Mozilla review of 25 car brands finds they're "a privacy nightmare"

dantheclamman@lemmy.world to Technology@lemmy.world – 1806 points –
It’s Official: Cars Are Terrible at Privacy and Security
foundation.mozilla.org

___

296

You are viewing a single comment

I got an email from OnStar the other day saying it contacted my bank and updated my card info because I had gotten an old card and hadn't updated the info, I don't pay for OnStar but the dealership MAKES you set it up even if you don't use it.

How the fuck are they allowed to contact my bank and get information like that? Weirded my TF out to say the least.

They did that to me. I specifically gave them a card I knew was going to expire before the trial period was over and they got the new information anyway.

If I remember correctly, it's a "feature" the credit card companies have so your subscriptions don't lapse.

This is more based on authorization vs CC details. It's much safer for a company than holding onto credit card numbers. Creating a subscriptions generates an authorization code which is good for the account, not just a specific card number. Revoking that authorization is a separate call to the bank rather than just having a credit card replaced.

That authorization shouldn't be indefinite either though. After three years of no activity and a card expiring, OnStar was still able to make a charge to renew that trial subscription.

And looking around the web, there are a few stories from that 2016 time frame to indicate that it was a new-ish, or at least not well known, practice at the time.

Yeah and it’s very useful, looks like this place is just as bad with the kids as that other place.

The fuck are you talking about?

The fact people here don’t even understand how credit cards work is a pretty big sign my guy….

The fact that you think it’s reasonable for literally anyone but you to give out your credit card details is a pretty big sign my guy

Because banks don't give out credit card details.

You created an authorization code which is independent from the credit card details. The authorization code doesn't get revoked automatically when a card expires or a new card issued.

Jesus tap dancing christ. I understand the difference between CC + CCV + expiry date and an oauth token (or whatever protocol they’re using for identification and authentication). I’m saying that not expiring auth codes when new cards are issued is a security and privacy issue. Users should ideally be given a switch to opt in to behavior like that. It should not be the default.

1 more...
1 more...
1 more...

If I want to keep a subscription going I'll give them the new CC information myself. Like a responsible adult. Hard disagree on the usefullness.

Not sure what point you're even trying to make about children and Reddit.

Are we really pretending that unsourced imgur screen shots are valid references?

Damn I was absolutely the most average person for reddit. Even the quasi split ethnicity. But, Like apparently though a picture of Steve Huffman would actually be the average redditor... Explains a lot.

Also don't agree with the downvotes on this; you provided a data source, so even if the screenshot was pretty stupid people are holding a grudge.

…no? But I guess you’re pretending it’s not? I’m sorry I screenshotted something from the internet that didn’t have the source attached? It must be completely fake then?

Like, what?

I’ll find the source for you if it helps you sleep at night that the veracity of an internet sourced image is from the internet talking about that thing.

Honestly? I just find it amusing how bent out of shape you're getting over the fact that people don't like auto renewing subscriptions.

It's like you work for some scammy subscription service that makes it impossible to cancel or something.

Not just that he's okay with companies contacting his back and requesting his credit card information.

4 more...
4 more...

Credit cards have actually been doing that for years. It's a feature for recurring payments to reduce the amount of trouble users had when their CC number was compromised or it expired.

Yeah, it sucks too. A couple years ago I was trying to get out of a Sirius Satellite subscription I had opted into during the height of the rony 'rona.

Instead of sitting on the phone with CSRs for hours on end while they pass me around and offer me incentives to stay, I thought I'd be smart and report that my credit card was lost. (At the time you couldn't disenroll online, that changed I happily found out a few months ago)

Joke was on me though. Sirius updated my new card info, and I was without a credit card for ~8 days.

I'm not sure when you purchased your vehicle, but when I purchased my vehicle Dec 2022 I had to do that OnStar setup crap as well and just denied giving them any information. They said I wouldn't be able to get this or that but I didn't care so they didn't get that information. It took about 15 minutes with the person on the other side being a bit confused but just gave up when I said it the like 5th time.

Either way they don't need that information at any time unless you want their free trials that are almost never worth it.

Yeah, I'd walk away from a sale before agreeing to that crap, even if they did make it mandatory.

By design and commonly accepted on recurring payments. Not even remotely new or connected with OnStar.

Weirded my TF out to say the least.

Honestly that shouldn't weird you out too much, that's just a convenience feature. And yeah, I know, some people put quotes around the word convenience. But others actually just use the word as is, a convenience.

What should freak the hell out of you is when you and your significant other are in the car talking about buying a new pair of tennis shoes, and then that evening when you're sitting at home YouTube shows you a commercial for tennis shoes, when you've never seen any ads for tennis shoes on YouTube before.

1 more...

I wonder what happens if you only have a single card with no money on it.

That sounds awfully convenient and OnStar saves lives, so…

The emergency features are free, they want you to pay for in-car wifi. You also cannot cancel online and have to cancel with a rep over the phone. The service itself is fine, but dealerships requiring you to sign up "even if you aren't going to use it" isn't .

Oh really?

One of the most expensive plans comes from OnStar, which charges $29.99 a month or $299.90 a year for its Safety & Security Plan after a free trial period. It’s the least expensive OnStar plan that includes automatic crash notification, which it calls Automatic Crash Response. OnStar says these subscription fees are necessary to pay for the resources used to operate the feature.

“Certain features and services, including Automatic Crash Response, require ongoing updates, network connectivity, staffed call centers, among other recurring costs to operate,” an OnStar spokesperson, Rita Kass-Shamoun, told CR.

8 more...