Comment by thewataccount
3 years ago
Their privacy policy is wild and every customer is opted into the connect services by default.
Interior images, exterior images, facial geometry, voice recordings, location/driving data, "multimedia screen data",
https://www.toyota.com/privacyvts/
https://web.archive.org/web/20230512182022/https://www.toyot...
All car shrink-wrap licenses that I have looked at are similar. That's why I think it is funny when people freak out about Android Automotive. The Android Automotive terms are much, much better for customer privacy.
The EULA for my Honda says that Honda can and will share all available data with itself and third parties, named and unnamed, for any or no reason.
How does these EULA’s work if you buy a used car? I suppose manufacturer doesn’t really know if the car has been sold and the new owners haven’t accepted the terms?
Well, how do the shrink-wrapped EULA's work when you sell a computer? What is Microsoft's position on you selling your windows license to a third party? I expect that car manufacturers will eventually take a similar line. But it won't be a big deal for very long. As we will soon all be paying subscriptions to use our cars, license transfers will be balled up into the transfer fees paid when you move your ongoing subscription commitment to the person buying your physical car. The manufacturers will supervise the process.
18 replies →
Funny, I looked around and couldn't find an equivalent for Honda motorcycles. Perhaps Honda understands their customers better than we think. Honda seems perfectly willing to build tracking-free products when the customer base cares enough. I have never met any sportbike rider willing to share one iota of ongoing GPS data with anyone.
> https://www.honda.com/privacy/connected-product-privacy-noti...
~~~ Their's is a lot better, does still include Geolocation, audio recordings, navigation usage, however the usage looks limited to just Honda and the obviously required services: ~~~
> We will not use Geolocation Information for our own marketing purposes or disclose identifiable Geolocation Information with third parties (except our service providers) without your consent.
https://web.archive.org/web/20230512194748/https://www.honda...
EDIT: I just noticed the following:
> These companies may use Covered Information for their everyday business purposes, including marketing, customer service, fulfillment and related purposes. These disclosures may qualify as a sale under certain state privacy laws.
Also their definition of "Service Provider" is way too broad (see below comment). So I might need to retract my statement on their policy being good.
4 replies →
Well, the motorcycle community is overstocked with privacy lunatics, preppers, gun nuts and other extremists, so this makes sense. Also I can't think of any Honda motorcycle with a GPS aside from the Gold Wing, which stretches the definition of motorcycle in numerous ways. On the other hand every motorcyclist I ride with carries a Garmin inReach, which is the very definition of sharing your GPS with someone.
10 replies →
... I do wonder whether this was related to GMs plans to do their own thing?
> Interior images, exterior images, facial geometry, voice recordings,
This is an absolutely unbelievable level of privacy intrusion IMO. I 100% support very heavily fining this sort of behavior, otherwise it will continue to proliferate.
We need stronger laws about protecting user data. Like HIPAA but for everything. Storing millions of hours of video of people driving and their GPS should be a liability. I did not consent to any of this, but I'm certainly on recordings for drivers who did, that should also be an enormous fine.
we need politicians that do literally anything other than serve capitalism at all costs
Where would the support for fines come from? When government understands these issues at all, they only want more control and restriction. The only thing I can imagine legislators getting upset about is they the car manufacturers are not sharing all the info with government by default. Next steps will be mandating tracking, not fining for it.
Where would the support for fines come from?
Probably when a legislators private graphic videos with an escort or drug dealer or something more interesting gets leaked. Perhaps some government officials data is present in the leak as we speak. It might be harder to spot if not a personally owned vehicle or still cloud registered to a previous owner.
2 replies →
> When government understands these issues at all, they only want more control and restriction
CHIPS Act of 2022 allocated money to support US semiconductor manufacturing. Right-to-repair laws have been gaining traction even though it can't benefit any large economic interest directly. Those are two recent examples off the top of my head that aren't a reflection of a government that "only want more control and restriction."
I get that politics is frustrating but this kind of blanket caricature just relieves people of the responsibility for engaging with specifics, and when people commit to it that actually covers and enables real corruption.
> When government understands these issues at all, they only want more control and restriction
So what solution do you have that doesn’t involve regulation?
Well, try not being so passive. Are you living in an unchangeable authoritarian system?
1 reply →
Voice recording without explicit consent of all recorded parties is illegal under wiretapping laws in my state, and my state is pretty aggressive about it.
I wonder how that factors into this.
Regulators may not have realized. Maybe send an anonymous tip.
When you look at the specific uses, I think it's a bit less unbelievable. I think the important piece is that they should more clearly stipulate how the data is used and what controls are in place to protect it. Even more importantly, opt out by default if there's any chance of the data leaving your vehicle and a clear mechanism for wiping all collected data.
> Your Facial Geometric Features will only be stored on your vehicle.
> Vehicles equipped with Teammate use sensor and/or image data from the vehicle’s interior and exterior to evaluate the vehicle’s surroundings
It will never get fined because it’s how the people who legislate fines are making (and keeping) their money and control.
That's not how democracy works. Apathy is toxic. Please stop hurting us.
8 replies →
EU DPA's may have something to say about this if EU data subjects data was leaked.
I've purchased a few Toyota models, with the first having the connect service being a 2014 model. The sales rep asked for my phone so they could download the app that works with their system. The manner in which it was asked was interesting to me in that they clearly had not had someone so much as flinch as to giving them their unlocked phone and access to an app store. Maybe I was the first person not a grandparent they had worked with, but they obviously were not handed my unlocked phone. Since it was my first car with a connected system, I tried it out but was very unhappy with it. Their GPS required you to use your phone to enter a location and provide GPS. The in car system was basically just a screen for the services your device provided. The next time I purchased a car, I never even connected a phone to it.
That sounds perfect. How could a car system be better than just be a screen and interface for the functionality your phone provides? It's literally the dream.
If it's a particularly cheap car I wouldn't even mind if it doesn't have a screen or interface, and just supplies an API to the phone and a holder for it.
Either way would be a million times better than any car made between 2005 and 2015 has to offer.
> How could a car system be better than just be a screen and interface for the functionality your phone provides? It's literally the dream.
This is how Apple Carplay works. It just streams the phone to the display, and accepts input from the car's buttons. I think Android Auto does the same.
The caveat being that it requires the use of their app to run the system. Using an app is exactly the thing that gives them access to so much personal data.
Totally different than the one for their Europe market: https://www.toyota-europe.com/legal/privacy-policy
US lawmakers : you suck.
if you own a car from 2008 or newer the government essentially mandates it to be a privacy nightmare. If you care about privacy don't buy a modern car. Throw in the Vault 7 CIA leaks about how they explicitly had programs to research how they could hack modern cars remotely
https://en.wikipedia.org/wiki/Vault_7
you have to wonder how many vehicle 0-days nation state actors have saved up for when they need them, even just displaying the ability would grind the country to a halt because people would be afraid to even drive
Thanks!! I didn't know about these leaks.
> This Privacy Notice DOES NOT apply to: >[...] > Any Toyota vehicles equipped with Connected Services located outside of the continental United States, Alaska and Hawaii.
Ah, so only Americans are getting shafted.
Americans probably have the fewest legal protections of their various markets.
This needs to be made illegal.
If companies want to collect such personal data it should not be by default, and each clause should have to be independently validated by the customer including what data, how it's used, where stored, for how long, who it's shared with.
Nobody will accept basically so that says something about the asymmetry here.
The privacy policy looks really reasonable and mostly only collecting the data that it needs to provide the services. And the most cloud-based / privacy concerning stuff (e.g. external video capture, and usage-based auto insurance) is listed as opt-in.
I'm not sure the location data aspects are great but yeah, there is some discrepancy between what the parent post was claiming and the policy states:
> Certain vehicles equipped with an interior, driver-facing camera [...] If you opt-in and link your user profile using the in-vehicle “Setup Face” process, the Face Identification feature may use your Facial Geometric Features and Profile Data... Your Facial Geometric Features will only be stored on your vehicle.
> External Vehicle Video Capture. Owners of certain vehicles equipped with [...] may also opt-in to participate in External Vehicle Video Capture...
> To use the App Suite, you must download the application and accept the End User License Agreement... We will use Voice Recordings to improve our responses and voice recognition. To facilitate functionality of your App Suite and linked third party services, your vehicle may share your Location Data and Voice Recordings transcriptions with your third party services...
(Emphasis mine)