The scary part is not the GPS installed by the fleet company that previously owned the car, which in all likelihood was just forgotten there, but the GPS and eSIM that comes with most (all?) new cars and that in most (all?) new cars cannot be disabled.
Apart from privacy concerns of your data being used or sold by the car vendor, government outreach is also a concern. There was a bill announced in the US for all new cars to be equipped with "driver impairment" tech which was called a "kill switch". Media rushed to say it's not really a kill switch, just "sensors or cameras to monitor the driverās behaviors, head or eye movements" and "block the driver from operating the vehicle". So... a kill switch. https://apnews.com/article/fact-checking-402773429497
Anyway, I'm staying with my old gas Honda until it dies which is probably never with proper maintenance and eventually restoration. I'll never go electric. Modern cars are just smartphones on wheels at this point, and smartphones are just spying devices at this point.
Last year Mozilla did a study on the privacy of modern cars. Every car they tested showed terrible privacy problems.
Privacy Nightmare on Wheels: Every Car Brand Reviewed by Mozilla https://news.ycombinator.com/item?id=37443644
(edit I see I'm not the first to link this in this thread)
FYI for anyone who owns a Subaru: you can opt out of 3rd-party data sharing here
https://www.subaru.com/support/consumer-privacy.html
If you don't live in one of the states mentioned in the first paragraph, expect this to take a very long time. For me it took 6 months.
The only opting out I would trust would be to take a screwdriver to the cellular modem and disable it. Of course this would probably bubble up various exceptions so best way to do it may be to isolate the antenna, though that may not be 100% reliable.
You can also opt out of Ford too. They default enable sharing with third party for features, default disable for sharing with data brokers like LexisNexis. It requires you to put in your driver pin to enable that
Uhā¦ Can you also opt out of first party data sharing? Or is Subaru still going to be spying you while pinky swearing to at least not share it with anybody else?
Whenever I talk about this issue with friends and family I bring up how that report revealed Nissan was gathering info on sexual activity in their cars and can sell it to third parties. That usually gets people to start listening.
Was Nissan actually collecting this data? All I can find is that the privacy policy retained the right to it (some lawyer probably though about what happens if they accidentally record you getting frisky, and put it in there preemptively), but no evidence if it actually happened.
I'm with you here. I have an 89 BMW (which is old enough to have an actual servo motor attached to the intake manifold for cruise control) and an 83 Land Cruiser (whose most advanced feature is that it controls its emissions using vacuum controlled pneumatic circuitry).
I'm very glad I've put in the time to learn how to work on cars because I have zero interest in the tech direction of modern vehicles.
I love older cars and drove an early 80s Volvo until 2010 or so, but I also love side impact airbags, antilock brakes, and a car that mostly just āworksā.
When I was younger I loved having an 84 Chevy Scottsdale. It was a cool looking truck and was easy to work on. I used to love getting under the hood to chase down problems and find solutions.
Now my knees hurt when it's cold outside, so crawling around on the ground to fix the fucking u-joint AGAIN isn't that fun, and I also like knowing that my children might survive if we get in a crash; something that's genuinely up for question in old vehicles.
I would pay a premium for a new car without an "infotainment" system, cameras (except backup camera), gps, or any form of touchscreen.
I wonder if the Franework model will ever apply to cars with modern safety. Probably not but one can dream.
I want an electric car. I also wish it was feasible to work on it.
The Volvo 940 had all of those modern safety features, but was still more or less the same car as the older RWD 740.
Mercedes also had that stuff early- I had a 1987 Mercedes diesel that had front air bags, ABS, and was basically modern car reliable.
I do have one newer Toyota Tacoma for the purpose of "just working" and it does a great job of fulfilling that role, but includes a host of features and such that I really have no interest in. But if you have project cars, you really just need a very stable "normal" vehicle for day to day.
87 BMW here. I believe my servo is controlling the throttle cable itself. When the cruise control commands the vehicle to accelerate, the pedal physically moves.
It's not my daily driver, but I would absolutely love to one day get another one as a project car - one that's not in such good condition that I'd feel bad removing the engine - and drop an electric motor in it. That likely _would_ become my daily driver. The car's incredibly well made, and a joy to drive.
I'm not knocking anyone, but i bet there were people who showed the same level of scepticism to a electric motor being attached to the throttle cable as people do today to electric cars
Yep, you explained it better than I did! It's a really charming setup.
Right there myself.
One conversion I want to attempt, but am unfortunately unlikely to, is an electric rear wheel drive.
Front wheel can remain gas with transmission. Add more generating current capacity, and have that dumped into the rear drive system batteries.
With my current car, the V6 gets very good economy at speed, and poor economy in town or in traffic.
An assist from the rear can tackle the poor economy cases nicely, leaving the rest to the gas engine.
Depending on battery capacity, I suppose it could do most in town driving at say 40 and below.
This is exactly how Toyota's AWD works in the Sienna these days.
It gets 35mpg city and highway, 1mpg less than the front wheel drive Sienna (which, to be fair, is also a hybrid)
> One conversion I want to attempt, but am unfortunately unlikely to, is an electric rear wheel drive. Front wheel can remain gas with transmission.
It can be done: https://www.youtube.com/watch?v=L2agCqW6ntc
> 89 BMW ... and an 83 Land Cruiser
I'm with you. Our daily drivers are 2011 Mitsu, 96 Toyota, 92 Buick and a 63 Dart. Also a 61 Sunliner for when it's not-summer.
The Mitsu is unfortunately drive-by-wire; I mostly avoid it.
The Cybertruck is the only vehicle on the market that has drive-by wire. There was previously an Infiniti model that was partially drive by wire.
Almost every early electronic throttle like that drives like pure ass, and newer ones are hit or miss at best. Toyota seems have done a decent job with it, but everyone else kind of keeps pooching it.
That falls in with a lot of stuff that felt like it might have made sense on race cars that I don't understand why people keep asking for on street vehicles (drive by wire throttle, CVTs, huge wheels with rubber band tires, certain kinds of traction and stability control, viscous coupled or electronic "all wheel drive" (not 4WD), along with the Subaru boxer 4 people get Stockholm syndrome over); all I can figure is that people are just OK driving stuff that drives and behaves like total shit.
How large is your family? Why do you need so many cars?
> Anyway, I'm staying with my old gas Honda until it dies which is probably never with proper maintenance and eventually restoration.
I would have stuck with my 2003 Honda Accord too, except that some woman, probably talking or texting on her cell, slammed into me while I was stopped at a light, totaling my car and damaging 3 others. I got $8K for my car after arguing with the insurance company, and paid $28K for a 3 y/o replacement.
The fine for texting while driving in Kentucky is $25.
What is the relevance of your anecdote? Iām genuinely confused.
That other drivers determine whether or not you get a new car just as much (if not more than) you do.
> but the GPS and eSIM that comes with most (all?) new cars
All. https://en.wikipedia.org/wiki/ECall:
āeCall (an abbreviation of "emergency call") is an initiative by the European Union, intended to bring rapid assistance to motorists involved in a collision anywhere within the European Union. The aim is for all new cars to incorporate a system that automatically contacts the emergency services in the event of a serious accident, sending location and sensor information. eCall was made mandatory in all new cars approved for manufacture within the European Union as of April 2018.ā
Interestingly, everyone is actually scrambling to get the legislation changed or a replacement for eCall that works over 4G/5G before 2027 because 2G/3G is or is being shut down all over the place. Otherwise, technically, driving these cars could become illegal in the EU.
It's crazy the EU passed this and collecting someone's IP address or assigning them a random UUID is considered a GDPR violation.
Assuming the tech is not abused, it makes perfect sense (GDPR Art. 6(1)(d)). And, in fact, abusing the tech would be a GDPR violation. You might consider it foolish, but it's not inconsistent.
Quite the opposite! Since people can have faith that they are protected by GDPR, they can have machines that actually work to help them, instead of hobbling them out of fear of being exploited.
> ācan I get free data from the SIM card embedded in the device that I now technically own?ā
That seems like the next-most-interesting question now that you've determined what the device is. Possibly followed closely by "can I use that free-to-me data in a fun way that might teach the people who installed the SIM to deactivate their devices when they sell them?"
i.e. Could you send and receive enough on the connection using that SIM to cost them enough money that they'd notice it?
If the people who made it know much about telecoms, then no, the will not work. When your mobile device connects to the Internet, the connection tunnels through the mobile network to a gateway specified by the "APN" (access point name). This is usually set up automatically these days, but you can dig the setting out of your phone. That's for an Internet connection - however a company can pay for a "private APN". This is still a gateway, but they control what it connects to. This is often done for machine to machine connections, e.g. for utility smart meters - so a SIM for a gas meter will not be provisioned for the normal Internet APN, and if you were able to get that SIM out (difficult as they are not usually in card format) you would not be able to connect to the Internet. Typically the equipment company will negotiate a cheaper data price than for Internet access, since the data usage will be low and predictable.
Now it could be that the people who built this tracking device are too small scale to negotiate a deal, or just don't know this, but my guess is that (a) the SIM is not in a physical format which can be removed and fitted in a different device; and (b) it is connected to a private APN which is not connected to the Internet.
BTW, if you look up the Wikipedia article, bear in mind that it is a bit inaccurate - for instance it refers to an APN as being a gateway to the Internet, which is not always true. I'll correct it some time.
Cars now have cell modems that you can hook up to select telecom providers to turn your car into a hotspot, so those cell modems/SIMs do have an APN for internet data
Itās surprisingly common for SIMs in IoT devices to not be locked down. If the data usage spikes enough above the noise itāll probably be detected & deactivated.
Hereās an example from a few years ago: https://scootertalk.org/forum/viewtopic.php?t=1370
Nice. Thought this was going to be https://news.ycombinator.com/item?id=22085089
I'm reminded of a sim card installed in tracker for wildlife, that was then used by someone for their cellphone.
[dead]
I've experience working on a team for one GPS fleet management solution. Our SIMs were usually provided in a bulk PO from a top tier wireless provider and were all locked down to a certain very small (on the order of 5mb/mo) bandwidth plan. This cuts cost and risk.
I work at a place with LTE GPS trackers on fleet vehicles. Tracking boxes get moved from old -> new vehicles when possible. Otherwise the cell and tracking services are deactivated ASAP to avoid paying a monthly fee on an unused tracker.
I'd personally be equal parts creeped out and curious about the hardware if that showed up on a car I bought. If it's a former fleet vehicle, its probably deactivated.
The particular sound described makes me think of older pre-lte stuff, which in my part of the world was abandoned and became useless a couple years ago.
That was also what the sound made me think of, but I don't think the sound would've happened with deactivated hardware. (?)
But you're right, I don't think I've heard my phone cause that sound since I switched to an LTE phone.
I work for a company that uses sensors with some kind of 4G connection. I don't know the details but I did ask our sensor guys what would happen if someone removed the SIM card (or whatever it is) and started using data. My recollection is that locking down those SIM cards is the responsibility of the sensor maker. We have an agreement to pay for all legitimate traffic at a contractual rate, but the device manufacturer actually owns the connection and pays for the data themselves.
So you're probably using the connection in violation of the wishes of the responsible party, but it was not clear to me exactly how illegal that would be? Like I'm sure they could charge you with a crime but I have no idea what it would be.
> they could charge you with a crime
Doubt it. You'd be using a device you bought and now own, that didn't come with any kind of agreement/contract/etc to limit your usage. :)
I suspect that computer misuse / hacking laws could apply. Iām also certain that there will be small print if you bought it from a dealer.
This entire article is clickbait.
- Headline "My new car has a mysterious and undocumented switch".
No, this is not a new car. This is a used car. Finding undocumented switches in a vehicle someone else owned is very common. People modify their cars all the time. Finding an undocumented switch in a new car would be wild.
- "And thatās how the search comes to an end. After a bit of perseverance I figured out what it is."
You literally took your car to a dealership, and the mechanic told you what it was. This ENTIRE ARTICLE boils down to this statement. You did the bare minimum to investigate what it was: took the panel off and confirmed that the wires went __somewhere__.
How does this get upvoted so heavily on Hacker News?
Maybe because "My new car" does not imply that the car itself has never been used?
Just that it's YOUR new car.
That's one thing I'm very curious about: is there a way in english to differentiate between "(my new) car" (a used car which is new to me) and "(my) new car" (a new car which is mine)?
Usually you'd say "brand new" to signal that it's from the factory. It is quite ambiguous otherwise.
Damn, you're cranky. The original article was a good read.
I have to say I agree fully and it's kind of disappointing how much chaff makes it to the HN front page. This is ostensibly an interesting article, but at second glance doesn't really hold up to any scrutiny as anything really novel... folks buying used cars for decades have been doing detective work on 3rd party aftermarket modifications that have been left in. Instead, show me a door chime that has been converted to Toto's Africa using an arduino or custom fab board with STM chip.
I love hardware mysteries.
I mostly drive old 90s enthusiast cars, and I have had my fair share of undocumented switches.
The most surprising to date was in a Nissan Silvia, from 1989. Sometimes it wouldn't crank off the key, given the solution chosen it must have been a wiring issue. Instead of fixing that wiring, the previous owner had directly wired power to the starter via a "missle switch" style switch, and instead of mounting it anywhere remotely useful, it was just spliced into the loom and sat on top of the rocker cover in the engine bay.
So if it wouldn't start, I had to leave the key at "on", hop out of the car, bump that switch and then it would start. Obviously standing in front of a manual car while starting it is the dumbest thing next to wiring your starter to a switch in the engine bay. Fortunately I never ran myself over.
Another one, I will keep short, a 97 Skyline would only light up ready to start 1/4 times. Seemingly randomly, on key bump. Turns out the flash memory for the fuel map had corrupted, and depending on the temperature and a bit of randomness from the sensors, it would only hit a corrupted cell occasionally. It got worse and worse as more of the table corrupted, until it would only start say 1/60 key bumps.
It was a dodgy power wire causing the corruption, and fixing that plus reflashing the tune fixed the issue.
At first glance this reminded me of some Ford Crown Victoria Police Interceptor models which had similar unlabeled buttons. One would disable all exterior lights, including brake lights, for going into stealth/surveillance mode. An adjacent button was used to be able to remove the key and keep the engine running, while preventing the car from being shifted out of park until the key was inserted again. I haven't seen either feature re-introduced in the newer Explorers or Fusions though.
Many modern ambulances have a similar shifter disable switch so that it can be left running and someone can't take off with your ambulance while you're off collecting your patient.
> ā¦ used to be able to remove the key and keep the engine running, while preventing the car from being shifted out of park ā¦
Iām pretty sure (not 100%) that new cars with contactless keys have this feature by default. You can get out (with the key) and leave it running, but the shifter wonāt work until you return with the key.
Contactless keys and fleet vehicles do not go well together.
I'll bite. Why not?
I think you're right, although I've noticed that there's a timeout where newer cars automatically turns off if the key fob doesn't come back within range after so many minutes. Probably a safety feature to avoid accidental walkaways, whereas the button required a deliberate two-step action (hold down while turning and removing the key) to activate the feature.
Mine didn't. My contactless key needs to be nearby when starting the car. The shifter is independent and does not need the key.
I was astonished to learn that Ford no longer sells sedans (Fusions) of any kind. Neither does GM. I dislike SUVs, and it seems the only choices for American sedans are a Cadillac or a Tesla. Hondas and Toyotas are selling like hot-cakes, but when they had to compete on quality American automakers just decided to walk away from the market.
So no need to worry about that feature on Fusions... they don't sell them anymore. Nor Chevies, Buicks, Oldsmobile is long gone, no more Dodges or Chryslers... nothing.
> I was astonished to learn that Ford no longer sells sedans (Fusions) of any kind
It has been a very long time for Ford now. I was heartbroken when they discontinued the Fiesta/Focus ST/RS trims in the US, those were peak car models for me.
Story: when I was buying my Fiesta ST I did all the usual dealership prep tactics to avoid getting overcharged. I researched the dealership cost and all that jazz, and told the salesperson I have that much + a few hundred bucks which seemed a fair offer. They immediately accepted it and got me out the door with that car within the hour; I got the sense they were not selling well even back then.
those CAFE standards, or the ānot an EV mandateā have destroyed the US car market. Trucks come standard with 4 cylinder engines now and manufacturers are reducing their offerings to meet the aggressive climate goals.
Check Chevy and Dodge too. Chevy has one sedan and Dodge is still selling 2023 model years to avoid CAFE.
That must be an American thing. Ford, Holden (GMSV, Chevvy), Toyota and Honda all still sell sedans in Australia.
Steven Wright: "I have this switch in my house that doesn't seem to do anything. It's in a hallway, so every time I pass it, I flip it: up, down, up, down...up...down. A few months after I got the house, a guy from Indonesia called me on the phone and said...'stop it'"
??
It's all in the delivery
This is certainly true. Typing that I heard his voice in my head, and laughed. I'm sure someone who's never heard Steven Wright has a much more limited response.
So this was a gps tracker that was installed by a fleet and never removed. The larger issue is that most car companies in the US are reselling your data on newish vehicles (2016+) anyway. I am still amazed that this is not a larger issue.
>The larger issue is that most car companies in the US are reselling your data on newish vehicles (2016+) anyway.
A fun read related to this: "Privacy Nightmare on Wheels: Every Car Brand Reviewed by Mozilla - Including Ford, Volkswagen and Toyota - Flunks Privacy Test"
https://foundation.mozilla.org/en/blog/privacy-nightmare-on-...
Small excerpt:
>The very worst offender is Nissan. The Japanese car manufacturer admits in their privacy policy to collecting a wide range of information, including sexual activity, health diagnosis data, and genetic data ā but doesnāt specify how. They say they can share and sell consumersā āpreferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudesā to data brokers, law enforcement, and other third parties.
Why? It is quite clear that the mass populace just doesn't care. That's the bigger story. So many people are quite happy giving away data that they don't fully understand or even want to take time to try to understand as long as they get free/discounted service/fees and use the same equipment to keep up with the Jones. Another study should be why otherwise smart people cannot come to terms with this.
People care about privacy. But in our current telling its a hard problem to understand and the costs are too high. The costs are not talking to friends, or not driving a car. So as a coping mechanism people will convince themselves they dont care for privacy.
The phenomena you're describing isn't about caring.
You're describing a "trade" in the same way mobsters and conmen do.
What are you on about? Mobsters and conmen break laws. There are no laws being broken by these data hoarders/brokers. Maybe it's closer to Stockholm syndrome or abusive/toxic relationship or something where people are mentally accepting the unhealthy situation as if it were normal.
The costs of talking to friends endlessly about this boring privacy is having no friends. You're telling an addict what they are doing is not good for them, but they are not ready to hear it.
My 2024 Toyota GR Corolla has a fuse that, when pulled, disables the Data Communications Module (DCM). It also disables the in-car microphone. At first I was mildly annoyed at not being able to make phone calls over a Bluetooth connection between my phone and the car's computer because of that, but the more I thought about it, I realized I was actually okay with the car's microphone also being disabled.
I often put my phone into Airplane Mode when I'm not actively using it, and I prefer to avoid the distraction of a phone call while I'm driving because I'm a terrible multitasker. If it's too easy for me to receive an incoming phone call when I'm driving then I'm too likely to do it when I really shouldn't.
In general I want as little data collection and reporting capability built into my car as is reasonably possible. I wish more auto manufacturers would make it as easy as Toyota did with the GRC -- and a few other of models, as I've heard -- to disable telemetry.
Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.