Posted by Cider9986 8 hours ago
I wonder what happens if you disable the e-SIM (in the US) and then a safety recall appears via software update - do dealers have any way to update control modules besides OTA?
This is a huge unresolved issue with EVs IMO; ICE cars are required to provide emissions-relevant updates over software which can operate using a J2534 passthrough device, which effectively means powertrain modules have to allow (potentially signed) updates over CAN using software that can be obtained by an end user (a lot of people don't know this; for almost any ICE car in the US, you can buy a 3-day or 1-week subscription to the dealership level diagnostic software for a somewhat reasonable fee and use it with a J2534 device).
But for EVs, there's no such rule and as far as I can tell it's entirely a gray area in the US now; the NHTSA require a "remedy" for recalls but nobody seems to have pushed back to determine whether OTA is truly a remedy. The traditional autos all offer dealerships as a backup option, but Tesla and Rivian have several recalls with only OTA remedies already. This seems sketchy.
I would assume so. Even on older cars, service techs can typically manually push firmware updates over the OBD-II / J2534 port. Rivian's OBD-II port actually hides an Ethernet signal inside of it - so the interface is certainly there.
Fun fact: You can buy an Ethernet adapter directly from Rivian here to connect to the car's internal network: https://rivianservicetools.com/Catalog/Product/TSN00535-300-...
Nice. This is really normal now, for what it's worth - all of the European makes have moved this direction as well (DoIP over ENET). There's shockingly little documentation about Rivian online, though, probably because emissions regulation doesn't mandate it.
https://automotivevehicletesting.com/vehicle-diagnostics/doi...
Edit: I eventually recovered most of the cost via a settlement court.
Kia's engines are known to fail predictably even within first 100K miles. They extended their warranty because of it. But then they weasel out of it unless you hire an attorney and go to war.
If this were a widespread policy I bet class action lawyers would be all over it without you having to pay for it.
As if I needed another reason to keep my 2014 skoda.
If i ever have to get a new car, i will disable telemetry, and i will buy it either without telemetry, or with the agreement that i do not consent to telemetry.
(read the fine print before getting a new car. the shit they can do that can go wrong and you have to pay for.. no wonder old cars cost as much as new ones.)
They're worried about the cost of a new car, and the cost of all the electronics, should they go bad.
I get some updates OTA, but the dealer has to install some others, and when I took it there they updated it with a USB stick.
Rivian are probably the only major manufacturer I've never had a chance to look at in any RE capacity and I'm getting more curious by the second. The reaction their vehicles had to the infamous bricked-infotainment update actually represented a pretty good adherence to safety guidelines (the drivetrain as well as the speedometer and warning lights on the cluster still worked in a degraded format even when the infotainment was bricked) IMO, so they do seem to apply a reasonable degree of care.
What if they did the EV equivalent of Dieselgate[1]? Say it has a dangerous amount of torque or something, but you like that.
Could you just turn off the network and keep it in the desired (unsupported) state?
[1]: https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal
Whoa, didn't know that. Well the caveat is finding a decent J2534 device, right? There are a lot of cheapo knockoffs. Then actually knowing how to use the software with it.
https://www.crvownersclub.com/attachments/tsb-15-086-crv-tra...
My car needed another key. The stealership quoted me >$400 for it. I took it as a personal insult and did the research and ordered an OBD device and also discovered you can order replacement keys on aliexpress, and they'll even cut them for you with a good picture of your existing key. It was actually a fun project and very satisfying when I was able to successfully program and link the RFID chip to the ECU to start the engine.
May not be feasible with more locked-down modern cars which I wouldn't touch with a ten-foot pole, but I was able to fix it for about $150, not including my time of course. But I have the OBD device to use next time now as well.
The other reason i did it is because the dealership and other shops quoted me over 10 times the cost of parts, and I literally did not have the money to take them up should i have wanted to. Car maintenance is expensive, _especially_ at the dealership.
Of course they do. It would be absolutely silly not to. And in the case of safety recalls, their duty to inform you would entail a more traditional and substantiated disclosure i.e. a letter.
Yes.
You get a letter in the mail asking you to take your car to the dealer so they can install the update.
Been there. Done this.
> do dealers have any way to update control modules besides OTA?
Yes.
I believe the truly concerned/paranoid will not want to take their car to the dealership for updates at all. Which would, IMHO, be a mistake: having known security holes in your car's software is more likely to lead to a privacy invasion (via getting your car hacked at some point) than letting the dealership get their hands on it for a few hours.
(I should note that all of this is theoretical for me: I drive a car that's old enough it doesn't have any software).
EDIT to add this P.S.: Actually, I can think of one category of people who would be concerned enough to turn off the car's ability to connect to the Internet, but feel fine about taking it to a dealer for updates. That would be people who want to turn off the car's Internet connectivity not because of privacy concerns, but because they don't want anyone to be able to disable the car (either via hacking or via "legitimate" means, i.e. the manufacturer does it) while they're driving. Such a person would care a lot about the car's Internet access being completely off while they are driving, but not care about it being turned on while it is at the dealership.
(https://www.mozillafoundation.org/en/privacynotincluded/arti...)
>Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. [Their privacy policy] includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.”
Some laws require discussing very specific lists of categories of information they might have. I'm guessing this is a completionist CYA lawyer accounting for this.
There's another post on this article asking for an EV that doesn't: "need internet connectivity via wifi/esim at all? I'm looking for something really simple. A chassis, four wheels, an engine, airbags. Basically my current ICE car, just electric."
I'm hoping that they get a lot of good suggestions, but I'm not holding my breath.
Someone with the requirements you outline is not in the market for any new car, regardless of powertrain.
^^ Not EV, but... :)
Glad it's an option be it for regulatory compliance, security, privacy, or any combination of the three.
So if being VC funded puts you off an editor, being VC funded may also put you off ycombinator.com
Same, same.
Nothing made me skeptical about the tech industry like working for a VC-backed startup. Ugh.
Fully agree. I also feel like a lot of companies do not need to be on the stock market, especially if they're reasonably profitable, feels like the stock market is where you go to let go of more of your company just to get rid of the VCs whom you owe a lot of money to.
Knowledge of this setting has shifted my perspective considerably.
edit: not enough to ditch Sublime, however.
Sources:
https://news.ycombinator.com/item?id=46501220
https://code.visualstudio.com/updates/v1_104#_hide-and-disab...
Kudos to Rivian for making this a supported user privacy feature.
I do distinctely remember strongly disliking the user agreement I signed for the "internet connected" features of the car when I bought it. 100% rubbed me the wrong way and I couldn't' find a way to opt out, and I wasn't so motivated to physically remove it from my new car. Thankfully.
Shouldn't have to trade privacy for safety.
You shouldn't have to, and yet...
https://www.ftc.gov/news-events/news/press-releases/2026/01/...
My phone does this now. Most phones do it now.
This is the company whose flagship voice assistant, in 2026, can’t tell the intended recipient in a sentence like “Text Bob Mary signed the deal.” And if my phone happens to be thrown into the back of the car by the crash, I doubt anyone will be able to hear me.
Not to mention that OnStar has operators who talk to first responders. the cell phone thing will just call 911 and hope for the best.
I pay for OnStar, and think it’s worth it.
That lasted about 6 hours before I figured out how to switch back to Assistant.
1. For years "Navigate Home" has done exactly what you'd expect, then one morning it decides traveling to Home Depot is the only possible interpretation.
2. A bog-standard timed alarm goes off, and half the time "Silence Alarm" leads to it insisting that there are no alarms going off right now.
What stings is that these aren't issues with ambiguous grammar or unusual phrasings, these are extremely predictable commands for features I would expect in the minimum viable product.
You can be using CarPlay to navigate at that moment to a destination, and because of the way my fiancee has Siri set up, if she says "Get me directions to the nearest Starbucks", Siri will say, "I'm sorry, I don't know where you are."
Only if it hasn't been crushed, damaged, or otherwise flung out of the vehicle that crashed so violently that it's actually upside down, as noted in the original comment.
Same. This is the first thing that I've ever read that makes me think I might be willing to buy a modern vehicle.
A: never once installed the app or registered an account, which flummoxxed the salesman so much he argued with me for 10 minutes trying to say that I had to set up the app to even take delivery, even though I paid cash in full. He even cried to mama (the manager) to find out what to do about this impossible situation. In the end, of course you do not actually need to install the app, even temporarily just for a one-time setup, or even register an account. But MAN do they want you to.
B: Within a few weeks found that someone makes a kit that lets you completely disconnect the telemetry & internet functionality module while providing some pass-through connections that normally go through that box.
Apparently in this case all the bad stuff is conveniently in one box you can disconnect, and still have normal bluetooth for android auto, apple car play, or plain bluetooth headset & media. So still have gps & media on the console stcreen. I can only assume that this won't stay so convenient. They could have anything require anything else any time they want.
They do offer an official way to disable all internet features (remote start from your phone from any distance, remote vehicle monitor, tracking/shutdown, etc), but all that does is disable the useful functions for you, while not disabling any of the functions they use for themselves. It's still actively logging and uploading data, and they still have the ability to remotely track and even disable the vehicle.
I've been to the dealer (different from purchase) once for a free oil change and they didn't say anything. So idk if they even tried to do any updates, or they have some other way to do it or what.
But don't worry, the FTC is out to protect you. Their settlement with GM says that can only sell your name attached to zipcode resolution location data and only sell your precise location trace attached to an opaque ID rather than your name.
The gen 1 system uses cameras primarily. It’s not awesome lidar or AI. It needs up to date road information.
I’ve been driving down I-5, a major interstate and had it turn off on me, presumably because I hit a dead spot, as conditions were fine and I5 is one of the most popular routes there is.
I’m fine with all of this. I prefer that it hand back control to me rather than make me another statistic like Tesla’s system.
I'm very curious at what level the restrictions operate. With every other manufacturer I've looked at, they're extremely coarse-grained; it's more like "is there a known long-time-horizon hazard in this area that is known to impair the system" than a "we mapped every lane and you need a database." I wonder if your I5 issue was a weeks or months-old construction area, for example. I haven't looked at Rivian much, though, and it could be totally different or extremely fine grained, there's no reason to suggest otherwise either.
But maybe that’s what you meant?
I think that's only for the speed limit alarms. Wouldn't have that if people would stick to limits, I guess...
That is a desirable outcome.
I have driven about half a dozen vehicles with this feature, and it has been annoying 100% of the time, and never helpful at all. In the company van I drive (Citroën Berlingo) I have to disable it every time I start the car. The lane keeping gets confused all the time by snow or dirt or when merging onto the motorway, or fucking background radiation - I dunno. It always shocks me when it pulls on the steering wheel. This crap should be forbidden. In the same car I also have to disable the start-stop system so as not to destroy the engine. Aside from that it's a nice enough van for a diesel, but I've been ruined by electrics.
In my own car (Nissan Leaf 2021), it stays disabled. But then it shows me a lawyer screen on every start asking me to consent to handing over my first born son etc.
Imagine if proper EV's had been invented in 2005 - we would have had some awesome cars.
Did you also disable ABS and refuse to use smart cruise control?
My friend's 10-year-old Toyota will chirp annoyingly if you drift over a lane line but that's all it does. It doesn't have any ability to steer the car back into the center of the lane. Is that "lane keeping"?
I can imagine it can save a life someone dozing off and drifting.
Smart cars can record street views, location of WiFi access points and GSM towers, and this data is useful for guiding missiles and drones when GPS is being jammed.
And how can we deal with this? Inspections on import? Country-level DPI to block data exfiltration? But DPI is not perfect because there are obfuscation and VPNs. And today we have Starlinks as well, which are difficult to block. Except from banning foreign smart cars altogether, there seems to be no simple solution. Or maybe oblige the manufacturer to use local computer boards and software when importing cars?
> In the EEA, Windows will always use customers’ configured app default settings for link and file types, including industry standard browser link types (http, https).
https://blogs.windows.com/windows-insider/2023/11/16/preview...