Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jacquesm 7 hours ago

This goes beyond the 'right to repair' to simply the right of ownership. These remote updates prove again and again that even though you paid for something you don't actually own it.

bloomingeek 6 hours ago | parent | next [-]

It's basically the same for our automobiles, just try to disable the "phone home" parts connected to the fin on the roof. Do we really own out cars if we can't stop the manufacturer from telling us we need to change our oil through email?

reaperducer 6 hours ago | parent [-]

Buy a Volvo. Then you can pop out the SIM card to disable the car's cellular communication. (On mine, located behind the mirror.)

When you really need it, like to download maps into the satnav, you can connect it to your home WiFi, or tether via Bluetooth.

wasmainiac 5 hours ago | parent | next [-]

Hahah, I just traded in 2023 (unrelated brand) for 2012 model since it was less of a computer. Computer systems in the newer car kept having faults that caused sporadic electrical issues workshops couldn’t fix. I just want my car to be a car and nothing else.

AtheistOfFail 3 hours ago | parent [-]

2005 Toyota Corolla.

jacquesm 2 hours ago | parent [-]

1997... and that's my last car. No way I'm going to be driving around in a piece of spyware.

Tarball10 6 hours ago | parent | prev | next [-]

Until they switch to eSIM...

blibble 6 hours ago | parent [-]

cut the antenna

jeroenhd 6 hours ago | parent [-]

... and get a Check Engine light+fault code for the built-in emergency SOS feature, thereby making it unable to pass vehicle inspection until you fix the antennae

0xbadcafebee 5 hours ago | parent | next [-]

so either 1) disconnect it most of the time and reconnect it for inspections, or 2) buy a dummy load RF terminator matching the resistance of your antenna

cmxch 2 hours ago | parent | prev [-]

Live in an inspection free state.

g-b-r 6 hours ago | parent | prev | next [-]

Chinese-owned Volvo?

OnePlus and other Chinese brands were modders-friendly until they suddenly weren't, I wouldn't rely on your car not getting more hostile at a certain point

daemin 2 hours ago | parent | next [-]

There was a video by MKBHD where he said that every new phone manufacturer starts off being the hero and doing something different and consumer/user friendly before with growth and competition they evolve into just another mass market phone manufacturer. Realistically this is because they wouldn't be able to survive without being able to make and sell mass market phones. This has already happened to OnePlus back half a decade ago when they merged with Oppo, and it's arguably happened with ASUS as well when they cancelled the small form factor phone a couple years ago.

reaperducer an hour ago | parent | prev [-]

Chinese-owned Volvo?

Shhh. Nobody tell him where his phone, computer, and vast majority of everything else in his house was made.

fragmede 4 hours ago | parent | prev [-]

A phone without SIM can still be used to call emergency services (911/999/0118999 8819991197253). The situation we're discussing though is an attack by an extremely-APT. You really think not having the SIM card is going to do anything? If the cell phone hardware is powered up, it's available. All the APT has to do is have put their code into the baseband at some point, maybe at the Volvo factory when the car was programmed, and get the cooperation of a cell-phone tower, or use a Stingray to report where the car is when in range.

mystraline 6 hours ago | parent | prev [-]

Indeed.

My ownership is proved by my receipt from the store I bought it from.

This vandalization at scale is a CFAA violation. I'd also argue it is a fraudulent sale since not all rights were transferred at sale, and misrepresented a sale instead of an indefinite rental.

And its likely a RICO act, since the C levels and BOD likely knew and/or ordered it.

And damn near everything's wire fraud.

But if anybody does manage to take them to court and win, what would we see? A $10 voucher for the next Oneplus phone? Like we'd buy another.

dataflow 6 hours ago | parent | next [-]

As far as legal arguments go, I imagine their first counter would be that you agreed to the update, so it's on you.

mystraline 6 hours ago | parent [-]

A forced update or continual loop of "yes" or "later" is not consent. The fact that there is no "No" option shows that.

Fabricated or fake consent, or worse, forced automated updates, indicates that the company is the owner and exerting ownership-level control. Thus the sale was fraudulently conducted as a sale but is really an indefinite rental.

ndriscoll 3 hours ago | parent [-]

It Is not an indefinite rental. A sale can't be "misrepresented". It is a blatant CFAA violation. They are accessing your computer, modifying its configuration, and exfiltrating your private data without your authorization.

If I buy a used vehicle for example, I have exactly zero relationship with the manufacturer. I never agree to anything at all with them. I turn the car on and it goes. They do not have any authorization to touch anything.

We shouldn't confuse what's happening here. The engineers working on these systems that access people's computers without authorization should absolutely be in prison right alongside the executives that allowed or pushed for it. They know exactly what they're doing.

inkyoto an hour ago | parent [-]

> If I buy a used vehicle for example, I have exactly zero relationship with the manufacturer. I never agree to anything at all with them. I turn the car on and it goes. They do not have any authorization to touch anything.

Generally speaking and most of the time, yes; however, there are a few caveats. The following uses common law – to narrow the scope of the discussion down.

As a matter of property, the second-hand purchaser owns the chattel. The manufacturer has no general residual right(s) to «touch» the car merely because it made it. Common law sets a high bar against unauthorised interference.

The manufacturer still owes duties to foreseeable users – a law-imposed duty relationship in tort (and often statute) concerning safety, defects, warnings, and misrepresentations. This is a unidirectional relationship – from the manufacturer to the car owner and covers product safety, recalls, negligence (on the manufacturer's behalf) and alike – irrespective of whether it was a first- or second-hand purchase.

One caveat is that if the purchased second-hand car has the residual warranty period left, and the second-hand buyer desires that the warranty be transferred to them, a time-limited, owner-to-manufacturer relationship will exist. The buyer, of course, has no obligation to accept the warranty transfer, and they may choose to forgo the remaining warranty.

The second caveat is that manufacturers have tried (successfully or not – depends on the jurisdiction) to assert that the buyer (first- or second-hand) owns the hardware (the rust bucket), and users (the owners) receive a licence to use the software – and not infrequently with strings attached (conditions, restrictions, updates and account terms).

Under common law, however, even if a software licence exists, the manufacturer does not automatically get a free-standing right to remotely alter the vehicle whenever they wish. Any such right has to come from a valid contractual arrangement, a statutory power, or the consent, privity still works and requires a consent – all of which weakens the manufacturer's legal standing.

Lastly, depending on the jurisdication, the manufacturer can even be sued for installing an OTA update on the basis of the car being a computer on wheels, and the OTA update being an event of unauthorised access to the computer and its data, which is oftenimes a criminal offence. This hinges on the fact that the second-hand buyer has not entered into a consentual relationship with the manufacturer after the purchase.

A bit of a lengthy write-up but legal stuff is always a fuster cluck and a rabit hole of nitpicking and nuances.

amelius 6 hours ago | parent | prev [-]

Their defense would probably be like: "you clicked Yes on the EULA form."