Attached: 1 image
As it turns out, Volkswagen has been collecting extensive geo data from all their electric cars and made them available online in an AWS bucket. Almost 10TB of geo traces from 15 MiO cars. Amazing detail and patterns. This is why I don't want a smart car 🤯 https://events.ccc.de/congress/2024/hub/en/event/wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen/ #Volksdaten
If they are, make a complaint to your local governing body. See if they’ll investigate it. Because it’s not okay for them to agree to terms for you or to try to end around the agreement you made.
Sure there is. Most people don’t have the hardware handy to do it, but at the end of the day it’s just a computer sending IPv4 traffic through an LTS cellular modem to an S3 bucket.
And if you know your car’s UDID you can probably look it up in said S3 bucket, since it was open to the public.
Sure, they COULD be using a TPM in the cars and PKI so that having the public key still only lets them encrypt the data and not decrypt it… but in that case, we wouldn’t have this article, because they’d have properly secured the data.
Since they only really value that telemetry in bulk and have to foot the compute bill, I’m pretty confident they don’t actually do that, but instead depend on the S3 bucket and the connections to it being encrypted.
If they don’t know that you want it disconnected or never wanted it connected in the first place they’re likely to just tell you if it’s active or that it’s not at the request of the owner and then ask if you want it connected. If you play dumb and non-accusatory. That’s all I’m saying.
A Volkswagen id4 was the best choice I had from work (Belgian companies give company cars for personal use as perks because of tax benefits).
I completely disagreed to all terms involving internet access in the vehicle, but I have no doubt they are tracking me without my consent too…
It’s a shame that they deleted their data after their evaluation.
Should have checksummed the e-mail addresses and put a haveibeenpwned-like website up where car owners can check if they are affected.
If they are, make a complaint to your local governing body. See if they’ll investigate it. Because it’s not okay for them to agree to terms for you or to try to end around the agreement you made.
There’s no way to know though…
Sure there is. Most people don’t have the hardware handy to do it, but at the end of the day it’s just a computer sending IPv4 traffic through an LTS cellular modem to an S3 bucket.
And if you know your car’s UDID you can probably look it up in said S3 bucket, since it was open to the public.
You are aware that encryption exists, right?
And the decryption key is stored… where?
Sure, they COULD be using a TPM in the cars and PKI so that having the public key still only lets them encrypt the data and not decrypt it… but in that case, we wouldn’t have this article, because they’d have properly secured the data.
Since they only really value that telemetry in bulk and have to foot the compute bill, I’m pretty confident they don’t actually do that, but instead depend on the S3 bucket and the connections to it being encrypted.
Take your car into a dealer and ask them if the modem is connected. Frame is as you think it’s malfunctioning and they’ll look to see.
I mean, they could disconnect it for you, but there’s still no way to know if it’s been transmitting data you don’t want it to in the meantime
If they don’t know that you want it disconnected or never wanted it connected in the first place they’re likely to just tell you if it’s active or that it’s not at the request of the owner and then ask if you want it connected. If you play dumb and non-accusatory. That’s all I’m saying.
Sounds like you could start a lawsuit!