> But Kennedy's biggest concern at the moment is in the area of automotive safety
No doubt. I was pricing out a Mercedes online, and looking through the summary one of the standard features was "over-the-air updates". That is the last thing in the world I want. An expensive car shouldn't be acting like an Android phone. It shouldn't be connected to the internet at all.
If it's updating anything other than the entertainment system, then they're completely nuts. Get the internet out of my car, I already have a phone for that.
> looking through the summary one of the standard features was "over-the-air updates". That is the last thing in the world I want.
I agree. Under no circumstance would I buy a vehicle that is connected to the internet or is capable of wireless communications, unless I could physically disable that and still be able to use the vehicle.
The industry seems to differ, though, so I pretty much expect that any car I own in my lifetime will be a rather old one.
>I pretty much expect that any car I own in my lifetime will be a rather old one.
I recently came to this conclusion, for similar but not identical reasons. Modern vehicles have increasingly complex electronic and mechanical systems wrapped around the engine to improve efficiency. The complexity is becoming a risk, in my opinion, due to the potential cost of maintaining the vehicle beyond 5 years of age.
My usual buy in is around 5 years old, and the cars I have access to now are a huge liability due to all the additional features that can go wrong (DPF, EGR, variable vane turbo etc etc).
My next vehicle will be an old, normally aspirated, petrol engine with the simplest wiring loom I can find.
not exactly related to the IOT issue in the article, but the actual lifespan of the drivetrain of these EVs is -really- appealing [0]. unfortunate that we have to be worried about the peripheral software issues and can't just get the benefits of the more environmentally friendly and reliable cars
I'm not sure I understand why you're bringing up cop cars...
> Connected and what controls what are two different things
Absolutely true, but even if it were impossible to control the car via the connection (which seems doubtful given that these cars accept OTA software updates), there's still the issue of data collection and reporting.
I fully agree. And I'm absolutely frightened of buying a car these days. For all I know, it has this sort of wifi-connection built in even if none of the marketing materials or promotional materials mention it. Would the rep I'm talking to even know if there is a connection in the car? Is there any legal requirement for them to notify me of connectivity they have with the car?
I'll use this as an excuse to buy a 70's Alfa next time I'm car shopping.
Or older vehicles. Going forward I am not buying anything made after 1970's. And that is fine, because I find them much easier to work on. Pre-smog is also a bonus, for me anyway.
Depends on the city. In some - mainly EU - places old cars are a killer. Everything is set up to strongly discourage use of old cars. e.g. Cars going for peanuts? That's cause it costs a fortune to safely dispose of it as required by law (i.e. recycle). Easily solution is to sell it.
See also Norway's rules about electric cars. That sky high adoption is a direct result of weapons grade carrot & stick to force it
According to a Bloomberg survey of 5,000 model 3 owners, 98% say they would buy it again and the vehicle had surpassed their expectations. 99% percent of respondents said they would recommend the Model 3 to their family or friends.
I live in Puerto Rico where a Tesla doesn't make much sense due to the infrastructure, but these numbers still made my neck hurt with a little bit with FOMO.
I am glad there are people who buy the Tesla and like it.
I was very excited when they were first announced and was heavily considering the Model 3 as an option before it was released. Then I started reading about the features; touch screen controls, OTA updates, telemetry. None of those things are features to me, they are detriments.
Touch screen means that I have to context switch when adjusting temp.
OTA updates means that my car can end up bricked or have a buggy update.
If you disallow remote telemetry (which is an option), I wonder what it would do. You should try one for a weekend. They are a fantastic car. Tesla is very careful and successful with their software updates. You can just refuse to update them (in my 7 years of owning now two of them, I've never had a problem with updates). There have been 2 or 3 updates that were required because they were safety issues (they changed the way the s adjusts the height of the car at high speed to be more conservative in one of them). Tesla software is not like the shit software you'd expect in legacy car companies.
According to a Bloomberg survey of 5,000 model 3 owners, 98% say they would buy it again and the vehicle had surpassed their expectations.
I don't doubt those numbers at all, but here's the trick: I'll bet you could find similar numbers for just about any electric vehicle. And here's why: the odds are extremely good that if you own an electric vehicle, it's your first electric vehicle. The market just isn't that old. I bought one of the first Nissan Leafs, and it's only eight years old.
Okay, so if we can agree that most EV owners are on their first EV, then of course 98% of them are going to buy another one because regardless of make or model, EVs are just that good. Yeah, yeah, you drive from SF to LA every day, but we're not talking about you, we're talking about people that already decided to buy an EV. I'd venture that many are like me, and after a bit feel that ICEs are downright primitive. So their next car is going to be an EV, and why not buy the one I'm already happy with?
> Random reports of software issues have persuaded us to wait
Case in point, the current release that has been rolling out over the last week or so definitely has some ominous bug reports.
But on the other hand, updates aren't forced, you can cancel them when they're offered.
It's a double edge sword, really. I've had several cars that desperately needed an update but it was impossible to get. I think I lean in the direction of having OTA updates available, as long as I maintain 100% control of them. And I need to be able to control data from my car going into the cloud. I think Tesla has both of these covered, though it could be implemented more elegantly.
It's true that there are bugs in software updates. However my car has gotten 5% faster twice from 2 separate software updates. Never had this experience in another car and it's truly fantastic.
Let's be fair. The most recent release has also caused a few people to have near misses as their car goes in a direction opposite to what they intended. Frequent software updates comes with risks.
Yeah of course. As I understand it we all checked boxes basically agreeing to be on the bleeding edge of software updates so that issues like this can be identified fixed before general rollout. Yes it's crazy.
Every car has some random problem. Don't forget there are 30k fires every year in the engine of internal combustion engines (of course there are a lot of those cars). But no one says I won't buy a gas car because it might catch on fire. Tesla quality is generally very high. They are made by humans so there will be some problems, but they can be fixed. My car is 4.5 years old now, recently decided to buy the extended warranty and keep it till it's 8 years old.
If they're going to provide software updates, make it a manual process, like updating the BIOS on a motherboard (not while it's running, need physical access, password protected), with package integrity checks like most Linux distributions have.
I don't think they can be trusted to be either secure or reliable or even supported. Any of them could be remotely disabled at any time as the parent company goes out of business.
On the other hand, at the moment they're mostly in frivolous devices. As they become ubiquitous this is going to demand EU-level intervention, just like the existing WEEE directive against lockout chips on printer cartridges.
Americans will be stuck with caveat emptor levels of consumer protection.
caveat the neighbour of the emptor, whatever that is in Latin.
Your neighbour’s video doorbell will have the easiest time picking up on your face, but your neighbour’s cloud WiFi AP will surely see your WiFi devices coming and going in WiFi range through the day, and how long will it be before Siri is listening to your upstairs neighbor’s footsteps and telling you they’re unusually quiet for this time of the week and maybe you should check on them in the mandatory gig economy of social care?
>caveat the neighbour of the emptor, whatever that is in Latin.
For anyone who's curious, I think that would be "Caveat vicinus emptoris". I only mention it because that should be its own thing, to "beware of spillover from stupid consumers".
A WiFi hotspot with enough antennas can be run as a wall penetrating radar and measure pose, heart rate, and breathing, so a white-hat system would call the ambulance well before any humans could reach the scene even from the next apartment in the same corridor.
I’m more worried about blackmailers prying into sex lives.
In a related vein of your comment: "After being challenged as to whether homeowners should tell guests smart devices - such as a Google Nest speaker or Amazon Echo display - are in use before they enter the building, he concludes that the answer is indeed yes."[0]
Most of them would die when their goddamn unnecessary cloud services shuts down.
Others would die when you upgrade your WiFi Router and the piece of shit doesn't support the new WPA standard. Or worse, it has some ancient 802.11b chip and when it connects it cripples the rest of the network.
IOT devices use standard, commonly available boards and chips, which are meant for widely varied applications, so offer wifi/Internet connectivity easily. So companies can add that "feature" painlessly by applying a snippet of (usually OSS) code. And collecting all the customer data they can is a bonus. No penalty of zero security, major upside if they sell it.
This is dangerous to all of us, even if you don't own any IOT devices.
My brother and father in law bought a bunch cheap WiFi security cameras off of amazon. People online were complaining they phone home all kinds of stuff to Chinese IPs. My father in laws other cameras are Nest which phone to Google but it’s a selling point.
I was going to put the Chinese cameras on a subnet but I don’t want to complicate his network. My father in law has 3 routers with 3 WiFi networks competing with each other; office, living room and outside but that’s a story for another day...at least I got him to replace it with a UniFi AP.
I like UniFi protect because all the data stays at my house and their cameras are strictly no subscriptions.
I have three Wyze cams, which pretty much fit the bill of "cheap WiFi security cams which phone home to Chinese IPs". Though you can flash them with other firmware, if you want to control that. Personally, being in the US, I am less worried about Chinese companies sharing my data with US corps or government agencies (that doesn't seem too likely, somehow) but I would certainly be more nervous if I lived in the PRC. I suppose there's still the possibility they could be compromised to try attack other machines on my network, but those aren't wide open.
Maybe it wouldn't be a bad idea to blackhole those IP ranges on your router? Maybe you're not afraid of the PRC company directly, but who says they aren't going to try to make a buck selling your data to whomever asks?
Not a bad idea (unless you flash your own firmware, since then you'd want to be able to rtsp to them), though I am still fairly skeptical the cams could intercept much on the network that wasn't encrypted, and that their tiny SOCs have the horsepower to do much of that...
I think the clear answer to this is "no" on a couple of different levels. I don't think it's safe to trust that the actual communications are properly secured, and I don't think it's safe to trust the companies that these devices report to.
Every time I try to buy some device that is LAN only and doesn't talk to the net, ever, I usually find zero options or few crappy, expensive choices. Why anyone would install a camera that then talks to some corporation's cloud is beyond me, I have zero interest in that.
The problem is that LAN only can't be verified as long as that LAN also has a route to the public internet. It could be LAN only for the first week so that it passes your initial smoke test, and then goes on to do whatever it wants. Or a firmware update could add new mothership pinging features.
If you want LAN only, you really need to put the device on a LAN that is actually isolated, and use a trusted device to bridge that gap so that you can shuttle commands and responses from your actual network.
I cobbled together my own system that works kind of like this using a raspberry pi and hostapd, and it works quite well for most things.
If you're looking specifically for cameras, go get some Foscams, and use something, anything but the software that comes with them. I use a Synology NAS that can talk to cameras, but there are tons of other options that can talk to generic cameras. The only time the cameras have any interaction with the internet is when the Synology decides to send the stream to my phone. As far as the cameras know, there is no internet.
And if you dig around and aren't all that choosy on features, you can often find Foscams on close out or otherwise dirt cheap. Some I have were $35, with panning; no optical zoom at that price, though.
No doubt. I was pricing out a Mercedes online, and looking through the summary one of the standard features was "over-the-air updates". That is the last thing in the world I want. An expensive car shouldn't be acting like an Android phone. It shouldn't be connected to the internet at all.
If it's updating anything other than the entertainment system, then they're completely nuts. Get the internet out of my car, I already have a phone for that.
I agree. Under no circumstance would I buy a vehicle that is connected to the internet or is capable of wireless communications, unless I could physically disable that and still be able to use the vehicle.
The industry seems to differ, though, so I pretty much expect that any car I own in my lifetime will be a rather old one.
I recently came to this conclusion, for similar but not identical reasons. Modern vehicles have increasingly complex electronic and mechanical systems wrapped around the engine to improve efficiency. The complexity is becoming a risk, in my opinion, due to the potential cost of maintaining the vehicle beyond 5 years of age.
My usual buy in is around 5 years old, and the cars I have access to now are a huge liability due to all the additional features that can go wrong (DPF, EGR, variable vane turbo etc etc).
My next vehicle will be an old, normally aspirated, petrol engine with the simplest wiring loom I can find.
0: https://qz.com/1737145/the-economics-of-driving-seven-teslas...
Connected and what controls what are two different things people do not jump off the cliff just yet
> Connected and what controls what are two different things
Absolutely true, but even if it were impossible to control the car via the connection (which seems doubtful given that these cars accept OTA software updates), there's still the issue of data collection and reporting.
https://arstechnica.com/information-technology/2019/10/five-...
Five months after returning rental car, man still has remote control Man can still track vehicle, lock and unlock it, and start and stop its engine.
I'll use this as an excuse to buy a 70's Alfa next time I'm car shopping.
Think you have a future of cycling ahead of you. I'd be surprised if overair updates aren't standard in <3 years on all cars.
Even that is problematic. Insurance, congestion charge etc
See also Norway's rules about electric cars. That sky high adoption is a direct result of weapons grade carrot & stick to force it
We've been looking to buy an electric vehicle and thought Tesla was a no-brainer. Random reports of software issues have persuaded us to wait.
Now, I'm learning there are more options from more mature brands that just don't receive as much attention as Tesla.
I live in Puerto Rico where a Tesla doesn't make much sense due to the infrastructure, but these numbers still made my neck hurt with a little bit with FOMO.
I was very excited when they were first announced and was heavily considering the Model 3 as an option before it was released. Then I started reading about the features; touch screen controls, OTA updates, telemetry. None of those things are features to me, they are detriments.
Touch screen means that I have to context switch when adjusting temp.
OTA updates means that my car can end up bricked or have a buggy update.
Telemetry is removal of my privacy.
I don't doubt those numbers at all, but here's the trick: I'll bet you could find similar numbers for just about any electric vehicle. And here's why: the odds are extremely good that if you own an electric vehicle, it's your first electric vehicle. The market just isn't that old. I bought one of the first Nissan Leafs, and it's only eight years old.
Okay, so if we can agree that most EV owners are on their first EV, then of course 98% of them are going to buy another one because regardless of make or model, EVs are just that good. Yeah, yeah, you drive from SF to LA every day, but we're not talking about you, we're talking about people that already decided to buy an EV. I'd venture that many are like me, and after a bit feel that ICEs are downright primitive. So their next car is going to be an EV, and why not buy the one I'm already happy with?
Case in point, the current release that has been rolling out over the last week or so definitely has some ominous bug reports.
But on the other hand, updates aren't forced, you can cancel them when they're offered.
It's a double edge sword, really. I've had several cars that desperately needed an update but it was impossible to get. I think I lean in the direction of having OTA updates available, as long as I maintain 100% control of them. And I need to be able to control data from my car going into the cloud. I think Tesla has both of these covered, though it could be implemented more elegantly.
Tesla does over-the-air updates that make fairly significant changes to the way the car operates.
On the other hand, at the moment they're mostly in frivolous devices. As they become ubiquitous this is going to demand EU-level intervention, just like the existing WEEE directive against lockout chips on printer cartridges.
Americans will be stuck with caveat emptor levels of consumer protection.
Your neighbour’s video doorbell will have the easiest time picking up on your face, but your neighbour’s cloud WiFi AP will surely see your WiFi devices coming and going in WiFi range through the day, and how long will it be before Siri is listening to your upstairs neighbor’s footsteps and telling you they’re unusually quiet for this time of the week and maybe you should check on them in the mandatory gig economy of social care?
For anyone who's curious, I think that would be "Caveat vicinus emptoris". I only mention it because that should be its own thing, to "beware of spillover from stupid consumers".
More likely the Ring camera will spot someone that's not in the national Amazon facial database and urge you to report them to ICE.
I’m more worried about blackmailers prying into sex lives.
* [0]: https://www.bbc.com/news/technology-50048144
Others would die when you upgrade your WiFi Router and the piece of shit doesn't support the new WPA standard. Or worse, it has some ancient 802.11b chip and when it connects it cripples the rest of the network.
This is dangerous to all of us, even if you don't own any IOT devices.
I was going to put the Chinese cameras on a subnet but I don’t want to complicate his network. My father in law has 3 routers with 3 WiFi networks competing with each other; office, living room and outside but that’s a story for another day...at least I got him to replace it with a UniFi AP.
I like UniFi protect because all the data stays at my house and their cameras are strictly no subscriptions.
[0] https://twitter.com/kcimc/status/1099934485301276673
www.reddit.com/r/theinternetofshit
Of course not.
https://foundation.mozilla.org/en/privacynotincluded/
expanded to every type of IoT. Imagine a kind of mandatory labelling for any device with data-capture and/or telemetry capabilities.
/end thread
If you want LAN only, you really need to put the device on a LAN that is actually isolated, and use a trusted device to bridge that gap so that you can shuttle commands and responses from your actual network.
I cobbled together my own system that works kind of like this using a raspberry pi and hostapd, and it works quite well for most things.
And if you dig around and aren't all that choosy on features, you can often find Foscams on close out or otherwise dirt cheap. Some I have were $35, with panning; no optical zoom at that price, though.
Long answer: noooooooooooo.