Its known bad.
Mass barres their starlink service and buyers there cannot activate starlink.

 

There's a good writeup on auto privacy here as well (previously posted here elsewhere) https://foundation.mozilla.org/en/p...official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

All bad, Subaru is actually 4th "Least bad", but still bad

Mass didn't bar starlink, Mass passed a right-to-repair law that would require Subaru to allow others access to their data. Subaru took they toys and said "Nope, we'll shut down starlink for MA residents". Had nothing to do with privacy protection by the state of MA. (and incidentally., the law that started this was repealed, so could be that Starlink will come back)

 

Some people worry too much. Better get rid of cell phones. The safety features of starlink are great

 

Since reading the article, I’ve deleted the app from my phone and plan to opt out of any data sharing.

Thank you for this post. If I may ask, how does a person opt out of any data sharing with Starlink and/or Subaru?

 

Your phone and credit/debit cards are the worst offenders.

Opting out is fine but the first steps for those concerned about privacy are to leave the phone at home and pay cash.

 

Your phone and credit/debit cards are the worst offenders.

The first steps for those concerned about privacy are to leave the phone at home and pay cash.

I find it hilarious that the same people who typically have panic attacks about privacy also shop on Temu and use TikTok.

 

Didn't someone already post this before? And wasn't it pretty much shot down? If not, I read through that "article". It's A LOT of bluster without actually looking at facts.

First thing is the app. I just looked at it on my phone (Android) and the only permissions it has is to show me notifications. That's it. There is the option to give it access to my location and calendar but those are not granted and I don't remember it even asking me if I want to give the app those permissions during set-up. I'm pretty sure notifications was the only thing it asked about. The app is not interested in camera, microphone, photos, files, embarrassing google searches for how to spell stupidly simple words, etc.

As for the car itself, most of what I'm seeing is typical CYA legalese for modern tech. Recording of all occupants (which they really go on and on about), that is pretty much the same as when you call customer service of any company anymore. The car is not constantly recording conversations just because you're sitting or driving around in the car. I'm pretty sure the recording aspect is when starlink is activated (either via the overhead button or an accident) and they're "using it for training purposes" and/or using it to cover their butts. A lot of that data they're collecting is stuff you pretty much fill out at the dealer when you buy the car. The car doesn't magically know my driver's license or SSN. Location data is very likely only collected when starlink is activated so they can tell where emergency services to go or if you're using the concierge service to find the nearest coffee or something like that.

The article is a lot of bluster over nothing. The author just read the stuff but didn't actually think about it.

 

Didn't someone already post this before? And wasn't it pretty much shot down? If not, I read through that "article". It's A LOT of bluster without actually looking at facts.

DING! DING! DING-DING-DING!!!!

Yes, this came up a few months ago and the dead horse was beaten repeatedly.

If anybody things that in this day they have ANY privacy online they are seriously mistaken. Even if you have tamped down your security and privacy settings to the most restrictive possible, trust me that your email, your phone number, your social, your address, your this-that-and-the-other is already out there, having been either previously acquired by (then) legal or quasi-legal ways OR has been broadcast out there due to data breaches and the rest.

Privacy no longer exists unless you are using chisels-and-tablets and hand delivery to the recipient.

The article from the Mozilla Foundation - no matter how valid Mozilla can be or is - has been found to be lacking.

When it comes to your Forester, there is no way for Subaru to know YOU are driving your Forester at any given place or time. They may be able to see - through Starlink and GPS capture - know that your Forester was at the intersection of Main Street and 1st Avenue, but it will NOT know if you are driving or your cousin or your child or your spouse or your parent or anything. Even if Bluetooth is picking up your paired phone, there is no way for Big Brother (aka The Man) to know where you are in the car with any certainty beyond that the phone was in the car at the time and paired to the head unit.

Mozilla's article is very much a paranoid, Big Brother Is Watching, Orwellian bit of click bait...

Oh, and there went your privacy again because you clicked the link and read the article on their site.

 

I am sure Subaru is not taping conversations. Taping the sister in law constantly muttering with some creative expletives about other drivers on the road would be YouTube gold.

 

Probably not when Starlink is in standby mode. But Subaru certainly does record conversations when someone in the car activates Starlink to contact Subaru's call center. That is clearly spelled out in their "Philadelphia-lawyer written" Terms & Conditions document. That is no different than calling any other company's customer service center and hearing the introductory notice "This call may be recorded for quality control purposes." Baloney!! Has nothing to do with quality control. You hear that sort of message (and read it in Subaru's Starlink T&C document) so company's comply with various state laws in the US which forbid recording someone's conversation without their knowledge.

 

Yes, privacy threads are becoming the new “who makes the best oil/filter” thread…

Unless you live in a place where sun doesn’t shine, each time you leave your home you are being recorded by doorbells, home security cameras and traffic cameras. You can pay with cash, but each time you obtain that cash, either inside a bank, at an ATM or cash a check, there’s a camera on you, and you’re showing ID to get it. And, don’t forget the actual transaction documentation…

Buying gas, a beer at a 7/11, or a truckload of groceries? You’re recorded there, too. Every camera has time stamps, and what ever you’re transacting is also being recorded. Just get mail at home the traditional way? Yep, there’s data collection involved there, too, just in a reduced form.

Unless you live totally in the black market world, there’s no escaping it.

Carry a cellphone or drive a vehicle? Here’s where some serious data collection can occur. Use the Internet to buy things (or simply look at things), or watch TV via a streaming service? Ditto.

This is the modern world we live in. Sure, you can try to minimize it, but you cannot escape it.

Fortunately, for most of us, all of this is a pretty much benign process and the result is we end up being marketed a lot of stuff we don’t want and don’t need.

The important part…

None of this is going away…it’s only going to increase.

 

<snip>
This is the modern world we live in. Sure, you can try to minimize it, but you cannot escape it.
<snip>

Agreed.

There are way more issues in life to fret over than the data my vehicle is collecting.

 

You may have just realized about what was covered in that article but did you know about "black boxes" that have been in some cars since the 90's? NHTSA has been using them since the early 2000's to collect accident data and these days, most cars have them. They can record accident data and the seconds leading up to the event including speed, throttle position, seatbelt usage, braking, steering position, airbag deployment, etc., etc. Think of them like event data recorders in commercial aircraft. All of that information can be recovered and potentially used against you. There are cases where it was used against drivers already.

If you're really worried about privacy in your vehicle, find yourself a nice 20+ year old car. I'd be more concerned about how a black box can negatively affect your life than Starlink.

As @FelineFreddie mentioned, there are things you can do to reduce your exposure but with more and more ways your privacy is being encroached upon, there's really no way to completely avoid having your information out there unless you are really willing to take all the steps necessary to prevent it. ......and for me, I'm not willing to give up some of the conveniences and tech I find useful in my daily life.

Personally, I prefer to go the route of mitigation voiding truly stupid things like what some do on social media. As far as Starlink, I just turn off all permissions like was mentioned earlier. Their app is one of only a handful I even install on my phone but find extremely useful.

 

My opinion…

If someone’s primary privacy concern is with the lack of privacy inside their Subaru (as well as when they’re using Subaru-associated apps/software/utilities), they’ve already lost the “data security battle”.

This winners in this battle were decided upon decades ago.

 

Next thing we’ll be hearing is how vehicle manufacturers are performing driver and passenger DNA sequencing in real-time as the vehicle is traveling down the highway.

 

@TTiimm is correct in that data can be massaged and extrapolated to a certain level in order to somewhat accurately predict the driver/passenger of a vehicle, but that’s not an absolute. In the end, it’s still just an “educated guess”.

A relatively clever person could easily confound those algorithms if they decided to do so.

It just depends upon how much effort an individual is willing to expend to confuse the data collection system.

But I suspect we’re straying a bit far off the topic heading in this direction.

 

@FelineFreddie

This is data science, not guessing, nor is it even an educated guess.

It's huge business with very smart people - statisticians and mathematicians, behavioral scientists, AI engineers and so forth, making lots of money. They are very good at it.

As for Subaru, they probably collect and sell a bunch of data. Their marketing department probably buys more than it sells though.

 

The point I was making is that the results are not absolute. Yes, it’s a huge business, but it’s educated guessing in the end, and it works well because the results aren’t required to be absolute.

 

You missed a large part of my point - in that Subaru does not know you were driving....

Here's how (and this is the same example I used in that other post about the same Mozilla paranoia abounds link) -

You go out to dinner with the spouse and the spouse's parental units in your Forester. All goes well until - just before desert arrives - you start going "green about the gills" and suffer from a bout of extreme food poisoning, maybe those mussels weren't so fresh after-all.

You all head out to the Forester and pile in - but you're in the backseat suffering from cramps and all the rest, the spouse is back there with you - comforting you, wiping your sweaty brow, caring for you in your hour of need. Pops is driving and mummy-dear is in the passenger seat. Your phone will - of course - connect to the Bluetooth of your Forester as you head home - or to the emergency clinic or whatever.

Subaru does NOT know where you are in the car - all they know is that you (or rather, your phone) is in the car and connected to Bluetooth and that your car is traveling down Rue de St Lawrence (the patron saint of chefs) on the way to the clinic.

If you don't want to consider food poisoning, consider some other medical emergency.... You're in an ambulance and the spouse has your phone and is following the ambulance in the Forester.... You're not even IN the Forester and so the data is now incorrect.

Either way, the potential science and algorithms are confounded by circumstance....

Another? You stop off on the way home at the market to pick up the quart of milk your spouse requested, and a bouquet of flowers, a bottle of wine and a box of chocolates to give to your spouse to celebrate your undying love. You leave your phone in the console, as you will only be in the store a few minutes....

Sadly, in those same few minutes, the professional car thief uses some sort of master key to get into your Forester and lights out of the lot, heading south at an accelerated rate of speed. You come out from the store - "where is my Forester?!?" and ... well, the science and data is confounded and the algorithms are lost.

You're traveling through Denver, stopping for a traffic light. Bob the gangbanger comes along, taps on the window with a 9-mil and politely requests for you to get out of your car (or face some consequences) and you comply. Bob takes off in your car (with your back-pack, your phone and that venti mocha Frappuccino Macchiato half-fat, half-skim in the cup holder.

My point is - that Subaru has no way of knowing YOU (the actual you) are driving the car, all that they know is that the car is being driven along some road going from point A to point B and your phone is in the vehicle. And if you decide to leave your phone at home (as has been suggested above) Subaru only knows the Forester is being driven from point A to point B and then on to point C along some road at some time in some city but has no way of knowing who is driving the Forester.

Yes, there is a ton of data out there. But it's not all accurate and some of it is - simply by circumstance - is not valid.

 

All this pontification about Subaru & Mozilla is pointless.

The real issue is have you taken the time as a Subaru owner to read thru all of Subaru's "terms & conditions" and linked online privacy policies about information they collect on you, as a car owner. Being a victim of identity theft a few years ago myself, I need to look no further than Subaru's own online Privacy Policy about information they collect to see that it includes Social Security numbers to know that I need to take precautions. I could care less if Subaru knows that I (or the wife, or the kids, or a car theft) had my Forester in Walmart's parking lot this afternoon, or if they know my vehicle's mileage and tire pressure. That sort of Starlink info is primarily for Subaru's marketing benefit anyway. It's the Subaru data breach I fear. I can tell you from personal experience it is no fun dealing with a company's fraud department who rejects my police report because it was not "certified", or working with the IRS to obtain my own PIN for tax filing purpose, waiting on new credit cards because of unauthorized purchases, or unlocking frozen credit bureau accounts ( freezing credit bureau accounts ... a great way to protect yourself from identity theft BTW) so that I can get a new car loan on a Subaru. My concern is do I fully understand my risks using Subaru's silly & un-needed (IMHO) Starlink feature. If anything goes wrong, its all may fault anyway ... per Subaru's Starlink terms and conditions policy.

 

It’s even worse that that. State DMVs regularly sell vehicle ownership and registration data. Income tax preparation businesses sell user data. The list goes on and on.

To add insult to injury, more than one state revenue agency has been hacked. A few years back, the SC Revenue department was hacked and the state was forced to offer taxpayers fraud monitoring services for multiple years. Any idiot computer operator can leave an unsecured laptop in an unlocked car or open a Trojan email, opening the security doors wide open and not even know what they’ve done.

You can decide not to drive a Subaru, or purchase any product that collects user data. What you CAN’T do is successfully refuse to pay taxes, register your vehicle, etc.

The genie has escaped the lamp, and there’s no putting it back in.

 

It’s even worse that that. State DMVs regularly sell vehicle ownership and registration data. Income tax preparation businesses sell user data. The list goes on and on.

You are a Bazillion percent right! Its definitely a target-rich environment for cyber thieves.

It is so bad in fact that our own State Governor disclosed 3 years ago when a ton of initial COVID unemployment fraud was going on in the US, that scammers fraudulently filed on his behalf for unemployment assistance. Never heard if the FBI found the people responsible. And to add insult to injury, my state's driver's license bureau computerizes all your personal documentation (birth certificate, SS #, etc. ) that one is required to provide in order to obtain a REAL ID Act driver's license ... you know the sort of "security-enhanced" documentation TSA requires now to fly on an airplane.

Enough of that bellyaching. FWIW, I did take the time last week to submit several data privacy requests on my MySubaru web site account to opt-out sharing my personal information with their third party business dealings, and to have some of my info actually deleted from Subaru's records. Whether that does any good or not remains to be seen. But to Subaru's credit, they did acknowledge receipt of my requests.

 

You are correct. I was wrong. When flying you can use various types of identification right now, including passports, and a regular driver's license. At the present time, the requirement that if a drivers license is used with TSA, it has to be the REAL ID Act version beginning in May, 2025.

 

I have the real ID license, brought all the stuff needed, and they basically glanced at it all and handed it back, like it was more of a bother to them. Nothing was actually entered into the data base. If it wasn't done properly, then it slipped by quite a few cracks, being new driver licenses are mailed to you now. At least in Ohio, regardless if it is a regular license or Real ID.

They already have your SSN on file anyways. At least in Ohio you have always had to bring your SS card to get a new driver's license. So they aren't really getting anything new by going with the Real ID. At least not in my experince.

My understanding is you do need it to enter a federal building. Not sure if producing a birth certificate etc will suffice for that.

I wonder what the procedure is if you get called to Federal Jury duty, and don't have a Real ID?

 

I don't mean to hijack this thread, but every state is different. I live in Arkansas, and the DMV here is different than Ohio (just as Ohio and the other 48 states are different than AR and each other). Getting the Real ID license is/was so complicated here, we had to produce our marriage license to verify my wife's identity so they could match her birth certificate name to her current name on other required documents. No joke. Hopefully they have backed off that by now. We got our Real ID licenses 4 years ago when the implementation schedule at airlines and other places was set to go into effect within a year at that time. But that schedule and locations using it has changed so much, I wish we didn't get the stupid thing.

Its the data breach I fear. Whether it be Subaru (however they get your info), American airlines, Capital One credit card company, the IRS, or my own state's DMV or unemployment office. That is why I waste the time to take things like Mozilla's warnings seriously. Enough said, sorry for the rant.

 

In Ohio it is the same for married people that change their last name.

If multiple times you need each and every marriage license. I believe those are federal requirements, as it is a federal license in that respect.

 

Getting the REAL ID license is a breeze in SC, if you have a current passport and at least one recent utility bill denoting the same residence address.

Which makes perfect sense, since the Passport already confirms your Federal ID status.

 

One other item of interest…. Talk to someone employed at the higher levels within a bank’s security and fraud control division and you can find out just how easy it is for knowledgeable crooks to create fake, but seriously real looking, REAL ID licenses…and other forms of IDs.

 

This past week we received another request from our insurance provider offering a discount if we'd agree to a data tracker. They 'promise' that the data wouldn't be used to potentially 'reclassify' us or used as a reason to raise rates. My wife saw savings. I saw a greater potential for insurance cancellation if their algorithm didn't like where we drive, how fast we drive, time of day we drive, etc. No thanks.

 

Those trackers will track your driving habits... The "where" you drive is probably less problematic than the others UNLESS those locations are prime for losses... When I was shopping for insurance, a certain insurer offered their drive tracker module for a discount. Sorry, Flo but... no.