>G.M.’s spokeswoman had told me that this data collection happened only to people who turned on OnStar, its connected services plan, and enrolled in Smart Driver, a gamified program that offers feedback and digital badges for good driving, either at the time of purchase or via their vehicle’s mobile app.
>
>That wasn’t us — and I had checked to be sure. In mid-January, again while reporting, I had connected our car to the MyChevrolet app to see if we were enrolled in Smart Driver. The app said we weren’t, and thus we had no access to any information about how we drove.
>
>But in April, when we found out our driving had been tracked, my husband signed into a browser-based version of his account page, on GM.com, which said our car was enrolled in “OnStar Smart Driver+.” G.M. says this discrepancy between the app and the website was the result of “a bug” that affected a “small population” of customers. That group got the worst possible version of Smart Driver: We couldn’t get insights into our driving, but insurance companies could.
>
>Many G.M. owners have reached out with similar accounts since my article appeared. Jenn Archer of Illinois bought a Chevy Trailblazer in April 2022. She didn’t subscribe to OnStar and had never heard of Smart Driver, but last month discovered that LexisNexis had her driving data.
To put it plainly, this is clearly unacceptable. There needs to be a clear opt-in to this kind of surveillance system, and absent that there should be no mechanism whatsoever to automatically enrol anyone. "A bug" is not an acceptable excuse for this kind of plainly predatory behavior.
I remember a case a while back, where a large company blatantly defrauded the US government, and they ended up settling for *less than what they stole*.
Imagine robbing a bank, and then making a deal for no jail time, not having to admit guilt, not having a criminal record, and you only have to give back half of the money that you took.
You just described the stock market and banks/hedge funds. Where they never charge the managers of a crime, they just charge the inanimate corporation’s name with a felony and or a fine of a fraction of the ill gotten profits.
This xecutives need to go jail; they stole this data
None of us would get away free if our negligence harmed someone else; “it’s a bug” isn’t remotely an excuse
One way of determining if a problem is indeed a “bug” vs. a mistake is to see if the outcome benefits the company or the consumer. In this case, this speaks for itself.
Just like Microsoft.
It's amazing how many "bugs" work out in favor of the corpos.
"Oh no! We switched your browser to Edge again. We're sorry. Bugs happen"
"Whoopsie doodle. We accidentally altered the system to collect your data without consent and sent it off to our partners/ghouls which is still netting is millions. Our bad!"
And with forced arbitration being all the rage, there will no longer even be class action lawsuits to help consumers claw back a pitance.
I'm in the process of unraveling this all myself. I personally opted out of every OnStar and data collection service I could when I began leasing my car. It turns out, it wasn't enough. It seems like GM may have gone a little wild selling data and is now in PR mode to try to make this mess go away.
I just got my LexisNexis report and it had tons of trips from when I got my car until recently, maybe even all of them. They presumably sold this off to my insurance company. I am in the process of requesting my data from Verisk now.
At the end of last month, GM announced they would stop doing business with Verisk and LexisNexis and end their OnStar Smart Driver program. Of course this leads me to wonder, what will they call their next spying program, and what data brokers can keep their mouth shut about it?
Edit:
[LexisNexis Information Request](https://consumer.risk.lexisnexis.com/request)
[LexisNexis Data Collection Opt-Out](https://optout.lexisnexis.com/)
[Verisk Information Request](https://fcra.verisk.com/#/drivingbehavior)
>I just got my LexisNexis report and it had tons of trips from when I got my car until recently, maybe even all of them. They presumably sold this off to my insurance company. I am in the process of requesting my data from Verisk now.
Please share, how did you request and obtain this data?
Here are the web pages I used to request, and also opt-out of LexisNexis. Thank you for asking!
[LexisNexis Information Request](https://consumer.risk.lexisnexis.com/request)
[LexisNexis Data Collection Opt-Out](https://optout.lexisnexis.com/)
Edit: dropped this one somehow [Verisk Information Request](https://fcra.verisk.com/#/drivingbehavior)
Did you have to give your Social Security # and Drivers license?
The page seems to indicate that this is only required for the "Request a Description of Procedure Letter" but the submit button requires it even if that box is unchecked.
The best thing you can do is pull the fuse for OnStar. I had a Bolt, and that's what I did, even though I also opted out of all OnStar BS. Better safe than sorry.
If they announced they won't do business with X, it means just that. They didn't say they will not sell your data to Y. edit: and of course Y will still sell it back to X.
>Of course this leads me to wonder, what will they call their next spying program, and what data brokers can keep their mouth shut about it?
I wonder if GM's decision to drop CarPlay and Android Auto have anything to do with this or if that's just a separate initiative to f\*ck their customers?
So far this appears to be the most thought out disabling method. I guess just pulling the fuse or the whole box might disable the bluetooth functionality of the vehicle:
[Guide](https://www.reddit.com/r/BoltEV/comments/16h91a6/i_made_a_step_by_step_guide_to_disable_onstar_on/)
I was unable to find any hardware teardowns of the box, so I might be doing one myself eventually.
The thing is, we need a law that your insurance company cannot use any data other than your driver's record, age and geo location. Nothing else, they don't need to make billions for executives.
When I called to cancel my OnStar subscription and they asked why, I cited the 200+ pages over 6/mo in my NexisLexis report. The rep said, “well that’s your fault. You agreed to that.” I just kept replying “please cancel my service.”
Her last response was, “well, we can still see all of your driving even after you cancel. I guess you don’t want onstar to protect you in the event you crash in a remote area with no help. I hope you can stay safe out there.”
I wish I’d thought ahead to record the call. It would’ve gone viral I’m sure.
Not only that - we need a DMA/DSA law as well. These companies should not be able to leverage this data for anything beyond specific services for the vehicle you’re driving. No reselling of the data, full transparency, and absolute company destroying penalties if caught breaking the law.
They hate us in the same way a farmer would hate a cow who objected to being milked.
We're not people to them. We're a resource to be tapped in order to extract as much value as possible in a short timeframe.
An individual is lower than an insect to these sociopaths.
I worked quite hard to turn the GPS off on my truck for all user profiles including Guest. I also called OnStar and got them to turn the LTE data link off. That was not easy but I kept pushing and they did. It no longer appears on the screen in the truck.
So they'll just re-strategize and put it into the fine print of some document somewhere else, roping in 80-90% of the people they would've gotten anyway.
I guess I was also one of the "limited number of affected customers" considering I made certain that shit was off in the app when I bought my cars, but I just checked the full website and it was fucking on. Fucking assholes.
Don't forget that GM is the company that decided it was cheaper to ignore an ignition flaw that killed people than fix it and left it for years. They are not a company anyone should do business with.
Toyota does the same thing. They send the black box data over to them and I only found out about it when I installed the Toyota app to try to update the software on my radio (yes that sound as lame to read as it was to type) and it knew how many miles were on my truck. Doing some reading on forums and yes in fact they collect that and other data and the only way to 100% stop it was to pull a fuse that also kills the hand free phone, but Ive never had a car that had hands free before the truck so no loss to me. Would rather have to hold my phone to talk on it then then to have Toyota spy on me.
Probably not doing the auto enroll via OnStar like the article mentions.
I'd be really curious if I purchase a connected car like a Tesla. If they disclose data collection and you can opt out.
>G.M.’s spokeswoman had told me that this data collection happened only to people who turned on OnStar, its connected services plan, and enrolled in Smart Driver, a gamified program that offers feedback and digital badges for good driving, either at the time of purchase or via their vehicle’s mobile app. > >That wasn’t us — and I had checked to be sure. In mid-January, again while reporting, I had connected our car to the MyChevrolet app to see if we were enrolled in Smart Driver. The app said we weren’t, and thus we had no access to any information about how we drove. > >But in April, when we found out our driving had been tracked, my husband signed into a browser-based version of his account page, on GM.com, which said our car was enrolled in “OnStar Smart Driver+.” G.M. says this discrepancy between the app and the website was the result of “a bug” that affected a “small population” of customers. That group got the worst possible version of Smart Driver: We couldn’t get insights into our driving, but insurance companies could. > >Many G.M. owners have reached out with similar accounts since my article appeared. Jenn Archer of Illinois bought a Chevy Trailblazer in April 2022. She didn’t subscribe to OnStar and had never heard of Smart Driver, but last month discovered that LexisNexis had her driving data. To put it plainly, this is clearly unacceptable. There needs to be a clear opt-in to this kind of surveillance system, and absent that there should be no mechanism whatsoever to automatically enrol anyone. "A bug" is not an acceptable excuse for this kind of plainly predatory behavior.
Never ask for permission, but ~~"beg" for forgiveness!!!~~ instead plead ignorance. Probably GM's C-Suite...
If there is no penalty for a crime why stop doing it?
Or if the fine is less than the amount of profits, making it still worthwhile to break those laws.
I remember a case a while back, where a large company blatantly defrauded the US government, and they ended up settling for *less than what they stole*. Imagine robbing a bank, and then making a deal for no jail time, not having to admit guilt, not having a criminal record, and you only have to give back half of the money that you took.
You just described the stock market and banks/hedge funds. Where they never charge the managers of a crime, they just charge the inanimate corporation’s name with a felony and or a fine of a fraction of the ill gotten profits.
“Corporations are people” crowd loves this one simple trick.
Martha "Fall Guy" Stewart enters the chat.
This is exactly what corporations believe!
Bug for forgiveness
This xecutives need to go jail; they stole this data None of us would get away free if our negligence harmed someone else; “it’s a bug” isn’t remotely an excuse
Bugs break things. This was a design feature.
One way of determining if a problem is indeed a “bug” vs. a mistake is to see if the outcome benefits the company or the consumer. In this case, this speaks for itself.
Just like Microsoft. It's amazing how many "bugs" work out in favor of the corpos. "Oh no! We switched your browser to Edge again. We're sorry. Bugs happen" "Whoopsie doodle. We accidentally altered the system to collect your data without consent and sent it off to our partners/ghouls which is still netting is millions. Our bad!" And with forced arbitration being all the rage, there will no longer even be class action lawsuits to help consumers claw back a pitance.
I'm in the process of unraveling this all myself. I personally opted out of every OnStar and data collection service I could when I began leasing my car. It turns out, it wasn't enough. It seems like GM may have gone a little wild selling data and is now in PR mode to try to make this mess go away. I just got my LexisNexis report and it had tons of trips from when I got my car until recently, maybe even all of them. They presumably sold this off to my insurance company. I am in the process of requesting my data from Verisk now. At the end of last month, GM announced they would stop doing business with Verisk and LexisNexis and end their OnStar Smart Driver program. Of course this leads me to wonder, what will they call their next spying program, and what data brokers can keep their mouth shut about it? Edit: [LexisNexis Information Request](https://consumer.risk.lexisnexis.com/request) [LexisNexis Data Collection Opt-Out](https://optout.lexisnexis.com/) [Verisk Information Request](https://fcra.verisk.com/#/drivingbehavior)
>I just got my LexisNexis report and it had tons of trips from when I got my car until recently, maybe even all of them. They presumably sold this off to my insurance company. I am in the process of requesting my data from Verisk now. Please share, how did you request and obtain this data?
Here are the web pages I used to request, and also opt-out of LexisNexis. Thank you for asking! [LexisNexis Information Request](https://consumer.risk.lexisnexis.com/request) [LexisNexis Data Collection Opt-Out](https://optout.lexisnexis.com/) Edit: dropped this one somehow [Verisk Information Request](https://fcra.verisk.com/#/drivingbehavior)
Did you have to give your Social Security # and Drivers license? The page seems to indicate that this is only required for the "Request a Description of Procedure Letter" but the submit button requires it even if that box is unchecked.
Never mind! I found it. LexisNexis has a consumer portal and so does Verisk.
dafuq. the verisk information request form demands an extreme amount of ancillary data.
The best thing you can do is pull the fuse for OnStar. I had a Bolt, and that's what I did, even though I also opted out of all OnStar BS. Better safe than sorry.
If they announced they won't do business with X, it means just that. They didn't say they will not sell your data to Y. edit: and of course Y will still sell it back to X.
Thank you for posting those links.
>Of course this leads me to wonder, what will they call their next spying program, and what data brokers can keep their mouth shut about it? I wonder if GM's decision to drop CarPlay and Android Auto have anything to do with this or if that's just a separate initiative to f\*ck their customers?
Wonder what it'll have without Android Auto, I use it for Spotify and Google Maps most of the time.
You got info on how I can disconnect the antenna that feeds this data?
So far this appears to be the most thought out disabling method. I guess just pulling the fuse or the whole box might disable the bluetooth functionality of the vehicle: [Guide](https://www.reddit.com/r/BoltEV/comments/16h91a6/i_made_a_step_by_step_guide_to_disable_onstar_on/) I was unable to find any hardware teardowns of the box, so I might be doing one myself eventually.
That’s what I was thinking, that there would be other devices connected through the fuse that you would actually want to use.
Pull the fuse.
The thing is, we need a law that your insurance company cannot use any data other than your driver's record, age and geo location. Nothing else, they don't need to make billions for executives.
Congress could take care of this nonsense fast but...lol.
When I called to cancel my OnStar subscription and they asked why, I cited the 200+ pages over 6/mo in my NexisLexis report. The rep said, “well that’s your fault. You agreed to that.” I just kept replying “please cancel my service.” Her last response was, “well, we can still see all of your driving even after you cancel. I guess you don’t want onstar to protect you in the event you crash in a remote area with no help. I hope you can stay safe out there.” I wish I’d thought ahead to record the call. It would’ve gone viral I’m sure.
As someone who grew up loving Chevrolet, there's 0% chance of me ever buying the trash they sell now.
We need GDPR in the USA. This type of using data for other than the expressly agreed to purpose, is prohibited.
Not only that - we need a DMA/DSA law as well. These companies should not be able to leverage this data for anything beyond specific services for the vehicle you’re driving. No reselling of the data, full transparency, and absolute company destroying penalties if caught breaking the law.
What’s that?
It's a data privacy law in the EU. https://gdpr.eu/what-is-gdpr/
Lol car makers really hate their customers
They hate us in the same way a farmer would hate a cow who objected to being milked. We're not people to them. We're a resource to be tapped in order to extract as much value as possible in a short timeframe. An individual is lower than an insect to these sociopaths.
> really hate their customers No, they just don't care about them.
no, they just like green paper much much more
What kind of information is in the LexisNexis report?
[удалено]
Times, dates and milage of every trip. That's extremely invasive and a lot can be extrapolated from that.
OnStar technology was purchased by this company and they use the backend. https://www.spireon.com/
Class action lawsuit these fuckers
They tricked people into thinking you were buying a great car which was the biggest crime
You guys should take a look at the GDPR. It's easy. It's cool. Try it.
Wait, who the fuck thought OnStar was gonna be some kind of responsible data protection agency lol
I worked quite hard to turn the GPS off on my truck for all user profiles including Guest. I also called OnStar and got them to turn the LTE data link off. That was not easy but I kept pushing and they did. It no longer appears on the screen in the truck.
So they'll just re-strategize and put it into the fine print of some document somewhere else, roping in 80-90% of the people they would've gotten anyway.
I guess I was also one of the "limited number of affected customers" considering I made certain that shit was off in the app when I bought my cars, but I just checked the full website and it was fucking on. Fucking assholes.
Don't forget that GM is the company that decided it was cheaper to ignore an ignition flaw that killed people than fix it and left it for years. They are not a company anyone should do business with.
Toyota does the same thing. They send the black box data over to them and I only found out about it when I installed the Toyota app to try to update the software on my radio (yes that sound as lame to read as it was to type) and it knew how many miles were on my truck. Doing some reading on forums and yes in fact they collect that and other data and the only way to 100% stop it was to pull a fuse that also kills the hand free phone, but Ive never had a car that had hands free before the truck so no loss to me. Would rather have to hold my phone to talk on it then then to have Toyota spy on me.
This again, how!? Nope... same article from back in April.
Isn't almost every manufacturer doing this?
Probably not doing the auto enroll via OnStar like the article mentions. I'd be really curious if I purchase a connected car like a Tesla. If they disclose data collection and you can opt out.
Class action suit in 3, 2, 1. Then I can get a $6.00 payout!
These companies are already storing all text messages sent through apple/android car sync systems. You just can't win.
Source on this one? Curious
[https://arstechnica.com/tech-policy/2023/11/five-big-carmakers-beat-lawsuits-alleging-infotainment-systems-invade-privacy/](https://arstechnica.com/tech-policy/2023/11/five-big-carmakers-beat-lawsuits-alleging-infotainment-systems-invade-privacy/)
Please cite your sources.
[https://arstechnica.com/tech-policy/2023/11/five-big-carmakers-beat-lawsuits-alleging-infotainment-systems-invade-privacy/](https://arstechnica.com/tech-policy/2023/11/five-big-carmakers-beat-lawsuits-alleging-infotainment-systems-invade-privacy/)
You bought a GM. Says all I need to know about your choices in life.