I wanted to get others’ takes but it seems like the only real way to get a non-spying car is to get an older car without any sort of telemetrics. I saw a video about different car companies’ security policies, well specifically the new Mental Outlaw video, and it just blew me away how even our cars aren’t safe. Anyone got tips for how to anonymize their car?
Mozilla Foundation did a deep dive into this. And the results where abysmal. The only brands not completely horrifying where Renault/Dacia because they are European and only serve the European market so they have to follow GDPR.
Wait, Renault doesn’t ship anything outside the EU?
It does, to India.
Depending on the car you might be able to physically disable telemetry. Here are some thoughts/ideas I’ve been collecting:
- Hit “SOS” button and opt-out of all services through customer service. This of course requires trusting the company to actually do it.
- It’s possible that the info could be stored locally and then uploaded when it gets serviced though
- Remove the fuse to the modem/data communication module (DCM)
- Disconnect wiring to the LTE antennas
- A number of people have mentioned that they can get the dealer to disconnect the telemetry as a precondition to buying. For instance, here.
- Jump the data communication module (DCM) cable with a ~$70 dongle to bypass just the telematics components
- Disconnect the DCM cable, which will likely gimp the infotainment if not other systems, or remove the entire DCM unit
Quite a few cars also still have a SIM card hidden somewhere, which can be removed. The location of it varies widely though and they’re usually pretty hard to find.
You need a line break between your paragraph and your list.
Depending on the car you might be able to physically disable telemetry. Here are some thoughts/ideas I’ve been collecting:
- Hit “SOS” button and opt-out of all services through customer service. This of course requires trusting the company to actually do it.
- It’s possible that the info could be stored locally and then uploaded when it gets serviced though
- Remove the fuse to the modem/data communication module (DCM)
- Disconnect wiring to the LTE antennas
- A number of people have mentioned that they can get the dealer to disconnect the telemetry as a precondition to buying. For instance, here.
- Jump the data communication module (DCM) cable with a ~$70 dongle to bypass just the telematics components
- Disconnect the DCM cable, which will likely gimp the infotainment if not other systems, or remove the entire DCM unit
- Hit “SOS” button and opt-out of all services through customer service. This of course requires trusting the company to actually do it.
- Hit “SOS” button and opt-out of all services through customer service. This of course requires trusting the company to actually do it.
It’s possible to get cars as new as 2019 where you can just pull a fuse. But it starts to get tricky.
Example my C7 Vette it only took about that (it was a bit of an ordeal to not brick the car) but it’s not connected to shit anymore.
Telemetry data will still be saved in the car systems, but not broadcast anywhere. So not too bad
Right to repair must apply to cars as well.
The problem with the “just buy old cars” is that I want a used electric car for like $10k.
We need a wiki of EVs that.has a section on each model enumerating which components are used to spy on you and videos showing how to neuter them.
Yeah with EVs it seems like improving the privacy would be a pain, since they are reliant on parts of the digital system that is causing the privacy problem in the first place. I’m planning on sticking with a gen 3 Prius for awhile.
Are you sure the gen3 Prius doesn’t have these sensors and privacy issues? I had a gen2 Prius and that thing had loads of sensors everywhere.
I ask because I’m seriously considering buying a gen3 Prius. Do you have any resources you can link me to where researches actually did an audit of this car to see what info it collected and what was uploaded to Toyota or the mechanics?
We need a wiki of EVs that.has a section on each model enumerating which components are used to spy on you and videos showing how to neuter them.
I have been thinking we need something like this but for all new vehicles, not just EVs. Like instructables but for how to locate and rip out the cellular radio/antenna on every make and model that has one.
Definitely. But its more complicated than that.
My understanding is that many cars store the information airgapped and then upload it to the dealer when the mechanic pluggs into the car doing routine service checks.
So we need the wireless/radio neutering, but also someone needs to hook up to the car and see if/what data can be leaked via hard wire. And possibly find ways to disable the sensors, send random/nonsense data, update the software to not store sensitve data, automatically wipe the data every time the car turns on, or at least document how to manually wipe the data when you pull into the shop for maintenance.
Oof, yeah, didn’t think about that. Much more complicated.
Exactly. Like I got a new android phone last week and I want to make it more.private. I want be afraid of making mistakes. Any mistake I can do can be undone.
Yeah fortunately there’s tons of info on the internet on how to security harden phones. Its down to a science
Hardening cars is wild west right now.
Hardening cars is wild west right now.
The cars should not need to be hardened. That is what needs to stop, imo!!
The best privacy from an EV is an electric bicycle
Well, would be nice to be able to haul drywall and not get wet. There are some projects for this, but they’re a bit immature and documentation is lacking
You can haul a lot of weight by bike, especially if you use a trailer. How often do you really haul things? Just rent a panel van on days you want to move shit.
I live on a bicycle, but I’m going to be building a house soon, which is why I was looking at buying an EV.
An EV van has the same privacy issues, and we’re back at square 1
Remove the cellular modem.
What are the chances the software is designed to throw errors and “See a technician” messages if you dk?
My suggestion, if you’re looking for a new car, is to research where the modem in the car is, and unplug it during the test drive (assuming it’s reachable).
I unplugged the one in my work truck, 2023 Ford F150. They call it the “Telematics unit” and it’s on the rear cab wall on the right side, hidden behind the sound deadening foam. I did this after it was bought, but if I had known about it before my boss paid it, I definately would have tried it before the test drive to make sure, and I plan to do it if/when I look for a newer car!
I unplugged every cable coming into it - power, antennas, data, all of them! The only issue that comes up is the center screen on the dash crashes back to the main menu when you try to open the data/wifi settings.
No other issues so far after almost 5k miles! No warnings, no lights on the dash, nothing! Android auto/carplay even still works! Don’t know yet if the dealer will try to plug the unit back in during the next service, but I intend to raise hell if they try!
I’ve heard it can cause problems in some models, so people need to do their research. With my truck it’s dead easy and are no drawbacks.
Not small, but I think you’ll have better chances with the mid level commuter cars. You’ll probably get some error messages on some of them, but if you can ignore them, they wouldn’t stop the car from running.It’s the high end ones and EVs that have a higher chance of bricking if you disable the antenna.
We need an iFixit-like database giving each car a score about how easy it is to unplug the telematics units and what errors it may result in, complete with a score.
And add a Faraday’s cage. There are other things except for cellular connection used in cars such as WiFi and Bluetooth.
That’s impractical. Bluetooth and Wi-Fi also needs modems so just remove those too.
I mean sure if you can find and remove them. They’re very small.
They’re going to be in the same location for a given model year, which somebody will likely have documented online.
I’d want bluetooth for music from my phone though. And it’d be nice if my phone’s cellular and GPS didn’t get blocked.
Isn’t your phone far more connected to your identity than your car? As in, if your worried about Toyota or Ford tracking your vehicles driving statistics it seems using GPS and wifi and Bluetooth on your phone that also has all your payment info, browsing history, and all your passwords saved defeats the entire purpose of worrying about your car. However, at least your phone gives you a benefit to using it like navigation and music, your car just mines your location data.
Privacy is not just black and white.
But then the car can send the data via unprotected WiFi spots. I don’t think you can turn off autoconnect.
Most of the cars will still try to connect to open Wifi when available to upload data.
Very nice ! That’s when you can start spying on your car’s behavior.
Not really. If they use TLS / HTTPS then you won’t see a damn thing.
Yeah. Believe me most of these embedded controllers are not very well programmed. Play a bit with fake certificates and I won’t be astonished if you to catch something.
Are there any write-ups on the situation in Europe under GDPR-legislation? Mostly I read about the US-situation which seems like the wild west, but I can’t imagine that it is perfectly fine in the EU either even if you opt-out of using their apps etc.
I don’t recall what kind of car it was, but there was one that saved the phone number associated with any phone that connected via Bluetooth.
While I don’t think it’s likely as a way to trick people to connecting to get their phone number, it was a rental car which opened them up to impersonation scams. Knowing they just rented from the company and where in the city provides quite a bit of information on you.
Android has the ability to deny this information. If iOS has one it does jack shit because Apple doesn’t care about your privacy.
ITT people are all dismissive because you can’t actually be anonymous on the road (license plates, speed cameras…), but, honestly, I just want a car that doesn’t listen in on my conversations, sell my data to brokers, require any passanger to accept the privacy policy, or record the times I have sex (jk it won’t be able to if I don’t have any)
I’ve got a 2009 dumb car and I am babying it because I dread having to try to buy a new to me car that isn’t full of telemetrics and other modern car garbage.
Learn how to work on it
I already do. I’m no mechanic, but I’ve made numerous repairs over the years and am familiar with and can do basic car maintenance.
As long as data harvesting is legal and profitable, privacy will be a cat and mouse game. Gotta wonder how much capital and human effort is invested into all these anti-consumer innovations.
Definitely keeping me far away from upgrading, newest vehicle is an early 2000s Corolla and still does 40mpg.
Honestly with how cheap and easy it is to fix at home, barring safety improvements I really don’t see a point in upgrading. Infotainment is just another component that will eventually go obsolete like the ones from ~2010 that are dog slow and a pain to go aftermarket on.
Yeah, this is something always in the back of my mind. There’s no way I could replace the one in my car without serious modification. There’s a bunch of shit integrated into it (heat/air controls, safety feature toggles, etc.) and it takes up the entire center of the dashboard.
Should be quite easy to remove any WiFi/cellular/satellite antennas from the car’s computer. (Might be trace/chip antennas, so make sure to get those). If you’re extra paranoid, get the GPS antenna too, so it can’t simply record data indefinitely.
Might take a few hours to go through the car to make sure you get everything, but you won’t be limited to super old cars.
I don’t believe for a second that the car won’t be sending either an unremovable error message, a constant and un-mute-able audible alarm, or a complete lockout of subsystems or the entire system itself. The best case scenario is that this is a mild inconvenience.
Does your car lock up outside of cell coverage? I’m not suggesting removing the radios themselves, just the antennas. To the car, it will just always be out of range.
The antenna used for talking to the keys might cause trouble, but those are either inherently short range inductive systems or are receivable using a 20$ RTL SDR to verify it’s not sending anything else.
I plan to buy 2003 Skoda Octavia for obvious reasons or some car with automatic transmission.
My cousin still drives her 2003 Octavia and it’s still in great shape. Diesel, manual and four wheel drive. Amazing car!
Buy an electric bicycle and use the money you would have spent on a car to run for a seat for local office on the platform to improve local transit infrastructure
How good are they in ice and snow? Probably a bit dangerous and cold I’d think.
There are studded tires you can get for ice but I’m not certain about their application on electric bikes.
Let me try this comment again.
There is no driving with privacy or anonymity unless you’re on private land.
Anyone got tips for how to anonymize their car?
Remove the license plate. You will rarely have privacy driving a car on a public road. You should disable the modem, of course, but you’re still not going to be driving anonymously or privately. Automated license plate readers means your travels are going into databases that very well could be breached at some point in time.
Law enforcement use of ALPRs is rapidly expanding, with tens of thousands of readers in use throughout the United States; one survey indicates that in 2016 and 2017 alone, 173 law enforcement agencies collectively scanned 2.5 billion license plates.
According to the latest available numbers from the Department of Justice’s Bureau of Justice Statistics, 93 percent of police departments in cities with populations of 1 million or more use their own ALPR systems, some of which can scan nearly 2,000 license plates per minute. In cities with populations of 100,000 or more, 75 percent of police departments use ALPR systems.
Despite this expansive data collection effort, many departments have not developed a policy to govern the use of ALPR technology, or provided privacy protections.
The fact that your data is exposed to someone doesn’t mean that you have to give up and just let everyone else have it as well.
That’s not the point I’m making. You should disable your cars modem if it has one, but you still should have no expectation of privacy. Thinking you can have anonymity with a license plate displayed to everyone is foolish. It’s like asking how to be anonymous while wearing a name tag and the same clothes every day.