The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.
They are both very cagey with how they talk about this (or don't).
Last year I requested a Carfax on it, and one of the fields in the request was current mileage. I entered an estimate like 75000 miles. On form submission, that field failed validation with the red subtext along the lines of 'this is less than the last reported mileage of 75345, reported <5 or so days prior>'. Checking my odometer and looking at my past few days' trips, that was indeed accurate.
The car hadn't been to a shop or out of my possession in weeks, so I can only assume the telemetry was still dialing home and selling to third parties despite my best efforts to disable it.
Anecdotal and not unexpected in the grand scheme, but it still surprised me.
They basically never need 95% of it and most of it is never looked at again.
That 5% that does gets used ends up been collapsed to a single 100,000ft view somewhere that the decision makers in the company can see it and immediately treat as gospel.
Which is fun when you are the new hire, get asked to look at that dashboard and it turns out it's not calculating the totals correctly at all.
Then you have all the people in that business who collate reports for more senior report readers who never look at them but still collate them and those more senior report readers never pass it up anyway.
Enterprise is a serious weird kafakaesque place at times, it helps to just ignore the weirdness since you can't change it.
Ask me how I know.
True, though collecting and keeping unnecessary _personal_ data is very much a liability under the GDPR.
They're not collecting in depth telemetry on every mile you drive, as you drive it. They're literally just every couple of days sending the number on the odometer up to their server. Most carmakers do it simply so they can sell you oil changes
I mean, yes and no. It is most likely that the majority of carmakers are not collecting detailed telemetry. But we know from data breaches that some cars collect pretty detailed information.
https://www.roadandtrack.com/news/a63306050/exposed-vw-data-...
One trick is to buy a car from the end of the 3G era, because at least in America those networks don’t even operate anymore. Car is nerfed in terms of phoning home without you having to do much at all.
[0] https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-vo...
In some countries there's a SCAM in which the owner or agency lowers the mileage of the car and sell it for much more because of the lower mileage.
Important: Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then it does not do that (see the discussion here and elsewhere), so I exclusively use CarPlay via USB. I wish I had a way to completely disable the car’s Bluetooth functionality, but it’s deeply integrated into the head unit.
Following the thread linked to, the only thing I can find is very unsubstantiated; https://www.rav4world.com/threads/2019-rav4-dcm-deactivate-p... :
One caveat, if you use bluetooth to connect your phone to the car DCM will use your phone to connect to the mother ship and presumably send your data. I only use my iPhone cable to connect to the car which does not have this effect.
Bluetooth tethering is a thing, actually predates wifi tethering. Though it's not enabled unless you enable Personal Hotspot in your phone settings (and Android requires it to be enabled separately).
CarPlay complicates things, as it only uses bluetooth to pair, then it switches to using a wifi network (as bluetooth doesn't have anywhere near enough bandwidth). Maybe Apple automatically shares internet over that carplay connection?
I have no doubt that the car will use the internet connection if one is exposed, I just doubt it will be exposed automatically.
So it's plausible the new Toyotas still have this functionality.
Hotspot/Tethering had to be enabled on the Phone, just a simple Bluetooth connection for calls or playing music didn't enable internet connectivity.
For me on Android 16, the setting is in Network & internet > Hotspot & tethering > Bluetooth tethering
I have reported this to Toyota multiple times with videos detailing the problem and they have denied the problem and ultimately when faced with the evidence simply refused to fix it.
I've been a big fan of Toyota's Production System and their management culture, but this experience has really diminished the brand for me. I realize these problems exist with all cars today. The pattern seems to be to foist low-quality hardware and software on their customers and take no responsibility for the results. Software bugs aren't what they consider a "typical car problem" so they simply don't fix them.
The only fix I've found is to disconnect the phone and use its map standalone, just sending audio over Bluetooth. Maybe it's possible to get Android Auto or Carplay to reject GPS data from the car? I don't know...
My experience is pretty small; I've owned the same Tesla Model 3 LR for the last 6.5 years, and the software has been pretty much solid the entire time. There was briefly a problem with echos when I called land lines using the bluetooth and my iPhone, but that problem eventually went away - not clear if it was because the iPhone changed, the software was updated, or perhaps the particular landline I was calling got an upgraded CO, but for a car that's a pretty good track record. There were some sensor glitches but they got fixed.
I've test driven other cars. Lucid Air - tons of weird glitches. Rivian - almost as good as the Tesla, but laggy UI on a brand new car. My Tesla is almost seven years old and still smooth as the day it was new! How do they do it?
Compass heading specifically does seem to be unusually challenging. Does anyone else recall the bizarre "Google Maps on iPhone is 90 deg off" problem? Totally strange.
https://www.mavericktruckclub.com/forum/threads/telematics-f...
I don’t think there’s convincing my dealer to get into the service menu and disabling it.
I would presume that other manufacturers might have this as well.
- It has an internal battery and will keep running for quite a while after pulling the fuse. This is a safety feature in case you get in a crash that disconnects the 12V battery
- It will break your in-car microphone as discussed. Repairing that requires opening up the dash
- That won't do anything for disconnecting the GPS antenna
As I own two Toyota's I have read through these carefully and consistently the theme is that the owner was opted into this program without knowing it (likely by the sales person clicking through setup steps to enable every feature). If you are not opted in, I have seen no evidence they share driving data.
When I set up my Toyotas, the app clearly walks through the programs they have and you must click either "yes/opt in" or "no/opt out" for each program. It is not opted in by default.
Modern Kias with the CCNC cockpit have a data connectivity unit that exclusively handles cellular. If you can get this unit unplugged, which only requires two Phillips head screws to remove, your set. It took me nearly 2 years to figure this out. Thanks OP
The active driver assistance features are criminally dangerous.
Sadly, the current administration is more interested in illegally locking Kia’s engineers in cages than actually enforcing consumer protection or safety regulations.
Anyway, avoid them and Hyundai. If you don’t believe me, drive in rush hour for 30 minutes and frequently change lanes. Be sure to be on the road at dusk and dawn to get the full experience, where glare confuses the onboard cameras, so regen braking flaps on and off, and it repeatedly overrides steering and sets of spurious cabin alarms.
I’d suggest parking a few times at a costco during peak hours, but I don’t want to get anyone killed.
Driving mountainous switchbacks with very tight corners it was so strict about not wanting to cross the central line that it frequently tried to dump me into either the mountain or over the cliff.
Similarly on straight 2 lane roads where only really the centre was clear of snow and ice it was adamant that I should be driving with 2 wheels in deep snow instead of daring to drive in the middle.
What's your year model and engine? I'll look it up.
Any chance you can get the service manual for it? I appreciate it, even if you can not.
Guaranteed
yes. there ought to be a right to reasonable expectation of behavioral privacy where if it's not obvious and intrinsic to function that behavior is being recorded then it must be consented with functional opt-out.
gps tracking to the manufacturer of a car seems egregious. i wonder if it runs afoul of anti-stalking laws.
How is this the case? I thought bluetooth was just sharing my phone's audio. Why would it allow requests over the internet? Surely there's a way to tell the phone not to give its internet connection to any connected bluetooth device?
Does the phone add a proxy header? Can it be configured to not add the header?
(There is the ability to set up a Bluetooth hotspot on a phone and allow Internet sharing over Bluetooth, but that’s a different thing entirely and you have to explicitly set it up and use it. It’s also slow compared to a modern WiFi hotspot).
Older versions of bluetooth may have other networking capabilities.
As mentioned in the article as part of the introduction, there were problems with those car regarding security. Especially with the Rav4 where a colleague, Ken Tindell, showed a very serious flaw: https://kentindell.github.io/2023/04/03/can-injection/
Because of this OEMs build in more and more security, like SecOC with Autosar and other similar things. More and more of those security feature depend certificates in the devices that have an expiration time. Those certificates needs to be rotated regularly. If the rotation does not happen, because of missing communication with the mothership, then the security will fail, which finally will lock you out of your car.
That will be true for all the coming luxury car models.
IRC, Tesla has something like this for years in their cars. They can be offline for a certain period of time. But when this runs out, you will be out of luck.
Afaik phones do not share their internet blindly to Bluetooth devices.
What is the basis for this claim? I've never heard of this capability.
A random post on a forum is not evidence that Toyota has found a magic way to exfiltrate data over a bluetooth connection without turning on hotspot/etc.
If you then charge only at home you’re even more private than gas cars, which must stop at gas stations with cameras.
But both types of vehicles are easily spotted with Flock cameras. And if you keep your phone on that tracks you, too.
I’m not that paranoid so I won’t do it, I just wanted to know.
Ideally I'd like to keep my cake and eat it: keep navigation (preferably offline), spotify, etc. working but disable the telemetry, remote control, etc. From what I could gather, Teslas can use Wifi (your phone's hotspot) as a backup uplink. So depending on how they've implemented the cloud features, after disconnecting the antennae, you might be able to set up a tiny router and whitelist certain DNS queries, HTTPs connections, etc. But it might also be that they just use a big ol' VPN tunnel to the mothership and pipe all the cloud features through it.
Slightly less ambitious: does the navigation in Teslas work offline? Offline maps and route calculation have been around since the 00's in standalone GPS navigators, so it's not impossible.
Everything has cameras these days. On my street almost every house has a cloud connected camera. Every major road has cameras, every store and business. Now I’m not suggesting we give up the fight for privacy but avoiding gas stations does nothing
I suspect soon cameras in other cars will also be reporting our whereabouts.
Absolute privacy is almost impossible on public roads.
Most of these are cloud connected, how do you know they aren't storing license plate information, or face data, or audio data for extended periods of time in the cloud?
They can't brick cars with bad antennas. They have to allow for cars that drive into tunnels or that are used in areas with no cell service.
They could choose to throw up increasingly annoying messages if the car hasn't phoned home for some time. Tesla does this if you haven't updated your software in a while but the screens are pretty easy to close and ignore.
BTW I don’t own a Tesla. My car is like yours, a pre-2010 gas minivan with zero tracking.
Our phones and roadside Flock cameras still rat out both kinds of vehicles. I suspect soon cameras in other cars will also be reporting our whereabouts.
Absolute privacy is almost impossible on public roads.
I’d also be surprised if the car didn’t use the phone key connection to trickle some metrics when cellular is unavailable.
When you get in a car, you have to spend 20 seconds disabling all those systems. Lane keep assist is downright dangerous as it keeps you in your lane if you do an emergency avoidance manoeuvre.
I don’t hate safety system like emergency brake assist or ABS but I don’t need a nanny keeping me in my lane. I also don’t need a coffee symbol for taking a break.
My car, a 2025, was significantly cheaper to insure in terms of liability than my 2019, even though it was 3x (not inflation adjusted) the price, because my current one is full of sensors and advanced evasion, auto-braking etc.
Is it weird to think that the SoS functionality is ALSO priced in? And removal thereof could be problematic?
Kinda like when people don't replace their TPMS sensors. What is insurance gonna say after you had a blow-out, and injured another person because of a flat. The TPMS sensor would've warned you before, and the incident could've been prevented...
Now, apart from all of that, I'm very happy that I can disable all of the data that gets send to the cloud with the press of a button. Good old German privacy laws.
Jokes aside, I am seriously pissed at Nissan because it was one of reasons I bought it in the first place: to pre-heat or pre-cool the car remotely before going to work, while it is still plugged to the wall charger. And they just decided to take it down. Funny thing, they even mentioned in the email that "not to worry, I can still use my AC when I am in the car". Wow.
Sorry, rant. Anyway, my point being - buy Nissan Leaf, no connectivity guaranteed by the manufacturer, LOL.
Modern aftermarket remote start systems work with both ICE and EVs alike. Take a look at Compustar. You can remote start your Leaf with a key fob from 1/2 mile away, no telemetry, connectivity, or silly app needed.
https://rabbit-labs.com/product/cancommander/
Crazy commenter, tell us a little about this. Can I use it on any Can bus?
> eCall was made mandatory in all new cars approved for manufacture within the European Union as of April 2018.
What's this?
Dangerous, but hilarious (Dubai raver has set up a 303 and 606 to make acid house while he drives): https://www.youtube.com/watch?v=mwYtjQk0QaU
Interestingly, Subaru itself used to make a DCM bypass kit for its cars. When AT&T shut down its 3G network, Subaru was stuck replacing all the DCMs, because they would search and search forever for a connection to a network that no longer existed, and slowly drain the battery. But there initially wasn't enough inventory to replace them all, so they offered these bypass kits if you weren't an active Starlink (cloud svcs) subscriber.
With the coding from techstram you can also modify the Denso Headunit programming to not do telemetrics via cellular bluetooth connection.
You can also have block the connection on the phone if you run a custom DNS server.
But you do all that for privacy... and then you use CarPlay?
For this kind of thing to succeed as a general lifestyle, you would need to invest an enormous amount of time making potentially irreversible modifications to all kinds of electronic equipment - only to be virtually guaranteed to miss something.
Do this kind of thing if you want, but don't be fooled into thinking you're actually solving the problem for real.
Who pays for the cellular data plan
"Important: Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota."
Thats quite sneaky. On by default, no option to disable
Tuned it off and used our phones from there to the hotel. That was the last time we used a rental cars navigation.
So yeah, its already happening.
I always though ...just need to remove the ... the antenna .. modem would always get no signal and transmissons would always fail....
Same for the GPS.
To verify- no other hiddwen transmitters could use some RF( Radio Frequency) analyzers
[RF analyzer (ie spectrum analyzer) is a tool for measuring the power, frequency, and signal strength of radio frequency signals.]
I'd like to think failure to apply an OTA safety update would trigger a mail-out notification requesting you bring the vehicle into the dealer. But that's probably optimistic...
If the car has a recall or safety issue with the suspension part failing prematurely, what possibly could some software nonsense do?
Ford https://www.caranddriver.com/news/a70513450/ford-4-million-v...
GM https://www.themanual.com/auto/gm-brake-fluid-warning-recall...
I think Chrysler does it too, but I only find mention of the time they bricked a bunch of Wranglers with a bad OTA update.
Broadly I don't think it's hard to imagine a software update being safety critical if the software is used in a safety critical system.
You can download and store Open Street Map for individual states. Map data doesn't have to come in over the air. That's not the problem. It's enhancing GPS with cell phone tower data that's the problem. That requires a cell connection.
Technically it only requires an antenna that can listen on the LTE band (or even GSM). Trilaterating based on cell towers with a hackRF or other SDR is a fun exercise.
I hate how this is a trade off. It’s totally possible for cars to broadcast their location only if the SOS is pressed or the crash sensor is triggered, but it feels like there’s no way to have that without also having everything else.
Amen.
Peppers article with Amazon affiliate links
Perfect summation of 2026
They can deny any claim for any reason, the onus gets flipped on you because if you want to fight back, you have to take a multi-billion dollar company to court .
I'd like to know how to do this for a 2022 CR-V.
(I dread the day my 2007 Civic is no longer usable.)
To me it's a little bit like, "I love these new cellphones but I'm keeping it in airplane mode all the time because I don't want it online"
I mean what's the point of buying a new car if you're going to cripple features that are so much better because it's connected? Sure, use CarPlay or such, but to say forever end things like over the air software updates? Anything to prevent Kia from theoretically detecting sexual activity I suppose [1].
Just buy an old car. Or convert a classic into an EV [2].
There are A LOT of things in our lives that can be completely torn apart if one wants to. Glass is a vastly inferior window covering. Do you know how easy it breaks, and people can just look into it.
1 If you ask me, there's a whole whitepaper to be written about how to detect sexual activity in a Kia.
On the other hand, as mentioned by others: Why bother if you use CarPlay?
All these car manufacturers pushing this horrorshow deserve to go under. Tbh it looks like most will soon....
Removing seems hard/complicated but foil seems within most ppls reach.
It's a shortcoming each of us will have, if we're so lucky as to live that long.
No wonder car companies are starting to dislike CarPlay. It's less data they can collect from their own customers.
Kinda makes me want to buy a standalone navigation system at this point.
I don't even speed, I'm just sick of the idea of being watched always and forever.
However, you now have a chance to buy one of the rare prototypes!
https://finance.yahoo.com/sectors/technology/articles/bollin...
Maybe a simpler way is to to slap a Faraday cage on all antennas.
DCM Bypass kit. https://www.autoharnesshouse.com/store/AHH-DCM77
I would be the target customer, but I keep making convenience concessions and buying the nice car / appliance with smart stuff.
I appreciate this guide from a technical perspective, but despite a lot of the stated preferences, I’m not seeing a huge market for it.
Convenience is paramount.
Can't do the design bits, but there's full service manuals for any 1990s to early 2000s Landrover. Only NAS models, unfortunately, so for some things in UK/EU you need to interpolate a little.
Notice the complete absence of phone-home GSM modems or other tracking stuff?
You have the full right to view and ask for deletion.
Can you skirt the GDPR by making it hard to discover who you need to ask?