A pirated car would just be a more free way to access the $10k/yr pay wall you live your life behind. Car-dominant infrastructure is vendor lock in.
Edit: fixed picture
Everything is crackable, I bet the software in the car is as cheaply made as everything else
Worse, generally. Car manufacturers are completely awful with privacy and also very bad at security.
this subscription involves a mobile plan and access to a backend service though
So you’re PAYING for the vulnerabilities this time?
There is plenty of subscription or always online software out there that is cracked and fully working, Adobe products, Microsoft office, Spotify, etc.
Obviously any service that can’t be replaced with a free or open source alternative won’t work, first thing I think that would be on the chopping block would be anything that uses GPS, though that’s just a guess, I don’t really have intimate knowledge of this
Many run on a fork of android iirc.
It’s kinda depressing to see bunch of people who support the subscription model in my post comments for something that you already paid & own
As they pointed out in your original post, it’s not, “the subscription model…for something that you already paid & own.” This isn’t subscription seat warmers, it’s paying for an additional service outside the car. You can argue it’s too expensive, but without their internet connection and servers, these features wouldn’t be possible.
Remote start has been around for well over a decade and did not require internet or a subscription. If you just subscribe and use the feature then clearly the neccesary equipment for remote start is already installed and you paid for that equipment regardless if you use the subscription service.
@FireRetardant @n2burns Remote start can mean different things. I’d hope a subscription based one was via a server and works where normal direct RF fobs wouldn’t (like from another country).
If it is just direct RF based remote start that shouldn’t be a subscription.
Why would anyone need to start a car from another country?
@Professorozone Yes that would be a bit silly (but could be useful to do for your SO when they have an issue while you are on a trip). But just from the top of a tall housing tower to a car in the basement needs something better than a RF fob
The curfew alert could be more applicable when in another country.
But that would be more like a “keyless driving feature” than remote start, wouldn’t it?
Yeah, I suppose a longer distance remote start would be more useful.
So what happens when your car has no cell service? Or you don’t own a phone that supports the app? The only use case I can see is long distance remote start but I’m struggling to determine why someone would reasonably need that.
The only reasons they went away from RF is to justify subscriptions and further push the smart device trend where everything can connect to your phone.
RF range is very limited and there is no feedback of success/failure or current state. My neighbour’s RF remote start wouldn’t work through 2 townhouses. It also doesn’t work from high-rises or office building.
How often do you lose cell reception in a parking lot? (Mostly open space with few things to interfere with cell signal).
You are aware that there are rf solutions that provide feedback? Not saying range limitations don’t exist, but there are solutions that claim to provide a fair reach.
I am aware. I didn’t think it was necessary to explain that it’s possible to make an data stream reliable, but doing so requires a lot more power which isn’t great for a coin-cell battery.
@n2burns @FireRetardant Basement car parks can be pretty bad for connectivity.
If you’re in a basement, you don’t need remote start. It’s really only for when your car is exposed to the elements.
RF range is very limited
RF range deployed by most vehicles, yes. Not all RF is equal in range capability.
See “Frequency bands” https://en.wikipedia.org/wiki/Radio_frequency
Below 3 Hz >10(power 5) km
I’m very aware of RF bands. I didn’t think I needed to explain how RF worked, why the range of a car remote is so limited, and why is impractical to use a lower band. As the frequency gets lower, the data throughout decreases and the size of the antenna should increase.
@FireRetardant Also no one is implying network based should be the only method.
There’s no need to host servers for 99% (maybe 100%) of this stuff. All the remote start features can be done through a direct connection between your phone and car. There’s no need for a third computer to be involved, except to check if you’ve paid for it. As long as your car has wifi access (or phone network access, which would need to be paid for) then it can communicate with other devices on the network/internet. Sure, you still have to pay for the internet, but that’s paid to the ISP, not the car company.
I’m not sure which direct connection you’re thinking of, but for most phones that would be limited to WiFi (probably WiFi Direct), Bluetooth, and maybe NFC. NFC range is tiny and Bluetooth’s is pretty small. WiFi’s range is approximately the same thing as an RF remote, which isn’t great.
Also, if we did have direct connection (which would be great for confirming the start worked, and the status of the car), why would we need internet??
By direct I meant routing to the car and user device, not through company servers. There’s no need for that. Both devices are computers. The only reason the company would need it routed through them first is to make sure you’ve paid up.
- That would mean the vehicle still needs an internet connection, presumably a cell connection, which is a service.
- Removing the manufacturer’s server would make the car the server, and would mean exposing your car to the whole internet. That’s a bad plan.
-
Yes, I mentioned that. However, the cell plan would be a lot cheaper. There shouldn’t be a lot of data coming through.
-
It would mean exposing it as much as any other device is exposed. It’d have a port open and listening for communication. Honestly, I’m pretty sure it’d be identical to how it is currently. It’s not like sending the communication from the company server is any different than from any other device. Its not connecting directly to the company’s servers. It’s a wireless service. Sure, it needs security measures, but it already needs that.
-
Features like this really do require a subscription model. This isn’t enabling remote start by pressing a key on your fob. This is sending a request to a server, which connects to a cell tower to broadcast signal saying “turn on this car”. That stuff ain’t free. Someone has to pay AT&T for the data connection.
What BMW was (is?) doing is abhorrent. You’re buying a car with heated seats, and you have to subscribe to hit the button.
Features like this really do require a subscription model. This isn’t enabling remote start by pressing a key on your fob. This is sending a request to a server, which connects to a cell tower to broadcast signal saying “turn on this car”. That stuff ain’t free. Someone has to pay AT&T for the data connection.
Only because they unethically intentionally designed it that way, when they could’ve just as easily picked a different design that could’ve worked entirely locally. They are inventing excuses for rentiership.
They almost always do offer a key fob based remote start option in addition to their app based remote start.
Well, the manufacturer rarely does but the dealership often tries to sell them as an added revenue stream.
They vary from OK to dreadful. But it’s still an option vs this remote services system if you don’t like it.
Also the added bonus of collecting data to sell too
Then let me have the remote start that has existed for decades as ONE option (without a monthly subscription), and the remote start that requires an entire infrastructure that isn’t required for me to look out my window and remote start my car as an option for those who want or need it.
They largely all do. As a factory installed option, or worst case dealer installed but OEM option. Not aftermarket dealer installed, OEM.
see: Smart Key — Remote Start
That’s Kia - I thought we were speaking more broadly. We drive a Toyota product and were offered nothing but the app. However, to your point that may have been poor salesmanship.
Sure, you need to pay for the connection, whether wifi for cell. There’s no need for specific servers or computation to take place. Yeah, you’ll need to pay for another (low data usage) phone line probably, but that should be it.
IMHO, It makes sense though. Piracy and open source are two approaches to attacking the enclosure of public (intellectual) space. Roads for cars are literally an enclosure of public space. The subscription model just extends from this logic.
Edit: These are also things that make sense because the car has to have cell service via a provider.
These are things that need a subscription, though… These are remote features that require internet connectivity and application serving. Things that don’t just come with a one-time fee. These are actual services being provided by Kia or Hyundai. This isn’t the same as putting a hardware feature of your car behind an arbitrary pay wall.
Then I should be able to self-host these softwares.
You would still have to pay an ISP to connect it, but an open source, self hosted version would be ideal.
You wouldn’t be able to communicate with the car at a distance though.
How do car manufacture communicate with these cars?
4g most likely
Then if the manufacture is just communicating with the car using standard internet, what is stopping self-hosted software communicating with the car?
Yeah on second thought it likely has to be satellite or something.
Otherwise roadside assistance would be shit haha
What it boils down to is why would a company spend money so a small percentage of tech enthusiasts who buy their cars can use advanced features for free.
We always forget we’re a tiny percentage of any market.
Otherwise roadside assistance would be shit haha
If I have to guess, I think they are probably on different systems. As roadside assistance pre-dates smart cars, and satellite in general has pretty bad receptions under a roof.
What it boils down to is why would a company spend money so a small percentage of tech enthusiasts who buy their cars can use advanced features for free.
Because “laws”.
Of course, there is no way to let corporate do good on its own. Corporates will never respects its user, the environment, and basic consumer rights; if they are left to operate on their own.
If the EU can force apple to care a little bit about the environment and basic consumer rights, then they probably can let the car companies do the same.
Is it compatible with my covid vaccine 5g chip?
Then hook up a 4g hotspot to the car’s battery and bypass their services
An internal Ethernet connection to a replaceable cellular modem would be a solution to this as you could use whatever carrier you want to, or just replace the cellular modem with any other source of internet connectivity you choose.
149 to send a ping to locate a car? For an API call to lock unlock? How many API calls are worth 149 per year? In which world?
Make the car cost £400 more, once, when it’s bought first hand. That will cover any costs for the lifetime of the vehicle. There you go, chuck the subscription in the sea.
These are software features that need an open, secure API.
yeah, i agree. it costs them money so there’s little to no incentive to run that stuff for free.
also the price is reasonable (about as much as a single Nano ec2 instance on aws + mobile plan that’s required to connect the car to the internet) and pretty much negligible when compared to amount of money you’ll be spending on that vehicle anyway.
then there are privacy concerns tho. do you trust kia with knowledge of your exact car location, 24/7? (I’d assume it doesn’t connect to their servers without the subscription?)
also that information (Exact location of all kia vehicles, with exact model numbers and registration information) seems like a goldmine for car thieves if leaked (or accessed by a third party.)
also, fuck heated seat other hardware/local software subscriptions@FlexibleToast @hex_m_hell Yes, but the car you own has all the capability to do the above things, why can’t I use the server in my basement to provide the remote components of the services?
The vast majority of people won’t know how to manage a server in their basement. It makes no sense to invest in this capability that will be utilized by an extremely small fraction of car buyers.
I would very rarely advocate for a subscription service but this one makes as much sense as a mobile phone plan.
@MethodicalSpark But they may want to have it interact with some other hosted service they already pay for.
I see your point but the costs to most if not all of what they offer are minimal… And for sure most of that could be a single payment when buying the car, calculated an estimated usage during the estimated life of the car, they could just be part of the price of the car not even indicated.
Don’t worry there will be some vulnerability with the CPU that they wouldn’t be able to patch out fully.
you’re paying for a backend service and a constant internet connection for your car here though, not for some client side feature that can be easily unlocked
If i can put my own sim card in why not?
- they’re not using a conventional network
- they still have to pay for the backend infrastructure
- my point is that this is not a client side feature, so it can’t be unlocked by some cpu vulnerability. This is a case in which a subscription service DOES make sense
- Who asked them to do that?
- Who asked them to be the sole provider of that infrastructure? give me the server exec to host locally
- They designed it that way to justify this shit. I hope they all get fucked.
In the end we are in cat & mouse situation
Vulnerability found > hacker cracked it > car company figure it out > vulnerability get patched
It’s same issues with John Deere tractor, from what i heard many farmer hire bunch of hacker to crack the softwareYeah i hope this just strengthens these licenses. ive heard about john deer being hacked at dfcon but man these companies are scummy.
I mean some people figured out how to crack a tesla to enable all the features including the secret “Elon” mode so.
Curious, what was the “secret Elon Mode” about?
Full self-driving without driver monitoring.
Which is just fantastically dangerous and poorly advised. Very appropriate for it to be called “Elon mode,” if nothing else.
It really is appropriate
But the script that crack it never released in public AFAIK
Maybe we need to wait & lurking for some time untill the script finally release in publicthere is no real script to do it. They released the full research paper on it and basically you pull part of the infotainment system low as it boots and it opens the maintenance menus that allow you to grant entitlements. It’s a 100% physical attack. It also probably gets reversed every so often as mothership “detects problems” with your tesla.
Hell yeah! Fuck car dependent infrastructure!
Vote with your wallet.
Congratuations, you’ve fallen for the propaganda. That sentiment is nothing more than corporate astroturfing against effective regulation.
Love this comment
I remember back in the old days when remote start was a thing you paid someone to install in your car and, in those days, “remote climate” was remote start plus remembering to set it on high before your got out.
Subscriptions are dumb, you should be able to buy these outright, but there are people who can’t so 🤷🏻♀️
Edit: but for remote lock and alarm, those have been around for ages. That should come standard.
I think a lot of this conversation boils down to someone needing to make an ESP32 device that sits in your OBD port and can be addressed directly for those who have a car that can connect to your home WiFi. I feel like one of those already exists…
“You wouldn’t download a car?”
deleted by creator
So, until 2017?
deleted by creator
If this isn’t a lease then it will never hold up in any state court, John Deere and Apple already tried something similar to this over right to repair and lost miserably in every state it was tried in. I’m actually surprised they tried this after the epic payout John Deere had to make after the class action lawsuit against them.
I think a major reason for these models is that the more that the car becomes a computing device, the more that it’ll require regular patches and optimizations. Being connected to the servers and using services that route through it lets them gather usage data, offer some extra features that can functiom from anywhere, and update security and functionality (which would possibly involve full time developers I suppose).
It does seem greedy (way overpriced), but this isn’t the same as disabling hardware that you need to sub to activate (a la seat warmers). Plus it’s all still pretty cutting edge tech atm and I usually tell people that means you’re choosing to fund its early development (and being a beta tester) over using more standard and tested products.
Outside of self driving cars there isn’t a reason cars should become a computing device though.
If you want to end a car centric infrastructure in favor of bikes or velomobiles you would still want self driving cars that you only use for special tasks. Robotaxies or robo busses. Then it makes sense to not own a car.
I think e-cars are more computer-like as they’ll prioritize optimizing as much of the system as possible to maximize battery mileage; performance/riding experience as a live service; DRM; probably pretty hackable.
Driverless autonomy could also potentially turn pedestrian cars into part of the public transport system if people can have their idle cars work like taxis (not sure if this would involve things like smart contracts), but unfortunately it seems like the actual last piece of the puzzle that car companies aren’t gonna crack any time soon.
@LarmyOfLone @BR4 Safety aids can involve plenty of computing and getting those constantly improved can aid in keeping people alive.
So there is some good reason to go that way. (But that may not be what is driving car companies to do it)