Last year I requested a Carfax on it, and one of the fields in the request was current mileage. I entered an estimate like 75000 miles. On form submission, that field failed validation with the red subtext along the lines of 'this is less than the last reported mileage of 75345, reported <5 or so days prior>'. Checking my odometer and looking at my past few days' trips, that was indeed accurate.

The car hadn't been to a shop or out of my possession in weeks, so I can only assume the telemetry was still dialing home and selling to third parties despite my best efforts to disable it.

Anecdotal and not unexpected in the grand scheme, but it still surprised me.

The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.

They are both very cagey with how they talk about this (or don't).

  Important: Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then it does not do that (see the discussion here and elsewhere), so I exclusively use CarPlay via USB. I wish I had a way to completely disable the car’s Bluetooth functionality, but it’s deeply integrated into the head unit.

Following the thread linked to, the only thing I can find is very unsubstantiated; https://www.rav4world.com/threads/2019-rav4-dcm-deactivate-p... :

  One caveat, if you use bluetooth to connect your phone to the car DCM will use your phone to connect to the mother ship and presumably send your data. I only use my iPhone cable to connect to the car which does not have this effect.

I have reported this to Toyota multiple times with videos detailing the problem and they have denied the problem and ultimately when faced with the evidence simply refused to fix it.

I've been a big fan of Toyota's Production System and their management culture, but this experience has really diminished the brand for me. I realize these problems exist with all cars today. The pattern seems to be to foist low-quality hardware and software on their customers and take no responsibility for the results. Software bugs aren't what they consider a "typical car problem" so they simply don't fix them.

https://www.mavericktruckclub.com/forum/threads/telematics-f...

As I own two Toyota's I have read through these carefully and consistently the theme is that the owner was opted into this program without knowing it (likely by the sales person clicking through setup steps to enable every feature). If you are not opted in, I have seen no evidence they share driving data.

When I set up my Toyotas, the app clearly walks through the programs they have and you must click either "yes/opt in" or "no/opt out" for each program. It is not opted in by default.

Guaranteed

As mentioned in the article as part of the introduction, there were problems with those car regarding security. Especially with the Rav4 where a colleague, Ken Tindell, showed a very serious flaw: https://kentindell.github.io/2023/04/03/can-injection/

Because of this OEMs build in more and more security, like SecOC with Autosar and other similar things. More and more of those security feature depend certificates in the devices that have an expiration time. Those certificates needs to be rotated regularly. If the rotation does not happen, because of missing communication with the mothership, then the security will fail, which finally will lock you out of your car.

That will be true for all the coming luxury car models.

IRC, Tesla has something like this for years in their cars. They can be offline for a certain period of time. But when this runs out, you will be out of luck.

How is this the case? I thought bluetooth was just sharing my phone's audio. Why would it allow requests over the internet? Surely there's a way to tell the phone not to give its internet connection to any connected bluetooth device?

Modern Kias with the CCNC cockpit have a data connectivity unit that exclusively handles cellular. If you can get this unit unplugged, which only requires two Phillips head screws to remove, your set. It took me nearly 2 years to figure this out. Thanks OP

yes. there ought to be a right to reasonable expectation of behavioral privacy where if it's not obvious and intrinsic to function that behavior is being recorded then it must be consented with functional opt-out.

gps tracking to the manufacturer of a car seems egregious. i wonder if it runs afoul of anti-stalking laws.

If you then charge only at home you’re even more private than gas cars, which must stop at gas stations with cameras.

But both types of vehicles are easily spotted with Flock cameras. And if you keep your phone on that tracks you, too.

I’m not that paranoid so I won’t do it, I just wanted to know.

Afaik phones do not share their internet blindly to Bluetooth devices.

What is the basis for this claim? I've never heard of this capability.

(https://news.ycombinator.com/item?id=47967786)

Jokes aside, I am seriously pissed at Nissan because it was one of reasons I bought it in the first place: to pre-heat or pre-cool the car remotely before going to work, while it is still plugged to the wall charger. And they just decided to take it down. Funny thing, they even mentioned in the email that "not to worry, I can still use my AC when I am in the car". Wow.

Sorry, rant. Anyway, my point being - buy Nissan Leaf, no connectivity guaranteed by the manufacturer, LOL.

Dangerous, but hilarious (Dubai raver has set up a 303 and 606 to make acid house while he drives): https://www.youtube.com/watch?v=mwYtjQk0QaU

Interestingly, Subaru itself used to make a DCM bypass kit for its cars. When AT&T shut down its 3G network, Subaru was stuck replacing all the DCMs, because they would search and search forever for a connection to a network that no longer existed, and slowly drain the battery. But there initially wasn't enough inventory to replace them all, so they offered these bypass kits if you weren't an active Starlink (cloud svcs) subscriber.

But you do all that for privacy... and then you use CarPlay?

For this kind of thing to succeed as a general lifestyle, you would need to invest an enormous amount of time making potentially irreversible modifications to all kinds of electronic equipment - only to be virtually guaranteed to miss something.

Do this kind of thing if you want, but don't be fooled into thinking you're actually solving the problem for real.

I always though ...just need to remove the ... the antenna .. modem would always get no signal and transmissons would always fail....

Same for the GPS.

To verify- no other hiddwen transmitters could use some RF( Radio Frequency) analyzers

[RF analyzer (ie spectrum analyzer) is a tool for measuring the power, frequency, and signal strength of radio frequency signals.]

To me it's a little bit like, "I love these new cellphones but I'm keeping it in airplane mode all the time because I don't want it online"

I mean what's the point of buying a new car if you're going to cripple features that are so much better because it's connected? Sure, use CarPlay or such, but to say forever end things like over the air software updates? Anything to prevent Kia from theoretically detecting sexual activity I suppose [1].

Just buy an old car. Or convert a classic into an EV [2].

There are A LOT of things in our lives that can be completely torn apart if one wants to. Glass is a vastly inferior window covering. Do you know how easy it breaks, and people can just look into it.

1 If you ask me, there's a whole whitepaper to be written about how to detect sexual activity in a Kia.

2 https://www.bugeyeguys.com/category/electric-bugeye/

I'd like to think failure to apply an OTA safety update would trigger a mail-out notification requesting you bring the vehicle into the dealer. But that's probably optimistic...

On the other hand, as mentioned by others: Why bother if you use CarPlay?

You can download and store Open Street Map for individual states. Map data doesn't have to come in over the air. That's not the problem. It's enhancing GPS with cell phone tower data that's the problem. That requires a cell connection.

I hate how this is a trade off. It’s totally possible for cars to broadcast their location only if the SOS is pressed or the crash sensor is triggered, but it feels like there’s no way to have that without also having everything else.

Amen.

Peppers article with Amazon affiliate links

Perfect summation of 2026

All these car manufacturers pushing this horrorshow deserve to go under. Tbh it looks like most will soon....

Removing seems hard/complicated but foil seems within most ppls reach.

Maybe a simpler way is to to slap a Faraday cage on all antennas.

DCM Bypass kit. https://www.autoharnesshouse.com/store/AHH-DCM77

I would be the target customer, but I keep making convenience concessions and buying the nice car / appliance with smart stuff.

I appreciate this guide from a technical perspective, but despite a lot of the stated preferences, I’m not seeing a huge market for it.

Convenience is paramount.

You have the full right to view and ask for deletion.