Kenn Dahl says he has always been a careful driver. The owner of a software company near Seattle, he drives a leased Chevrolet Bolt. He’s never been responsible for an accident.
So Mr. Dahl, 65, was surprised in 2022 when the cost of his car insurance jumped by 21 percent. Quotes from other insurance companies were also high. One insurance agent told him his LexisNexis report was a factor.
LexisNexis is a New York-based global data broker with a “Risk Solutions” division that caters to the auto insurance industry and has traditionally kept tabs on car accidents and tickets. Upon Mr. Dahl’s request, LexisNexis sent him a 258-page “consumer disclosure report,” which it must provide per the Fair Credit Reporting Act.
What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn’t have is where they had driven the car.
On a Thursday morning in June for example, the car had been driven 7.33 miles in 18 minutes; there had been two rapid accelerations and two incidents of hard braking.
But you don’t have to worry if you got nothing to hide… /s
I’ve seen people drive. They definitely would want to hide their driving habits from insurance companies
Your driving record should speak for itself. I don’t need nor want insurance companies tracking people’s private lives.
It would seem that I’m going to be driving old cars until I die. I also like manual instruments and gauges that make sense. I don’t need to watch Netflix rolling along at 70mph. Before anyone schools me on my carbon footprint, I get 37mpg and a tank lasts me about a month.
Just got my 2014 RAV4 and I’m in love. I was using rentals between vehicles and Holy Fuck do I hate modern cars. WHY do we need a fucking DIAL for the gear shift? Or BUTTONS? Why do I need a fucking 18" display!!
Push button transmission? It’s been done before.
Of course back then distracted driving was digging through the box of 8 track cassettes.
I would argue that this is an improvement over modern designs because one can memorize the orientation of the buttons and change gears without looking. One time I was driving a Buick and I accidentally engaged the E-Brake because there is zero tactile difference between Drive and E-Brake. Having to constantly look at the very bottom of a display panel, with zero peripheral vision on the road whatsoever, to fuck with a row of toggles to change the cabin A/C because making everything completely uniform is fashionable is inexcusable to me. I think that these large infotainment systems should be banned from cars and only something large enough for a backup camera is really necessary. All these apps and displays and flashy animations are so badly distracting.
You’re 100% correct on the tactile difference in the buttons. I didn’t think of that. A similar complaint is every feature is a “button” on the infotainment screen. I saw this on a Dodge. My current car has no touchscreen and I have driven it long enough to just know where all the buttons are without looking. In my opinion, distracted driving should include these types of things that take your attention off of the road.
I was pissed that there was no aboiding getting an infotainment system in the car i bought last summer. 2015 Subaru Crosstrek has a sluggishly slow touchscreen that is a danger. Then i took a ride in my uncle’s 2022 Outback last year and it felt like a freaking slot machine at a casino. Every control ran through it and it was still disgustingly slow and sluggish.
We didn’t see that one coming huh
258 pages?! That’s half of MS’s office format specification!
I still have my 2010 Mazda 3. The only tech it has is Bluetooth connectivity for phone and music and some voice commands for calls.
The day I will change cars will be the day my car completely dies and there’s nothing I can do about it, or it becomes illegal to drive, or it gets wrecked in an accident.
I don’t ever want the new cars. I hate hate hate the stupid touch tablets they’ve put to control everything instead of physical knobs, and now this fucking crap where your car spies on you and rats you out to you insurance company.
They can pry my 2007 Tundra from my cold dead hands.
Just put a new engine in my 08 sequoia. No new cars for me.
2008 Crewmax SR5, bought new 12/2007. I feel exactly the same way.
Double Cab 4.7L SR5 (honestly no idea what SR5 even means) 8ft Bed. Bought used in 2011. Only 92k miles so far. Drove it from Philly to Anchorage and lived in Alaska for 3 years. Currently in Massachusetts. Respect.
Mine has like 165k. First vehicle I bought myself new. SR5 is just the middle package. They had the low trim as no named, SR5 then limited.
I got mine from Jim Barkley (brand new). Six hour drive. I drove down there in a 1999 Chevy S10 ZR-2 and traded it in and bought the Tundra. I was there like 30-45 min and I financed it with them. Jim Barkley is gone now, but that was such a pleasurable experience for a car buying experience.
Still love this truck!
Agreed.
I now need to root my Android and put a new OS so it stops telling Google where I am. I’m slightly afraid as I just want my phone to work when I need it.
I’m sure T-Mobile uses my location data for something too.
Everyone calls me paranoid for even just giving a shit about being spied on. Am I supposed to enjoy getting reamed by the rich?
Later model 3 but definitely lower-tech (has the touchscreen nonsense but no internet or anything) and I plan on running it as long as possible lol
I don’t know how to tell you but just because the Car can phone home with cellular - doesn’t mean you will see it as a free Internet Browser.
I’m not entirely sure what you’re saying tbh.
Anyway I don’t use their GPS and I don’t let it sync contacts or other info. I Bluetooth and run music off the phone locally or my Plex server. It’s from 2016 so I’m fairly certain it doesn’t have the same data back and forth you’re seeing in more current cars. I know it doesn’t collect audio, driving patterns, etc. which is what these new systems are all doing with wild TOS’s you have to agree to, as Mozilla showed us a few months ago.
The dumb infotainment center or whatever has been spotty so I’ve actually been using the aux more lately.
Point is whatever data it’s collecting and sending, which I’m not even entirely sure is happening in any meaningful way especially the way I use it, is not really at the same level we are seeing today.
Do you get updates over the air?
Not that I know of no. For instance, to activate their navigation, you need to buy a $200 SD card. You can’t do anything remotely AFAIK with this car. Even “apps” for listening require them to be installed on your phone so it’s not doing it on its own, it’s using your phone and app and data to make it happen. Without your smartphone it the “infotainment” center is just an info center with FM/AM radio.
I don’t think any of that stuff started until the Mazda Connect app or whatever it’s called. A decade ago (my car is like 8 years old now) a lot of cars were in the “blackberry” phase where it’s not really browsing the internet and everyone was sort of testing new stuff. Now car manufacturers have a lot more sense of how valuable all that data is and they’ve “figured it out,” much to our collective chagrin.
Comprehensive privacy law time? Nahh just ban the Chinese EVs and pretend this doesn’t happen. Same thing as tiktok. You’ll never be protected as long as they can point to the Chinese boogyman.
Yeah, I feel like that’s why the EU has such strong privacy regulations. Tech giants in our market are mostly either state-tolerated&-utilized monopolies from the US or state-owned monopolies from China.
There’s also the potential that raising concerns of Chinese spyware raises more concern of the rest of it. They should continue raising those concerns about them all. And ban all the spyware.
I think this should be legally prohibited. Also is it possible to physically disconnected the network modules so they can’t send anything?
Somebody could go to jail for this. You.
The DMCA makes it a felony to circumvent protections in services. If they wanted to push this and depending on the system disabling or using some hack to bypass could be illegal.
I don’t think that anyone would actually bring the case against an individual, but a company selling any sort of device or instructions to make it easier for people could be targeted.
If they make disabling spyware illegal, I’ll do it anyways because human rights. If they decide to charge me for it, I’ll just consider it a violation of my freedoms
I’m sure it’s possible, but I’m sure they’ve made it as painful as it can be.
Most likely the module, if it is a separate module and not part of the SoC of the infotainment system or whatever, works over CAN bus and the car will throw errors when it doesn’t detect its presence, or doesn’t detect the SIM card. Might even refuse to start if that module is missing. Might be possible to remove the antenna so the car thinks it’s just outside of the service area, but if it’s built into the PCB and the PCB is cast into resin/silicone for waterproofing, even this might be extremely difficult. Probably the module is also serialized* so replacing it with a “dummy” module or a module from a junkyard won’t spoof the system, either.
*Manufacturers have been serializing even airbags for years, making replacing a faulty one with one from a junkyard impossible.
Maybe we can trick it forever that it is far away from a cell tower. That way the car has to start without connection.
Who knows, maybe they force you to use their app and after driving and connecting to the internet, that sends data back to the manufacturer.
You’re approaching it in the wrong way. You don’t need to stop the Data Collection just the phone home. Find the antenna and Faraday Cage it.
Yeah, some aluminum foil on the inside of those shark fin antennas will probably stop all communication. Just have to use your phone for radio & navigation, which isn’t a big deal on CarPlay or whatever the androids use.
If you use foil, it’d be best to connect it to ground. The metal shell of a car is usually connected to the ground terminal of the battery.
I’m sure it varies widely. In Toyota’s you can call in to disconnect (I did it while waiting for a tire pressure machine) but to do it physically you pull a single fuse and the trade off is losing the microphone.
Others have pulled the dash and disconnected antennae but it just reduces the range of the box since it’s a cellular radio like a phone.
Do you have any resources that I can use to learn more about about removing telemetry from a vehicle? Is there a good forum that could help me potentially do this to my car?
There’s no easy one-stop solution since it can vary widely.
I would look at subreddits (yuck, reddit!), or dedicated forums for your model if they exist, you’d probably be surprised what’s out there. (Example, there’s Piloteers (Honda Pilot), Kia-Forums (Kia), 4Runners and Toyota-4Runner, etc. But information may be scattered.
First objective is figuring out if it’s even on your vehicle or applicable. Older 3G radios are done since the networks that connected to them are gone now. My '16 Kia had no cellular radio. Maybe you have an SOS button or they advertise a phone app to control your vehicle remotely?
Edit: And if you can’t find specific model/year information for your vehicle, you can look for information for related vehicles and see if it’s relevant. Ex: Honda Passport, Pilot, Ridgeline sharing a lot of engineering.
Since Nissan and Kia both explicitly state they reserve the right to collect and sell data about your sex life, disabling the microphone is probably a good idea.
in this case that’s Toyota specific and it means likely loss of phone calls on the go (but nothing else) even though the data can’t leave your vehicle anymore. It all depends on how they wire up the system. Maybe it’s easier, maybe it’s tied to something random.
I can’t wait to see tuturials. I don’t know much about cars and would love to see people disable these, or perhaps do something malicious. Not that I have a new enough car yet, but I know one day it’s going to be unavoidable.
As long as you know where they are, a simple faraday cage should work perfectly. Basically, surround the module with an electrically conductive material to catch radio waves.
If you’re using android auto or something like that this information is going to be transmitted on the same connection used for navigation and internet so you better learn the map of the city again if you want to scape the Spyware.
I was thinking something like free data plan till they disable the transmitter or at least an unplug. Never bought a new car, do you agree to terms and conditions or sign a contract specifically mentioning/consenting to the tracking?
In Toyota’s there’s a red sticker on the dash talking about it and how to opt-out. (or at least I’ve seen it in a rental and a new car - but it might also be yanked by dealer’s PDI)
If it doesn’t already, that’s probably going to put you in the high-risk group with other car modders.
How dare you demand privacy!
It will be cat and mouse, but I would imagine for the time being, disconnecting the cell antenna on the board would stop it. Who knows what kind of, if any bullshit extra errors and codes that will keep popped up but I’m guessing if it became a popular thing, they would start making cars that will create bullshit errors and codes. I wouldn’t do anything permanent until the warranty period is over.
Simple answer that should always work: surround the chip/antenna with a faraday cage. The hardest part is finding the chip, not in disabling it.
Why not to just break the antenna (or whatever it has) in half? It’s much simpler and shouldn’t cause damage to the chip itself
The antennae only likely won’t reduce range enough. Check for an opt-out procedure prior to purchase since that’s easiest, then look for what fuse powers the connection (also easy), but worse case, lay eyes on the module itself and evaluate.
Yea I guess it’s a better choice
Is that the whole text of the article? (paywall) Was there any investigation as to the source of the data on the report? As this is a leased vehicle, I would not be surprised if the data came from a dealer module that they use to immobilize the vehicle if you miss a payment or otherwise violate your lease.
Unfortunately its not a third party module but manufacturer built-in features.
Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis.
Car companies are directly sending this data to the brokers in exchange for “low millions of dollars.” Imagine destroying all consumer trust in a multi-billion dollar brand for so little. I would never even consider buying a GM or any brand involved in this.
Yeah, I had thought about buying a Bolt because they’re reasonably inexpensive EVs, but this is a definite nope from me.
EVERY brand is involved in this. Mozilla org investigated literally every car manufacturer available in the United States last year and gave them all an F for privacy.
I dunno if motorcycles have the infrastructure. I guess if you were willing to ride a motorcycle, that might avoid it.
Obviously it’s possible to stick telemetry on even small vehicles like that, given that the e-bike and e-scooter rental companies rely on it.
Am I the only one who doesn’t find this surprising. All these big car companies making drivable spyware and who would probably want that data? Insurance companies. This is why my first car I’m gonna tear out the modem.
I’m not surprised it happened, but a little surprised how quickly it happened. Most insurance companies still offer a plan where you voluntarily plug in a tracker to monitor your driving in exchange for lower rates if you’re a good driver, so it’s extra fucked that they’re doing the same thing to presumably everyone with an internet connected car without even telling them upfront, let alone getting consent.
Surprising? Hell no. Infuriating? Fuck yes. Your accident records should speak for themselves, not some bullshit algorithms calculating if yOu AcCelLerATeD ToO fASt or not. Get the fuck outta here with that baby shit.
Last time I drove a rental car I was constantly aware that it was probably tracking everything I did, sending that data back to its owners, who would then sell it on to data brokers and insurance companies and whoever else wanted it.
It was sort of tolerable on a temporary basis, until I got to driving along a road where the speed limit had recently changed. The car helpfully displayed what it thought the speed limit was, and suddenly I had to choose between driving safely and driving according to what the computers presumably wanted to see.
Drivers of the world, do not let your cars have Internet access. No good can come of it.
Yes, the only access to the Internet a car should have is through my phone in an opt-in basis. That way I can stream music, map directions, etc through my phone that I’ve already made somewhat secure.
That’s not always a choice, without hurdles. I have a truck with it, but I would have no idea how to disable it short of cutting the antenna wire for it.
Yes, that is exactly what you should do. Remove the antenna.
They will store it and upload the data when you go in for service
That probably voids the entire warranty or something ridiculous like that.
Your anecdote isn’t meaningful. That’s simply an outdated map software.
The anecdote doesn’t necessarily prove anything but it is conceivable that stretch of road is mismarked in multiple systems.
Which then reports back to LexisNexis that you are speeding through an area, which is then reported to insurance companies who in turn flag you as a dangerous driver, raising your premiums.
That assumes the outdated map software manages to somehow make an accurate report. Most likely, if it makes one, it’ll be “Going X over a Y MPH area” even though Y is wrong, or it’ll be just “speeding by X MPH for Y seconds/minutes”. Either way, nobody is likely to verify and correct the data, so you could be punished for perfectly safe and legal driving.
You can’t be punished for it because that “evidence” was not correctly collected.
Also in your specific example and depending on the country, for them to report you on that would be a false accusation which means they’re the ones that could get into trouble if you go after them (basically any costs you incurred because of it would be on them).
(IANAL, so take this with a pinch)
It’s probably too much trouble for them to actually report it to the police (if they do it automatically, they run the risk I mention and they’re not going to spend the money manually reviewing it) - there is risk and cost involved with nothing in it for them.
That said, they could still pass it on to some entities other than the police (such as insurers) and good luck for you to prove it and show the damage it caused you. In the EU you could request them all the data they had on you which would possibly be enough to catch them, but outside it, it really depends.
They aren’t reporting you to the police. They are selling that data to insurance companies who then use that information to jack up your premiums. So guess what. You are now being financially punished for safe driving while someone in a 20 year old shit box that miraculously avoids accidents and apeeding tickets pays a lower premium.
The only solution is to forbid companies from collecting this data in the first place. It’s never going to be used to make something cheaper for you, it’s only ever going to be used to sell you something or to charge you more.
I think we’re basically seeing the same picture and in agreement on how things should be (which is why I pointed I’m happy to be in the EU, were that stuff IS forbiden unless people explicitly opt-in).
No opt-ins because companies will do whatever they can to force you into opting in for it. Same way that fast food companies are harvesting data from people by jacking up prices and making “discounts” available on their apps. Corporations have all the leverage again consumers.
Maybe not legally punished, but this very article we’re discussing is about how insurance companies are, in fact, punishing you financially for it. As for the false accusation, sure, but how likely is anyone to even figure it out? You’re not being dragged into court, and people don’t even know this is happening yet. It’s only illegal if you get caught. I don’t expect them to report it to anyone. I just expect data collectors to sell data and other businesses to buy it for the express purposes of financially screwing you. You may stay out of court, but that extra 21% charge is gonna cost you a couple hundred per year at least.
Yeah, hence the last paragraph of my comment.
I can see how it can indirectly used in ways that harm somebody, just wanted to point out it’s unlikelly to be reporting drivers to the police if only because there’s no money and some risk for them in doing it.
Mind you, if the police does some kind of agreement with them were they’re paid for it and are immune to liability for misreporting, I can see rental companies doing it.
I’m very happy that I live in Europe, not the US.
It serves as a convenient representative example of the ways in which such systems can go wrong.
I mean, this is the world of software and computer systems. The map is always outdated, the model is always fictional, and the metric is always measuring the wrong thing. Even aside from the obvious privacy problems this kind of big data approach has its limits which are too easily ignored by insurance companies eager to take the average across thousands of mistakes hoping to get something profitable. As is becoming increasingly more obvious to the general public as computer algorithms designed in secret rule more of our lives, quite often the best that can be managed is a system that works adequately well for the purposes of its designers even while it takes decisions that are utterly stupid at the level of the individual people subjected to it.
Classic JDM shit boxes till I die. Used to be a joke, but since cars have become what are essentially IoT devices, it’s become real. 🥲
I work in fintech and I had glimpses of raw API data that credit agencies, Mastercard and LexisNexis provide (among others). It’s crazy detailed. Even just our query increases the query count by one and provides at least ten data points on the why and when.
I’m not surprised that the car manufacturers are selling this data to LexisNexis who in turn sell it to insurance companies.
Moving from 64 to 65 also moves you from a different age bracket, I would guess that this is the main reason he saw a general rise on his insurance cost from all the other insurance companies.
Age buckets are so archaic
I think they totally have the computer power to use an hyper parametric model with each age as own variable. A problem this could had, is that they are not going to be enough older adults to accurately assess the risk of them and the model could end showing that 80yo’s are better drivers than 30yo’s.
You can use regression splines or lowess to locally weight the areas with low data based on what you do know, it keeps your parameter count down but still performs well even at the tails.
I disagree, they’re effective and a reasonably privacy-friendly way of predicting risk. Younger people are generally more aggressive drivers than older people, and older people generally have worse reactions than younger people. It’s one of the strongest indicators for driving behavior before an infraction is recorded.
I don’t like it either, but it’s better imo than using one of those driving meters.
So I’m not against using age, but binning it coarsely is the issue when it can be handled much more granularly.
64-65 is probably a negligible amount of risk increase, but 64-69 is going to be much bigger. Looking at younger ages the effect is more extreme where they’re probably charging late 20’s drivers more because they’re pooled with low 20’s.
Anyway, on average it probably works out the same, but in practice I never bin data where I can avoid it, since you get better information looking at it as a continuous range.
True, but the insurance agent told him the spyware report was a factor.
Not at all surprised by this. I sold my car a decade ago, I just hope motorcycles can stay dumb for longer.
We need to start poisoning this data. I don’t think the solution is to cut the wires, I think it’s to send bogus data. Just make it so that no matter how I drive, the data is always overwritten that I traveled 5 miles at 30mph average with no hard stops and no hard accelerations. I only ever make that trip. Wanna base my insurance off that? Go for it.
Anyways I like the technical ability to do this, but wonder if some enterprising person could hack the obd to constantly overwrite the data here.
Again I want to poison this data. It should be illegal, but it’s not. Companies will charge me more if I block it. So the solution is data poisoning imo.
Incidentally we need to be poisoning ALL data brokers and collectors for these types of things.
Incidentally we need to be poisoning ALL data brokers and collectors for these types of things.
Go here for a good start: https://adnauseam.io/
Thank you for sharing!!
It might be nice if auto reviewers included a “privacy rating” for a vehicle based OK whether it broadcasts anything via radio (e.g. cell or tire-pressure systems can be used to identify someone). It’s not just auto manufacturers, but anyone who wants to set up a radio monitoring network, if there are unique IDs being broadcast.
I don’t know how a reviewer could know whether there’s a way for a manufacturer to gather logs during maintenance.
They’ll never give a review like that because they need manufacturers to send them more cars to review.
i think we should also flood them with so much data it cant keep upnandevendecipher what is really anymore. Same for computer habits. Flood it with random data.
Use AdNauseam
I’ll take the route of I’m not going to own a car that will tell on me, or I will make that car not report.
Wrap the modem in tinfoil.
