Nobody’s mentioned that the vulnerability was “immediately” fixed (within 24h according to a comment on a related post in the cybersecurity community). Like, the fact that this is even possible to begin with is obviously bullshit, and makes me wish I’d ripped the starlink box out of my car, but this is not the rampant and actively exploited thing that the headline would have me believe it is.

“Privacy researchers at the Mozilla Foundation in September warned in a report that “modern cars are a privacy nightmare,” noting that 92 percent give car owners little to no control over the data they collect, and 84 percent reserve the right to sell or share your information. (Subaru tells WIRED that it “does not sell location data.”)”

Such a statement about not selling data can be very misleading, because the essential statement of saying “we do not share your location data” does not seem to have been made! Please, let us stop falling for the trick of companies saying that they do not sell our data as somehow equating to them respecting our privacy, because it is not an equivalence.

“While we worried that our doorbells and watches that connect to the Internet might be [are] spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” Mozilla’s report reads.

“People are being tracked in ways that they have no idea are happening.”

https://archive.is/9dIdu

“the minute you hook up your phone to Bluetooth, it automatically downloads all the information off your phone, which is sent back to the vehicle manufacturer.”

“if you want to protect the data on your phone, don’t connect it to the car.”

We should all start asking around our local auto shops that handle software and ask if they disable gps or internet services.

It’s not illegal to modify your own vehicle (yet) so jailbreaking these shitty cars would be an awesome service.