Re: [PLUG] car tracking

Thomas Delrue via plug on 15 Jan 2021 12:33:00 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] car tracking

From: Thomas Delrue via plug <plug@lists.phillylinux.org>
To: Rich Freeman <r-plug@thefreemanclan.net>, Chad Waters <chad@chadwaters.com>
Subject: Re: [PLUG] car tracking
Date: Fri, 15 Jan 2021 15:32:43 -0500
Cc: jeffv <jeffv@op.net>, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Reply-to: Thomas Delrue <thomas@epistulae.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0

On 1/15/21 14:59, Rich Freeman via plug wrote:
> On Fri, Jan 15, 2021 at 2:46 PM Chad Waters <chad@chadwaters.com> wrote:
>>
>> How is it used in terms of warranty or lease agreements.
>> Do they share that with insurance companies.
>> Do they share it with other third parties.
>> How is that information stored and protected.
>>
>> Yes, some of those questions are probably answered in EULAs we signed without reading at the dealership.
> 
> Some of that stuff is clearly documented.  Keep in mind that the ECU
> logs a lot of data in a ring buffer for a short period of time, which
> can be used to figure out what happened before an airbag deployment.
> Police and insurance routinely pull this data - usually while you're
> lying in a stretcher in no position to object.

Any car with OBD collects a LOT of telemetry. From how fast you go, over
which gear you're in and how much air is currently flowing through the
Air Mass Meter, to how often and how hard you press the break and what
angle your steering wheel is at at this very moment in time.
As Rich mentioned, that is stored for a 'relatively short period of
time'. We're talking minutes, or at most hours after the event time
(typically), because it's typically only used when LEA's or insurance
gets involved. And when all that fancy telemetry register a big "change
in acceleration" (collision), then it puts the latest X minutes away in
a safe place to be accessed by LEA's and insurance folks.
Some of it is stored longer because it may be of legitimate interest to
your mechanic as well.
Is that information regularly uploaded anywhere else? That depends on
your make & model of car. And as you mentioned, there's EULA's that
cover that which you should (have) read, digested, and evaluated for
fitness of acquisition of the car, if you care about this.

There's very legit reasons why that information is collected. Because
there's a feedback loop that uses that information to make your car run
smoothly. I'd even go as far as saying that these days, it's absolutely
required to make modern cars run smoothly and efficiently. (Whether
that's a desirable situation to be in, I'll leave that in the middle).
If you don't like this, I would recommend a car that still relies on
vacuum-lines as opposed to cars built from the 70's onward.

As Rich points out, police and insurance very routinely get access to
that data, so it's sort of a google kinda situation: in order to use
this service(/car), you must let us collect the info, so that we can use
it "against" you when we please/need to.

> I was just in a loaner car for a day and the agreement indicated that
> the car was trackable, but the vendor only accesses this data when
> necessary to recover a lost/stolen vehicle.

This almost always isn't even the car itself that does the
tracking/reporting, but rather some fleet tracking system which may be
as simple as GPS receivers (GPS is passive, remember that: you receive
pings from satellites and calculate your location based on time delta's,
but your GPS thingy, typically, does NOT report it's location back to
the satellites) that have been bolted or glued to the car and have a SIM
card to report their latest location/track every X minutes.

> Insurance companies might care about the fault in a specific incident,
> but they're actually less interested in everything about what you do
> behind the wheel than you might think.  Progressive has their module
> that lets you voluntarily have yourself monitored and the only thing
> they look at is brake application.  I was listening to an interview
> and they said they basically grabbed every bit of data they could from
> a bunch of volunteers and the only attribute that actually correlated
> with driving risk was brake application, so that is all they monitor.
> If you slam on the brakes then you're higher risk.

The progressive insurance thing was exactly what I thought about as
well: https://www.progressive.com/auto/discounts/snapshot/
I do think though that it's a deceptive thing: it's pitched as a
discount, but really, it's a punishment: you get punished for not
partaking (through higher rates than those who do) and you get punished
for partaking but breaking to hard one too many times for whatever
contextual reason the tracker cannot determine (but will ding you for it
nonetheless).
It follows the mantra of "you have nothing to fear, if you have nothing
to hide" and I think that premise is fundamentally flawed.

> [...snip...]
> If you don't have personal data, then you can't lose personal data.

This is exactly how responsible businesses deal with PII. This does lead
to the whole "... but there ain't that many responsible ones".
As weird as it sounds, sometimes it's even totally counter-intuitive:
"the reason we don't delete your data is because it's cheaper to keep
storing it, than it is to pay for the developer to write something that
erases it; on top of that, by just accumulating, we can more accurately
plan for growth in storage requirements, so there's that".

> I suspect it is the same for car companies.  They don't care about you
> personally so much as how their cars are used.  So they probably strip
> out the really critical info very early during data collection.

See above about the non-responsible businesses.
Sometimes the reason why you're caught up in collected information is
not because you're important or of interest. But it's simply because
you're totally, entirely, stupendously, unfathomably, incomprehensibly
and utterly ... insignificant. You're literally not important enough to
be filtered _out_.

> But, sure, it is a risk.  I'd still argue that your cell phone is a
> WAY bigger risk across the board.  That thing follows you around
> everywhere with a camera, microphone, and network access.

I'm no friend of any kind of tracking, and I am of a very firm opinion
that almost all tracking, in whatever shape it comes, is "too much". I
rarely agree with Rich on this subject (or related ones), but in this
instance, I find myself in very strong agreement with him on pretty much
anything up to now in this thread.
Now I gotta go check my temperature...

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] car tracking
  - From: jeffv via plug <plug@lists.phillylinux.org>
- Re: [PLUG] car tracking
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>
- Re: [PLUG] car tracking
  - From: Chad Waters via plug <plug@lists.phillylinux.org>
- Re: [PLUG] car tracking
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] car tracking
Next by Date: Re: [PLUG] car tracking
Previous by thread: Re: [PLUG] car tracking
Next by thread: Re: [PLUG] car tracking
Index(es):
- Date
- Thread