You think tesla is awful for this (they are) because elon is the current boogeyman but most if not all modern vehicles have eulas that reserve the right to save an obnoxious amount of data including images, voice recordings, routes driven, etc. you almost always have no way to opt out despite spending tens of thousands of dollars and almost all of them have absolutely horrible data security practices
It’s a serious concern already when it’s concerning vehicle telemetry and autonomous features like adaptive cruise control and automatic braking but they pretty much rely on imagery outside of the vehicle. That can and will of course pick up images of you. However an increasing number of cars are including facial recognition inside the cockpit to identify the driver, sold as a “comfort feature” for households where multiple users drive the same vehicle. The facial recognition IDs who is driving and will automatically set the seat, climate, etc. sounds fancy right? But they overwhelmingly reserve the right to store that data, absolutely will share it with law enforcement, and will sell it likely for advertising as well
The scummier manufacturers have eulas that say something along the lines of you give tacit consent to this by simply riding in the vehicle as a passenger. So your friend buys a nice new subaru, you have a conversation with them, and that data could be harvested, sold, shared with law enforcement, etc, solely because you were stupid enough to accept a ride. You were never presented with an eula, you were never given a chance to give informed consent, but it doesn’t fucking matter to Subaru, apparently (who also does the facial recognition thing)
That will be very illegal in some European countries, no EULA is going to save you from the law
I recall Nissan reserving the right to sell info on your sexual orientation in one of their EULAs. Ridiculous and dystopian
EULA for what service?
Or do cars come with EULAs nowadays?
Hangin’ out the passenger side
Of his best friend’s ride
Tryin’ to holla at me
Get yourself a Chinese car to escape 14Eyes and embrace the CCPyware
It’s better than having your data in American servers where they can do the most damage.
Thank goodness data collection companies would never sell or share data with each other
Are you suggesting it’s better on Chinese servers? Guessing someone likes TikTok a little more than they like global stability
I don’t use TikTok. I do however see a lack of leverage a government on the other side of the world would have over me. If the US gave a shit about data security then they wouldn’t allow all its domestically sold cars to have all that user telemetry in the first place.
You’re thinking pretty small if you can’t imagine how it’s bad for a foreign government to surveil a population.
Remember when Angela Chao was caught locked in a submerged TESLA for hours and died ?
I wonder if Elon can account for that ? What was he doing during that “accident” ?
She was the sister-in-law of Mitch McConnell.
Imagine your car bursts into flames, and as you are going for the door, it locks up and you hear: “I’m sorry, but I can’t do that, Elon”.
answer: The target demographic of the car does not believe in privacy
They want everyone to know who they are and what they are doing at all times, and they have no sense of shame when they should.
Until someone is suspected of a crime, and subjected to a warrantless search when the feds ask Elmo for that data and receive it. Sure there’s not a lot of overlap between Tesla owners and petty crime but I’m willing to bet there IS a lot of overlap between Tesla owners and guys growing pot in their garage.
They had probable cause for a search; didn’t need a warrant.
In the system your country created rich control everything. Illusion of freedom is strong.
I think it was Carlin who had a bit about the choices at the grocery store are a distraction from the lack of choices at the voting booth. I can get 15 types of corn flakes but only 2 sides of the same party.
And there are 1-2 actual parent companies selling those corn flakes
Americans consistently sell themselves to the lowest bidder.
I’m surprised there are still buyers as we are worthless.
This reminds me of the movie upgrade :/
i dont care who opens it. this is not the first story I hear about it locking upon catching fire
That’s how it keeps the fire inside
Tesla trying to apply the trolley problem to the Three Laws of Robotics.
I mean it sounds like it could be video from the charging facility but what the actual fuck they can unlock your car.
And yeah y’know what I bet they can get the video. Dear God why would anyone buy a Tesla
but what the actual fuck they can unlock your car.
Unfortunately, any car that has an ‘app’ where you can unlock your car… They can unlock your car. Whether or not you use or have the app. This includes onstar and all the rest
The capability I’m not against. It is nice that when the kid/dog locks the door or you lose your keys or whatever you don’t have to wait for someone to show up. Car keys/locks aren’t all that secure either. It should all be local PKI over bluetooth or something, but that’s another discussion, and even then an override if your phone/key gets lost/corrupted would be necessary.
The legal framework for if/when it’s fine to get a locksmith or break a window to get into a vehicle is pretty well established. Like a lot of other things the law for remote unlocking is lagging far behind tech.
It should all be local PKI over Bluetooth or something,
That would be a fun discussion. For a phone, it would be fine. For a key fob, we need something that could run on a PIC for a year without a battery change. We haven’t even tried to do anything new with PICs since 32bit microcontrollers got so cheap, but I’m not sure people would buy into something that had to charge to unlock their car.
I suppose using your phone wouldn’t be unreasonable. Maybe some of the better NFC as a backup?
Im not sure it would be to much to do. We already have Bluetooth beacons that can run for several years on a single small battery, reporting telemetry data every few seconds.
The key fob would only need to be active for a few moments a few times a day, so even if it was doing more work, it would be doing so much less frequently.
Depending on the ciphers chosen, they might be extremely energy efficient, since modern ones were often chosen as a standard with the requirement that they be able to be efficiently implemented in hardware.Since we have the advantage of being able to be relatively certain that we can bring the car and the fob together, we don’t really need full public key, just the ability to verify the key to the car. Establishing a shared secret between the two and then using simpler symmetric ciphers makes it a lot easier
Those beacons are relatively insecure. Their narrowed down to the absolute minimum power consumption and aren’t terribly concerned with bluejacking or bluesnarfing. In the case of things like tiles, your cell phone is doing all the serious work. If you started asking most of this beacons to do even a little crypto their battery life would severely plummet.
You need to verify the key to the car but you also need to make sure that a replay attack can’t happen. You’re probably still going to end up with at least rolling code + psk as the shared secret.
If we stopped here, at this point, I’m not entirely certain we would have any advantage over the current systems. Thefts by rolling code stealing are pretty rare.
Ideally, you’d have the transponder send out a hey I’m here message, you’d have the car generate a challenge, have the transponder encrypt the message and broadcast it back. The car could then compare the challenge to the crypto response and unlock.
I see plenty of SSL accelerator chips, But I don’t see anything that’s quite as simple as a pic controller barfing some data into a buffer. Most of the stuff seemed purpose built to be tied into a full-on microcontroller.
Full disclosure, I’m not at work for a few months so I am far off my crypto system design game. I’m usually pretty good though. :)
Rather than full SSL I was thinking something along the lines of an hmac. Because we can introduce the two devices to each other physically we don’t need to worry too much about a full challenge response. It should be sufficient to send an hmac signed message with an always increasing counter to prevent replays.
Even if we went with challenge response, I think you could get acceptable battery life using symmetric algorithms instead of public key.
Bluetooth security fobs already exist that do far more than would be required for a car key, and they get a few months of battery life with typical daily usage.
It’s no secret that Tesla has full access to telemetry and videos taken by Tesla cars. If you buy one, your only hope is that your footage is not interesting enough to be watched by Tesla employees. I remember reading a story about Tesla employees having internal memes made of footage that showed people captured by Tesla’s surveillance in various (mostly unflattering) situations.
- Place your naked kid I front of a Tesla camera
- Sue Tesla for CP
- ???
- Profit
All the cameras/video/telemetry etc is like HR.
It’s not to help you.
I’m feeling sick!
I have a vinyl cutter, can anybody tell my the diameters and quantities of the cameras on these cars? I’d like to start making and selling stickers to cover over them all.
Everybody laughed when China put cameras everywhere and gave their citizens a social score to maintain. It’s coming here. The bill of rights have no power when the ruling party chooses to ignore them.
It’s been here, trumps original supporter peter tiel created palantir back when still working at paypal
My favorite part of the Palantir story is that everyone who gets to use it, without exception, immediately uses it to monitor their coworkers, family and ex partners.
Why do you think China has a social score? If you look up information on it, you find many scores / systems for different domains. Or how national policy and local policy can be different or at odds. You see China announced it in 2014 and barely put out a draft in 2023. The “trustworthy” score is tied to fraud, cheating people, selling counterfeits, etc. One local government is apparently trying to tie blood donation to financial breaks. Like giving you a tax break. Just an example of how the national policy can be interpreted and used in practice.
The idea of our governments scoring us for every little tic is scary, but the danger of overreach is different than “in China, your social score goes down for not smiling.” What exactly are people referring to?
lmao downvoted for giving details on how their social credit score works, when you’re not even saying ‘china good’.
It’s weird, China has giant reeducation camps where they imprison over a million Uyghurs / Muslims… you know, the asocials. The huge crowds of people being held on their knees with bags on their heads should have stuck in people’s minds.
And then there’s misinformation about some national social credit score.
I bet everyone hears people bring up the latter way more than the former.
Having security cameras at the un-manned charging stations doesn’t seem unreasonable to me? Surely this is pretty standard to prevent/catch vandalism.
The other stuff, might be a valid explanation but since it’s tesla probably not.
The question is if it was security camera footage from the facility or from the cybertruck itself. One is fine, one clearly is not.
