top | item 26579648

(no title)

StupidOne | 5 years ago

I think we should separate telemetry from spyware. It is not close the same. We all have telemetry is our cars, yet nobody is making any fuss about it. Even in software engineering profiling database queries or active memory is not something anew and I don't recall we had any problems with that.

discuss

dhagz|5 years ago

I'd argue that if the telemetry is opt-out rather than opt-in it has (just _barely_) crossed the border into spyware. Sure it may not be tracking anything more than usage data, but I'd rather see a pop-up/dialog saying, "we'd like to track X, Y, and Z - we'll be using Q to identify your data. Is that okay?" And make a choice than to have that choice made for me.

mindslight|5 years ago

What is with this idea that software has some interactive install process where I would want to be asked questions every time? Blast from the oughts! If you have to ask, the answer is 'no'.

Your software is either trustworthy, part of that being that it doesn't perform surveillance on me, another part being that it installs through well-known automation (apt, nix, etc). Or it will never become part of my trusted computing base (yes, that term is another blast from the past).

If I am forced to use it, it will end up in some isolated VM or throwaway tablet, with the minimum of access required for the functionality I need. I will consider it a second class citizen and generally deprecate it as much as possible (eg for communication apps, work to move the conversation to a different medium).

EdwardDiego|5 years ago

...do we all have telemetry in our cars, really? I mean, we have data that can be read via ODBII, but it's not exactly connecting via the cell network, it has to be retrieved with a plug.

I can't think of anyone I know who has a car that needs to phone home. But that's a very limited sample size, so you know. Also, I'm most likely in a different market to you, we've never had anything like OnStar make inroads here into domestic vehicles - some commercial operators are using telemetry on their trucks etc.

But rest assured, if all our cars were phoning home, I'd be making a massive fuss.

For example, an insurance company in my country has recently launched an app that will "measure" your driving and offer lower premiums if your driving is "safe" according to their algorithms. It's obviously opt-in, but at some point, the difference between a discount for opting in, and a penalty for opting out, becomes hard to differentiate.

You don't have any rights to review their algorithms if you feel that they got it wrong, it's a combination of Hail Corporate and Hail AI, and context is lost because it's impossible to capture that. E.g., does heavy braking indicate you were driving poorly, or did you encounter a situation where heavy braking was necessary, such as the damn cat down the road that thinks it's invincible deciding to make a sprint for it in front of you? Is acceleration in excess of their defined limit unsafe? Or were you accelerating more than you normally would, because someone gave you space to turn into the road and you didn't want to needlessly hold them up, given their courtesy?

And given what I've seen of the FAANG algorithms, I don't want algorithms from companies nowhere near FAANG level making decisions about me. A personal favourite of mine was FB removing a comment of mine, because my sister said she'd totally marry my wife, on account of how, well, pretty damn awesome my wife is, and I'd replied "Haha, I'll fight you" - and FB had flagged that as "hate speech/incitement to violence".

Anyway, thank you for coming to my TED rant.

dahart|5 years ago

> I can't think of anyone I know who has a car that needs to phone home.

You don’t know anyone with a Tesla? https://www.tesla.com/support/connectivity

Or a Honda? https://hondalink.honda.com/#/

Or a Bmw? https://connecteddrive.bmwusa.com/app/index.html#/portal

Or a Toyota? https://www.supraconnect.com/app/index.html#/portal

You don’t know anyone with a Chrysler, Dodge, Fiat, Jeep or Ram brand vehicle? https://www.driveuconnect.com/

You didn’t hear about the remote control vulnerability 6 years ago? Chrysler recalled their entire fleet to fix it. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...

EricE|5 years ago

"I can't think of anyone I know who has a car that needs to phone home. "

As others point out, it's almost impossible to get a new car these days that isn't connected. Anything in the last five years in particular. It's pretty disgusting and one of the reasons I'm in no hurry to own anything new. I have a '97, '02 and '10 and they all work quite well for me and I intend to run them into the ground. And if I'm diligent they should last me until I am no longer fit to drive.

ip34162|5 years ago

In future, we are gonna have a blast. Some lucky ones already are. :) /s

Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military:

https://news.ycombinator.com/item?id=26492322

One company wants to sell the feds location data from every car on Earth:

https://news.ycombinator.com/item?id=26511649

Military Unit Conducting Drone Strikes Bought Location Data from Ordinary Apps:

https://news.ycombinator.com/item?id=26367747

danielsamuels|5 years ago

> ...do we all have telemetry in our cars, really? I mean, we have data that can be read via ODBII, but it's not exactly connecting via the cell network, it has to be retrieved with a plug.

Nissans do, my Leaf does. They connect to a mobile network or WiFi and upload data.

https://www.nissan.co.uk/ownership/nissan-infotainment-syste...

Silhouette|5 years ago

We all have telemetry is our cars, yet nobody is making any fuss about it.

That is very much not true, on both counts.

There is a lot of nuance in this area.

Monitoring how well your own systems are working and how they're being used is one thing. It's obviously reasonable and necessary for a variety of practical reasons.

Monitoring how someone else's systems are being used, even if they happen to be running some of your software or incorporate some equipment you made, is something else. If you're no longer responsible for those systems and ownership has been handed over, including remote access or phone-home functionality means crossing some lines that maybe shouldn't be crossed, particularly not without the full knowledge and genuine consent of the person whose system you are communicating with.

mindslight|5 years ago

> We all have telemetry is our cars, yet nobody is making any fuss about it

This is like saying nobody cared about mass surveillance before Snowden. The problem is apparent, but the realization isn't evenly distributed.

The only difference between this Lua server and other Software Augmented with Additional Surveillance (SaaS) is your trust. You apparently trust them to not sell the data trove to a surveillance company (or to a VC who eventually will), but I see no reason to. Heck, I've been answering no to popcon for over a decade now, even though Debian is outstandingly trustworthy.

Even Backblaze, a company whose core product is securely storing your data, just recently suffered from an in house attack - apparently their security team didn't foresee the need to protect against javascript injection by their own marketing stooges. When data is there for the taking, most people cannot restrain themselves - the problem is endemic. The only solution is to assure the privacy of data, through means such as Free software, E2E encryption, and not collecting it in the first place.

yellowapple|5 years ago

> We all have telemetry is our cars, yet nobody is making any fuss about it.

I sure as hell am making a fuss about it, which is exactly why I drive a car that's old enough to vote (and pretty soon will be old enough to drink, smoke, and/or buy a handgun in California).