Originally published at: Mozilla Says Modern Cars Are Data Collection Nightmares on Wheels - TidBITS

Mozilla’s *Privacy Not Included team has determined that carmakers are universally terrible regarding privacy—they collect vast amounts, share or sell it with third parties, give drivers little or no control, and don’t even protect what they collect very well.

This devastating (but ultimately successfully prosecuted) event gives some insight in to data collection in-car circa April 2019. Anglesey crossbow murder: How car technology helped catch a killer - BBC News. Why, under all normal circumstances, would the car need to log when the boot / trunk is opened and closed?

As a software engineer, I can make a guess at this. Logging is relatively cheap. Having a problem reported with no real way to diagnose it because there isn’t any logging around the problem can be expensive. So you log stuff even if there’s no immediate foreseen need. I’ve experience both cases—lack of logging making diagnosing a problem difficult, and logging thrown in “just because” helping fix a problem (nothing like this case though).

So in this case, the engineers may have had no real reason to log the boot/trunk opening and closing, but it is a mechanical action performed on/by the car, so logging it may help diagnose a problem with the trunk, particularly if a number of people report problems. Although I’ve never worked on software to run a mechanical device, the standard for the software engineers may be “log everything, just in case”.

Agreed. Logging everything is generally a good thing.

But there’s no reason the logs need to ever leave the car. Just save it all internally so a service tech can extract it, if necessary to fix a problem.

Uploading all those logs, including sensitive data like driving habits and location, to a cloud server, on the other hand, is inexcusable.

If you’re not using a service that actually needs this information (like GM’s OnStar - which provides cloud-based navigation), you shouldn’t be expected to send this information anywhere.

Now I’m glad that we never bothered setting up the Internet connectivity on the family van (a 2018 Kia Sedona). It has never been configured to access the Internet via any mechanism (e.g. home Wi-Fi or family phones), so it is almost definitely not phoning home (unless there’s a cellular radio included somewhere, but if there was, they wouldn’t be asking us to configure it for Wi-Fi.)

Totally agree with this. It’s not the logging that’s the problem, it’s when logs leave the car (and then become a profit center) that they become a problem.

Also, on why things like a trunk/boot being opened or closed would be logged, if they’re measuring more than just a simple “opened” or “closed” event, like the power needed to activate actuators and motors and such, the historical values contained in the logs could be used to predict problems before they occur.

That makes perfect sense to me. The trunk-release mechanism is no longer a simple cable-pull. It’s software controlled (at least via the remote key fob). So you may want to log:

• Received the trunk-open command from the radio interface
• Activating the motor/solenoid to release the catch
• State-change on the trunk-is-open sensor (e.g., the one that turns on the dashboard light)

So if a customer complains that his trunk won’t open, a tech can figure out if the radio signal isn’t being received, if the signal isn’t being sent to the hardware, or if the hardware is failing to open after receiving the signal. It can reduce the diagnostic phase of problem solving from an hour to a minute. (Of course, repair may still take some time, depending on what’s wrong.)

Indeed. I just spent almost $900 to replace an SUV’s rear hatch release mechanism that had a failing motor on its latch.

The vehicle does have a manual release mechanism, but it is located inside the vehicle in a hard-to-reach place and requires removal of a panel to access it.

Filed under: “when convenience features become inconvenient.”

It can be useful to know that you have left the trunk (or in my case, the hatch on a hatchback) is open before you start driving. In our car, the popped up hatch is not in the field of view of the rear-view mirror, and I drove a couple of miles before we reached our destination and noticed the hatch was open when we got out.

I would say that’s a bad design on couple of grounds – the expense of changing a motor that (evidently) can easily fail, and the the difficulty of manually releasing.

Geofencing within and outside of supermarkets is huge:

Grocers Raise the Personalization Bar in Race for Digital Loyalty

The Ways Grocery Shoppers’ Personal Information Is Increasingly Being Shared

Those motorized hatches are ridiculous. It’s 2023 and yet you see people gaze for 15 sec as their hatch inches all the way down so it can finally lock. 30 years ago you would have just slammed your hatch down and been walking away a second later. I’m especially fond of those that make loud peeping nosies as they slow-mo close. As if all the beeping could make it more serious and distract from the fact that the whole slow-mo motorized hatch baloney is just a preposterous idea.

It’s a shame you can’t nowadays buy a brand new 1995 car. Add a decent hybrid drive train that gets 55 mpg. But keep all the electronic doo-hickey nonsense out. I’d gladly pay extra for less of that.

I could see the next development being where the service techs are incentivised to upload this data any time they access it, whether at an official dealership or even just the local, independent garage. I’m sure the data purchasers could potentially still do something with a years worth of data even if all you had to do was call in for your annual service. Maybe truncate it to keep just the most recent three or four weeks, for relevancy? That would be better than nothing to these people.

We have a 2015 Subaru Outback with a motorized hatch, and I’m of two minds about it.

On the one hand, I like being able to open and close it from inside the car with the press of a button, and I like being able to press the button and have it close as I walk back to get in the car. I do a fair amount of race course setup where I’m putting up signs, so I drive a short distance, stop, open the hatch, get out of the car to install the sign, press the button to close the hatch, get back in the car as it closes, and repeat. Super convenient. And I hope our next car has the feature where it will open automatically if you wave your foot under the bumper because your hands are full—I would use that regularly.

On the other hand, this particular model freaks out and freezes if you try to close the hatch by hand. I have to warn anyone who’s helping me load the car not to touch it when it’s open.

And to bring the story back to sensors, about 3% of the time when I press the button to trigger the hatch to open, it opens 2 inches and then stops. The only way I can fix it is to pull it open a little further, then press the close button, wait for it to close, and try again. The dealer claims they’ve fixed it, but it has come back. I wish I could see those logs!

I haven’t seen any commentary along these lines yet – but I won’t be surprised when law enforcement agencies (and/or insurers) insist on accessing the stored data to identify the speed before impact, when/if the brakes were activated and so on. Like dashcam footage, these records of user activity could be a big surprise to an erring driver

Many cars nowadays provide smartphone apps that allow you to lock and unlock your car remotely and check the status of the windows, trunk and doors. The car would need to log these activities to report the car’s status correctly in the app.

I believe this has been happening for several years starting when OBDII was introduced. I recall a lot of articles on how such usage could be considered as violating at least the 4th & 5th Amendments of the Bill of Rights in the Constitution of these Uninted States.

On the software I work on we only log as much as is absolutely necessary to be able to trace problems and we scrupulously scrub personal and secret data before anything gets logged. The scrubbing is done because it is important we protect users and their data. We only log what is necessary to trace problems because logging always has some impact on a system. Plus it minimises the chances of accidentally leaking information.

Unless it is constantly pushing those statuses the car doesn’t need to log anything for the owner to ask the car through the app for the current status. Then the car can check, send it and immediately delete the data.

My car is approaching its 20th birthday. Beside the fact that I still love driving it, I’m happy that the most advanced tech in it is the anti-lock braking system. Lack of privacy is bad enough, but the massive attack surface in modern cars is another. I’m surprised we haven’t had a bunch of ransomware attacks already.

In my understanding the cars mentioned don’t actually collect all the mentioned data points, for starters there are mostly no sensors to do so. The car makers included the possibility of doing so in their T&Cs. This is bad enough maybe, but waves in the press about collection of health data and worse are slightly exaggerated.

Well I guess you could argue manufacturers only put it into their T&C because they want to be able to eventually do it. If they were crystal clear and committed on not doing it, why would they put provisions to do it in there, right?