail about what the attack vector is, what permissions, if any
| can mitigate this, etc but I understand that's not the point of
| this piece.
| salawat wrote:
| If it has a USB port, it can get data. If you have Android auto
| or native iOS integration, same story.
|
| People need to understand, despite the efforts of sticks in the
| mud like me, industry should be considered malicious by
| default. If you don't pay attention to what people are doing
| and call it out, nobody even raises a finger. Those that do are
| ignored, or told there's a place for people like them with a
| condescending smirk.
| soco wrote:
| Via USB you can still use a USB blocker, but if you connect
| via Bluetooth, nothing can protect you, correct?
| philsnow wrote:
| see https://news.ycombinator.com/item?id=27041032 , maybe
| this isn't universal but in all the cars I've paired my
| phone to, you can choose both on the phone and on the car
| whether you want contacts to sync.
|
| I don't trust the car to get it right, but I do trust apple
| to get it right.
| StavrosK wrote:
| You have to explicitly allow contact/phone/sms sharing on
| the phone when you pair it.
| [deleted]
| fencepost wrote:
| "I do not consent to any searches."
|
| You can't prevent them, but don't consent to a search just
| because you don't do drugs, transport drugs, transport anyone who
| does drugs. Carrying cash is considered a valid pretext for a
| search (have any coins in a change tray?), as is being too polite
| or not being polite enough (maybe because you're annoyed at being
| stopped).
|
| Now that a search of your vehicle also includes a search of any
| information it's received from any connected devices as well as a
| history of your locations and speeds you need to make sure you
| preserve any and all possible avenues to challenge anything
| found.
|
| "Your honor, we didn't find any drugs but during the search he
| consented to we found evidence that he was driving far in excess
| of the posted speed limits on these 20 occasions so we're
| charging him with 20 counts of reckless driving. He confirmed to
| us during the initial stop that he is the only driver of the
| vehicle. He was also carrying cash so we're moving to seize those
| funds and the vehicle."
|
| Who, what, when, where and how fast, all neatly tied into one
| package.
| dimmke wrote:
| This is one of the many reasons that adding screens to cars has
| been such a failure. All these carmakers were deluded and
| couldn't even build custom systems that were pleasant to use,
| much less secure.
|
| The problem is only partially solved by CarPlay.
| IshKebab wrote:
| Is there any surprising data? I'm not surprised it records
| destinations entered into satnav for example. I mean that's a
| fairly common trick in TV shows.
|
| > MSAB claims that this data can include "Recent destinations,
| favorite locations, call logs, contact lists, SMS messages,
| emails, pictures, videos, social media feeds, and the navigation
| history of everywhere the vehicle has been." MSAB even touts the
| ability to retrieve deleted data, divine "future plan[s]," and
| "Identify known associates and establish communication patterns
| between them."
|
| I seriously doubt my car has records of my emails, pictures,
| videos, and social media feeds even though it has Android Auto.
| pessimizer wrote:
| > I seriously doubt my car has records of my emails, pictures,
| videos, and social media feeds even though it has Android Auto.
|
| Why?
| salawat wrote:
| Have you checked?
|
| Look up https://cccis.com/
|
| Mobile/automotive networking has been a big thing for a while
| now, and there is no dearth of software people who will predate
| on most people's expectations that software only does what the
| UI makes apparent to them. Even if they don't realize they are
| contributing to it because they've been hired to do a job, but
| don't take the time to grok the consequences of the business
| model.
|
| Never assume. Trust, but verify.
| indymike wrote:
| > I seriously doubt my car has records of my emails, pictures,
| videos, and social media feeds even though it has Android Auto.
|
| Even if you car does not, your phone does. So the phone being
| connected to the car during the time when the accident
| occurred, could lead to checking that you were in fact,
| watching unboxing videos on Netflix at the moment the wreck
| occurred while you were in the driver's seat.
| frankydp wrote:
| I still hope for a blackbox law, but all the privacy police
| will just scream that they will get caught going to see their
| mistress, I mean about their privacy.
___________________________________________________________________
(page generated 2021-05-04 23:01 UTC)