kevolutionNov 9, 2023
Craig Hockenberry

An appellate judge in Washington state just ensured that I will never buy or rent a vehicle without CarPlay. The auto industry continues to find ways to shoot themselves in the foot.

https://therecord.media/class-action-lawsuit-cars-text-messages-privacy

Court rules automakers can record and intercept owner text messages

A Seattle-based appellate judge ruled that the practice does not meet the threshold for an illegal privacy violation under state law, handing a big win to automakers Honda, Toyota, Volkswagen and General Motors.

Nov 9, 2023 at 2:20amIvory for iOS
Show threadRickNov 9, 2023
@chockenberry without?
Show threadTimekeeper Nov 9, 2023
@JetForMe @chockenberry I suppose manufacturers must respect some etics rules to uses Apple’s software?
Show threadRickNov 9, 2023
@Timekeeper @chockenberry security be would hope but I wouldn’t bet on it.
Show threadRickNov 9, 2023
@Timekeeper @chockenberry I just don’t let my car have access to to my contacts or texts
Show threadZimmieNov 9, 2023

@Timekeeper @JetForMe @chockenberry It’s more about the structure of CarPlay. It doesn’t necessarily provide the car access to anything. The UI is rendered as a video on the phone which the car simply plays. The car could still record what you say and what Siri says, then run its own speech-to-text, but it can’t just dump your whole address book.

This issue is because so many car manufacturers write their own UIs to present phone stuff in a standardized form. They use Bluetooth MAP, PBAP, and other things to dump categories of structured data which they store. They then display the data from their local storage in the car manufacturer’s UI. It’s how they integrate with non-smartphones, for example.

Show threadGadgetGavNov 9, 2023
@chockenberry Without? Does CarPlay avoid this? I know there’s a disclaimer when I connect my iPhone to my VW Golf that information will be passed to the system when the phone is connected.
It’s a very vague message and you’re tempted to think “well, yes I want it to send my music and directions over the speakers” but it seems they take it as license to scrape any- and everything
Show threadGene Thomas Nov 9, 2023
@gadgetgav @chockenberry
Apple is not perfect, no corporation is. However, they have built their image around privacy and trust it is unlikely they will betray that.
Show threadCraig HockenberryNov 9, 2023

@gadgetgav Messages are end to end encrypted between devices. There is no way to access them externally either.

I believe contacts can be shared after consent, but that’s it.

Show threadJason LevineNov 9, 2023
@chockenberry @gadgetgav I mean, details are lacking in the info presented in this thread, but E2E encryption doesn't solve the issue here. Your phone is one of the "E"s; it decrypts the message to display it to you. The CarPlay client in your car certainly has access to the message in order to show it on the screen; at that point, there's no encryption in play anymore.
Show threadJoe WorkmanNov 9, 2023
@chockenberry why can’t an iPhone be a CarPlay device? The software is all there. We just need to display it as an app…
Show threadCraig HockenberryNov 9, 2023

@joe CarPlay requires inputs from the vehicle. Microphone for Siri, buttons for navigation, etc.

And nothing is stopping you from mounting phone on dash and using it standalone.

Show threadJoe WorkmanNov 9, 2023
@chockenberry I totally do that. But I’d love to have the CarPlay interface show on the phone. I got a 3rd party screen that supports it but I didn’t care to have another th in by mounted on my dash.
Show threadAnthony BakerNov 9, 2023

@chockenberry Did not even know this was a thing — holy hell! Of course, Mozilla warned us a while ago:

> We reviewed 25 car brands in our research and we handed out 25 “dings” for how those companies collect and use data and personal information. That’s right: every car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you.

https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

*Privacy Not Included: A Buyer’s Guide for Connected Products

All 25 car brands we researched earned our *Privacy Not Included warning label – making cars the worst category of products that we have ever reviewed

Mozilla Foundation
Show threadMillicentNov 9, 2023

@chockenberry and here I was thinking murder bot’s corporate overlords were fictional

#auto #privacy

Show threadAmethyst 🌸Nov 9, 2023
@chockenberry don't worry, I'm sure they'll find a way to either turn off carplay in rental cars, or charge you an exploitive daily fee to use carplay the same way they do with toll passes.
Show threadMichael SladeNov 9, 2023
@chockenberry Sounds like GM vehicles are not in your future. They’re not in mine either.
Show threadAlexander E. SmithNov 9, 2023

@chockenberry

I have no idea why anyone ever connected their phone to their car. The built-in display should either be a dumb-as-shit display mirror, or completely self sufficient.

My car doesn't need to know what my phone is doing.

Show threadJonNov 9, 2023

@AlexanderESmith @chockenberry cars are often packaged in a way that getting GPS navigation built-in costs $3000+ more than the base model.

I don't know why Apple fans are so convinced the company is morally upright and will protect them, but I am pretty confident they will be really unpleasantly surprised at some point. None of us mean anything to any corporation save as things to extract money from.

Show threadAlexander E. SmithNov 10, 2023

@oddhack @chockenberry

Honestly, I'd rather just 3D print a nice phone mount. I have a Fold3, so the screen has plenty of room for a map.

Let the car's built in screen manage my A/C and satellite radio. TPMS and Odometer. Etc.

Show threadThis is HellNov 9, 2023
@chockenberry @jeff What the actual fuck?
Show threadyeweuNov 9, 2023
@chockenberry
Latter-day Edsel IQ's
Show threadBaron VonskinnbackNov 9, 2023
@chockenberry I definitely won't be buying a new car anytime soon and in fact I opted out of my company car scheme to ensure that I don't get a new car and that I will now be paid by my company to buy an old car that I can run for business use, I won't buy car any newer than 2012, that seems to be around the time when the auto makers corporate data mining was being used en mass by everyone who could.
Show threadMikeWasNov 9, 2023

@chockenberry Reading the article, it appears that the court’s ruling was limited to a question of state law in Washington only. It would not apply in states with more robust privacy laws. 

I’d be interested to see results from other states.

Show threadMikeWasNov 9, 2023

@chockenberry For example, interception of text messages without consent may violate Florida’s wiretap law. 

http://www.leg.state.fl.us/Statutes/index.cfm?App_mode=Display_Statute&URL=0900-0999/0934/Sections/0934.03.html#:~:text=934.04%2D934.09%20for%20a%20person,of%20committing%20any%20criminal%20act.

Statutes & Constitution :View Statutes : Online Sunshine

Show threadCraig HockenberryNov 9, 2023
@mikewas Yeah it’s limited in scope for now. But it sets precedent.
Show threadMikeWasNov 9, 2023
@chockenberry Only for Washington state and states whose laws are similar. This case would not likely be of precedential value in a state whose laws and policy were much different.
Show threadBob PetersonNov 9, 2023
@chockenberry I’d love to take a wire cutter to my car’s cellular radio. But then there’s probably a memory card somewhere too.
Show threadJosh (open until closed again)Nov 10, 2023
@chockenberry Do you mean “with CarPlay?”