1 2 3 4
Brake_L8
Brake_L8 Reader
12/11/19 10:21 a.m.
The0retical said:

So finding them isn't usually too hard, if you suspect that one is present, for someone with some automotive knowledge and a wiring diagram.

Generally these systems need a constant 12v source, so that they can phone home, and need to be placed somewhere with a decent line of sight so a giant antenna isn't necessary.

Thankfully, I poked my head under the steering column and saw an errant, thin, red wire. Was easy to trace to the outside of the dashboard on the driver's side. One trim panel popped off (just clips in) and I found a harness they had tapped into. Ground was a door hinge bolt. The GPS box itself was stuffed up on top of the steering column. I cut my hands up something awful (it was Velcroed in place) but got it out.

Brake_L8
Brake_L8 Reader
12/11/19 10:24 a.m.

Worth noting, my article on Out Motorsports reached the folks at Kahu. Ended up having a phone call with the lead of Product Marketing and a lead Customer Service rep to discuss my uh, concerns. I grilled them pretty hard on where the data goes and they insisted they don't sell it or share it - only using it to provide stolen vehicle recovery or mileage-based service notifications... but I'm still very leery of a company of this specialty having that data.

I'm with David... I trust my cell phone carrier and/or FCA to handle my data responsibly (ish). A company (Kahu) owned by a bigger company (Spireon) that exists for the sake of fleet management and vehicle repossession? Nah, I'm good.

maschinenbau
maschinenbau GRM+ Memberand SuperDork
12/11/19 10:33 a.m.

Re: plate scanners. Really informative article last year on that. All that data is sold, often to other repo companies, insurance companies, and even law enforcement. With enough scans, they can accurately deduce your personal schedule and actual home/work address (if different from what the dealer knows) and plan repos accordingly. This tracker is probably in that same vein of business plan.

https://www.washingtonpost.com/business/economy/the-surprising-return-of-the-repo-man/2018/05/15/26fcd30e-4d5a-11e8-af46-b1d6dc0d9bfe_story.html

 

David S. Wallens
David S. Wallens Editorial Director
12/11/19 10:33 a.m.
The0retical said:

In reply to David S. Wallens :

There's also no oversight for these types of operations.

A little while back I was at a PCA cars and coffee at the local Panera while one of those repo cars cruised through the parking lot. At the time, I was chatting with a buddy who's a retired detective. He now teaches criminal justice.

If a police officer came here and manually jotted down every license plate number, he said, we'd all be in the chief's office screaming bloody murder. But no one seems to care about the plate readers. 

And then he added: Who was that, where is that data going, and who has access to it? 

The0retical
The0retical UberDork
12/11/19 10:34 a.m.
Brake_L8 said:
The0retical said:

So finding them isn't usually too hard, if you suspect that one is present, for someone with some automotive knowledge and a wiring diagram.

Generally these systems need a constant 12v source, so that they can phone home, and need to be placed somewhere with a decent line of sight so a giant antenna isn't necessary.

Thankfully, I poked my head under the steering column and saw an errant, thin, red wire. Was easy to trace to the outside of the dashboard on the driver's side. One trim panel popped off (just clips in) and I found a harness they had tapped into. Ground was a door hinge bolt. The GPS box itself was stuffed up on top of the steering column. I cut my hands up something awful (it was Velcroed in place) but got it out.

That's a pretty common way to locate them. It's hard to make the wiring look factory without some pretty serious time and effort, which isn't tricking down to the installer.

It's obnoxious that these devices can be installed in this way without any legal consequence, provided of course it isn't a government entity. It just shows how valuable data really can be in this day and age.

Rons
Rons GRM+ Memberand Reader
12/11/19 10:47 a.m.

In reply to David S. Wallens :

Putting aside other data uses this could be the parking lot owner attempting some parking enforcement. A car parked overtime generates a flag and regular overtime generates a letter.  Disregard the letter and you get towed.

The0retical
The0retical UberDork
12/11/19 11:02 a.m.
David S. Wallens said:
The0retical said:

In reply to David S. Wallens :

There's also no oversight for these types of operations.

A little while back I was at a PCA cars and coffee at the local Panera while one of those repo cars cruised through the parking lot. At the time, I was chatting with a buddy who's a retired detective. He now teaches criminal justice.

If a police officer came here and manually jotted down every license plate number, he said, we'd all be in the chief's office screaming bloody murder. But no one seems to care about the plate readers. 

And then he added: Who was that, where is that data going, and who has access to it? 

The thing is that if the your friend had been doing that, it was still perfectly legal because license plates have been held to be in plain sight. The problem is, if the local law enforcement was ovbiously doing that in the past, it really had a negative effect on the community. The last 18 years have changed things a fair bit *. Unfortunately state and federal regulators simply haven't been able to keep pace.

You can see where this regulation would be required from some of the insights into the PRISM program. It's come out, time and time again, that many NSA contractors were using the aggregated data spy on co-works, love interests, ex-wives, etc. Data that theoretically shouldn't have been collected in the first place as the NSA (due to limitations by FISA) isn't supposed to be collecting data on US citizens and in the past wouldn't have been possible.

A lot of work has gone into structuring big data over the last 10 years, which makes it ripe for exploitation on a whim. A big part of the work organizations like the EFF involved in as of late is attempting to put some controls on these types of collection and access activities.

 

*I know the FBI has been in some hot water before, both during and following the civil rights era, because they were manually performing this very type of tracking of dissidents. LPR's, along with their supporting software tools, just make it easy to do it low key and enmass these days.

bigdaddylee82
bigdaddylee82 UltraDork
12/11/19 11:12 a.m.

I would be demanding the dealer replace the wiring harness they hacked up to install the Orwellian device.

pres589 (djronnebaum)
pres589 (djronnebaum) PowerDork
12/11/19 11:35 a.m.
Javelin said:

You have to have it in 20 days... ADS-B

Unless I'm mistaken, and I might be as I'm not a pilot, if the ADS-B Out mandate applies to your aircraft then you have to file flight plans already.  You can also just pull the breaker if you really want that system off.

Brake_L8
Brake_L8 Reader
12/11/19 11:36 a.m.
bigdaddylee82 said:

I would be demanding the dealer replace the wiring harness they hacked up to install the Orwellian device.

I thought about it. Ultimately it's not worth the effort, nor do I want that dealership going anywhere near this truck again. They only tapped into one wire, and though the splice job itself was a disaster, it made removal easy as I just untwisted the connection and covered it up. Would rather just do that instead of having them remove the dashboard and whatever else on a 3.5-year-old truck to put a whole harness in it.

alfadriver
alfadriver MegaDork
12/11/19 11:37 a.m.
Rons said:

In reply to David S. Wallens :

Putting aside other data uses this could be the parking lot owner attempting some parking enforcement. A car parked overtime generates a flag and regular overtime generates a letter.  Disregard the letter and you get towed.

A better time to check for that is when the parking lot is empty thanks to all of the stores being closed.  

Whch is to say, that reasoning is pretty darned thin to justify it.  You should not have to regularly scan hundreds of vehicles only to find the occastional over parker.  That would be one of the least effective and most expensive ways of achiving that specific goal.

jharry3
jharry3 GRM+ Memberand HalfDork
12/11/19 12:01 p.m.

We have all been tracked for years.  Its just more automated now.

Years ago I read an article about how a lot of police on patrol would ride along, just below the speed limit, and type into their computer  the plate number of every car that passed them looking for "hits".   Warrants, stolen vehicle hits, etc.

  Before that it was even less automated with the police just calling in the license plate numbers of "suspicious" vehicles.

And if you have a cell phone with you then your habits are tracked whether you know it or not.    

Cameras are all over the place, more tracking ability.     

I abhor people who tell me "if you have nothing to hide you have nothing to fear" but that is how we are treated, like it or not.

z31maniac
z31maniac MegaDork
12/11/19 12:09 p.m.
bigdaddylee82 said:

I would be demanding the dealer replace the wiring harness they hacked up to install the Orwellian device.

I would have just returned the truck.

Brett_Murphy
Brett_Murphy GRM+ Memberand UltimaDork
12/11/19 12:32 p.m.
Brake_L8 said:

Worth noting, my article on Out Motorsports reached the folks at Kahu. Ended up having a phone call with the lead of Product Marketing and a lead Customer Service rep to discuss my uh, concerns. I grilled them pretty hard on where the data goes and they insisted they don't sell it or share it - only using it to provide stolen vehicle recovery or mileage-based service notifications... but I'm still very leery of a company of this specialty having that data.

 


I'm noping you get more exposure on this issue. Have you considered going to the local news for one of those Consumer Alert things they sometimes run?

noddaz
noddaz GRM+ Memberand SuperDork
12/11/19 12:40 p.m.

Hook that thing up in a taxi cab some where.  Or maybe a long haul trailer.  Let them track.

rslifkin
rslifkin UltraDork
12/11/19 12:42 p.m.
z31maniac said:
bigdaddylee82 said:

I would be demanding the dealer replace the wiring harness they hacked up to install the Orwellian device.

I would have just returned the truck.

Same here.  When they failed to remove it, that means they failed to meet the terms of the deal and I'd be expecting them to take the truck back.  But actually, because of the potential wiring harness hacking, I probably wouldn't have bought the truck in the first place once I knew that thing had been installed.  

Tyler H
Tyler H GRM+ Memberand UberDork
12/11/19 12:43 p.m.
David S. Wallens said:

So, a related item: Who owns that tracking data?

Let's say that Kahu or whoever tracks your driving habits. Where is that data stored, and who has access? What's keeping them from selling that data to anyone with a few bucks? "Hmm, Mr. Jake, we see that you spend a lot of time at tobacco stores, so your health insurance rates are going up."

Ooh....I like where this thread is going.  Let me put on my tinfoil hat.....

Now, what do you guys think about bars/restaurants and liquor stores requiring scanning the back of your DL to buy alcohol?  They get all of the data on the front of your license, not just your DOB.  Who gets access to that data?  What if your on-board GPS database is linked to your ID-scanner and you want to have a drink at dinner?  (Not advocating drinking and driving, but commenting on data correlation.)

I've walked out from my usual liquor store when they started that -- I refused and they said it was policy.  Asked to see the policy, and of course it wasn't written.  (Much less a posted privacy policy.)  I also flat declined a Hooter's waitress that wanted to take my ID to scan it.  Told her no and she looked like she was amazed someone stood up to it.  I'll do without a beer before I just give them my ID to scan.

/Rant off...Now where is my Google phone?

_
_ Dork
12/11/19 12:45 p.m.
Brake_L8 said:

Hi all and thanks David for sharing this!

The dealership follow-up was hilarious, they tried telling me they had "uninstalled the device via software." They threw all sorts of free oil changes and details at me, I told 'em to remove my name and contact info from every CRM tool they had and to not pull this E36 M3 on someone else. I don't need handouts, I just value honesty and getting what I pay for (or don't).

I have always loved that look on someone's face when I tell them "I don't want free crap, I want you to be honest and not slimy." 
the look on their face is "the manager didn't prepare me for this, what do I do now? Honesty? Integrity? What are these words he's speaking?"

_
_ Dork
12/11/19 12:46 p.m.
Tyler H said:
David S. Wallens said:

So, a related item: Who owns that tracking data?

Let's say that Kahu or whoever tracks your driving habits. Where is that data stored, and who has access? What's keeping them from selling that data to anyone with a few bucks? "Hmm, Mr. Jake, we see that you spend a lot of time at tobacco stores, so your health insurance rates are going up."

Ooh....I like where this thread is going.  Let me put on my tinfoil hat.....

Now, what do you guys think about bars/restaurants and liquor stores requiring scanning the back of your DL to buy alcohol?  They get all of the data on the front of your license, not just your DOB.  Who gets access to that data?  What if your on-board GPS database is linked to your ID-scanner and you want to have a drink at dinner?  (Not advocating drinking and driving, but commenting on data correlation.)

I've walked out from my usual liquor store when they started that -- I refused and they said it was policy.  Asked to see the policy, and of course it wasn't written.  (Much less a posted privacy policy.)  I also flat declined a Hooter's waitress that wanted to take my ID to scan it.  Told her no and she looked like she was amazed someone stood up to it.  I'll do without a beer before I just give them my ID to scan.

/Rant off...Now where is my Google phone?

A-****ing-men. 

Apexcarver
Apexcarver UltimaDork
12/11/19 12:49 p.m.

lets not start on stores requiring a phone number/email/etc to make a purchase...

_
_ Dork
12/11/19 12:51 p.m.

In reply to Apexcarver :

If that crap starts around here, I'll be making fake ID stuff. I already do it online for anything social media. 

rslifkin
rslifkin UltraDork
12/11/19 12:52 p.m.
Apexcarver said:

lets not start on stores requiring a phone number/email/etc to make a purchase...

I've told a few (looking at you Harbor Freight) "no, you don't need that".  Sometimes they push, other times they get the point, push a few buttons and continue without it.  

Furious_E
Furious_E GRM+ Memberand UltraDork
12/11/19 12:54 p.m.

You know what, I've commented here before about the dealership I bought my FRS from texting/emailing me that my car is soon due for service with alarming accuracy. This post really makes me wonder now how exactly they've been so good at guessing...

Interesting comment about the key as well. I only got one when I bought the car, which BTW I did not find out about until I had 90% of the paperwork signed and regret to this day not throwing a E36 M3 fit about. This dealer has never given me any reason to believe they're anything other than the shady pieces of E36 M3 you'd expect them to be from day one, so I wouldn't put anything past them. Guess I'll be going through the car with a fine toothed comb this weekend.

RevRico
RevRico GRM+ Memberand PowerDork
12/11/19 12:55 p.m.

In reply to rslifkin :

Harbor freight is the place I have the least problem with that. On the one hands because i use a friends inside track account for better pricing, but on the other, it does make returns and swap outs considerably easier when something breaks or they upgrade a model of tool. 

NOT A TA
NOT A TA SuperDork
12/11/19 12:56 p.m.

Meanwhile the Googles street view vehicles drive past our homes easily being able to scan license plates in driveways of many homes but few people care. Do they put that info into a database?

1 2 3 4

You'll need to log in to post.

Our Preferred Partners
cFGJCDJ39pO1Cb4QO5khLxOGj4gVckVORDGlZC8GeW81Lg3h8jo8sUMnK7TWqV7c