Driving info collection without permission - how to stop?
Rock Crawling
Joined: Jan 2023
Posts: 292
Likes: 138
From: Southwest
I don't remember exactly, but it's a meme by now. This forum seems to be very reserved about posting links from what used to be Twitter, so google "we and our 692 partners", but I suspect that if you click on "Quote", you will see the link in the text. Another demonstration of how difficult it is to implement privacy and censorship properly.
...and if you didn't lose sleep already, here's more: https://amiunique.org/
Our devices broadcast everything about us shamelessly.
PS: And for extra fun, mouse over on that "&goto=newpost" link in your email and never click on it again.
...and if you didn't lose sleep already, here's more: https://amiunique.org/
Our devices broadcast everything about us shamelessly.
PS: And for extra fun, mouse over on that "&goto=newpost" link in your email and never click on it again.
Last edited by Vadiable Paradox; Aug 5, 2024 at 07:57 PM.
Banned
Joined: Aug 2024
Posts: 4
Likes: 66
Which leads me to wonder, does the system store a bunch of data in hopes of calling home and uploading stored data when it get WiFi access? It would be an interesting experiment to run a packet sniffer in order to see where and what the car sends when it calls home, when on WiFi.
Rock Crawling
Joined: Jan 2023
Posts: 292
Likes: 138
From: Southwest
(not a rhetorical question) Why would anyone want to give an entity they can't verify trustworthiness of access to their WiFi?
Seriously, though; under no circumstances I would allow an IoT device (which, for the purpose of the conversation, this car is) unfiltered access to my networks. At best, connect it to "guest network" where the only thing it can do is to request data from Internet, or send data to Internet, but also enable "guest isolation" which will make it think that it is alone in the whole big scary world. But that would somewhat defeat the purpose, no? So why do it in the first place?
...or the whole content of your network will be uploaded to JLR and whoever breaches it, eventually.
Reminder #1: it's not if, it's when, and how deeply.
Reminder #2: https://amiunique.org/
Seriously, though; under no circumstances I would allow an IoT device (which, for the purpose of the conversation, this car is) unfiltered access to my networks. At best, connect it to "guest network" where the only thing it can do is to request data from Internet, or send data to Internet, but also enable "guest isolation" which will make it think that it is alone in the whole big scary world. But that would somewhat defeat the purpose, no? So why do it in the first place?
...or the whole content of your network will be uploaded to JLR and whoever breaches it, eventually.
Reminder #1: it's not if, it's when, and how deeply.
Reminder #2: https://amiunique.org/
Banned
Joined: Aug 2024
Posts: 4
Likes: 66
(not a rhetorical question) Why would anyone want to give an entity they can't verify trustworthiness of access to their WiFi?
Seriously, though; under no circumstances I would allow an IoT device (which, for the purpose of the conversation, this car is) unfiltered access to my networks. At best, connect it to "guest network" where the only thing it can do is to request data from Internet, or send data to Internet, but also enable "guest isolation" which will make it think that it is alone in the whole big scary world. But that would somewhat defeat the purpose, no? So why do it in the first place?
...or the whole content of your network will be uploaded to JLR and whoever breaches it, eventually.
Seriously, though; under no circumstances I would allow an IoT device (which, for the purpose of the conversation, this car is) unfiltered access to my networks. At best, connect it to "guest network" where the only thing it can do is to request data from Internet, or send data to Internet, but also enable "guest isolation" which will make it think that it is alone in the whole big scary world. But that would somewhat defeat the purpose, no? So why do it in the first place?
...or the whole content of your network will be uploaded to JLR and whoever breaches it, eventually.
Unfortunately, a lot of people do so because they don't care, or because it makes their daily life easier in some way, or perhaps because they simply don't know any better. Lots on NPCs out there in the world, my good Sir.
No argument with what you're saying, and I agree with not allowing IoT (and cars in general), access to WiFi.
However, an IoT, like you said, can be isolated on a separate network, especially for packet sniffing and tracing purposes. I just want to see what the car sends home while on the customer's WiFi connection. Of course, it will be on a dedicated access point with no access to the rest of my network.
Thread Starter
|
Mudding
Joined: Jan 2024
Posts: 177
Likes: 148
A few things:
Land rover is paying to have 4G access to these trucks specifically for telematics. We do not have access to this account, only JLR, and they have this access regardless of any agreement you may have made or not made with them. So there's no need for you to connect the truck via your home's WiFi for JLR to slurp up any info they please (whether they do so without permission is an open question, and this might depend on where you live).
Yes, there is a 4G antenna in the shark-fin, fed by a cable from a telematics module in the left rear quarter panel area. If you disconnect the wire, then the car can't communicate with JLR. I don't have information on which of the 5 connectors leads to the 4G antenna yet, but it shouldn't be hard to find or figure out.
Except... there's apparently a "backup antenna" in the telematics module! I don't know if that's only usable for short-range communications or whether it's mostly just fine for general access to the truck. Also, the module uses an "e-sim", not a card, so you can't just pull it. If I had the module in my hands, I could likely spot and thwart this backup antenna too, but I've hesitated to rip things apart so far (I need to watch some videos, if I can find one about removing all that trim).
Other matters: If the antenna (or both of them, anyway) is disabled, then the "find my car" feature (e.g., if it's stolen) is also disabled, along with a few other features such as emergency notification if you crash, remote start, etc.
Although I can't say for sure, it would be very surprising if the cars didn't store the last n days/weeks/whatever of data. But I'm less concerned about that than omnipresent day-to-day spying via remote telemetry.
I've still not heard back from JLR or my dealer. I suspect JLR isn't well-prepared to deal with these matters, even though they are legally obligated to reply (at least in California). Unfortunately, the law here allows them 45 days to respond, and even at that point they can give themselves an additional 45 days if they please.
Land rover is paying to have 4G access to these trucks specifically for telematics. We do not have access to this account, only JLR, and they have this access regardless of any agreement you may have made or not made with them. So there's no need for you to connect the truck via your home's WiFi for JLR to slurp up any info they please (whether they do so without permission is an open question, and this might depend on where you live).
Yes, there is a 4G antenna in the shark-fin, fed by a cable from a telematics module in the left rear quarter panel area. If you disconnect the wire, then the car can't communicate with JLR. I don't have information on which of the 5 connectors leads to the 4G antenna yet, but it shouldn't be hard to find or figure out.
Except... there's apparently a "backup antenna" in the telematics module! I don't know if that's only usable for short-range communications or whether it's mostly just fine for general access to the truck. Also, the module uses an "e-sim", not a card, so you can't just pull it. If I had the module in my hands, I could likely spot and thwart this backup antenna too, but I've hesitated to rip things apart so far (I need to watch some videos, if I can find one about removing all that trim).
Other matters: If the antenna (or both of them, anyway) is disabled, then the "find my car" feature (e.g., if it's stolen) is also disabled, along with a few other features such as emergency notification if you crash, remote start, etc.
Although I can't say for sure, it would be very surprising if the cars didn't store the last n days/weeks/whatever of data. But I'm less concerned about that than omnipresent day-to-day spying via remote telemetry.
I've still not heard back from JLR or my dealer. I suspect JLR isn't well-prepared to deal with these matters, even though they are legally obligated to reply (at least in California). Unfortunately, the law here allows them 45 days to respond, and even at that point they can give themselves an additional 45 days if they please.
Last edited by Zondar; Aug 8, 2024 at 01:32 PM.
Recovery Vehicle
Joined: Dec 2011
Posts: 1,151
Likes: 459
From: USA
Reading this with interest @Zondar and @Kazimir
It would be nice to figure out a sure way to disable telematics without messing up the rest of the electronics in the car. Customers need to be given the option to opt in or opt out of data gathering by the manufacturer. We all know that this data ends up being sold to someone out there. My beef is that an insurance company will get hold of the data and jack up your premium because you are on your brakes too much or drive above the speed limit etc...
It would be nice to figure out a sure way to disable telematics without messing up the rest of the electronics in the car. Customers need to be given the option to opt in or opt out of data gathering by the manufacturer. We all know that this data ends up being sold to someone out there. My beef is that an insurance company will get hold of the data and jack up your premium because you are on your brakes too much or drive above the speed limit etc...
Thread Starter
|
Mudding
Joined: Jan 2024
Posts: 177
Likes: 148
PowerfulUK has a video that shows access to the shark-fin antenna's base here:
They mentioned how the panel was quite stubborn (and they broke a clip), and it looks cramped, but it's probably still much easier to access the cables here than via the rear side panel. Once the panel is removed you can bend down the headliner slightly, and access to the wires then seems possible.
Unfortunately, I still don't know which wire is the LTE one. Does anyone have documentation on that? There are 5, I believe, which should also include a GPS wire, another for satellite radio, a multi-pin connector for the camera (if you have that), and I'm not sure what the final one should be (possibly a second LTE band, or maybe power for the camera?).
The same site also has a video on removing the rear side interior trim, which is considerably more involved. However, I did not spot the telematics module in their video.
As an aside: I found a video where a guy took apart an LG telematics module and a shark-fin that he found along the side of the road (from the look of the shark-fin, not from a Defender, clearly, though our cars also use LG modules). Apparently, car thieves immediately rip these things out and toss them. The LG module he took apart contains the LTE sub-system on a slide-out daughter-card. No other "backup antenna" was visibly present, but the module may differ from the LG one in our cars. I noted that the sub-module had two connectors, so perhaps there are two cables for two different bands.
They mentioned how the panel was quite stubborn (and they broke a clip), and it looks cramped, but it's probably still much easier to access the cables here than via the rear side panel. Once the panel is removed you can bend down the headliner slightly, and access to the wires then seems possible.
Unfortunately, I still don't know which wire is the LTE one. Does anyone have documentation on that? There are 5, I believe, which should also include a GPS wire, another for satellite radio, a multi-pin connector for the camera (if you have that), and I'm not sure what the final one should be (possibly a second LTE band, or maybe power for the camera?).
The same site also has a video on removing the rear side interior trim, which is considerably more involved. However, I did not spot the telematics module in their video.
As an aside: I found a video where a guy took apart an LG telematics module and a shark-fin that he found along the side of the road (from the look of the shark-fin, not from a Defender, clearly, though our cars also use LG modules). Apparently, car thieves immediately rip these things out and toss them. The LG module he took apart contains the LTE sub-system on a slide-out daughter-card. No other "backup antenna" was visibly present, but the module may differ from the LG one in our cars. I noted that the sub-module had two connectors, so perhaps there are two cables for two different bands.
Last edited by Zondar; Aug 8, 2024 at 03:42 PM.
Rock Crawling
Joined: Aug 2021
Posts: 487
Likes: 497
From: Flagstaff, AZ
Thread Starter
|
Mudding
Joined: Jan 2024
Posts: 177
Likes: 148
Sadly, that article doesn't mention JLR.
Anyway, I note how easy it is to opt-out right from the entertainment screen in some other cars, e.g. with a slider or two. Porsche, for example, has a one-click "private mode," and BMW will deactivate the SIM in the car upon request. As far as things go these days, that's pretty good.
Now if only JLR had the same respect for their customers. 🙄
Anyway, I note how easy it is to opt-out right from the entertainment screen in some other cars, e.g. with a slider or two. Porsche, for example, has a one-click "private mode," and BMW will deactivate the SIM in the car upon request. As far as things go these days, that's pretty good.
Now if only JLR had the same respect for their customers. 🙄