Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
abakker 16 hours ago

I mean, even back in the OnStar days, you could "opt out" and cancel the service and it would track you anyway. With BYD or any other car maker, I'd be worried the SIM was a placebo.

observationist 16 hours ago | parent | next [-]

This is where things like a HackRF or flipper zero are useful - leave a scan running over 24 hours from multiple fixed locations within the vehicle and you can detect if there are any wireless transmissions, and then triangulate on exactly where they come from using several pieces of yarn cut to the length of estimated distance from the source.

Cars should be independent, local only devices. Having cloud dependencies is just reckless and stupid.

jmward01 13 hours ago | parent | next [-]

Anyone know of reviewers that do this for cars? I just don't see privacy focused reviews on basically anything. We have reviews about how reparable things are and how good/bad the features are but rarely do I see privacy mentioned or in-depth analysis of TOS and the like to give buyers a sense of how good/bad cars and other devices are. Does everyone just assume it is terrible and go on or is there some reason this isn't a top level item for journalists to evaluate?

ASalazarMX 14 hours ago | parent | prev | next [-]

Can this be done without picking up the myriad of SIMs that pass near your car? How would you know which of them is your ghost SIM?

observationist 13 hours ago | parent [-]

You'd need to differentiate between sources - you'd want to capture every signal, then sort into buckets by frequency, by regular timing, and so forth - if a device is sending a burst every 5 seconds, then you can grab every 5 second occurrence of a signal at that frequency and make a reasonable assumption that all that data is from the same radio.

You can filter for all the frequencies that show up regularly, then you differentiate by signal strength - group occurrences of the same frequency into similar dB buckets, then correlate the changes based on new fixed positions within the car, and run some calculations on changes in signal strength to obtain a dB to distance calculation. The strength to distance calculation can be estimated by making some assumptions about the type of radio you're looking for - a simple cellular module is going to be different than a WiFi repeater, or a wireless fob, or a bluetooth tracker.

From the fixed points within your car, you can tie one end of a piece of yarn to where the sensor was affixed, and the length of the yarn should correlate to your dB to distance estimate for that position, and with 2-3 or even 4-5 threads you'd be able to group their loose ends together to get a rough physical indication of exactly where the radio transmission is coming from.

The grouping won't be exact, but it'll literally point in the right direction, and if the threads are too long, or pointing to something buried in the chassis or whatnot, then you can reduce the lengths of your yarns by the same percentage of reduction and they'll be "pointing" at wherever the radio source is.

You're going to get a general location, like "under the dashboard" or "in the glovebox" or "somewhere under the spare in the trunk", not a millimeter precise location. You could probably vibecode a way of processing the data in a browser, and use a bunch of splats and AI modeling of your car and so forth to get a very precise and useful pinpoint of a device with a fancy UI, but you can just use a spreadsheet and text files of logged signal records, the process isn't super difficult.

13 hours ago | parent | prev [-]
[deleted]
hrimfaxi 16 hours ago | parent | prev | next [-]

What would the car maker gain from adding a decoy sim?

dylan604 15 hours ago | parent | next [-]

analytics. same thing anyone that collects data gets. how they use it might be different. most use it to monetize the data. some might actually use it to improve things. because some do use for making money, those that do for actual improving will always be deemed suspect

hrimfaxi 11 hours ago | parent [-]

You are seriously positing that car manufacturers would install decoy sims in their vehicles to discourage people from finding the true sim, all so they might collect data without potential user disruption?

hobobaggins 6 hours ago | parent | next [-]

There are a lot of smart TV's (name-brand ones!) that will try to connect to any open wifi. Monetizing from analytics and telemetry are literally priced into the cost of the gadget. A lot of smart TV's will even ship with their cameras turned on. And Hyundai/Kia and Subaru literally disabled certain in-car features for people in Massachusetts after the repair bill passed (https://www.wired.com/story/right-to-repair-cars-hackers/)

Given that, I hardly think that 'decoy sims' are much of a stretch.

jsight 8 hours ago | parent | prev | next [-]

It is crazy how paranoid people can be, IMO. They don't seem to understand that these companies don't really value one person's information highly enough to do stuff like that.

It is everyone's information that they value, not that one guy who goes to the trouble of killing the radio.

netsharc 9 hours ago | parent | prev | next [-]

This boring paranoia always comes up in discussions about "smart" devices. In theory possible, in practice too many legal issues, so in reality it's never happened. I find it rather dull when someone brings it up.

array_key_first 7 hours ago | parent [-]

There's some paranoia here but there's also some truth.

Okay, nobody is putting in a placebo sim, but in software, we DO have placebo controls. If you flip a switch saying "don't track me", that usually means "track me slightly less". If you delete something, that doesn't mean delete it - that means keep it, but say it's deleted.

If you go through the Windows install, for instance, even if you flip off all the stuff it will tell you "we're still going to do this, just in less circumstances".

What are those circumstances? I don't know. I'm not even sure Microsoft knows.

dylan604 11 hours ago | parent | prev [-]

yes

hrimfaxi 6 hours ago | parent [-]

What do you imagine their profit per analytics profile to be? I'm genuinely curious. I would think any random individual's data would not be all that valuable.

throwaway290 5 hours ago | parent [-]

It doesn't have to be directly about money. Remember EV manufacturing and export is subsidized by CCP and they really like "national security".

Brian_K_White 5 hours ago | parent | prev [-]

What did GM gain from lying about turning off On-Star?

The only reason a decoy sim is going a bit far to believe, is because it wouldn't actually work. It wouldn't actually fool anyone and would just look bad when the first reviewer pointed it out a year before the car is even available for sale. If it weren't for that, we already have countless example proofs that a company will do literally anything if it will work merely 1% more than whatever it costs. Including car makers obfuscating and even flat out lying about their various connections.

What do they get out of it? data & control, same as ever.

11 hours ago | parent | prev [-]
[deleted]