Comment by troydavis
1 year ago
From the complaint:
> Plaintiff did not want OnStar services and so he did not push the blue button "to get started." The email provides no mention of OnStar's Smart Driver Program.
…
> In or around January 2024, Plaintiff received his requested LexisNexis consumer disclosure. The report, as of December 18, 2023, had 258 recorded driving events under the "Telematics" subsection. Each driving event included trip details that show the start date, end date, start time, end time, acceleration events, hard brake events, high speed events, distance, and VIN.
…
> Plaintiff had never opted into any insurance program that would have allowed his information to be shared.
Related: "Automakers are sharing consumers' driving behavior with insurance companies" - https://fcra.verisk.com/#/
Thanks! Yes—related from yesterday:
Automakers are sharing consumers' driving behavior with insurance companies - https://news.ycombinator.com/item?id=39666976 - March 2024 (321 comments)
That one only spent 3 hours on the front page so I guess we'll let this one have a go too...
Teehee
I wrote about this after my gag order expired. GM was shipping all telematics data to a big data cluster processing 100gbps of data (with double the data once Cisco released 400gbps support). Originally it was to help price their used cars. A noble effort I supported. I didn’t know about the sales to insurance brokers, but should have assumed that was coming.
Anyway cat is out of the bag, they won’t undo this feature they will pay a fine, offer an opt-out to 5% of users who take up the offer and in 10 years time everyone will assume their driving habits are being monitored by their insurance company.
How do I know this? It’s been 10 years since the hoopla about realtime location data being sold. Last night I saw my home IP address reports my location with .25 mile accuracy. Guess that $5 check from Verizon was the fine they had to pay!
> I wrote about this after my gag order expired.
Some time last year I wrote a comment here on HN about my Bolt EUV and OnStar. I can’t remember exactly what I wrote and don’t want to dig for it, but I said something like being happy with the vehicle and had disabled all of the OnStar features/tracking soon after I purchased it. Somebody replied that they were intimately familiar with the OnStar/GM project, having worked on it, and that it was still tracking me despite not being subscribed to any of their services and having turned off all the features in the car that I could. They couldn’t elaborate further, I assume because of an NDA or something. I bet dollars to donuts that this is what they were talking about now.
Edit: thanks to Stavros for finding the comment below. It looks like you were in fact the person I was talking to 11 months ago. Small world!
This is sorta unrelated, but in your previous comment you mentioned:
> least right now using CarPlay they aren’t getting all the data about which books or music I’m listening to.
CarPlay absolutely reports currently playing audio metadata back to the car. I've driven multiple cars that display the currently playing song, etc in the driving instruments cluster.
2 replies →
https://news.ycombinator.com/item?id=35391090
3 replies →
I purchased a Bolt as well. Literally the day after I drove it off the lot, I found and modified the electrical connections to the Onstar antenna system, as I'm fairly handy with electronics and work on all my own cars. If you yank the fuse you'll also lose hands free bluetooth calling and some other features, so you have to use it.
Anyway, told this story to many people, and they looked at me like I'm a conspiracy nut. Well this will be the 1000'th conspiracy I worried about that turned out to be completely true, imagine that.
7 replies →
You should request your LexisNexis Risk consumer disclosure report.
Edit: please report back!
1 reply →
Time to find the ATT SIM card and gut it from both of my vehicles.
9 replies →
> Anyway cat is out of the bag, they won’t undo this feature they will pay a fine, offer an opt-out to 5% of users who take up the offer and in 10 years time everyone will assume their driving habits are being monitored by their insurance company.
So can't the plaintiffs just request an order compelling GM and others to remove the feature forever as part of the remedies?
Specific Performance. A court can order as the equitable remedy that one of the parties does a specific thing. Yes, in principle. But no in practice.
The real world use of Specific Performance is mostly in Real Property ie the ownership of land and this is because land is very obviously not fungible. The square meter of land I need to get my cows from the grazing field to the nearby milking shed is not in any way equivalent to an otherwise similar square meter of land on the far side of the field leading nowhere, and having the wrong one can't meaningfully be compensated with money whereas the court can just order Specific Performance (ie the wrongful owner hands over the land) to fix the problem.
But even beyond that in practice class actions are primarily about the lawyers getting a healthy pay day. $1M each for us as lawyers and each individual "participant" in the class action gets $1 and a 5% discount coupon that expires in six weeks? Sounds good. For the lawyers the incentive is that pay day and the only reason to care about their participants is that if they're treated too poorly a judge may not sign off on the deal.
5 replies →
> in 10 years time everyone will assume their driving habits are being monitored by their insurance company.
And even if there continues to be an opt-out, those plans will become so prohibitively expensive that you're essentially forced to allow your insurer to spy on you. Privacy is always priced out in the free market. Regulation is the only way. It's not a net benefit to society, just outlaw egregious data collection.
How does the data leave the device? I tried to route traffic from the infotainment system into a WiFi network I was wiresharking, and I saw a lot of GM traffic but I couldn’t install a cert to MitM because I couldn’t figure out how to access the Android settings for the dash OS.
Is the traffic through there or is it totally within the CANBUS and never hits the WiFi outbound? In that case do you need to hijack the 4G?
Not that I support any of this, but why would networking speed be the bottleneck in that system? Telematics seems very much like an OLAP situation where data ingest and querying can be asynchronous.
I read it as they are continually generating so much telemetry data that they’re saturating the link to the storage layer.
> And if you own a car made in the last ~5 years, here's how to request your "Consumer Disclosure Report" from LexisNexis: https://consumer.risk.lexisnexis.com/ . According to NYT, LexisNexis receives at least some data from GM, Ford, Kia, Subaru, and Mitsubishi.
Appreciate this link! I don't have one of the listed brands (own a Mazda) but I am curious to see what info data brokers like this have on me in general.
Also, maybe this is a naive thought but I think data brokers like this are so used to operating in the shadows / being forgotten about so I think the more folks who request is at least a small signal to them that folks are paying attention.
Wow, I just submitted the consumer disclosure report this morning after finding out about it from somewhere else. I am VERY interested to see if anything is reported from my car since I don't have any of the addons/monthly fees.
I assume LexisNexis does not provide this report out of the goodness of their heart, it must be required by FCRA?
If I really don't like LexisNexis collecting this data, or if I really just want to stay on top of my credit status, is there any reason not to script something to request a physically mailed report every day? Not sure how much they pay per mailing, but 365 of them can't be cheap.
Interesring that Subaru is mentioned, but not Toyota. Recent Subaru models share a lot of electronic guts with Toyota.
You can't take this as authoritative but my business has a data relationship with Toyota and they have a ton of juicy telemetry data.
Their attorneys are mad protective of the PII they have. Our relationship serves the public interest. We use the data to find people with open recalls where Toyota doesn't know who the current owner is.
I say this to say that we have other OEM relationships that are far more liberal with their encumbered data. This far Toyota seems to be playing it very straight.
You seem to be suggesting that Toyota are the good guys because they collect data but don't share it.
That's not what I want! I want them not to collect it. Then I don't have to worry about what they use it for, whether they share it, or whether it will get leaked.
3 replies →
This is somewhat reassuring, but it also makes me question what exactly they're sharing that could facilitate the service you describe.
It sounds like an interesting business though, and one of only a couple examples I can think of where telematics could be used in the public interest.
> We use the data to find people with open recalls where Toyota doesn't know who the current owner is.
Shouldnt this be able to go through the State? My state informed me of a recall on a vehicle that I bought used.
I just tried "Consumer Disclosure Report" link from LexisNexis you shared, and nothing happens when I submit the request. :(
>and nothing happens when I submit the request. :(
The site is likely overloaded by interest from HN readers. Trying again in 48 hours will likely give more performant responses.
It was very slow and gave no indication it was working but it worked for me. Try again?