On some cars you can also unplug whatever radio/modem doodad is responsible for phoning home. I have a Ford Maverick and disconnected the "telemetry module" which resides under the transmission hump by the front passenger seat.
I no longer receive updates to the infotainment system and I can't unlock the doors with my phone, but I also don't have the dealer emailing me service ads with my exact current mileage and tire pressure.
(one of those things I've seen very little discussion of, the WP page correctly points out that this mandates a mobile-station in every car; although it does not precisely mandate that it be always-on, in practice it will be in order to manage messaging promptly)
This is no longer reliably the case, because the carrier is legally required to provide a minimum set of information about the caller (its location) to the emergency services, which many cannot fulfill if the call was made without a SIM.
In the past they handled the call without that information, but after an incident in 2013 the court ruled that the requirements also must be fulfilled without a SIM (0).
So some carriers (notably all German ones) stopped accepting Emergency calls without SIM, first to not be in violation of the law but nowadays apparently due to "misuse" (?) (1).
I mean, even back in the OnStar days, you could "opt out" and cancel the service and it would track you anyway. With BYD or any other car maker, I'd be worried the SIM was a placebo.
This is where things like a HackRF or flipper zero are useful - leave a scan running over 24 hours from multiple fixed locations within the vehicle and you can detect if there are any wireless transmissions, and then triangulate on exactly where they come from using several pieces of yarn cut to the length of estimated distance from the source.
Cars should be independent, local only devices. Having cloud dependencies is just reckless and stupid.
Anyone know of reviewers that do this for cars? I just don't see privacy focused reviews on basically anything. We have reviews about how reparable things are and how good/bad the features are but rarely do I see privacy mentioned or in-depth analysis of TOS and the like to give buyers a sense of how good/bad cars and other devices are. Does everyone just assume it is terrible and go on or is there some reason this isn't a top level item for journalists to evaluate?
You'd need to differentiate between sources - you'd want to capture every signal, then sort into buckets by frequency, by regular timing, and so forth - if a device is sending a burst every 5 seconds, then you can grab every 5 second occurrence of a signal at that frequency and make a reasonable assumption that all that data is from the same radio.
You can filter for all the frequencies that show up regularly, then you differentiate by signal strength - group occurrences of the same frequency into similar dB buckets, then correlate the changes based on new fixed positions within the car, and run some calculations on changes in signal strength to obtain a dB to distance calculation. The strength to distance calculation can be estimated by making some assumptions about the type of radio you're looking for - a simple cellular module is going to be different than a WiFi repeater, or a wireless fob, or a bluetooth tracker.
From the fixed points within your car, you can tie one end of a piece of yarn to where the sensor was affixed, and the length of the yarn should correlate to your dB to distance estimate for that position, and with 2-3 or even 4-5 threads you'd be able to group their loose ends together to get a rough physical indication of exactly where the radio transmission is coming from.
The grouping won't be exact, but it'll literally point in the right direction, and if the threads are too long, or pointing to something buried in the chassis or whatnot, then you can reduce the lengths of your yarns by the same percentage of reduction and they'll be "pointing" at wherever the radio source is.
You're going to get a general location, like "under the dashboard" or "in the glovebox" or "somewhere under the spare in the trunk", not a millimeter precise location. You could probably vibecode a way of processing the data in a browser, and use a bunch of splats and AI modeling of your car and so forth to get a very precise and useful pinpoint of a device with a fancy UI, but you can just use a spreadsheet and text files of logged signal records, the process isn't super difficult.
analytics. same thing anyone that collects data gets. how they use it might be different. most use it to monetize the data. some might actually use it to improve things. because some do use for making money, those that do for actual improving will always be deemed suspect
You are seriously positing that car manufacturers would install decoy sims in their vehicles to discourage people from finding the true sim, all so they might collect data without potential user disruption?
There are a lot of smart TV's (name-brand ones!) that will try to connect to any open wifi. Monetizing from analytics and telemetry are literally priced into the cost of the gadget. A lot of smart TV's will even ship with their cameras turned on. And Hyundai/Kia and Subaru literally disabled certain in-car features for people in Massachusetts after the repair bill passed (https://www.wired.com/story/right-to-repair-cars-hackers/)
Given that, I hardly think that 'decoy sims' are much of a stretch.
This boring paranoia always comes up in discussions about "smart" devices. In theory possible, in practice too many legal issues, so in reality it's never happened. I find it rather dull when someone brings it up.
There's some paranoia here but there's also some truth.
Okay, nobody is putting in a placebo sim, but in software, we DO have placebo controls. If you flip a switch saying "don't track me", that usually means "track me slightly less". If you delete something, that doesn't mean delete it - that means keep it, but say it's deleted.
If you go through the Windows install, for instance, even if you flip off all the stuff it will tell you "we're still going to do this, just in less circumstances".
What are those circumstances? I don't know. I'm not even sure Microsoft knows.
It is crazy how paranoid people can be, IMO. They don't seem to understand that these companies don't really value one person's information highly enough to do stuff like that.
It is everyone's information that they value, not that one guy who goes to the trouble of killing the radio.
What do you imagine their profit per analytics profile to be? I'm genuinely curious. I would think any random individual's data would not be all that valuable.
How far of a jump is it from the buses in Norway with hidden remote access to "decoy sim"? It might not even be a decoy -- it might just be the sim for the "user facing" telematic/infotainment, and there's another, non-optional one.
What did GM gain from lying about turning off On-Star?
The only reason a decoy sim is going a bit far to believe, is because it wouldn't actually work. It wouldn't actually fool anyone and would just look bad when the first reviewer pointed it out a year before the car is even available for sale. If it weren't for that, we already have countless example proofs that a company will do literally anything if it will work merely 1% more than whatever it costs. Including car makers obfuscating and even flat out lying about their various connections.
What do they get out of it? data & control, same as ever.
