I suspect this data is made "anonymous" and sold to insurance companies and misc data brokers. If it's linked to my insurance company, I don't want to jack my rates. Further, I've thus far avoided a CFAA conviction and I'd like to keep it that way.

▲

andrei_says_ 2 hours ago | parent | next [-]

As anonymous as there are Miatas in your neighborhood parking in your driveway.

▲

mindslight 3 hours ago | parent | prev [-]

It would be an extremely totalitarian dynamic to be persecuted with the CFAA for modifying a device you own based on part of it having been (nonconsensually!) programmed by a third party to upload data to their own server. You own the device, so anything you do within that device is authorized. And the code that uploads the data is authorized to do so because it was put there by the same company that owns [controls] the servers themselves.

I do know that the CFAA essentially gets interpreted to mean whatever the corpos want it to mean - it's basically an anti-witch law - so it's best to steer clear. And this goes double with with the current overtly pay-to-play regime. But just saying.

(Awesome description btw! I really wish I'd find a buying guide for many makes/models of cars that detail how well they can be unshackled from digital authoritarianism. A Miata is not the type of vehicle I am in the market for (which is unfortunate, for several reasons))

▲

emidln 3 hours ago | parent | next [-]

If you can be prosecuted for guessing urls you can be prosecuted for sending garbage data in a way you know will be uploaded to a remote system.

▲

vkou a minute ago | parent | next [-]

You think criminalizing guessing URLs is unreasonable.

What about guessing passwords? Should someone be prosecuted for just trying to bruteforce them until one works?

▲

mindslight 2 hours ago | parent | prev [-]

As a strictly logical assertion, I do not agree. Guessing URLs is crafting new types of interactions with a server. The built in surveillance uploader is still only accessing the server in the way it has already been explicitly authorized. Trying to tie some nebulous TOS to a situation that the manufacturer has deliberately created reeks of the same type of website-TOS shenanigans courts have (actually!) struck down.

As a pragmatic matter, I do completely understand where you're coming from (my second paragraph). In a sense, if one can get to the point of being convicted they have been kind of fortunate - it means they didn't kill themselves under the crushing pressure of a team of federal persecutors whose day job is making your life miserable.

	▲	monerozcash 13 minutes ago \| parent [-]
		>(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; If your goal is to deliberately "poison" their data as suggested before, it's kind of obvious that you are knowingly causing the transmission of information in an effort to intentionally cause damage to a protected computer without authorization to cause such damage. >Trying to tie some nebulous TOS to a situation that the manufacturer has deliberately created reeks of the same type of website-TOS shenanigans courts have (actually!) struck down. This has very little to do with the TOS though, unless the TOS specifically states that you are in fact allowed to deliberately damage their systems. And no, causing damage to a computer does not refer to hackers turning computers into bombs. But rather specifically situations like this.

▲

6 minutes ago | parent | prev | next [-]

[deleted]

▲

monerozcash 2 hours ago | parent | prev | next [-]

Prosecuting someone for deliberately injecting garbage data into another persons system hardly seems totalitarian.

> You own the device, so anything you do within that device is authorized

You're very clearly describing a situation where at least some of the things you're doing aren't happening on your own device.

>I do know that the CFAA essentially gets interpreted to mean whatever the corpos want it to mean - it's basically an anti-witch law

FWIW this is simply not true. The essence of the CFAA is "do not deliberately do anything bad to computers that belong to other people".

The supreme court even recently tightened the definition of "unauthorized access" to ensure that you can't play silly games with terms of service and the CFAA. https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf

▲

elzbardico an hour ago | parent [-]

My device. I generate whatever the fuck the data I want. If you log it, kiss my ass.

	▲	monerozcash 23 minutes ago \| parent [-]
		Sure, I have the same attitude when it comes to the government telling me that I'm not allowed to use drugs. Doesn't mean I'm in the clear from a legal point of view. However, it's worth clarifying that the important detail isn't generating the data, but sending it. Particularly the clearly stated malicious intent of "poisoning" their data. This seems like exactly what the lawmakers writing CFAA sought to criminalize, and is frankly much better justified than perhaps the bulk of things they tend to come up with. >(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; Doesn't seem exactly unfair to me, even if facing federal charges over silly vandalism is perhaps a bit much. Of course, you'd realistically be facing a fine.

▲

2 hours ago | parent | prev [-]

[deleted]