Kenn Dahl says he has always been a careful driver. The owner of a software company near Seattle, he drives a leased Chevrolet Bolt. He’s never been responsible for an accident.
So Mr. Dahl, 65, was surprised in 2022 when the cost of his car insurance jumped by 21 percent. Quotes from other insurance companies were also high. One insurance agent told him his LexisNexis report was a factor.
LexisNexis is a New York-based global data broker with a “Risk Solutions” division that caters to the auto insurance industry and has traditionally kept tabs on car accidents and tickets. Upon Mr. Dahl’s request, LexisNexis sent him a 258-page “consumer disclosure report,” which it must provide per the Fair Credit Reporting Act.
What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn’t have is where they had driven the car.
On a Thursday morning in June for example, the car had been driven 7.33 miles in 18 minutes; there had been two rapid accelerations and two incidents of hard braking.
So what’s the results? Which generation is better at driving? Which age group is more conservative with duel usage? Hmm?
They’re all bad. 20-50% rate increases across the board!
My auto insurance rose 27% this year. My cars sit in a locked garage 20ft away from me practically all week long as I work from home. I was shocked to find my rates rose so high as I barely even drive at all anymore. Their solution was for me to get their data collection puck. What a fucking racket!
Apparently a part of that is that EVs are more expensive to insurance companies, so they are spreading that cost around.
My insurance jumped by about 20% as well, after discounts from shopping around.
It cant just be EVs, but when i was searching this was the main reported factor.Or, all the insurance companies just decided to massively bump rates
I bet you all the insurance companies are using a service that provides pricing via algorithms. In their opinion it’s not collusion, just math.
pricing via algorithms
This is essentially what all insurance is. Actuary tables, risk analysis, so forth. All math with the single purpose to ensure that over the whole risk pool, the House wins.
Used Vehicles became more valuable over the past few years as new vehicle production was issued halted in early 2020 and supply chain issues plagued manufacturers for a few years after that. Used car prices are just now starting to come down. I hardly ever saw cars for sale by owner that didn’t have over 200k miles on them and weren’t models plagued with major issues. People were still asking $5k for absolute junk. My advice over the past few years has been to buy a new car as it’s a much better value over any used car at the moment.
My understanding is that they all got together and decided to raise rates across the board.
Colluding?
Of course not, that would be illegal and immoral!
/s just in case
My completely uninformed guess is:
- we all forgot how to drive like normal people during/after lockdowns and,
- cars continue to get bigger and heavier, so accidents are more likely to result in total loss
Parts are plastic and cheaply made so more shit breaks when you get in an accident.
The reasoning they gave me is exactly that. People driving like crazy post pandemic, and the fact that cars have become exponentially expensive.
Last time I drove a rental car I was constantly aware that it was probably tracking everything I did, sending that data back to its owners, who would then sell it on to data brokers and insurance companies and whoever else wanted it.
It was sort of tolerable on a temporary basis, until I got to driving along a road where the speed limit had recently changed. The car helpfully displayed what it thought the speed limit was, and suddenly I had to choose between driving safely and driving according to what the computers presumably wanted to see.
Drivers of the world, do not let your cars have Internet access. No good can come of it.
Yes, the only access to the Internet a car should have is through my phone in an opt-in basis. That way I can stream music, map directions, etc through my phone that I’ve already made somewhat secure.
That’s not always a choice, without hurdles. I have a truck with it, but I would have no idea how to disable it short of cutting the antenna wire for it.
Yes, that is exactly what you should do. Remove the antenna.
They will store it and upload the data when you go in for service
That probably voids the entire warranty or something ridiculous like that.
Classic JDM shit boxes till I die. Used to be a joke, but since cars have become what are essentially IoT devices, it’s become real. 🥲
Your anecdote isn’t meaningful. That’s simply an outdated map software.
That assumes the outdated map software manages to somehow make an accurate report. Most likely, if it makes one, it’ll be “Going X over a Y MPH area” even though Y is wrong, or it’ll be just “speeding by X MPH for Y seconds/minutes”. Either way, nobody is likely to verify and correct the data, so you could be punished for perfectly safe and legal driving.
You can’t be punished for it because that “evidence” was not correctly collected.
Also in your specific example and depending on the country, for them to report you on that would be a false accusation which means they’re the ones that could get into trouble if you go after them (basically any costs you incurred because of it would be on them).
(IANAL, so take this with a pinch)
It’s probably too much trouble for them to actually report it to the police (if they do it automatically, they run the risk I mention and they’re not going to spend the money manually reviewing it) - there is risk and cost involved with nothing in it for them.
That said, they could still pass it on to some entities other than the police (such as insurers) and good luck for you to prove it and show the damage it caused you. In the EU you could request them all the data they had on you which would possibly be enough to catch them, but outside it, it really depends.
Maybe not legally punished, but this very article we’re discussing is about how insurance companies are, in fact, punishing you financially for it. As for the false accusation, sure, but how likely is anyone to even figure it out? You’re not being dragged into court, and people don’t even know this is happening yet. It’s only illegal if you get caught. I don’t expect them to report it to anyone. I just expect data collectors to sell data and other businesses to buy it for the express purposes of financially screwing you. You may stay out of court, but that extra 21% charge is gonna cost you a couple hundred per year at least.
Yeah, hence the last paragraph of my comment.
I can see how it can indirectly used in ways that harm somebody, just wanted to point out it’s unlikelly to be reporting drivers to the police if only because there’s no money and some risk for them in doing it.
Mind you, if the police does some kind of agreement with them were they’re paid for it and are immune to liability for misreporting, I can see rental companies doing it.
I’m very happy that I live in Europe, not the US.
They aren’t reporting you to the police. They are selling that data to insurance companies who then use that information to jack up your premiums. So guess what. You are now being financially punished for safe driving while someone in a 20 year old shit box that miraculously avoids accidents and apeeding tickets pays a lower premium.
The only solution is to forbid companies from collecting this data in the first place. It’s never going to be used to make something cheaper for you, it’s only ever going to be used to sell you something or to charge you more.
I think we’re basically seeing the same picture and in agreement on how things should be (which is why I pointed I’m happy to be in the EU, were that stuff IS forbiden unless people explicitly opt-in).
No opt-ins because companies will do whatever they can to force you into opting in for it. Same way that fast food companies are harvesting data from people by jacking up prices and making “discounts” available on their apps. Corporations have all the leverage again consumers.
The anecdote doesn’t necessarily prove anything but it is conceivable that stretch of road is mismarked in multiple systems.
Which then reports back to LexisNexis that you are speeding through an area, which is then reported to insurance companies who in turn flag you as a dangerous driver, raising your premiums.
It serves as a convenient representative example of the ways in which such systems can go wrong.
I mean, this is the world of software and computer systems. The map is always outdated, the model is always fictional, and the metric is always measuring the wrong thing. Even aside from the obvious privacy problems this kind of big data approach has its limits which are too easily ignored by insurance companies eager to take the average across thousands of mistakes hoping to get something profitable. As is becoming increasingly more obvious to the general public as computer algorithms designed in secret rule more of our lives, quite often the best that can be managed is a system that works adequately well for the purposes of its designers even while it takes decisions that are utterly stupid at the level of the individual people subjected to it.
I work in fintech and I had glimpses of raw API data that credit agencies, Mastercard and LexisNexis provide (among others). It’s crazy detailed. Even just our query increases the query count by one and provides at least ten data points on the why and when.
I’m not surprised that the car manufacturers are selling this data to LexisNexis who in turn sell it to insurance companies.
“Sharing” is a funny way to word a headline. They are selling it, for a profit, because it’s legal. It’s immoral and shady as hell, but “prevent it or expect it” applies here.
Yeah should say “currently legalized sales of personal data” to emphasize that this sort of thing is illegal in many other regions.
I think this should be legally prohibited. Also is it possible to physically disconnected the network modules so they can’t send anything?
I’m sure it’s possible, but I’m sure they’ve made it as painful as it can be.
Most likely the module, if it is a separate module and not part of the SoC of the infotainment system or whatever, works over CAN bus and the car will throw errors when it doesn’t detect its presence, or doesn’t detect the SIM card. Might even refuse to start if that module is missing. Might be possible to remove the antenna so the car thinks it’s just outside of the service area, but if it’s built into the PCB and the PCB is cast into resin/silicone for waterproofing, even this might be extremely difficult. Probably the module is also serialized* so replacing it with a “dummy” module or a module from a junkyard won’t spoof the system, either.
*Manufacturers have been serializing even airbags for years, making replacing a faulty one with one from a junkyard impossible.
You’re approaching it in the wrong way. You don’t need to stop the Data Collection just the phone home. Find the antenna and Faraday Cage it.
Yeah, some aluminum foil on the inside of those shark fin antennas will probably stop all communication. Just have to use your phone for radio & navigation, which isn’t a big deal on CarPlay or whatever the androids use.
If you use foil, it’d be best to connect it to ground. The metal shell of a car is usually connected to the ground terminal of the battery.
Maybe we can trick it forever that it is far away from a cell tower. That way the car has to start without connection.
Who knows, maybe they force you to use their app and after driving and connecting to the internet, that sends data back to the manufacturer.
I’m sure it varies widely. In Toyota’s you can call in to disconnect (I did it while waiting for a tire pressure machine) but to do it physically you pull a single fuse and the trade off is losing the microphone.
Others have pulled the dash and disconnected antennae but it just reduces the range of the box since it’s a cellular radio like a phone.
Since Nissan and Kia both explicitly state they reserve the right to collect and sell data about your sex life, disabling the microphone is probably a good idea.
in this case that’s Toyota specific and it means likely loss of phone calls on the go (but nothing else) even though the data can’t leave your vehicle anymore. It all depends on how they wire up the system. Maybe it’s easier, maybe it’s tied to something random.
Do you have any resources that I can use to learn more about about removing telemetry from a vehicle? Is there a good forum that could help me potentially do this to my car?
There’s no easy one-stop solution since it can vary widely.
I would look at subreddits (yuck, reddit!), or dedicated forums for your model if they exist, you’d probably be surprised what’s out there. (Example, there’s Piloteers (Honda Pilot), Kia-Forums (Kia), 4Runners and Toyota-4Runner, etc. But information may be scattered.
First objective is figuring out if it’s even on your vehicle or applicable. Older 3G radios are done since the networks that connected to them are gone now. My '16 Kia had no cellular radio. Maybe you have an SOS button or they advertise a phone app to control your vehicle remotely?
Edit: And if you can’t find specific model/year information for your vehicle, you can look for information for related vehicles and see if it’s relevant. Ex: Honda Passport, Pilot, Ridgeline sharing a lot of engineering.
Somebody could go to jail for this. You.
The DMCA makes it a felony to circumvent protections in services. If they wanted to push this and depending on the system disabling or using some hack to bypass could be illegal.
I don’t think that anyone would actually bring the case against an individual, but a company selling any sort of device or instructions to make it easier for people could be targeted.
If they make disabling spyware illegal, I’ll do it anyways because human rights. If they decide to charge me for it, I’ll just consider it a violation of my freedoms
If it doesn’t already, that’s probably going to put you in the high-risk group with other car modders.
It will be cat and mouse, but I would imagine for the time being, disconnecting the cell antenna on the board would stop it. Who knows what kind of, if any bullshit extra errors and codes that will keep popped up but I’m guessing if it became a popular thing, they would start making cars that will create bullshit errors and codes. I wouldn’t do anything permanent until the warranty period is over.
How dare you demand privacy!
I can’t wait to see tuturials. I don’t know much about cars and would love to see people disable these, or perhaps do something malicious. Not that I have a new enough car yet, but I know one day it’s going to be unavoidable.
As long as you know where they are, a simple faraday cage should work perfectly. Basically, surround the module with an electrically conductive material to catch radio waves.
I was thinking something like free data plan till they disable the transmitter or at least an unplug. Never bought a new car, do you agree to terms and conditions or sign a contract specifically mentioning/consenting to the tracking?
In Toyota’s there’s a red sticker on the dash talking about it and how to opt-out. (or at least I’ve seen it in a rental and a new car - but it might also be yanked by dealer’s PDI)
If you’re using android auto or something like that this information is going to be transmitted on the same connection used for navigation and internet so you better learn the map of the city again if you want to scape the Spyware.
Simple answer that should always work: surround the chip/antenna with a faraday cage. The hardest part is finding the chip, not in disabling it.
Why not to just break the antenna (or whatever it has) in half? It’s much simpler and shouldn’t cause damage to the chip itself
The antennae only likely won’t reduce range enough. Check for an opt-out procedure prior to purchase since that’s easiest, then look for what fuse powers the connection (also easy), but worse case, lay eyes on the module itself and evaluate.
Yea I guess it’s a better choice
Wrap the modem in tinfoil.
Louis Rossman has more than one video on the topic of newer cars that are basically always connected to the internet and all of the data harvesting they do. Here’s one
Is there any way you can sever that connection, or does it brick the car? I don’t want my car connected to anything. Ever.
The issue is the cellular modem built into most cars nowadays. It can vary in difficulty to disable or remove, with the added bonus of potentially taking other services that are attached to it such as Bluetooth. It fucking sucks. I don’t know more details than that.
On some vehicles, you can apparently disable it.
Here’s what one guy found works on a 2023 Corolla, where it’s getting increasingly-more-of-a-pain-in-the-ass than in earlier models:
https://www.bitchute.com/video/epzioGDOdTeo/
Apparently, it used to be possible to just pull a fuse out of the fuse panel in prior years.
I’d also add that I don’t know for sure what the impact is. I’d imagine that it voids your warranty. I don’t know if the car manufacturer relies on this communication mechanism to push out firmware updates for the car, but if so, I suppose that one might not get firmware updates.
Apparently some older Hyundais disable themselves, because they can’t speak newer cell phone protocols, and those older cell towers are going offline, which causes the connectivity to be severed.
https://owners.hyundaiusa.com/us/en/resources/blue-link/2g-3g-wireless-service-update
258 pages?! That’s half of MS’s office format specification!
We don’t have to worry about the government tracking us everywhere we go. These corporations will do it for them and then sell the data for a proft.
That’s right. The thing that anti-government people seem to forget is that, left unchecked, corporations are much worse than oppressive governments. Democratic Nations need to be vigilant of both.
What a great use of my tax dollars.
Not will, do: https://www.politico.com/news/magazine/2024/02/28/government-buying-your-data-00143742
This is how you radicalize a populace. Fuckin stupid move.
Unfortunately one of their customers is the government, so we still have to worry about that too.
The government buys your data, too. And not just your government.
For any legal case, government or your spouse’s divorce attorney, it’s a low bar to soupeana “business records” from these companies.
The US needs stronger data protection and privacy laws. Unfortunately, the corporations buy enough politicians to prevent it.
I will end up living in the woods at this rate.
Planet Labs saves an image of the world – including whatever woods you’re referring to – at 3-meter resolution every day.
Stay outta my tree!
Is that the whole text of the article? (paywall) Was there any investigation as to the source of the data on the report? As this is a leased vehicle, I would not be surprised if the data came from a dealer module that they use to immobilize the vehicle if you miss a payment or otherwise violate your lease.
Car companies are directly sending this data to the brokers in exchange for “low millions of dollars.” Imagine destroying all consumer trust in a multi-billion dollar brand for so little. I would never even consider buying a GM or any brand involved in this.
EVERY brand is involved in this. Mozilla org investigated literally every car manufacturer available in the United States last year and gave them all an F for privacy.
I dunno if motorcycles have the infrastructure. I guess if you were willing to ride a motorcycle, that might avoid it.
Obviously it’s possible to stick telemetry on even small vehicles like that, given that the e-bike and e-scooter rental companies rely on it.
Yeah, I had thought about buying a Bolt because they’re reasonably inexpensive EVs, but this is a definite nope from me.
Unfortunately its not a third party module but manufacturer built-in features.
Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis.
We need to start poisoning this data. I don’t think the solution is to cut the wires, I think it’s to send bogus data. Just make it so that no matter how I drive, the data is always overwritten that I traveled 5 miles at 30mph average with no hard stops and no hard accelerations. I only ever make that trip. Wanna base my insurance off that? Go for it.
Anyways I like the technical ability to do this, but wonder if some enterprising person could hack the obd to constantly overwrite the data here.
Again I want to poison this data. It should be illegal, but it’s not. Companies will charge me more if I block it. So the solution is data poisoning imo.
Incidentally we need to be poisoning ALL data brokers and collectors for these types of things.
I’ll take the route of I’m not going to own a car that will tell on me, or I will make that car not report.
Incidentally we need to be poisoning ALL data brokers and collectors for these types of things.
Go here for a good start: https://adnauseam.io/
Thank you for sharing!!
It might be nice if auto reviewers included a “privacy rating” for a vehicle based OK whether it broadcasts anything via radio (e.g. cell or tire-pressure systems can be used to identify someone). It’s not just auto manufacturers, but anyone who wants to set up a radio monitoring network, if there are unique IDs being broadcast.
I don’t know how a reviewer could know whether there’s a way for a manufacturer to gather logs during maintenance.
They’ll never give a review like that because they need manufacturers to send them more cars to review.
i think we should also flood them with so much data it cant keep upnandevendecipher what is really anymore. Same for computer habits. Flood it with random data.
Use AdNauseam
We didn’t see that one coming huh
meanwhile I have to pre fill out some forms so the sherrif office can track it if its stolen. It cracks me up how the government getting things is a big deal but corpos then no worries.
