PDA

View Full Version : On Star? Not Cool



Kathianne
09-21-2011, 10:05 PM
http://www.wired.com/threatlevel/2011/09/onstar-tracks-you/


Navigation-and-emergency-services company OnStar is notifying its six million account holders that it will keep a complete accounting of the speed and location of OnStar-equipped vehicles, even for drivers who discontinue monthly service.

OnStar began e-mailing customers Monday about its update to the privacy policy, which grants OnStar the right to sell that GPS-derived data in an anonymized format.


Adam Denison, a spokesman for the General Motors subsidiary, said OnStar does not currently sell customer data, but it reserves that right. He said both the new and old privacy policies allow OnStar to chronicle a vehicle’s every movement and its speed, though it’s not clear where that’s stated in the old policy.


“What’s changed [is that if] you want to cancel your OnStar service, we are going to maintain a two-way connection to your vehicle unless the customer says otherwise,” Denison said in a telephone interview.


The connection will continue, he said, to make it “easier to re-enroll” in the program, which charges plans from $19 to $29 monthly for help with navigation and emergencies.


The privacy changes (http://www.onstar.com/tunnel-web/webdav/portal/document_library/downloadable/PrivacyStatement-2011-USE.pdf) take effect in December, Denison said, adding that the policy reinforces the company’s right to sell anonymized data...



Hmmm, now who would want to buy this data? Oh yeah, the same places that like speed traps.

ConHog
09-21-2011, 10:10 PM
http://www.wired.com/threatlevel/2011/09/onstar-tracks-you/



Hmmm, now who would want to buy this data? Oh yeah, the same places that like speed traps.

From your own source, the ONLY thing that is changing is that now you have to tell them you don't want them to maintain a connection with your vehicle at all, wheras before they just dropped the link automatically if you dropped their service. They were already selling your data, data by the way which is anonymous.

Kathianne
09-21-2011, 10:19 PM
From your own source, the ONLY thing that is changing is that now you have to tell them you don't want them to maintain a connection with your vehicle at all, wheras before they just dropped the link automatically if you dropped their service. They were already selling your data, data by the way which is anonymous.

Hmmm, I don't think I'd want this:


...Adam Denison, a spokesman for the General Motors subsidiary, said OnStar does not currently sell customer data, but it reserves that right. He said both the new and old privacy policies allow OnStar to chronicle a vehicle’s every movement and its speed, though it’s not clear where that’s stated in the old policy...




...Collecting location and speed data via GPS might also create a treasure trove of data that could be used in criminal and civil cases. One could also imagine an eager police chief acquiring the data to issue speeding tickets en masse...



and being a semi-nerd, I followed the link that generated the Wired post;

http://www.zdziarski.com/blog/?p=1270


...As you scroll down the list of information collected, you see that once you get past important emergency services (what we pay OnStar for), OnStar now has given themselves the right to also use this information to stuff their pockets. OnStar has granted themselves the right to collect this information “for any purpose, at any time, provided that following collection of such location and speed information identifiable to your Vehicle, it is shared only on an anonymized basis.” – This provides carte blanche authority for OnStar to now track and collect information about your current GPS position and speed any time and anywhere, instead of only in the rare, limited circumstances the old contract outlined.

Anonymized GPS data? There’s no such thing! We’ve all seen this before – anonymized searches, for example, that were not-so-quite anonymized. But in this case, it’s impossible to anonymize GPS data! If your vehicle is consistently parked at your home, driving down your driveway, or taking a left or right turn onto your street, its pretty obvious that this is where you live! It’s like trying to say that someone’s Google Map lookup from their home is “anonymized” because it doesn’t have their name on it. It still shows where they live! What’s unique even more-so to OnStar is that the data they claim they sell as part of their business model is useless unless it’s specific; that is, not diluted to the nearest 10 mile radius, etc. This combination of analytics, and their prospective customers (law enforcement, marketers, etc) requires the data be disturbingly precise. Anyone armed with Google can easily do a phone book or public records search to find the name and address that resides at any given GPS coordinate...




...What is more profitable to OnStar that your personal GPS data could be used for? Hmm, well how about the obvious – tracking you and your vehicle. It would be extremely profitable to be able to identify all vehicles within OnStar’s network that frequently speed, and provide law enforcement “traffic services” the ability to trace them back to their homes or businesses, as well as tell them where to set up speed traps. Or perhaps insurance companies who want to check and make sure you’re wearing your seat belt, or automatically give you rate increases if you speed, even if you’re never in an accident? How about identifying all individuals who shop at certain stores, and using that to determine whose back yard to put the next God-awful Wal-Mart store? How about employers who purchase these records from these third parties to see where their employees (or prospective employees) travel to (and how fast), sleaze bag lawyers who want to subpoena these records to use against you if you’re ever sued, government agencies who want to monitor you, marketing firms who want to spam you, and a long list of other not-so-squeaky-clean people who use (and abuse) existing online, credit card, financial, credit, and other analytics to destroy our privacy?...

Gaffer
09-21-2011, 10:43 PM
Good thing my old pickup doesn't have onstar. If I had it I would be taking it out.

SassyLady
09-22-2011, 03:05 AM
My 2004 vehicle came with the first year of OnStar free and we have not had it since. However, every now and then I accidentally hit the button and it says "OnStar Ready". Do you think that would constitute using their service and opting in for the new policy. Can I use this button to contact them and opt out of their policy. And, even if I do opt out, who's to say that they aren't still collecting the information and using it?

Does anyone know if there is a way to disconnect the system from the vehicle itself?

Gaffer
09-22-2011, 12:34 PM
My 2004 vehicle came with the first year of OnStar free and we have not had it since. However, every now and then I accidentally hit the button and it says "OnStar Ready". Do you think that would constitute using their service and opting in for the new policy. Can I use this button to contact them and opt out of their policy. And, even if I do opt out, who's to say that they aren't still collecting the information and using it?

Does anyone know if there is a way to disconnect the system from the vehicle itself?

My guess is it's hooked up like a radio with power lines going into it. Find the power line and use wire cutters, box is nullified. Woul require crawling under the dash.

revelarts
09-22-2011, 01:16 PM
Thanks Kath, good tip Gaff.
I'll leave it at that.

SassyLady
09-22-2011, 11:02 PM
My guess is it's hooked up like a radio with power lines going into it. Find the power line and use wire cutters, box is nullified. Woul require crawling under the dash.

You want a 60 year old, very "technologically inept" female to "crawl" under the dash and cut some wires? I couldn't even figure out which plug to pull out of the wall last night when talking with the Dish Network people ..... there are thousands of wires going from the TV, the bose system, the DVD and the DVR .... the CD player ..... eeeek....

Guess I need to find an expert to get this done!

Thanks for the tip Gaffer ... if I bring my vehicle over can you fix it for me?

ConHog
09-23-2011, 12:15 AM
My guess is it's hooked up like a radio with power lines going into it. Find the power line and use wire cutters, box is nullified. Woul require crawling under the dash.

You'd actually be wrong. The OnStar transmitter/receiver is almost always located in the trunk or under the rear seat.

logroller
09-23-2011, 03:22 AM
My 2004 vehicle came with the first year of OnStar free and we have not had it since. However, every now and then I accidentally hit the button and it says "OnStar Ready". Do you think that would constitute using their service and opting in for the new policy. Can I use this button to contact them and opt out of their policy. And, even if I do opt out, who's to say that they aren't still collecting the information and using it?

Does anyone know if there is a way to disconnect the system from the vehicle itself?

I don't know how to disconnect it. If you went to the dealer and expressed your concerns over the new policy changes, I would think they would be willing, at least, to inform you how to do so. As you own the vehicle, you have the right to refuse consent.

I know this sounds like a bad deal, and there certainly are possible pitfalls presented; but as kath's second article mentioned only the possibility of malfeasance, the converse would be possible too. I don't commit crimes, I don't speed, i wear my seat belt-- couldn't I petition my insurer to give me discounted rates?

Congressional Senators, (D)s + 1(I), have taken action against this.


Earlier this year, Senator Coons cosponsored the Location Privacy Protection Act — introduced by Senator Franken — which would require companies like OnStar to obtain their customers’ explicit permission before tracking their location information or sharing that information with third parties.“OnStar’s actions appear to violate basic principles of privacy and fairness for OnStar’s approximately six million customers—especially for those customers who have already ended their relationships with your company,” the letter states. “…We believe that OnStar’s actions underscore the urgent need for prompt congressional action to enact privacy laws that protect private, sensitive information like location. In the meantime, we believe that it is the responsibility of corporate citizens like OnStar to take every step possible to safeguard the privacy of their customers.”
In addition to Senator Coons, the Location Privacy Protection Act currently has four other co-sponsors, including: Senators Blumenthal (D-Conn.), Durbin (D-Ill.), Menendez (D-N.J.) and Sanders (I-Vt.).
and sent a letter to the Pres of Onstar, including---

We urge you to reconsider these decisions. We also urge you to better inform your customers of their ramifications. To that end, we request that you provide answers to the following questions:1.Does OnStar believe that its actions comply with federal law?
2.Will OnStar allow its customers to deactivate their data connections online?
3.If a customer deactivates their data connection, will OnStar delete the existing location information they have gathered for that customer? Or does OnStar reserve the right to store and sell that information regardless of deactivation?
4.Has OnStar ever suffered a breach of its customers’ location data?
5.Has OnStar ever suffered a breach of any of its customers’ private information?
6.How will OnStar protect non-anonymized data on its servers in light of recent breaches at major institutions like Citibank, Sony and the International Monetary Fund?
7. How exactly will OnStar anonymize its location data?
8.Will OnStar seek its customers’ consent before sharing or selling their location data to third parties? Does OnStar believe it is legally required to do so?
9. Will OnStar inform its customers of the entities to whom it sells location data?
10. Has OnStar already disclosed or sold any of its customers’ location data with third parties? Which third parties?
11. Will OnStar agree to stop the tracking, sharing, and sale of location data for customers that have ended their subscriptions to OnStar services?
Source: http://coons.senate.gov/newsroom/releases/release/senators-coons-franken-to-onstar-tracking-sharing-customers-location-without-consent-is-a-serious-violation-of-privacy

Gaffer
09-23-2011, 11:51 AM
You'd actually be wrong. The OnStar transmitter/receiver is almost always located in the trunk or under the rear seat.

Not having one and never seeing one, but knowing the system is set into the dash for easy access I would assume the thing to be in the dash. But you are probably right, at least concerning the locator. If it's in the trunk it's easier to get at.

I would take it to a mechanic that knows what they're doing and have them disable it. Would take five minutes tops.

ConHog
09-23-2011, 11:43 PM
Not having one and never seeing one, but knowing the system is set into the dash for easy access I would assume the thing to be in the dash. But you are probably right, at least concerning the locator. If it's in the trunk it's easier to get at.

I would take it to a mechanic that knows what they're doing and have them disable it. Would take five minutes tops.

My dad is in fact a mechanic. We have access to all the GM diagnostic resources. The transmitter/receivers are NOT in the dash on any GM vehicle.

Also, you do NOT want to physically disable them, all you have to do is call OnStar and tell them you do NOT want your vehicle linked and they will we electronically disable it, once that's done, they have to have access to your vehicle to reactivate it. Meaning once deactivated you have to go into a GM dealer and have them enable it.

This is a bunch of fear over nothing you guys.

SassyLady
09-24-2011, 12:03 AM
My dad is in fact a mechanic. We have access to all the GM diagnostic resources. The transmitter/receivers are NOT in the dash on any GM vehicle.

Also, you do NOT want to physically disable them, all you have to do is call OnStar and tell them you do NOT want your vehicle linked and they will we electronically disable it, once that's done, they have to have access to your vehicle to reactivate it. Meaning once deactivated you have to go into a GM dealer and have them enable it.

This is a bunch of fear over nothing you guys.

So, I have a Yukon ... and the back seat lays down. Perhaps in the 2nd row of seats ... is it under one of them ... driver's side or passenger side.

And, it's not fear CH ... it's the principle. I don't like someone tracking me without my permission, and I recinded that permission when I canceled the service. I don't think anyone should come at me from the backdoor (meaning OnStar) and tell me that I have to make an additional phone call and make an additional request to tell these people that it is NOT OK to gather data on my driving habits. The policy should be that I will call you IF I WANT to have my data collected and stored, and/or sold.

Kathianne
09-24-2011, 12:08 AM
So, I have a Yukon ... and the back seat lays down. Perhaps in the 2nd row of seats ... is it under one of them ... driver's side or passenger side.

And, it's not fear CH ... it's the principle. I don't like someone tracking me without my permission, and I recinded that permission when I canceled the service. I don't think anyone should come at me from the backdoor (meaning OnStar) and tell me that I have to make an additional phone call and make an additional request to tell these people that it is NOT OK to gather data on my driving habits. The policy should be that I will call you IF I WANT to have my data collected and stored, and/or sold.

I agree. As the originating post intimated, there is no real anonymity with something like OnStar. Your normal routes identify you. As he noted, the VIN is there, for legitimate reasons, but after?

NightTrain
09-25-2011, 08:07 PM
I would assume that OnStar will have a fuse for the system, just like every other electrical system installed in your car.

Pull your fuse panel lid off, look at the legend printed on the backside of the fuse panel cover, identify and pull the fuse, then hit your OnStar button to verify that it doesn't turn on.

And like Gaffer said, if that doesn't work then snip the wires going to the unit itself.

But personally, I would disable it anyway if I'm not using it but I don't think there is any reason to get too concerned about it. If and when cops start mailing out tickets due to OnStar records, you can bet your last dollar that OnStar will die overnight, and GM sales will plummet immediately.

There's no way they'd willingly allow your info to be dispersed. Of course, hacking is a concern but we all run that risk with our banks right now anyway.

I have a 9 passenger 4x4 Suburban, it's loaded but doesn't have the OnStar so it's a non-issue for me.

ConHog
09-25-2011, 08:10 PM
I would assume that OnStar will have a fuse for the system, just like every other electrical system installed in your car.

Pull your fuse panel lid off, look at the legend printed on the backside of the fuse panel cover, identify and pull the fuse, then hit your OnStar button to verify that it doesn't turn on.

And like Gaffer said, if that doesn't work then snip the wires going to the unit itself.

But personally, I would disable it anyway if I'm not using it but I don't think there is any reason to get too concerned about it. If and when cops start mailing out tickets due to OnStar records, you can bet your last dollar that OnStar will die overnight, and GM sales will plummet immediately.

There's no way they'd willingly allow your info to be dispersed. Of course, hacking is a concern but we all run that risk with our banks right now anyway.

I have a 9 passenger 4x4 Suburban, it's loaded but doesn't have the OnStar so it's a non-issue for me.



I seen a thing the other day, someone had hacked into a vehicle through the blue tooth and shut down the electric steering system. Causing an accident. I'm trying to convince my dad right now that he needs to buy a computer capable of programming these newer cars so that he can download the updated security software to his customers cars.

ConHog
09-25-2011, 08:13 PM
So, I have a Yukon ... and the back seat lays down. Perhaps in the 2nd row of seats ... is it under one of them ... driver's side or passenger side.

And, it's not fear CH ... it's the principle. I don't like someone tracking me without my permission, and I recinded that permission when I canceled the service. I don't think anyone should come at me from the backdoor (meaning OnStar) and tell me that I have to make an additional phone call and make an additional request to tell these people that it is NOT OK to gather data on my driving habits. The policy should be that I will call you IF I WANT to have my data collected and stored, and/or sold.

What year is it?

Assuming it's from like 2001-2010 the antenna is located under the headliner directly behind rear cargo door.

NightTrain
09-25-2011, 08:57 PM
I seen a thing the other day, someone had hacked into a vehicle through the blue tooth and shut down the electric steering system. Causing an accident. I'm trying to convince my dad right now that he needs to buy a computer capable of programming these newer cars so that he can download the updated security software to his customers cars.


What? Fly By Wire is installed in automotive industries?


You're bullshitting me, right?

ConHog
09-25-2011, 09:25 PM
What? Fly By Wire is installed in automotive industries?


You're bullshitting me, right?

It's hydraulic steering, but with electric assist rather than having the power steering powered by the crank. if you've ever driven a car that has power steering that doesn't work, you know what a bitch it is.

Hell Mercedes has an electric brake system on their vehicles now. They DO have hydraulic backup .

Oh and fly by wire throttles have been on the market for 20 years, but are the absolute norm now and have been for probably 10 years. No more throttle cables. I'm looking for something online to confirm that accident , but I can't find it, this was in a trade magazine.

Kathianne
09-26-2011, 04:21 PM
Hmmm,

http://www.progressive.com/auto/snapshot-how-it-works.aspx

chloe
09-26-2011, 04:23 PM
Hmmm,

http://www.progressive.com/auto/snapshot-how-it-works.aspx

yikes it's enought having nagging relatives to monitor my driving record:laugh2:

SassyLady
09-27-2011, 02:38 AM
What year is it?

Assuming it's from like 2001-2010 the antenna is located under the headliner directly behind rear cargo door.

Isn't directly behind the cargo door outside the vehicle?

ConHog
09-28-2011, 05:48 PM
Isn't directly behind the cargo door outside the vehicle?

LOL smart ass.

sundaydriver
09-28-2011, 06:04 PM
No longer an issue, if you believe them.

OnStar just announced that it was changing course, stating it was "reversing its proposed Terms and Conditions policy changes," and that it would "not keep a data connection to customers' vehicles after the OnStar service is canceled."
http://techland.time.com/2011/09/28/onstar-reverses-position-wont-track-you-if-you-cancel-service/

Kathianne
09-28-2011, 06:34 PM
No longer an issue, if you believe them.

OnStar just announced that it was changing course, stating it was "reversing its proposed Terms and Conditions policy changes," and that it would "not keep a data connection to customers' vehicles after the OnStar service is canceled."
http://techland.time.com/2011/09/28/onstar-reverses-position-wont-track-you-if-you-cancel-service/

Good news! It was creepy and glad folks made their displeasure known.

NightTrain
09-28-2011, 09:11 PM
Good news! It was creepy and glad folks made their displeasure known.


Yep. It would be bad for business to be viewed by the motoring public to be linked to a Big Brother scenario, to say the least.

Gunny
09-28-2011, 09:24 PM
http://www.wired.com/threatlevel/2011/09/onstar-tracks-you/



Hmmm, now who would want to buy this data? Oh yeah, the same places that like speed traps.

Even for drivers who discontinue monthly service? How was it I just KNEW this is where this was heading when OnStar first came out?

Count me out.

I also have the locator in my cell turned off. If I want anyone to know where I'm at I'll use the damned thing to TELL them.

NightTrain
09-28-2011, 10:41 PM
Even for drivers who discontinue monthly service? How was it I just KNEW this is where this was heading when OnStar first came out?

Count me out.

I also have the locator in my cell turned off. If I want anyone to know where I'm at I'll use the damned thing to TELL them.


There are actually great benefits to turning that locator on. I use it almost every day since I'm travelling around Alaska to towns I've never been in.

The locator GPS function allows me to plug in an address, and Google Navigator has a female voice tell me where I'm going. I lay my cell on my dash of my rental truck and she steers me verbally to where I need to go.

Don't be afraid of technology, Gunny.

I know where you're coming from, but it's not all bad. I use it every day.

ConHog
09-28-2011, 10:43 PM
Even for drivers who discontinue monthly service? How was it I just KNEW this is where this was heading when OnStar first came out?

Count me out.

I also have the locator in my cell turned off. If I want anyone to know where I'm at I'll use the damned thing to TELL them.

I hate to be the bearer of bad news, but you can't turn off big brother's ability to track your cell phone. Unless you pull the batter out of it.

Psychoblues
09-29-2011, 03:32 AM
Just because you're paranoid doesn't mean that they aren't actually out to get you. Get a freaking grip, children.

Psychoblues

Gunny
09-29-2011, 06:40 PM
There are actually great benefits to turning that locator on. I use it almost every day since I'm travelling around Alaska to towns I've never been in.

The locator GPS function allows me to plug in an address, and Google Navigator has a female voice tell me where I'm going. I lay my cell on my dash of my rental truck and she steers me verbally to where I need to go.

Don't be afraid of technology, Gunny.

I know where you're coming from, but it's not all bad. I use it every day.

I have no fear of technology. I'm just not going to put up with the abuse of technology by others, for whatever reason, any more than I have to.

Gunny
09-29-2011, 06:42 PM
I hate to be the bearer of bad news, but you can't turn off big brother's ability to track your cell phone. Unless you pull the batter out of it.

The locator pinpoints you on the grid, to the spot. IF I use the phone, they can still see what cell towers my phone last hit but cannot trace me beyond that.

ConHog
09-29-2011, 06:43 PM
The locator pinpoints you on the grid, to the spot. IF I use the phone, they can still see what cell towers my phone last hit but cannot trace me beyond that.

Incorrect Gunny. IF your batter is installed in your phone it is constantly attempting to communicate with a cell tower. Actually with up to three cell towers, whether you're on the phone or not.

Gunny
09-29-2011, 06:48 PM
Incorrect Gunny. IF your batter is installed in your phone it is constantly attempting to communicate with a cell tower. Actually with up to three cell towers, whether you're on the phone or not.

Unless you turn it off. I can turn the locator off in my phone. That is not the same thing as pinging off towers. I also have my cell restricted to pinging off towers only from my cell company. All that can tell anyone is where I was and perhaps give them an idea where I am going.