I remember a few threads about this and decided to share some follow-up. Critically: And this: TLDR: software bug and perverse incentives.
I remember a few threads about this and decided to share some follow-up.
G.M.’s spokeswoman had told me that this data collection happened only to people who turned on OnStar, its connected services plan, and enrolled in Smart Driver, a gamified program that offers feedback and digital badges for good driving, either at the time of purchase or via their vehicle’s mobile app.
That wasn’t us — and I had checked to be sure. In mid-January, again while reporting, I had connected our car to the MyChevrolet app to see if we were enrolled in Smart Driver. The app said we weren’t, and thus we had no access to any information about how we drove.
Critically:
But in April, when we found out our driving had been tracked, my husband signed into a browser-based version of his account page, on GM.com, which said our car was enrolled in “OnStar Smart Driver+.” G.M. says this discrepancy between the app and the website was the result of “a bug” that affected a “small population” of customers. That group got the worst possible version of Smart Driver: We couldn’t get insights into our driving, but insurance companies could.
And this:
According to G.M., our car was enrolled in Smart Driver when we bought it at a Chevrolet dealership in New York, during the flurry of document-signing that accompanies the purchase of a new vehicle. That this happened to me, the rare consumer who reads privacy policies and is constantly on the lookout for creepy data collection, demonstrates what little hope there was for the typical car buyer.
To find out how it happened, I called our dealership, a franchise of General Motors, and talked to the salesman who had sold us the car. He confirmed that he had enrolled us for OnStar, noting that his pay is docked if he fails to do so. He said that was a mandate from G.M., which sends the dealership a report card each month tracking the percentage of sign-ups.
Well, I used the term GM gave when describing the difference in what is shown between the app and the web interface to avoid editorializing the summary. However, I tend to agree that this seems...
Well, I used the term GM gave when describing the difference in what is shown between the app and the web interface to avoid editorializing the summary. However, I tend to agree that this seems like a pattern of intentional design choices to obscure what the customer is consenting to. Having spent a fair amount of time reviewing consent forms for clinical trials, this whole process of GMs feels intentionally misleading to those signing up.
As a Bolt owner who also never (knowingly and willingly) signed up for OnStar Smart Driver but had it activated anyway, I’m glad this issue is getting more attention. Each successive article...
As a Bolt owner who also never (knowingly and willingly) signed up for OnStar Smart Driver but had it activated anyway, I’m glad this issue is getting more attention. Each successive article reveals more information which shows that the issue stems explicitly from GM’s practices and not people like me simply being careless or inattentive.
What’s really sad is that GM’s actions here have made such a bad stain on such a great car. I love my Bolt. It’s awesome. I’ve had it over a year now and the glow hasn’t worn off: I still couldn’t be any happier with it! In theory I’d be singing its praises and recommending it to anyone and everyone who will listen.
But with how scummy GM has been about all of this? I want to tell people to stay away and buy literally anything else.
I own a bolt and I love it too! Its perfect for my use case, which is to just get around town, and maybe take a weekend trip that's within 100 miles. Sadly with their removal of apple car play I...
I own a bolt and I love it too! Its perfect for my use case, which is to just get around town, and maybe take a weekend trip that's within 100 miles.
Sadly with their removal of apple car play I won't be buying another GM EV. I used to work for them and I remember when they on boarded us in new hire orientation they often said that they weren't a manufacturing company, but a "Technology" company like Google or Apple was, which did make me laugh on the inside because not even 5 minutes before they were talking about how they migrated off of lotus notes and used fancy Microsoft Outlook for emails. Keep in mind this in the late 2010's, still WAY beyond any reason to have Lotus Notes. Time would eventually show that they were in not a technology company, as the biggest concern for them was keeping their factories up and running more than anything else.
I know the talent they hire, and it isn't anything NEAR what a FAANG company can employ. I'll trust Google and Apple when it comes to quality software if I have to choose between them and GM.
How many of the other companies just haven't been caught yet? At the moment I still drive a car with no internet connection and I am grateful for that.
How many of the other companies just haven't been caught yet? At the moment I still drive a car with no internet connection and I am grateful for that.
Even if it's SIM based now, eSIMs are a thing, and it's trivial to build in something that can't be disabled/removed without some serious intervention. While necessary, it's an exhausting mindset...
Even if it's SIM based now, eSIMs are a thing, and it's trivial to build in something that can't be disabled/removed without some serious intervention. While necessary, it's an exhausting mindset to consider your car manufacturer as an adversary. I think it genuinely adds mental stress when we have to interact with the world in this way, assuming the worst, fixing hostile actions. It's not just your car, it's any electronic device you buy, all of which try to track you and commoditise you.
One thing I left out of the summary, but is also important is that when multiple owners were listed on the title, the combined driving data was only shared under the first owners name. This seems...
One thing I left out of the summary, but is also important is that when multiple owners were listed on the title, the combined driving data was only shared under the first owners name.
I had requested my own LexisNexis file while reporting, but it didn’t have driving data on it. Though both of our names are on the car’s title, the data from our Bolt accrued to my husband alone because the G.M. dealership listed him as the primary owner.
This seems like another critical point that will be litigated. And until cars start verifying the identity of the driver, will hopefully be an ongoing damper against setting rates based on collected metrics.
I'd be surprised if they don't key the data to CarPlay / Android Auto attachment so they know who's driving. Which raises privacy issues for someone borrowing a car. But really, Apple / Google...
I'd be surprised if they don't key the data to CarPlay / Android Auto attachment so they know who's driving.
Which raises privacy issues for someone borrowing a car.
But really, Apple / Google have all that data directly from our phones already so 🤷
We are so overdue for some basic regulation on what information can be bought or sold about people, or at the very least a consumer-readable notice or warning which describes all the information...
We are so overdue for some basic regulation on what information can be bought or sold about people, or at the very least a consumer-readable notice or warning which describes all the information that's being collected and allowing the consumer to opt-out of the collection of specific elements at any point in time. The ability to have them delete information they have collected about you or to refuse to let them share that information with anyone else would be nice too. You know, basic GDPR kind of stuff.
Ive been railing against the evils of cars being connected to the interwebs since I first learned about it years ago. What GM giveth, GM can take away. Or much worse with automakers who can...
Ive been railing against the evils of cars being connected to the interwebs since I first learned about it years ago. What GM giveth, GM can take away. Or much worse with automakers who can disable features with a mouse click. And its inevitable if you manage to tick them off. We just become the consumer in a mobile box being tracked, either for insurance purposes, or more nefariously, to find out where we go and link that to sales and ad data.
I abhor that kind of tracking in one of the last tools of 'freedom' we have, and will continue to refuse to buy any car that has it. And yes, that means I drive old cars. Happily.
Agree on all points, but driving old cars is a temporary solution. I know, I drive a pre-2010 car, but when it breaks down expensively, I'm worried about what kind of solution there'll be. The...
Agree on all points, but driving old cars is a temporary solution. I know, I drive a pre-2010 car, but when it breaks down expensively, I'm worried about what kind of solution there'll be. The author of the article suggested that sales reps were clicking through consent screens (and extremely uninformative consent screens, in any case) without customer interaction... What defence do consumers have against that? It's one thing fending off the known evils, but how can we refuse something we're not told exists?! That's such an underhanded practice.
GM ends OnStar driver safety program after privacy complaints https://tildes.net/~transport/1fwc/gm_ends_onstar_driver_safety_program_after_privacy_complaints
I went looking for the request form for the driving data Verisk has on me, and found this: The most recent Internet Archive snapshot of that URL was two days ago and does not include this message,...
I went looking for the request form for the driving data Verisk has on me, and found this:
Verisk no longer receives driving behavior data from automakers to generate Driving Behavior Data History Reports. Verisk no longer provides Driving Behavior Data History Reports to insurers. If you’re interested in receiving a copy of your Driving Behavior Data History Report, please click on the link at the bottom of the page. The driving behavior related data Verisk can offer you will vary by auto manufacturer. See table below.
Auto Manufacturer
Verisk stopped receiving driving behavior data to produce Driving Behavior Data History Reports as of
I'm the owner of a Kia, which is not mentioned here... but Hyundai is. Not sure what to make of that. But I'm relieved that apparently Verisk isn't harvesting from them (even if maybe they were previously). I also requested my report from LexisNexis, the other confirmed data broker in this situation, and was pleased that when it arrived it contained nothing related to driving behavior.
Assuming there aren't other, more secretive data brokers in the mix, that should take care of things for me. Except that the car manufacturer (Kia in my case) still likely has their own copy of my data. This EFF page has links for where you can request a report from each automaker, and/or request deletion of whatever they have. Sadly, at least in Kia's case, they appear to only be honoring requests from residents of states with GDPR-like laws in place (CA, CO, CT, UT, and VA). Since I don't live in any of those places, fuck me I guess.
I remember a few threads about this and decided to share some follow-up.
Critically:
And this:
TLDR: software bug and perverse incentives.
I don't call this a bug. I call it a design flaw. The sales associate incentives were malicious and fraudulent.
Well, I used the term GM gave when describing the difference in what is shown between the app and the web interface to avoid editorializing the summary. However, I tend to agree that this seems like a pattern of intentional design choices to obscure what the customer is consenting to. Having spent a fair amount of time reviewing consent forms for clinical trials, this whole process of GMs feels intentionally misleading to those signing up.
Call me a cook, but I don't believe it was a software bug at all and it was intentional to have a discrepancy between the app and the website.
As a Bolt owner who also never (knowingly and willingly) signed up for OnStar Smart Driver but had it activated anyway, I’m glad this issue is getting more attention. Each successive article reveals more information which shows that the issue stems explicitly from GM’s practices and not people like me simply being careless or inattentive.
What’s really sad is that GM’s actions here have made such a bad stain on such a great car. I love my Bolt. It’s awesome. I’ve had it over a year now and the glow hasn’t worn off: I still couldn’t be any happier with it! In theory I’d be singing its praises and recommending it to anyone and everyone who will listen.
But with how scummy GM has been about all of this? I want to tell people to stay away and buy literally anything else.
I own a bolt and I love it too! Its perfect for my use case, which is to just get around town, and maybe take a weekend trip that's within 100 miles.
Sadly with their removal of apple car play I won't be buying another GM EV. I used to work for them and I remember when they on boarded us in new hire orientation they often said that they weren't a manufacturing company, but a "Technology" company like Google or Apple was, which did make me laugh on the inside because not even 5 minutes before they were talking about how they migrated off of lotus notes and used fancy Microsoft Outlook for emails. Keep in mind this in the late 2010's, still WAY beyond any reason to have Lotus Notes. Time would eventually show that they were in not a technology company, as the biggest concern for them was keeping their factories up and running more than anything else.
I know the talent they hire, and it isn't anything NEAR what a FAANG company can employ. I'll trust Google and Apple when it comes to quality software if I have to choose between them and GM.
How many of the other companies just haven't been caught yet? At the moment I still drive a car with no internet connection and I am grateful for that.
Just out of curiosity, is OnStar SIM based? Have you checked to see if there's a way to remove the SIM?
Even if it's SIM based now, eSIMs are a thing, and it's trivial to build in something that can't be disabled/removed without some serious intervention. While necessary, it's an exhausting mindset to consider your car manufacturer as an adversary. I think it genuinely adds mental stress when we have to interact with the world in this way, assuming the worst, fixing hostile actions. It's not just your car, it's any electronic device you buy, all of which try to track you and commoditise you.
I'll be buying a new car in the next few years, and after this there is no chance it will be from GM. What a waste of goodwill.
One thing I left out of the summary, but is also important is that when multiple owners were listed on the title, the combined driving data was only shared under the first owners name.
This seems like another critical point that will be litigated. And until cars start verifying the identity of the driver, will hopefully be an ongoing damper against setting rates based on collected metrics.
I'd be surprised if they don't key the data to CarPlay / Android Auto attachment so they know who's driving.
Which raises privacy issues for someone borrowing a car.
But really, Apple / Google have all that data directly from our phones already so 🤷
We are so overdue for some basic regulation on what information can be bought or sold about people, or at the very least a consumer-readable notice or warning which describes all the information that's being collected and allowing the consumer to opt-out of the collection of specific elements at any point in time. The ability to have them delete information they have collected about you or to refuse to let them share that information with anyone else would be nice too. You know, basic GDPR kind of stuff.
Ive been railing against the evils of cars being connected to the interwebs since I first learned about it years ago. What GM giveth, GM can take away. Or much worse with automakers who can disable features with a mouse click. And its inevitable if you manage to tick them off. We just become the consumer in a mobile box being tracked, either for insurance purposes, or more nefariously, to find out where we go and link that to sales and ad data.
I abhor that kind of tracking in one of the last tools of 'freedom' we have, and will continue to refuse to buy any car that has it. And yes, that means I drive old cars. Happily.
Agree on all points, but driving old cars is a temporary solution. I know, I drive a pre-2010 car, but when it breaks down expensively, I'm worried about what kind of solution there'll be. The author of the article suggested that sales reps were clicking through consent screens (and extremely uninformative consent screens, in any case) without customer interaction... What defence do consumers have against that? It's one thing fending off the known evils, but how can we refuse something we're not told exists?! That's such an underhanded practice.
GM ends OnStar driver safety program after privacy complaints
https://tildes.net/~transport/1fwc/gm_ends_onstar_driver_safety_program_after_privacy_complaints
I went looking for the request form for the driving data Verisk has on me, and found this:
The most recent Internet Archive snapshot of that URL was two days ago and does not include this message, so it seems to be brand new.
I'm the owner of a Kia, which is not mentioned here... but Hyundai is. Not sure what to make of that. But I'm relieved that apparently Verisk isn't harvesting from them (even if maybe they were previously). I also requested my report from LexisNexis, the other confirmed data broker in this situation, and was pleased that when it arrived it contained nothing related to driving behavior.
Assuming there aren't other, more secretive data brokers in the mix, that should take care of things for me. Except that the car manufacturer (Kia in my case) still likely has their own copy of my data. This EFF page has links for where you can request a report from each automaker, and/or request deletion of whatever they have. Sadly, at least in Kia's case, they appear to only be honoring requests from residents of states with GDPR-like laws in place (CA, CO, CT, UT, and VA). Since I don't live in any of those places, fuck me I guess.