Mozilla review of 25 car brands finds they're "a privacy nightmare"

dantheclamman@lemmy.world to Technology@lemmy.world – 1806 points –
It’s Official: Cars Are Terrible at Privacy and Security
foundation.mozilla.org

___

296

You are viewing a single comment

They did that to me. I specifically gave them a card I knew was going to expire before the trial period was over and they got the new information anyway.

If I remember correctly, it's a "feature" the credit card companies have so your subscriptions don't lapse.

This is more based on authorization vs CC details. It's much safer for a company than holding onto credit card numbers. Creating a subscriptions generates an authorization code which is good for the account, not just a specific card number. Revoking that authorization is a separate call to the bank rather than just having a credit card replaced.

That authorization shouldn't be indefinite either though. After three years of no activity and a card expiring, OnStar was still able to make a charge to renew that trial subscription.

And looking around the web, there are a few stories from that 2016 time frame to indicate that it was a new-ish, or at least not well known, practice at the time.

Yeah and it’s very useful, looks like this place is just as bad with the kids as that other place.

The fuck are you talking about?

The fact people here don’t even understand how credit cards work is a pretty big sign my guy….

The fact that you think it’s reasonable for literally anyone but you to give out your credit card details is a pretty big sign my guy

Because banks don't give out credit card details.

You created an authorization code which is independent from the credit card details. The authorization code doesn't get revoked automatically when a card expires or a new card issued.

Jesus tap dancing christ. I understand the difference between CC + CCV + expiry date and an oauth token (or whatever protocol they’re using for identification and authentication). I’m saying that not expiring auth codes when new cards are issued is a security and privacy issue. Users should ideally be given a switch to opt in to behavior like that. It should not be the default.

1 more...
1 more...
1 more...

If I want to keep a subscription going I'll give them the new CC information myself. Like a responsible adult. Hard disagree on the usefullness.

Not sure what point you're even trying to make about children and Reddit.

Are we really pretending that unsourced imgur screen shots are valid references?

Damn I was absolutely the most average person for reddit. Even the quasi split ethnicity. But, Like apparently though a picture of Steve Huffman would actually be the average redditor... Explains a lot.

Also don't agree with the downvotes on this; you provided a data source, so even if the screenshot was pretty stupid people are holding a grudge.

…no? But I guess you’re pretending it’s not? I’m sorry I screenshotted something from the internet that didn’t have the source attached? It must be completely fake then?

Like, what?

I’ll find the source for you if it helps you sleep at night that the veracity of an internet sourced image is from the internet talking about that thing.

Honestly? I just find it amusing how bent out of shape you're getting over the fact that people don't like auto renewing subscriptions.

It's like you work for some scammy subscription service that makes it impossible to cancel or something.

Not just that he's okay with companies contacting his back and requesting his credit card information.

4 more...
4 more...