SSH !?! This supports my point - a remote command prompt is much more functionality than what is required to unlock doors. It's not really appropriate to talk about this level of control as if it's merely a necessity for remote door unlocking.
You're the one engaging in histrionics here - sour grapes about the lopsided relationship that was included with functionality you enjoy, as well as strawmanning those concerned with how ownership is being eroded as rare enthusiasts or "hyper paranoid". FWIW it's perfectly consistent to pragmatically trust specific manufacturer(s) today, while still being concerned about the societal effects of centralized control continuing to be normalized.
It's certainly possible to implement the same functionality you're enjoying in ways that put the owner in charge and treat the company as a possible attacker. But it takes more rigorous design and development, and isn't likely to happen on its own as long as people continue to carry water for simplistic centralization.
Yeah. I'm not so naive to try and argue `unlock` is the only thing Tesla can do to your car remotely. Like I've said, they can update your car if you agree. If they can update the car then they can do whatever the hell the hardware allows, in theory. This is true for anything (software/firmware/younameit) that can be updated. Are you reading this on a computer with a modern OS?
I never said we shouldn't be critical of centralization and eroded notions of ownership. I am rebutting the sensationalized "Tesla has a persistent backdoor to your car and is using it to spy on you" spin on the issue. At this point in my life I'm becoming more of a tech pragmatist. One thing that has become clear to me over the years is that people don't want to be single points of failure. Putting people in that position yields poor products/user experiences. I believe there's a way to legislate and lay ground rules for ownership and access to consumer hardware that allows custody to be responsibly shared between a company and a consumer. I don't believe we're socially there yet, but making up fake news about how companies are spying on users and can't be trusted doesn't help progress the dialog. (TFA is another example of not advancing the dialog, which is how this all ties in.)
Trust is always an issue and always present. We have to make trust decisions. What I'm advocating for is making decisions based on facts and evidence, not FUD and slippery slope speculation. What I'm arguing is that it's important whether Tesla is acting in a way that is culpably deceitful and has given users reasons to not Trust them. If the evidence shows Tesla is being dishonest and operating in a way that is not in accordance with their privacy policy, then yeah grab the pitch forks I'll be there right next to you. This goes for anybody asking for trust, not just #companieselonmuskhastouched.
Otherwise name an EV that isn't cloud connected, is somehow innately more trustworthy, and that saves me 5k/year on gas.
I had hoped we weren't going to go down this path. It's not the responsibility of the free world to try to pry the exact details from closed systems to demonstrate their exact insecurities. Based on the functionality they have (remote update) plus the various bits that have been reported about their infrastructure (remember that reddit post about MSWin+bubblegum?) plus the general pattern when any proprietary system says "trust us we're sooper sequre", Tesla (any every other centralized system) really does not deserve any benefit of the doubt that they have done work to actually design a telemetry/privilege minimizing system.
> If the evidence shows Tesla is being dishonest and operating in a way that is not in accordance with their privacy policy
Meh. The penalty for violating privacy policies in the US is zilch, and even if it weren't such policies are generally non-binding and can be retroactively changed at any time. Without a privacy law ala the GDPR, the sensible thing to do is to assume that any piece of information you feed into the surveillance industrial complex will be stored indefinitely and may eventually be used against you.
> What I'm advocating for is making [trust] decisions based on facts and evidence
I feel like we could have some common ground here, but your previous arguments have carved off way too much in defense of lazily-implemented centralized control, based on seeing no evil. If it's possible to architect systems such that they don't backhaul information to their manufacturer or give their manufacturer ongoing control, then we should criticize those that do - regardless of the pragmatism of using them anyway because they are the least worst option and/or beneficial in other aspects.
I myself use many things that compromise my own privacy through suboptimal implementations, but I'm not going to sit here and defend the companies because they haven't been caught doing anything too hostile at the moment. Rather I accept that they're inherently attackers that I've chosen to trust (NSA definition) with some amount visibility into and control over my activities due to other benefits they provide - while remaining generally interested in more secure alternatives.
Actually you're wrong. It is the responsibility of the person making an accusation to back up their accusation with credible evidence and facts. That's how things work in the free world, at least. Presumption of guilt is just too dangerous and detrimental to a free society and so presumption of innocence is ingrained in our entire legal and judicial framework.
I'm not defending Tesla in the face of evidence that they are naive and abusive. There's simply not evidence in the first place that they're naive and abusive (and if there is, you've certainly failed to procure it). There is, in fact, the opposite, as reported by security researchers and as stated in their privacy policy.
> Tesla (any every other centralized system) really does not deserve any benefit of the doubt that they have done work to actually design a telemetry/privilege minimizing system.
It's not the benefit of the doubt. I was literally in the room at Defcon when Kevin Mahaffey and Marc Rodgers gave the talk that kicked off the Tesla bug bounty and security research program in 2015. And they had good things to say. Certainly their impression was not "this shit's dubious IDK if we can trust Tesla's security engineering" which you seem to be implying is your default impression because Tesla is #bigtech.
https://www.cnet.com/roadshow/news/tesla-hackers-explain-how-they-did-it-at-def-con-23/
Here are some privacy policy excerpts:
> Your Tesla generates vehicle, diagnostic, infotainment system, and Autopilot data. To protect your privacy from the moment you take delivery, Tesla does not associate the vehicle data generated by your driving with your identity or account by default. As a result, no one but you would have knowledge of your activities, location or a history of where you’ve been. Your in-vehicle experiences are also protected. From features such as voice commands, to surfing the web on your touchscreen, your information is kept private and secure, ensuring the infotainment data collected is not linked to your identity or account.
> Tesla enables you to control what you share. Within your vehicle’s touchscreen you may enable or disable the collection of certain vehicle data (Software > Data Sharing), including Autopilot Analytics & Improvements and Road Segment Data Analytics. If you choose to enabled data sharing, your vehicle may collect the data and make it available to Tesla for analysis. This analysis helps Tesla improve its products, features, and diagnose problems quicker. The collected information is not linked to your account or VIN and does not identify you personally.
Do you have evidence that Tesla is not honoring its privacy policy? If you want to change my mind, show me the data on how Tesla's systems are insecure/naive/user-hostile and I'm happy to continue the conversation.
PS
Consider this: you can buy a Tesla in the EU, no? You think Tesla has code like `if user.country == "USA" && user.state != "CA" { user.abuse() }`? I think it's actually more likely that, since Tesla is a global company, that they have a better security and privacy story than most strictly-USA focused companies. I actually trust small US startups far less than mature multinational corporations with my data. I've been at both and large companies have swaths of lawyers making sure people are in compliance with the law where small startups have trendy founders that prefer to ask forgiveness rather than ask permission.