Am a legitimate user of a freight forwarder, this attitude makes me sad.

With credit card fraud, the merchant holds 100% of the liability. They lose the item they shipped, the shipping costs, the associated revenue, then some chargeback fees on top too. So, they check on things that could be fraud.

Not sure if you're being sarcastic or not. As of right now, the answer is: nothing happens. The established corporation profits, and you suck it up, because what else are you going to do? Sue Apple?

Asking unironically: what were they? I want such a phone

Y'all need to visit Amsterdam and Rotterdam at least once in your life. One is an old city, the other was (re)built from scratch in 50s and 60s "for cars". Both have great cycling infrastructure and decent public transport. These things are doable.

Good luck to all who are trying to change the unsatisfying status-quo elsewhere.

Thank you. I think it's important to realize that changing the status quo requires people who stay and vote for that change, as happened in the Netherlands and elsewhere. People who run away to some place where it's already better, or grew up that way and never knew anything else, generate zero net change.

So what's your question?

That being said, I used to live in Moscow before, and did have a daily 1.5h bus-and-metro commute there for a while. Not perfect, and quite anger-inducing because of the "tragedy of commons" situation: this commute would have been 1h long, if not less, if the bus didn't spend time in the traffic jams created by all those nice people in cars. But well, nowadays buses in Moscow have dedicated lanes, and that neighborhood got its own metro line, so it's getting better.

Still not sure what exactly you are implying.

The term Personal Digital Assistant was coined by John Sculley while CEO of Apple when describing the Newton MessagePad, so akshually they did invent the concept.

Yes there were Windows CE devices that predate iPhone. I had a few, including the hx4700. They universally sucked.

I know downplaying Apple’s role in computing history is the cool thing to do on the orange site, but get real. The mobile world completely changed when Apple announced iPhone. We know that Google pivoted on the acquired Android OS. Would they have done so as quickly had the iPhone never happened? Given their track record, probably not.

I was on windows mobile before iPhone and the browsers were essentially useless. It was a game changer when safari mobile was a thing.

Apple killing off flash by refusing to support it was a great moment for the mobile web.

I'm a couple decades late with this advice, but - did you try Opera Mobile on PocketPC back then?

It was good. I had no chance to compare with early Safari on iOS, but it was on par or better than the default browser on my early-2010s Android device.

It is so weird how this all was forgotten.

What Apple did was achieve bringing the first smartphone to market that reached critical mass in sales and mainstream adoption. They didn't invent smartphones, but they did create the mobile market.

This is happening already. Teslas can be controlled remotely, and it does not have to be the owner of said Tesla.

Yes, somehow people are okay with that. The world we live in gets scarier and scarier every year.

One could accurately summarize progress since the Industrial Revolution as asking whether we could (and how), and not whether we should (and why). You can see this expressed in the growing focus on STEM education vs. the liberal arts and results in things like remote-controlled Teslas.

Cave Johnson said, "science isn't about why; it's about why not". The traditional counterbalance of that "why not" -- classical education, religion, etc. -- have all been falling behind.

this is yet another face of Moloch

Liberal arts is a natural ally and fellow traveller with science and technology. In fact much of early science grew out of liberal arts endeavours. Geometry from sculpture and perspective in art and architecture. Chemistry from developing pigments for painting.

+1 for the Aperture ref.

  Aperture Science  
  We do what we must
  because we can. 
  For the good of all of us.

1) AFAIK Teslas cannot be driven remotely. But even if they could Tesla is not using cars for errands, like wtf c’mon. And if they wanted to do that and paid me for it, I might be interested in helping the environment.

2) Tesla is able to remotely unlock a vehicle if they verify the owner. This replaces a call to a locksmith and/or the towing company and is way more convenient. So yes, people are okay with being able to have their car remotely unlocked by a third party who they authorize, we always have been.

If there is any good news about this it is that Full Self Driving appears to be a more difficult problem than Elon expected and they are struggling with it.

But with another car, I can choose who (if anyone) I'm willing to give that ability to. I certainly wouldn't want it to be Tesla.

You could design one of those apps to end-to-end encrypt all comms with the car, but I don't think most people would appreciate the usability hit.

Correct. And that (along with everything else related to it) is why I won't own a car that was made too recently.

Anyway, if you don't want to use vehicles which communicate with a server then good for you. Really. But if you’re taking such a stance I hope it’s based on informed data and consistent principles and not cringy FUD.

There is nothing that leads me to believe that a Tesla is a “surveillance platform” despite it being a machine that is capable of becoming one. It’s a car. It gets me from A to B. Thats the agreement I have with the manufacturer. I primarily use my app/phone instead of physical keys. I opt in to sharing diagnostic info with Tesla to improve the experience. It’s all pretty above board.

None that I'm aware of.

> Tesla comms are encrypted.

Which is very good, but still leaves the problem of Tesla getting the data.

> if you’re taking such a stance I hope it’s based on informed data and consistent principles and not cringy FUD.

I'm taking this stance because the history of the tech industry's practices in this area is full of so much abuse that nobody gets the benefit of the doubt anymore.

> Thats the agreement I have with the manufacturer.

I'm glad that you are comfortable with that level of trust with Tesla (or any car company). I am not. Which is, I suppose, why you'll own a Tesla and I won't.

Let me put it this way. In this case, specifically, what you're claiming is pretty outrageous and, if true, sounds like something I should take more seriously too. If you can give me examples of Tesla abusing users' trust and operating in a way that is not in accordance with their privacy policy, user consent, and/or general understanding of techno-decency, then please surface the evidence to support your claims so I can consider your argument more seriously. Otherwise what you're claiming does not align with my experience owning a Tesla and my knowledge about how they're designed and engineered.

The pragmatic in me understands that there is always a risk that a future software update will change the behavior of a product in a way that is not in my interests. That is a risk I take by using any software product and something that responsible people keep an eye on, agreed. I'm just not going to categorically avoid software that can be updated out of fear that it could start spying on me. If it starts spying on me without my consent, good bye.

I also understand that we may even have different tolerances for living with connected hardware and software. If you're the type of person that compiles their own firmware and updates their own devices offline after personally vetting the software, I'd buy your concern about trust a little more too. But honestly it just sounds more like you're saying "yuck Tesla, I wouldn't trust them to build a respectful product", while ignoring the fact that you're likely posting this from a smartphone, if you know what I mean.

I have made no specific claims, I think. If I did, they were unintentional. What I'm claiming is more general: that in the tech industry, data collection on users has been so widely abusive that I am not comfortable trusting any company with data collection by default. Specific companies can earn my trust, of course. No car company has done that, therefore I trust none of them with my data.

Is this the claim you're referring to?

> But honestly it just sounds more like you're saying "yuck Tesla, I wouldn't trust them to build a respectful product"

I do not intend to be singling Tesla out except insofar as Tesla (as I understand it) engages in more data collection than other car manufacturers. That said, I'm a bit more suspicious of Tesla just because of Musk. Not a lot more suspicious, but some.

> while ignoring the fact that you're likely posting this from a smartphone

I'm not. But I also have mentioned here that when my current smartphone dies, I won't be replacing it with another -- specifically because it's become so difficult to render them safe that it absorbs too much of my time and energy. That makes the cost/benefit of a smartphone too unfavorable for my tastes.

But with the smartphone I currently have, I do not use it for very much online stuff -- certainly not for web browsing -- anyway, because of safety concerns.

I guess because people want to listen to Spotify while they drive and have navigation data fed to their HUD...

The problem is not that an automaker wanted to have functionality that could legitimately unlock cars for legitimate customers. The problem is that creating this functionality entailed making a much larger backdoor that will invariably be abused by independent attackers, police, the company itself, etc - to do much more than merely unlock the doors.

There have been numerous talks at security conferences and solid research done on the security of Teslas. I don’t think you realize how sophisticated these things are. The infotainment system and the CAM bus are not the same software, for example. And attackers aren’t gaining remote access to them either (Teslas use stronger ssh keys than you do). So I’m not sure how this mega backdoor FUD even plausibly exists. A car isn’t a safe either, if law enforcement has a warrant for my car, or house, they’re going to forcibly break in if needed (heck they’ll even do that for a safe). Seems better to have Tesla legally complying/cooperating with law enforcement than the alternative where people use force.

I’m not saying we should build backdoors into everything for the kids, just to be clear. But I can be a happy consumer/user of a car with remote unlock functionality that’s implemented more responsibly than your npm account without devolving into “zomg Tesla backdoors your life to give you that feature” histrionics. That’s just not true. Like you, I would love to see, just like I argue for phones, the ability for enthusiasts and/or hyper paranoid people to install their own software roots in a supported manner if they don't want another party having access or if they want to delegate to a different 3rd party. And let me turn it on/off, sure. But having a car with remote unlock is not some gateway drug selling your digital soul.

https://electrek.co/2023/03/24/tesla-hacked-winning-hackers-...

Tesla literally paid people 100k to pentest their car so they could fix any bugs/issues found, so that you don't get hacked.

Yeah. I'm not so naive to try and argue `unlock` is the only thing Tesla can do to your car remotely. Like I've said, they can update your car if you agree. If they can update the car then they can do whatever the hell the hardware allows, in theory. This is true for anything (software/firmware/younameit) that can be updated. Are you reading this on a computer with a modern OS?

I never said we shouldn't be critical of centralization and eroded notions of ownership. I am rebutting the sensationalized "Tesla has a persistent backdoor to your car and is using it to spy on you" spin on the issue. At this point in my life I'm becoming more of a tech pragmatist. One thing that has become clear to me over the years is that people don't want to be single points of failure. Putting people in that position yields poor products/user experiences. I believe there's a way to legislate and lay ground rules for ownership and access to consumer hardware that allows custody to be responsibly shared between a company and a consumer. I don't believe we're socially there yet, but making up fake news about how companies are spying on users and can't be trusted doesn't help progress the dialog. (TFA is another example of not advancing the dialog, which is how this all ties in.)

Trust is always an issue and always present. We have to make trust decisions. What I'm advocating for is making decisions based on facts and evidence, not FUD and slippery slope speculation. What I'm arguing is that it's important whether Tesla is acting in a way that is culpably deceitful and has given users reasons to not Trust them. If the evidence shows Tesla is being dishonest and operating in a way that is not in accordance with their privacy policy, then yeah grab the pitch forks I'll be there right next to you. This goes for anybody asking for trust, not just #companieselonmuskhastouched.

Otherwise name an EV that isn't cloud connected, is somehow innately more trustworthy, and that saves me 5k/year on gas.

I had hoped we weren't going to go down this path. It's not the responsibility of the free world to try to pry the exact details from closed systems to demonstrate their exact insecurities. Based on the functionality they have (remote update) plus the various bits that have been reported about their infrastructure (remember that reddit post about MSWin+bubblegum?) plus the general pattern when any proprietary system says "trust us we're sooper sequre", Tesla (any every other centralized system) really does not deserve any benefit of the doubt that they have done work to actually design a telemetry/privilege minimizing system.

> If the evidence shows Tesla is being dishonest and operating in a way that is not in accordance with their privacy policy

Meh. The penalty for violating privacy policies in the US is zilch, and even if it weren't such policies are generally non-binding and can be retroactively changed at any time. Without a privacy law ala the GDPR, the sensible thing to do is to assume that any piece of information you feed into the surveillance industrial complex will be stored indefinitely and may eventually be used against you.

> What I'm advocating for is making [trust] decisions based on facts and evidence

I feel like we could have some common ground here, but your previous arguments have carved off way too much in defense of lazily-implemented centralized control, based on seeing no evil. If it's possible to architect systems such that they don't backhaul information to their manufacturer or give their manufacturer ongoing control, then we should criticize those that do - regardless of the pragmatism of using them anyway because they are the least worst option and/or beneficial in other aspects.

I myself use many things that compromise my own privacy through suboptimal implementations, but I'm not going to sit here and defend the companies because they haven't been caught doing anything too hostile at the moment. Rather I accept that they're inherently attackers that I've chosen to trust (NSA definition) with some amount visibility into and control over my activities due to other benefits they provide - while remaining generally interested in more secure alternatives.

Actually you're wrong. It is the responsibility of the person making an accusation to back up their accusation with credible evidence and facts. That's how things work in the free world, at least. Presumption of guilt is just too dangerous and detrimental to a free society and so presumption of innocence is ingrained in our entire legal and judicial framework.

I'm not defending Tesla in the face of evidence that they are naive and abusive. There's simply not evidence in the first place that they're naive and abusive (and if there is, you've certainly failed to procure it). There is, in fact, the opposite, as reported by security researchers and as stated in their privacy policy.

> Tesla (any every other centralized system) really does not deserve any benefit of the doubt that they have done work to actually design a telemetry/privilege minimizing system.

It's not the benefit of the doubt. I was literally in the room at Defcon when Kevin Mahaffey and Marc Rodgers gave the talk that kicked off the Tesla bug bounty and security research program in 2015. And they had good things to say. Certainly their impression was not "this shit's dubious IDK if we can trust Tesla's security engineering" which you seem to be implying is your default impression because Tesla is #bigtech.

    https://www.cnet.com/roadshow/news/tesla-hackers-explain-how-they-did-it-at-def-con-23/

Here are some privacy policy excerpts:

> Your Tesla generates vehicle, diagnostic, infotainment system, and Autopilot data. To protect your privacy from the moment you take delivery, Tesla does not associate the vehicle data generated by your driving with your identity or account by default. As a result, no one but you would have knowledge of your activities, location or a history of where you’ve been. Your in-vehicle experiences are also protected. From features such as voice commands, to surfing the web on your touchscreen, your information is kept private and secure, ensuring the infotainment data collected is not linked to your identity or account.

> Tesla enables you to control what you share. Within your vehicle’s touchscreen you may enable or disable the collection of certain vehicle data (Software > Data Sharing), including Autopilot Analytics & Improvements and Road Segment Data Analytics. If you choose to enabled data sharing, your vehicle may collect the data and make it available to Tesla for analysis. This analysis helps Tesla improve its products, features, and diagnose problems quicker. The collected information is not linked to your account or VIN and does not identify you personally.

Do you have evidence that Tesla is not honoring its privacy policy? If you want to change my mind, show me the data on how Tesla's systems are insecure/naive/user-hostile and I'm happy to continue the conversation.

PS

Consider this: you can buy a Tesla in the EU, no? You think Tesla has code like `if user.country == "USA" && user.state != "CA" { user.abuse() }`? I think it's actually more likely that, since Tesla is a global company, that they have a better security and privacy story than most strictly-USA focused companies. I actually trust small US startups far less than mature multinational corporations with my data. I've been at both and large companies have swaths of lawyers making sure people are in compliance with the law where small startups have trendy founders that prefer to ask forgiveness rather than ask permission.

This isn't tenable for security, especially in light of computational complexity. Rather it is up to the party claiming "trust me" to show that they are trustworthy. One major way of doing this is to publish source code that is easier to audit than having to reverse engineer. There is a long history of proprietary companies claiming to be secure while actually being an absolute mess internally. In the face of that dynamic, it is reasonable to be suspect of proprietary systems a priori.

> Do you have evidence that Tesla is not honoring its privacy policy? If you want to change my mind, show me the data on how Tesla's systems are insecure/naive/user-hostile and I'm happy to continue the conversation.

The argument isn't that Tesla is not honoring its "privacy policy" or is currently abusing its backdoors today. Rather it's that the systems they have shipped can be easily abused tomorrow. I've used the words "insecure" and "naive" about the security of Tesla's cars versus Tesla as the attacker - a threat model that bug bounties generally don't address. I do agree that currently, Tesla is (seemingly) not doing much attacking of their customers. The point is that can change tomorrow and the software has been seemingly designed so there will be little the owners of cars can do to protect themselves.

I looked through your comment history to see where you're coming from. Surely as a Linux user you can appreciate that there is a stark difference between software that is widely expected to respect your own interests as the user (and has been decently scrutinized for this quality), and mostly opaque software that has been created by a company to chiefly serve that company's interests? Especially software that has Internet access, so that its behavior can change when the company's interests change?

Let me put it into perspective: making your Tesla (a heavy vehicle probably driving 1 person) drive more is not helping the environment.

If you want to help the environment, don't drive a Tesla, find something that burns less energy (like a smaller car, or public transports, or an electric bike).

Well you are winning on the fix cost of building the vehicle (obviously). But you are still moving people in a vehicle that weighs 2 tons. The fact that it is an EV does not mean that you use less energy to move that weight, does it?

So yeah, if someone decides not to buy a Tesla or equivalent because they can use your shared one, you are winning. Now if someone uses your Tesla instead of any lighter vehicle that would use less energy during its life than the Tesla (which represents a lot of vehicles, not only bikes and public transports), then you are losing.

So let me repeat this: if you buy a Tesla because you think it's a "green" move, then save your money. You should buy a Tesla because you want a cool, expensive, heavy sport vehicle. That's bad for the environment, but I guess that's the cost of being cool.

100% agree. WTF. I'm losing a bit of faith recently in HN, a significant number of people seem to have gone full tinfoil hat.

Edit: downvote all you want, nutters, but this entire discussion is mostly people ranting about things we don't even know to be true, with the justification "well if they aren't for sure doing it now, they will!"

What happened to being data driven?

1. Your comment was kind of a "me too" comment that added nothing (or little) of substance to the conversation. On HN these types of comments are typically downvoted, regardless of topic or whether the voter is wearing a tinfoil hat.

2. You complained about the downvoting, and in addition added a personal insult to the downvoters. Personal insults are typically downvoted on HN as well.

3. You dismissed and strawmanned the "entire discussion" as "mostly people ranting about things we don't even know to be true." This type of thing is also frequently downvoted as it doesn't add anything substantive.

I recognize your username from this thread, you were one of the accounts that came to mind as a big bandwagon offender of the "it's all bad and there can be no nuance" rhetoric :).

Have a good day! And I mean that quite sincerely. It's a beautiful spring day here and I'm just visiting my desk momentarily after spending the last hour waking up the swimming pool and preparing it for this weekend. Time to go back outside and forget about the Internet for a while.

Other than this reply, I've ceased posting in this discussion and hidden it to avoid the temptation.

I see a huge difference between the ability to physically break into a car and having a datastream to a company that can be used to unlock the car. The latter is much more problematic -- especially if I can't choose who does or does not have that ability.

This is all a subset of the problem that modern cars are surveillance platforms.

There’s a difference between the government legislating obscure and weak backdoors into all microchips so the NSA can spy on you, and a car company providing features consumers want, agree to, and pay for, in a secure way. One is a surveillance platform, the other is a good product. It’s silly to equivocate the two. Thats what I’m responding to.

If it's not for their own use, whose use is it for? It's literally just for their use. They may promise that they won't use that backdoor for purposes that aren't for your benefit, but that's just their promise. And how do they define "for your benefit"?

How secure from other attackers that back door is is only one aspect. It's important (and important to remember the truism that "if there's a way to access it legally, there's a way to access it illegally"), but not the only issue. Even if we assume that hackers really can't get in that way, the backdoor and the data collection are still unacceptable to me.

It would help me understand your concern if you pointed to the data collection and use thereof that you consider unacceptable.

The way I see it, you’re essentially uncomfortable with Tesla being able to update the software on your system (which is also opt in BTW). Do you feel this way about all products that auto-update?

This was the only point I was actually making, yes.

> But don’t go spewing certifiable nonsense about how Tesla backdoors your car and steals your personal data for profit.

Aside from niggles about what constitutes a "back door", I was not doing that.

> There is nothing in their terms or privacy policy that indicates this is happening, and data collection that could expose PII is opt in.

None of that is actually reassuring, but the reason why is a whole other, very large, discussion.

> The way I see it, you’re essentially uncomfortable with Tesla being able to update the software on your system (which is also opt in BTW).

No, I'm uncomfortable with the data connection to Tesla. I'm uncomfortable with their data collection, and I'm uncomfortable with them having any sort of control over the car.

> Do you feel this way about all products that auto-update?

Yes. I consider auto-updating to be harmful. But the reasons why are another long, separate, conversation.

Again, I have no idea what you mean by "their data collection". What data are they collecting and how specifically is it being used in an untrustworthy, and harmful way? Our interests are aligned to get to the bottom of how Tesla handles data, because I don't want to own a car that is spying on me and you want a world where the internet doesn't exist (only half tongue in cheek).

EDIT: Also just so you're aware, did you know the car part of a Tesla works entirely offline at 100% capacity? Did you know the infotainment system, hud, etc. software can crash and you remain in complete control and full operation of the vehicle while it restarts. If you went in an disconnected the LTE antenna you'd have a connection-less Tesla. The fact that Tesla has designed the car this way speaks just a little to the quality of their engineering. The car is more like a plane than you'd think.

As I understand it, they are collecting data about the operation of the cars.

> and how specifically is it being used in an untrustworthy, and harmful way?

I didn't claim that it was. I was expressing my objection at it being collected. I have the same objection to similar data collection by software, electronics, etc.

Allowing data collection is an act of trust. Tesla (like most companies) has not earned that trust, and speaking generally, this trust has been so commonly abused that I give nobody the benefit of the doubt.

> you want a world where the internet doesn't exist

Your tongue may only be half in your cheek, but this statement literally could not be more wrong.

> did you know the car part of a Tesla works entirely offline at 100% capacity?

I would certainly hope so! If it didn't, I'd be saying that Tesla's design was inherently broken. I'm not saying that.

Since you are claiming I have opinions that I do not have, I clearly have done a terrible job explaining what my opinion is. It's pretty simple: the collection of usage data has been widely abused for a long time. Because of that, I have zero trust in almost any company that they won't abuse any data they get about me or my use of my machines. I think that's been well-earned. Teslas (as well as other cars) collect a great deal of data. I object to that.

It isn't because "Tesla sucks" or anything specific to Tesla. It's because Tesla (and not only Tesla) is engaging in a practice that historically has been abused.

You're missing the part where it's not inherently linked to your PII without your consent (for example during a troubleshooting session).

> Since you are claiming I have opinions that I do not have, I clearly have done a terrible job explaining what my opinion is.

/eyeroll. I said I was playing.

Okay. I understand what you're saying. Removing all other noise, you just don't want data collected and Tesla hasn't done anything to earn your trust.

My response is simply that I think this is a blanket assessment that comes from an uninformed position about how Tesla's product actually works vs other car manufacturers vs tech companies in general, and that you're unfairly lumping Tesla in with #abusivebigtech. There's a lot of security research and evidence that supports the conclusion that Tesla does give a shit about both the security of their platform and the privacy of their users. In the absence of evidence suggesting Tesla abuses user trust, I do not presume guilt because that's a pretty harmful MO. Since your argument is essentially "but they're big tech", I can't help drawing the conclusion that your position on this topic boils down to that of a HN curmudgeon.

---

Anyway... car manufacturers aside, I'm also really struggling to understand what your proposed solution is where service providers don't have any data about users. (Let's not even get into in-product functionality like needing to uniquely key a user's account or send them communications.) Serious question: have you ever built a product? Not having any data whatsoever is great (I've tried it, trust me I used to think very much like you do)... for about 30 seconds until one of your users has a problem. They write in and oh shit now you've got their email. Let's sweep that under the rug for a second, you read their request for support and what do you do? You have absolutely no way to help them so your response is limited to "we don't collect software telemetry in any way sorry frustrated user, you're SOL". That's generally understood to be a wholly unacceptable response from a company the user is paying for a working product, so what privacy conscious companies with good product experiences do is [ask the user if they can] collect anonymous diagnostic and usage information. This gets you a little further, but you still can't do anything to help that user who wrote in because you can't find their telemetry since it's all totally anonymous. So you realize the lesser of two evils is to collect anonymized telemetry. This data doesn't contain the user's PII, but if the user consents, they can share the necessary identifier with the company when they submit the support request, and voila you can investigate and solve the user's issue, leaving the user happy.

The point is that you can't just unilaterally obliterate all data collection and remote connections and end up in a perfect world. You have to have a conversation with users about what data is collected and whether it's okay for it to be collected. I think this idea that the "good" state for software products is zero data and anything more than that is abusive is in fact harmful. It's harmful to product user experiences and it's harmful to protocols and standards when they weirdly hyper focus on specifying things in ways where access to unique identifiers is either nonexistent or controlled (rather than just designing for user permission). It gives incredible power to central authorities when you tell everyone they can't know anything about anyone, unless they're a blessed platform. Anyway I'm rambling at this point, but I'm really just curious how your vision for software actually works in practice. I don't see it without some radical shift where everyone refers to each other by the mnemonic version of their public keys or something incredibly foreign.

No, I'm not missing that. It's just not a significant point to me, in large part because I think that the definition of "PII" is too narrow. For instance, I consider the identity of the specific car I drive as being PII.

> you just don't want data collected and Tesla hasn't done anything to earn your trust.

Yes, exactly. And that's not a special stance about Tesla. It's my stance with most companies.

> I think this is a blanket assessment that comes from an uninformed position about how Tesla's product actually works

I'm sure that's true. But, honestly, I have no motivation to spend the time and energy to inform myself about how Tesla handles this stuff. To do so in any meaningful way is a moderate research project that I'd have to have some real reason to engage in. I don't think it's unreasonable to follow a larger heuristic until there's some reason to pay attention to a particular product or company.

> I can't help drawing the conclusion that your position on this topic boils down to that of a HN curmudgeon.

Draw whatever conclusion you wish. I haven't arrived at my attitude arbitrarily or through some sort of "big tech bad" mentality. It's due to years of actual experience.

> Serious question: have you ever built a product?

Not that it matters, but yes, many. Several rather successful ones. The odds are reasonable that you're even using one or two of them.

> You have absolutely no way to help them so your response is limited to "we don't collect software telemetry in any way sorry frustrated user, you're SOL".

This just isn't true at all. I've never had to say anything like that. Blanket telemetry is not necessary to help customers with malfunctions -- if it were, then all the software that I (and everyone else) sold and supported before telemetry was even possible would have been impossible to support.

That said, I have occasionally gathered telemetry as part of the support process. But it's on a case-by-case basis with the full cooperation of the customer, not a blanket thing the I subject all customers to.

And, to be clear, I'm not opposed to telemetry in general. I'm opposed to forcing it on people, or engaging in it without their informed consent.

> I think this idea that the "good" state for software products is zero data and anything more than that is abusive is in fact harmful.

My position is certainly not that all data collection is abusive. My position is that our industry has been widely abusive in terms of data collection.

So VIN (vehicle identifier) is not included in the data collection, and, though Tesla collects the anonymized data by default in the US (this is not true in countries with stricter laws requiring any data collection to be opt in instead of opt out), you opt in to sharing anything that de-anonymizes it as needed. You also generally opt in to the collection of larger or more sensitive data (even in the US), on a use-case bases. I can go into settings and enable/disable road segment data, for instance. The Tesla privacy policy is a 5 min read and deliberately accessibly worded.

I know you're acting in good faith, but I see this theme reappear on HN (and generally) where people cry out for change, society responds, and then the people who asked for change are too jaded to believe that it's possible that somebody listened. Or it's "too big of a research project" to care. That's the reason I'm even arguing the point here. If we were talking about Facebook I wouldn't give it the time of day because there just isn't anything redeemable about their past actions or current product. But you're talking about how you are compelled to go buy an old used gas guzzler as your next car because there isn't a car company today that is possibly trustworthy. As a person who cares about privacy and security, and as a Tesla owner, I'm simply challenging you to maybe check your gut heuristic on Tesla, because they make a really good product, have been positively received in the security community, and have a privacy policy that reads like they care about treating your data with respect. I could be wrong in the future and you get to say I told you so. But if not, they might be a solution to your problem once you're in the market.

Nobody will "own" their car, anyway.

And if that doesn't happen, then I guess I won't be using a car. Which is probably the best idea in terms of environmental impact, anyway.

Good bye high speed chases.