- cross-posted to:
- privacyguides@lemmy.one
- cross-posted to:
- privacyguides@lemmy.one
Upon Mr. Dahl’s request, LexisNexis sent him a 258-page “consumer disclosure report,” which it must provide per the Fair Credit Reporting Act.
What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn’t have is where they had driven the car.
According to the report, the trip details had been provided by General Motors — the manufacturer of the Chevy Bolt. LexisNexis analyzed that driving data to create a risk score “for insurers to use as one factor of many to create more personalized insurance coverage,” according to a LexisNexis spokesman, Dean Carney. Eight insurance companies had requested information about Mr. Dahl from LexisNexis over the previous month.
“It felt like a betrayal,” Mr. Dahl said. “They’re taking information that I didn’t realize was going to be shared and screwing with our insurance.”
Automakers and data brokers that have partnered to collect detailed driving data from millions of Americans say they have drivers’ permission to do so. But the existence of these partnerships is nearly invisible to drivers, whose consent is obtained in fine print and murky privacy policies that few read.
Especially troubling is that some drivers with vehicles made by G.M. say they were tracked even when they did not turn on the feature — called OnStar Smart Driver — and that their insurance rates went up as a result.
“I don’t know the definition of hard brake. My passenger’s head isn’t hitting the dash,” he said. “Same with acceleration. I’m not peeling out. I’m not sure how the car defines that. I don’t feel I’m driving aggressively or dangerously.”
In response to questions from The New York Times, G.M. confirmed that it shares “select insights” about hard braking, hard accelerating, speeding over 80 miles an hour and drive time of Smart Driver enrollees with LexisNexis and another data broker that works with the insurance industry called Verisk.
Customers turn on Smart Driver, said Ms. Lucich, the G.M. spokeswoman, “at the time of purchase or through their vehicle mobile app.” It is possible that G.M. drivers who insisted they didn’t opt in were unknowingly signed up at the dealership, where salespeople can receive bonuses for successful enrollment of customers in OnStar services, including Smart Driver, according to a company manual.
After LexisNexis and Verisk get data from consumers’ cars, they sell information about how people are driving to insurance companies. To access it, the insurance companies must get consent from the drivers — say, when they go out shopping for car insurance and sign off on boilerplate language that gives insurance companies the right to pull third-party reports.
This summary contains 489 words. I’m neither a bot nor open source, but the bot summary was poo.
As usual, lack of transparency is of key concern. Digital opt-in where other people have physical control of the device and have a profit motivation should not be acceptable.
The quote about what is a hard brake exactly or heavy acceleration is most relevant to my thoughts. Without any context, are you hard braking to avoid dangers? How many hard brakes are acceptable? What is the penalty for hard braking, etc?
My girlfriend tried the OBD reader for her insurance for a bit, and it didn’t anything one way or the other to her insurance. For something as random as driving, I dont see who would want to volunteer for it. We know the only direction prices ever move is up, so what does the consumer have to gain?
consumer disclosure report
A company that I worked for partnered/worked with LN. They are legit. Some of the smartest people I know. They are a very old data warehouse (among many other things) company.
If you would like the same report done: https://consumer.risk.lexisnexis.com/consumer They make it very easy.
Is there anything you can do once you get the report?
This is the kinda thing that I’d probably be happier not knowing if there’s nothing I can do about it.
I just ordered a report to see what providers I can switch away from or what data I can poison with fake stuff
Depends on which state you are in. If your from California, for example, you can tell them to not keep any data.
It accounts for speeding… How? Cross reference location with local speed limits? Record times above an internally set speed?
New Hondas with front cameras (used for adaptive cruise control and lane departure warnings) will read speed limit signs to display them in the dashboard.
It only parses the number, so if a US car is in Canada it will say the speed limit is 110 mph on the highway. If these GM cars do the same they’d probably think any Canadian car going for a weekend trip to the US did so at prison-worthy speeds.
Yeah, thank god it never reads unrelated signs on the side, and car never tells me the limit is 30 on a fucking 130 kmh highway.
It mentioned logging speeds above 80 mph.
That’s the highest speed limit I can find for the US, so if you’re 80+, it seems you are breaking the law regardless of location.
You forget that in the States, they say “speed limit is X, so I go X+10”, sometimes even 20. It’s very common for comments to mention that the flow of traffic is literally 25% faster than the “limit” - it’s like culturally so many USians treat the limit as a lower limit. 🫣
The posted speed limit plus 5mph is considered normal where I’m from in America. 10 over is asking for a ticket.
I visited Texas once, and was amazed to see most everyone driving 20-30mph over the posted limit, even past the speed traps with no consequences.
I’m in Southeast Pennsylvania and they’ll whack you for 10 over, but 20-30 over is not rare here. People just don’t care about anyone but themselves on the road.
I take all back roads to work now and it’s much better even though the drive is twice as long.
Drove home going 85 and still being passed yesterday. I live in Texas.
If you’re not going as fast as they are, you’re a potential danger now.
This is particularly stupid considering that your average shitty brodozer is pretty much incapable of emergency braking from 85mph.
I take it those are the people downvoting that comment, like I made the speed limits or collect the data. 😆
I didn’t know if I’ve been anywhere that people wouldn’t say 80+ is fast though.
My old commute was a half hour all highway and busy roads. New commute is an hour, but all lazy back roads and it’s so much more relaxing. People make driving into a win/lose game or something around here.
Around where I’m at you’re at semi-significant risk of getting pulled over if you’re driving under the speed limit. The police assume you’re drunk or high and if you’re not they’ll give you something about “being a hazard to other traffic”. Speed limit+10 is the safest speed to move at around here because you’re matching other traffic and matching what the cops expect of you.
There’s one exception to this: the southern leg of Texas Highway 130, which runs east of Interstate 35 between San Antonio and Austin, has an 85mph speed limit.
Even the speed limits are bigger in Texas! 🤠
So you can get to a decent state faster.
Based on the text of the article (speeding above 80mph)and my experience with an insurance app, it’s simply looking for anything over 80mph from calculated GPS speed. It doesn’t care about 75 in a 25, just that you don’t break the highest possible speed limit
I used an app version of driving tracking. It gave me an OK discount of around 5-10% just for participation but I didn’t like the fear of tripping it’s alarms - over 80mph and hard braking. It seemed like it could penalize me for the time of day as well, giving different risk ratings for time of day and what day. Sure, 80mph should be easy enough to handle, but the packs of cars on my commute at the time would cause some interesting events where I’d slowly get up to 75 and still get passed. Come up on someone doing 70 and it’s easy to tip into the 80s to make a pass in a faster lane. But the real concern, for me, is that it made me brake softer. I genuinely got concerned I’d rear end someone to not upset the app. I was worried it’d be a subconscious thing that causes a hiccup in my response, making a bad situation worse. Why would I take the penalty for someone who cut me off?
Now, I think I’m a great driver. Lots of experience early on at a dealership, lots of small quick practice sessions for pushing limits to learn and stay honed, re-learning about attentiveness on a motorcycle, and so on. But I don’t trust the rest of the people out here on a good day, let alone worrying about their brake nanny. And I get it, hard braking to save yourself (not just being inattentive or aggressive) is still an indicator of crash liklihood, but fuck that.
This matches what my girlfriend’s experience seemed to be, a weirdness about trying to please the device that has no real awareness of the situation. Second guessing yourself in an emergency isn’t the best outcome.
The quote about what is a hard brake exactly or heavy acceleration is most relevant to my thoughts. Without any context, are you hard braking to avoid dangers? How many hard brakes are acceptable? What is the penalty for hard braking, etc?
What happens if your specific vehicle has a sensor somewhat out of spec that keeps errantly triggering harsh braking? You wouldn’t know the sensor is activating, you wouldn’t know that the information is being fed to your insurance, and you wouldn’t know why your insurance is priced as it is. You have no transparency as to what is going on nor any realistic way of fixing the issue (because the vehicle runs fine after all and nobody can define what “harsh braking” even is).
Such a hypothetical situation is unlikely but even several dozen or hundred examples is a bit too much…
Also, since you are never directly informed that you are harshly braking or accelerating, you are unlikely to improve how you drive to avoid those things. If you had a notification that the braking action was a bit too harsh then you could strive to avoid that in the future… not so much if you are never told that in the first place.
Also, what if you need to hard brake or hard accelerate in order to prevent a crash? There’s no way for them to determine that was the case.
At this point manufacturers should just be giving me the vehicle for free.
I will never buy a GM vehicle. There were other reasons not to, but this seals the deal.
Not sure if you’ve seen this, but all cars are bad. It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy
If you dont want to be digitally tracked, then you better figure out how a carburetor works and buy only old cars for the rest of your life.
cause every modern car has this shit, if not now, then soon. bnot to mention all the over privacy invasions they already actively do
I think a carburetor is a bit much. There are plenty of fuel injected machines that were built before insane spying became the new normal.
There’s about a 20-year window when cars had fuel injection but no tracking. All my cars are from within that window.
Cars have had engine management since the 90s too. I remember my Ford (UK) from 1998 had engine management (including the key based transponder to immobilise the ECU). My current car is around 9 years old and doesn’t have any internet connectivity. So, there’s a pretty wide range to work with.
But, yeah eventually the cars that don’t invade your privacy will become not economically viable to keep running in most cases.
But really, it won’t matter in this case. Once more than half the cars on the road are reporting you to big brother insurance co, the insurers will just add a surcharge for vehicles that don’t report data on you.
Not to mention all the other increasing routes for personal data to be extracted and sold.
But, yeah eventually the cars that don’t invade your privacy will become not economically viable to keep running in most cases.
My strategy is to pick “enthusiast” cars (which works out for me, being a car enthusiast) that will always be worth something to other enthusiasts.
But really, it won’t matter in this case. Once more than half the cars on the road are reporting you to big brother insurance co, the insurers will just add a surcharge for vehicles that don’t report data on you.
Is !angryupvote a thing on Lemmy yet?
Actually you can find many videos on YouTube that show how to disable the OnStar transmitter and you can always wrap those internal antennae in foil.
How does the game industry deal with this? Pretty sure the auto industry will go the same route.
Yeah there will be a game of cat and mouse with the die hards. Most will just roll with it when it gets too hard.
My 95 Integra was EFI and didn’t track me.
I’m sure it’s only a matter of time before someone make a flipper zero plugin to sanitize canbus data.
So if your MAF sensor shits the bed you’ll never know about it because you’re overwriting its data. And from there it’s only a matter of time before your car requires dealership service to turn on because it can’t phone home properly because some bullshit proprietary data key is broken.
The game of cat and mouse will continue. People will hack their cars and manufacturers will install anti-hacking measures and then people will hack the anti-hacking measures. It’s just another thing where instead of being a mutually beneficial transaction it will become a hostile arms race between the consumers and manufacturers. We’re already on this path; the only real hope I’m holding out for is the advent of an open source car.
Literally EVERY car manufacturer is doing this. Nissan and Kia both explicitly claim access to all data about your sex life they can access. For all we know, they could be reading through your text messages and dating app profiles everytime your phone is connected to the car.
Hate to break it to you, but you’ll essentially need to avoid all new cars. For example, Nissan has been collecting data on people fucking in their cars.
For example, Nissan has been collecting data on people fucking in their cars.
No, they just said that they reserved the right to obtain and sell data on user sexual activity in the privacy policy. There’s no reason to believe that they’ve actually done that or that it was specifically sexual activity in cars; the same clause in the policy could cover, say, driving to a motel for a tryst.
If I had to make a bet, they’re just covering their ass because they want to sell that data to someone else who might in turn data-mine or sell the data in a way that it deanonymizes someone and exposes their sexual activity. So down the line, when someone is super-pissed-off in court, they’re gonna haul that privacy policy out and say “we told you that we could do this and you didn’t say anything, so not our problem”.
Needs legislation! When everybody’s doing it and people need to get around, there should be privacy by law
I wonder how selling the car impacts the data stream? If you could show that the automaker and LexisNexis aren’t properly handling the transition of the car’s owner from one to another – effectively penalizing the original owner for the actions of a subsequent owner – there might be a legal angle of attack to assert damages.
Data would surely be username x car modem I’d or something= unique id.
You labor under the impression that they would only track & keep data if the user was logged in.
Who changed the username in the on-board OnStar system? Did you think to perform a full factory reset on the car’s electronic systems, before selling the car? CAN you?
I’m sure insurance is gonna stop caring as soon as they get a notice saying that the person sold the car.
I’m an IT professional and I am not sure of that at all.
I wonder if there’s a way to disable that kind of reporting. Obviously, that’s not an acceptable answer to the issue. Sharing of information like that needs to be opt-in with full disclosure and not buried within pages of legalese.
But as a moderately tech savvy person, maybe there’s a way to disable it’s network connectivity so it can’t phone home anymore.
Rip out the antenna.
For now, i assume “all” you have to to is find the car’s antennas and disable them. Once “no signal” == “car won’t start”, you’ll have to spoof the antenna signal. I’ll keep my '98 car for as long as i can thanks very much.
In my Subaru it’s a seperate box under the radio. It intercepts the front speakers and microphone from the radio, so with a custom harness I can bypass it. Obviously that varies by make, model, and trim.
Unless its fiber optic you could probably just cut and splice.
The mic needs active power. If you ignore the mic a simple pig tail adapter works without cutting up your cars cabling.
on my car, there’s a fuse you can pull out, which theoretically cuts power to OnStar. check your car manual/forums about your model
There is with my vehicle. In fact, such tracking was opt-in if you enabled the driving score feature.
I’d imagine this is mostly a case of someone not reading their ToS before enabling the car’s smart features.
I’m starting to think I won’t ever buy a new car n keep driving older, dumber cars. My current car is an 08, and anything beyond that seems to have been slowly enshittified.
I thought the same about Smart TV’s. Now there’s no escape. You can only block it’s network traffic.
Just wait till they pack in some 5g antennas
That won’t work at scale; cars wear out, and become expensive enough to maintain that people scrap them
My 1993 Ford Ranger disagrees.
I think every old Ranger is begging to be put out of it’s misery. Those cars were piles of shit when new, and even bigger piles of shit now that they’re old.
On average, people junk cars at about 20 years. A few really do last longer, particularly if they’re not driven daily.
If you’re handy or willing to learn, it’s entirely possible to ship of Theseus most pre-2005 vehicles. For some models it could ultimately be economical.
Right on, got a 97 Ranger. It just literally keeps on truckin’ and I love it.
Protect that thing like it’s worth its weight in gold. I had a 91 that was unstoppable until someone else hit it running a red light. Got an edge now and it’s close but not the same
As does my 2nd car, the 86 4Runner
Just keep 7 or 8 of the same model and fix it yourself. Pretty soon we’ll be able to fabricate every single part on these so even if the parts go out we will be able to keep them running
‘Cars = Freedom Crew’, where ya at?
Working to make the car payment, instead of zipping around on a paid-off bicycle
Plug every antenna port with a 50ohm dummy load There, got freedom of travel back Of course, that makes electric cars even less attractive. I’m sure Tesla self-brick if you do that.
Welp, time to disable OnStar…
A lot of car makers use a cellular connection collect this data. You need to disable that too, as well as any apps used to access car features.
Your cell phone provider could likely deliver this same data as well.
The right answer is to make it illegal to collect, except for a small amount stored on-vehicle for crash analysis.
I agree it should be codified, but have no hope that our fascist leaning lawmakers won’t gladly accept $$ from insurance companies and automakers to do what they want to do anyways.
We’re headed rapidly toward a social credit system, but run by our corporate overlords instead of government. To quote The Stupendium:
You seem so surprised, what did you expect?
We’re thinking outside of that box that you checked
The terms were presented in full to inspect
You scrolled to the end just to get to “Accept”
The other side of that coin is, if we all read the bullshit extended legalise in every licence/privacy agreement for everything we’ve ever used, we’d never do anything else but read them.
Besides which, it’s not like there’s a choice aside from accepting the agreement or not using the thing. Alternatives? All have similar agreements attached.
Basically, this is just a symptom of how much “better” modern life is. But hey, at least we don’t need to worry about lions eating us quite so much.
What’s the point of reading them? I know there’s a lot I disagree with but I also know i can’t see before buying, I can’t do anything about it, nor are there realistically other choices. All modern cars do it. For any place with any consumer protection, they should be unenforceable, but I’m in the US so have to settle for there’s nothing I can do about it
These are just legal cover, so they can say “see, he agreed,according to our definition”. It doesn’t change what they are doing or whether they would have already
We should really have the option of striking through clauses we don’t agree with.
The song is from the perspective of the company, not the consumer.
we don’t need to worry about lions eating us
Someone didn’t read the line item in the EULA.
It’s OK. I crossed it out with a marker on the screen before clicking agree.
Legally unassailable!
But hey, at least we don’t need to worry about lions eating us quite so much.
I’m pretty confident that humans have killed and eaten more lions than lions have humans.
Big cats may be an apex predator, but:
https://en.wikipedia.org/wiki/Apex_predator
An apex predator, also known as a top predator, is a predator[a] at the top of a food chain, without natural predators of its own.
That “natural” is a big caveat, as we are that “natural” exception. We eat everything.
In general, large creatures that aren’t very good at hiding have not done very well when humans show up.
https://en.wikipedia.org/wiki/Late_Pleistocene_extinctions
The Late Pleistocene to the beginning of the Holocene saw numerous extinctions of predominantly megafaunal (typically defined as having body masses over 44 kilograms (97 lb)[1]) animal species (the Pleistocene megafauna), which resulted in a collapse in faunal density and diversity across the globe.[2] The extinctions during the Late Pleistocene are differentiated from previous extinctions by the widespread absence of ecological succession to replace these extinct megafaunal species,[3] and the regime shift of previously established faunal relationships and habitats as a consequence. The timing and severity of the extinctions varied by region and are thought to have been driven by varying combinations of human and climatic factors.[3] Human impact on megafauna populations is thought to have been driven by hunting (“overkill”),[4][5] as well as possibly environmental alteration.
We’re a lot better at countering disease, though. Malaria has killed more humans than anything else has, and we could really combat that only quite recently.
We’re basically already there with credit scores.
Perhaps. There is a lot you can do to present the right appearance w/ respect to financial transactions. There’s not so much you can do when companies are exchanging data about your routine activities behind you back. Or they assume it is about you, who is going to hold them to account? Nobody.
Insert southpark centipede meme here.
It only impossible if you don’t try
Reach out to your reps
Yep, all cars connected so you can pay $20/month for remote start and things like this. The only way to disable cellular connection in the car is to unplug the cell antenna from the module. You have to dig the information online to find where is the module and have to disassemble the dash to do so maybe? But it’s the only way. Even if you don’t pay, the connection will still work and manufacturer receives all info.
This is one of the reasons I never want a car with it’s own internet connection. I’ll stick to plugging in my phone, where I’m very stingy with which apps even get location data, much less the “physical activity history” permission which allows this kind of continuous tracking (and which is usually needed because it uses Google’s algorithms / possibly neural nets to guess whether you’re driving or walking based on accelerometer / gyro / gps / magnetometer sensor fusion).
The location tracking on my phone is in no way precise enough to determine this info.
Lol, that’s cute that you think that.
You’ve never had the location or direction be incorrect in Google Maps?
Google Maps != carrier tracking. Your phone is perfectly capable of gathering this data using its accelerometer plus GPS and cell tower positioning.
Why is Google Maps often inaccurate then?
Maybe your phone, but the insurance company’s app lives on a relative’s phone, and it can determine the same things mentioned in the article.
I miss my Nokia 3210 too.
This seems like such a wretched inevitably. I mean, I guess we’re living it with phones, but it seems so unnecessary with cars.
Is there really no market for the same boring car, with minor efficiency tweaks, for, like, ever? I coulda lived with my 95’ Accord forever if the parts hadn’t been too expensive.
Do es the market really not want that, or do the manufacturers prevent it from happening?
Any Automancer please explain, I’m not car enough to understand.
Selling your data is a new revenue stream for automakers, and as a practical matter, you can’t avoid it.
Even before data sales, though, a baseline, universal car never happened. Was there never a market or was a market never allowed to form?
Or perhaps the tech in a car really does advance faster than I understand? But then how would retro cars be street legal?
They aren’t as profitable as luxury cars. Ford stopped making sedans because their margins are so much larger on SUV’s and trucks. They keep eliminating the base trim model and making luxury versions the mew “standard” to keep making more and more money.
Do es the market really not want that, or do the manufacturers prevent it from happening?
Of course they don’t want that. Build-int obsolescence is a thing, has been for ages and not just in cars.
My next question would be, does the Asian models have this same shit ?
If not importing would be a nice alternative
I mean, as someone else pointed out in a comment here, they literally have it in the terms that they can track your sexual activity…
Ban the Chinese version of LexisNexis! If it works for social media it will work for the insurance industry!
I wonder if google does this with maps data
Do you really have to wonder if a free Google service is collecting and selling your data?
Well it shouldn’t as I am an EU citizen. However I’m quite certain they should seek out to do so. I only mention it as someone should look into it, like the author of this article…
What about being an EU citizens prevents from from collecting any data on you? They’re still able to collect a lot of data.
They should confirm to gdpr rules. Ofc they can collect data, but they certainly can’t sell that personalized info to my car insurer, fi.
https://pro.bloomberglaw.com/insights/privacy/privacy-laws-us-vs-eu-gdpr/
GDPR is opt out, so you wouldn’t get any benefit until you complain. Plus:
(GDPR) excludes “pseudonymised” data
GDPR is opt out, so you wouldn’t get any benefit until you complain. Plus:
Not really I must consent to an unambigious statement before data may be processed.
https://gdpr.eu/gdpr-consent-requirements/
(GDPR) excludes “pseudonymised” data
Thats a bit too broad of a statement:
Anonymization and pseudonymization are still considered as “data processing” under the GDPR—therefore, companies must still comply with Article 5(1)(b)’s “purpose limitation” before attempting either data minimization technique.
While truly “anonymized” data does not, by definition, fall within the scope of the GDPR, complying with the definition is so rigorous that a data controller should be extremely cautious before attempting to use anonymization as a way to circumvent the GDPR completely.
Fuck Google but they don’t not sell your data with your name attached to it.
Given enough anonymous Metadata, it’s trivial to tie it to an individual. Especially when that data includes location data.
I guess iOS needs to add privacy permissions about accelerometer. I wouldn’t have thought but there’s a perfect use case: Google Maps would like access to your accelerometer.
Disconnects modem from out of warranty car
Problem, automakers?
your car is bricked
Must be real fun having to explain to customers that their car stops working because they drove too far away from the nearest cell tower.
If I were malicious enough to design the system, I would make it a heartbeat. Skip too many heartbeats and your car bricks. It could be written in to the terms of the loan since companies are using in-car computers for repossession.
“Why is my car bricked?”
“Because you tried to disable our payment verification system.”
“I live in a rural area.”
“You’re like 1% of customers. Your loan contact says you have to drive within cell range once a month. Fuck you, we’re repossessing the car and keeping the money anyway.”
This is the best summary I could come up with:
LexisNexis is a New York-based global data broker with a “Risk Solutions” division that caters to the auto insurance industry and has traditionally kept tabs on car accidents and tickets.
But “drivers are historically reluctant to participate in these programs,” as Ford Motor put it in a patent application that describes what is happening instead: Car companies are collecting information directly from internet-connected vehicles for use by the insurance industry.
In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.
In a recent promotional campaign, an Instagram influencer used Smart Driver in a competition with her husband to find out who could collect the most digital badges, such as “brake genius” and “limit hero.”
Neither the car companies nor the data brokers deny that they are engaged in this practice, though automakers say the main purpose of their driver feedback programs is to help people develop safer driving habits.
The other automakers all have optional driver-coaching features in their apps — Kia, Mitsubishi and Hyundai have “Driving Score,” while Honda and Acura have “Driver Feedback” — that, when turned on, collect information about people’s mileage, speed, braking and acceleration that is then shared with LexisNexis or Verisk, the companies said in response to questions from The New York Times.
The original article contains 2,347 words, the summary contains 222 words. Saved 91%. I’m a bot and I’m open source!