I’ll save my outrage for more facts, but if employees can look at my camera feeds without a valid business purpose (and post memes made from them without getting fired immediately) that’s a real problem. If the geotag data is freely available with the video data (and not controlled for privacy) that’s also a huge problem. A company the size and age of Tesla has no excuse for lapses like that.
Many companies are even worse.
Something something, the hackers and computer nerds were right about the dangers of data for years and everyone called them crazy.
power asymmetry between provider and subscriber of any product or service will always be skewed towards provider. act accordingly to whatever degree is needed to ensure your safety and mental health. obviously there will be significant variance between persons in that regard.
i drive non-internet ice cars with comma openpilot. i’ve used every generation of their device. it also has a driver facing camera with full interior view.
i originally ran openpilot without internet except when updating, and would delete all camera data from the device before updating.
these days i leave toggled off upload driver camera, it defaults to off. i don’t use cellular, but i do let it connect to my home wifi for the brief moment before it gets unplugged and put in the glovebox.
my thinking has relaxed a bit because of the ubiquity of cameras around me. passengers in the car have 4 cameras, some very wide angle, typically being held at face level all the time. so do people in adjacent cars or on the sidewalk.
while you can cover your own cameras with easily removable opaque stickers, you can’t do that to the other cameras which inevitably surround you. audio recording is equally challenging to mitigate.
while this incident is serious and hopefully results in legal action and changed user behavior, this type of thing will only become more common.
the right approach is something like what snowden did in his early videos. be very aware that you are constantly surveiled, and go to extreme lengths to mitigate surveillance when necessary.
these days, when typing in our passwords or sharing intimacy, we all need blankets over our heads.
that said, public spaces are not a new concept. for better or worse the distinction between public and private space is changing. we will adapt and it will be fine.
The problem is that:
1) It's very difficult to manually or automatically scrub identifying information from video, and doing so probably greatly reduces the value of the data for AI training purposes
2) If you allow users to delete videos that have been sent, then you no longer have a reproducible corpus of data
3) If you keep the recordings for say, a week, and allow the user to delete them before they're sent, either users don't have the time to review it (reviewing hundreds of Sentry clips comes to mind), or are going to just forget about it and we'll have the same problem.
I suspect they do not want to talk about the data collection too much in general, because just like how Spotify built a major value add (we have lots of playlists) off of tricking users into making user playlists public by default (it's actually very non obvious when playlists are created), having a huge fleet of cars recording video is hugely valuable for development of self driving.
I think where I'm conflicted is that at the same time as I personally consider this kind of thing an invasion of privacy and overall a nuisance, I recognize that there is societal good/value to be gleaned from mass collection of datasets. If we asked users whether they wanted to share their playlists or car video recordings, you would end up with almost no data, and the data you got would invariably be biased (see Apple Music and the paucity of good user playlists).
Clearly there's a missing middle solution, but I'm not sure there is a good one.
That said I understand the concern about having a camera in your car which will occasionally upload its content to Tesla
Whether I'm right or wrong, my perception is that this is just the kind of nonsense I could imagine Elon Musk having a great laugh about. That must feed through to the employees.
I won't touch a Tesla while that foolish child is in charge. And, even then, the brand is so damaged (in my eyes) that'll it'll take a decade for me to even think twice about them again.
So glad I thought better about buying one a few years ago when I was a huge fan of Tesla. I delayed the purchase for some practical reason and have seen their brand decline ever since.
> About three years ago, some employees stumbled upon and shared a video of a unique submersible vehicle parked inside a garage, according to two people who viewed it. Nicknamed “Wet Nellie,” the white Lotus Esprit sub had been featured in the 1977 James Bond film, “The Spy Who Loved Me.”
> The vehicle’s owner: Tesla Chief Executive Elon Musk, who had bought it for about $968,000 at an auction in 2013. It is not clear whether Musk was aware of the video or that it had been shared.https://www.vox.com/technology/2023/4/6/23673339/tesla-camer...
It's true that this is not just a Tesla problem - it's a problem for all car companies. They all need to fix this.
Seriously, in your mind what changed?
However, as time has passed, the shine has worn off, more and more. I'm not thrilled with the antics of the Tesla CEO, but I haven't really let that influence my opinions of the car.
It took some time, but all the other carmakers are starting to come out with some damn nice e-cars. Tesla had a great head start, but the tortoises are catching up...
It's like showing up to a school shooting and saying while some of the behavior here is less professional than I'd expect for an interaction with children...
They. Are. Sharing. Your. Intimate. Photos. Using. Them. As. Background. For. Their. Memes.
If I have already paid 10s of thousands of dollars / pounds for your car why am I also generating data for your AI garbage as well?
Opt in if you like, with a coherent discussion and understanding of the privacy risks. Have a "tesla club" where you opt in and get sent a bottle of wine every month or something, but the attitude that you should get this information by default, for free, is fucked up.
Ok. But so what? Doing medical experiments on large, unknowing populations of humans might be hugely valuable for development of medicine, but we don't do it. Claiming there's some potential future benefit to violating someone's autonomy today is weak sauce at best and highly unethical at worst.
For starters, employees should have no way to save images from customers. No way to export them, load them on a USB drive, FTP them, or take a picture with their smartphone. If you need people to do tagging, fine, do it [WITH PERMISSION] on special workstations in restricted areas.
This is the solution and something that most companies refuse to do. At best there's some kind of opt-out, but companies love hoovering up everything they can get their hands on whether you want them to or not. It's bad enough when it happens in a corporate-owned space like a grocery store, office, or mall, but when it's happening with items you ostensibly own on your own property it feels fucking criminal. I don't understand why consumers and legislators continue to tolerate it.
It wouldn't.
It doesn't matter how valuable the result is: user privacy is, and always will be, the compromise.
The only reasonable thing to do is sell that compromise to users explicitly.
Are you really victim blaming here? Nasty.
There's room for both acknowledging that someone is a victim, and that this was fairly predictable. Just as a mugging victim doesn't deserve a mugging, they probably shouldn't walk down dark alleyways at night. And if they didn't know better ... well, that's a problem too.
Sure sounds like it.
It's available to anyone to review before purchase. If you don't want it, don't buy a Tesla.
The alternative is easily classified as naiveté.
When a friend's car gets stolen, I reserve the right to condemn the thief and tut-tut at her for leaving the doors unlocked.
It's one thing to say, "It's expected at this point but they should have upheld their agreement to maintain privacy and respect for their customers," vs. blaming those whose privacies were betrayed.
No?
Edit: why disagree?
That's a jerk move. And a terrible analogy. Using the car as intended and having the manufacturer use the cameras for something other than their intended use is not the same thing at all as failing to use the locks for their intended purpose.
Might as well tut-tut at you for using the Internet the next time one of your devices gets compromised.
Cf. Shaw: “The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.”
I'm not advocating that we accept the status quo, but I do take issue with not seeing the status quo for what it is.
Which says to me that the situation should have been predicted by the legal and HR teams before this division got fired up, leading to a robust code of conduct and compliance that would prevent this from happening in the first place, with heavy penalties for abuses and breaches.
It's not one or the other.
Yes, but not necessarily their fault.
Ones that aren't ran by adults get sued, and deserve everything they get coming to them.
By the way, the Tesla privacy notice specifically says "no one but you would have knowledge of your activities, location, or history" but this article proves that's a lie.
Yes. This is why I physically removed the GSM radio from my car, host my own email, use an outbound firewall on my computer, and don't have an OpenAI account.
The terms matter. Clicking past them as if they don't exist isn't a reasonable action.
Edit: I'm open minded; in addition to downvoting, I'm genuinely curious why folk might think that I am incorrect here. Happy to correct my thought process.
Their product line spells out "S3XY." Public technical failures are glossed over or ignored. Anyone expecting integrity from this company needs a reality check.
It's OK that some people are ignorant to what you, myself and many others are already well aware of. It doesn't make it their fault.
We should hold the companies accountable. But maybe we shouldn't be so quick to reassure people that they couldn't have prevented things like this, so that when the next predatory company puts out a predatory product, there will be a sort of collective knowledge that relying on a corporation's good will is probably not a great idea.
Then we might actually have people reject products that do user hostile nonsense, and the market will have to respond.
In other words, this kind of thing is the teachable moment that can make it so everyone can be aware of the things that we are.
Turns out when I was buying lunch, he was on the phone with a friend who worked at Paytm and that guy gave away my transaction history for shits and giggles.
My trust in private companies has been at it's lowest since then and I absolutely do not trust startups to keep my data safe.
When I was in high school I had a friend who worked at one of those 1-hr photo processing places. People would bring their film in to have prints made. And there were no small numbers of "intimate" photos on those rolls of film. Yes even in the days of film cameras, people took photos of themselves in sexual situations.
Of course my friend thought it was hilarious and the shop would make extra prints of these photos to pass around among the staff. They had separate categories similar to what you'd see on any porn site. Of course it was in violation of policy but people do this stuff. If you're building something that handles photo/video images you must expect it and build in privacy from the ground up. You cannot rely on your staff to always be on their best behavior.
I had to come down on multiple tech staff at our own store for digging around in photos anytime a hot woman came in with a phone.
Rare occasions we had this one older women that would ask us to transfer photos every year to her new phone and to "verify personally that every photo had been moved." Of course the majority of the photos would be her naked selfies or what seemed to be swinger parties. I've got a 65yo woman in a cowboy hat only seared into my brain because I was the first tech to deal with her kink of having people look through the photos.
For physical film it’s hard, but for software you should at the very least record access to personal data and audit it to make sure people actually need it and aren’t abusing whatever permissions they are using to get the data.
Everything is human nature that's why we have laws and regulations
You shouldn't even be able to access prod data as a simple employee, especially in payment company
I agree with this as part of a bigger solution. There should also be privacy regulations with serious consequences for negligence or abuse. If private customer data were a liability due to the risk of huge fines from misbehaving employees, companies would collect a heck of a lot less of it.
Right now data collection is almost all upside for the company; there are many ways to use or sell it to make more money. But users bear the costs, many of whom don't realize just how much they are being spied on.
Seems no one is speaking up in the defense of humanity at large. What you describe is possibly even "common" but it is not ingrained in all of "human nature". There are many people who are simply incapable of certain transgressions - for some even the thought doesn't occur. These are possibly rare but they do exist. What you are describing is the fundamental problem of humanity: we are not a smooth and uniform distribution and practically every political thought ultimately boils down to this foundational problem of our collective but morally and ethically disjoint coexistence.
Won't make those incidents disappear completely, but it will sure kill off fetching data from a friend of a friend for shits n giggles.
One startup had created a student-management system for schools. And the rep was demoing the system. Except with live data. Showing pages of real students with their pictures, home addresses, etc!
So, principles aside, the actions of companies are such that there can be no trust.
So I wrote a routine that obfuscated the database, changing all phone numbers to 555-xxxx, changing all names to random names of fruit (So a customer might become Banana Grapes, 416-555-1234), and a few other changes to hide other possibly identifiable information.
I had a menu item to do that to the database, it was under a "developer" menu that only appeared when I was personally signed in as the only superuser. I am embarrassed to say the menu item was called "mixed fruit."
One day, I was signed in at the client's office, and the manager came by and wanted to do something or other. I gave him the mouse and keyboard without logging out and asking him to log back in. He did his job, then noticed the developer menu. "What's this," he murmured, and selected "mixed fruit."
No confirmation dialog, no warning, it begin munging the live, production database as I watched in horror. I managed to get everything sorted and the production data restored, but I learned a few lessons that day about building super-features for myself that were extremely sharp and difficult to undo.
Unfortunately, if you do that, you are going to be outcompeted by the teams that are working to get their first 10,000 paying customers by any means necessary, because privacy planning is less capital efficient.
The companies that do get big enough to overcome their immediate survival constraints often have a harder problem identifying and providing resource needs for privacy assurance because it's less on the minds of the people in charge of making resource decisions because you have other operational scaling issues at the front of mind.
Your engineers and support staff doing dumb things with your data is a risk you can have resources allocated to. But it's not on the critical path to market dominance so it shouldn't be expected to be a priority.
Thanks very much for calling them out by name, BTW. Presumably someone from that company is reading this as we speak - and soon enough, will be reporting back to us that that employee has been identified, and of course, duly fired.
Right, PayTM?
(BTW - that's some "colleague" you have).
I still remember when Blackberry had to pull out of India because the government wouldn’t let them operate a secure, encrypted messaging service.
I used to work at the largest telco in the country on a software project (as a consultant) that involved some integration with existing services. With some playing around it soon became clear that all services were wide open as long as you were on the internal network, you just had to know what they were and how to call them. No authentication required, no audit logs as far as I can determine.
I didn't poke at it too much, but I was able to at least read an arbitrary cell phone's text messages and call logs.
Hate to be the bearer of bad news, but governments aren’t any better. Local government in particular is usually an IT security nightmare.
There was a local government in a state I used to reside in that required folks to have an “alarm license” for their home and fined people for false alarm police callouts. The form to apply required you to give an alarm code for the police, and of course your name, address, and phone number.
Predictably, the database of information was ineffectively secured and basically public on the Internet for years before it was fixed. I don’t recall any burglaries or home invasions happening due to it, but still rather asinine.
At this point in my life I have basically no faith in any institution in society and treat all information I give out as effectively compromised immediately.
I wouldn't be willing to bet on it.
But someone with minimal direct criminal/financial risks of exposing something is definitely higher risk than others, and that is most startups.
That said Amazon reps have clearly been bought out before, and individuals within most large corps have always been viable targets of blackmail, bribery, coercion, etc.
It’s why some societies are so resistant to phasing out Cash. Anything else gives leverage to folks that historically it’s been a bad idea to give leverage to.
Guess who works for $State Fertility Group, with a social 111-11-1111 and makes 100M/year.
- https://en.wikipedia.org/wiki/Foxconn#Controversies
- https://en.wikipedia.org/wiki/Hyundai_Motor_Manufacturing_Al...
etc.
Tesla is neither a private company, nor a startup.
But, your point is still valid.
The parent implies 'private' in the sense of non-governmental entity (the Indian terminology), and by that metric both Tesla and Paytm are 'private' (and publicly traded)
What about the DBA maintaining the database? Do they not have query access to the data? How about the devs who are responsible for reporting; do they develop reports using generated test data? It’s naive to believe that data is entirely secure and private. There’s always a level of trust required from employees to not share private data that they may see on the job.
And you shouldn't.
You also shouldn't trust established companies to keep your data safe. The track record of that sort of thing is absolutely dire.
I'm guessing it's the former, but I'm just too paranoid to not ask...
Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks
On the one hand, let's assume it's true: a Paytm employee acted negligently.
But on the other hand, what if it's not true? What if you happen to have a friend or family member who works for a Paytm competitor, or you have some grudge against Paytm for whatever reason, and are instead spreading low-key FUD about the company to make it seem like they have lax data controls and staff disregard for sensitive data?
The issue is that there doesn't really seem to be a way to substantiate your anecdote.
Not negligently - maliciously.
The employee knew exactly what they're doing, that it was "wrong" in any conventional sense -- and most likely a huge liability to their career and reputation if it got found out.
https://www.theverge.com/2014/11/19/7245447/uber-allegedly-t...
You might say the problem was in the founding DNA: https://www.bbc.com/news/technology-40352868
The more places where networks capable of surveillance exist, the less privacy you have, and the less autonomy you have. This has been obvious for decades. It is not surprising. No one on HN should be surprised by either the surveillance capabilities of a smart car, or the assdouchery capabilities of people who work for... ahem. I, for one, took both as a given, and I don't even work in tech.
> According to several ex-employees, some labelers shared screenshots, sometimes marked up using Adobe Photoshop, in private group chats on Mattermost, Tesla’s internal messaging system. There they would attract responses from other workers and managers. Participants would also add their own marked-up images, jokes or emojis to keep the conversation going. Some of the emojis were custom-created to reference office inside jokes, several ex-employees said.
Work environments should ideally be fun and collegial. But I just would've assumed that it's incredibly obvious that managers should not encourage a culture of memeing and shitposting when the job is so centered on private user images.
a fish rots from the head down.
update: Found one of them,
https://news.ycombinator.com/item?id=1692754 ("Google fired engineer for breaking internal privacy policies" (2010))
It's not linked in there, but the Wired writeup adds that (0) there were at least two SRE's fired for something like this and (1) Google chose not to report this to law enforcement, seemingly prioritizing its public image over its users' safety.
https://www.wired.com/2010/09/google-spy/ ("Ex-Googler Allegedly Spied on User E-Mails, Chats" (2010))
It might shock me a little just because of the risk/reward if they were just snooping on random people. But not if it was exes/crushes/friends/etc.
From what I heard they did indeed have some LOVEINT problems before that i.e. an employee couple with a nasty breakup - but they were also orders of magnitude smaller.
The fact that these videos are posted as memes and jokes about customers' private lives, is... well, terrible. Tech startup culture has certainly been known to foster this kind of immaturity (I have very well seen it first hand...), but coming from a car company - as recently as 2022, if not even later - this is horrifying.
I'd like to think that the major auto makers are not infected with the kind of culture that would condone this sort of thing, but maybe I'm just naive...
You can opt-out entirely too, but you won’t get software updates.
Data Sharing you can turn off, but Data Sharing is different from data sharing as a concept. The telematics appear to get sent regardless of what you do. It seems they intentionally chose this Data Sharing label to deceive people into thinking that all data sharing would be turned off.
If this is true, I expect the company will face a mass lawsuit from Tesla EV owners, many of whom have deep pockets.
If this is true, whoever enabled or did it should pay.
Doubt it. Tesla still hasn't really faced any consequences for selling FSD capabilities that don't yet exist, and for a lot of money. They haven't faced any real consequences for removing capabilities from their customers' cars with no renumeration. Tesla owners are a loyal bunch and forgive a lot.
https://www.wikihow.com/Build-a-Hidden-Camera-Detector
A similar technique is used to find spiders in the grass.
I didn't see the article touch on that this alleged mockery of "your privacy is important to us" might also include employees/contractors/partners/etc. able to use this private data Tesla collected for targeted purposes.
Such as stalking a particular person (because, e.g., attracted to, obsessed with, hated, in dispute with), or selling/furnishing information about a particular person for similar purposes.
It makes me laugh when Congress talks about banning TikTok because it can be used by China to spy on US citizens while completely ignoring all the US companies that can and do spy on US citizens. If they really wanted to stop this behavior they'd pass stringent regulations.
I wouldn't trust Tesla's logging of privacy-sensitive data access by employees, but I suspect that Google could figure out which Google Maps accesses those were.
Maybe enough violated people could be found that way, such that the costs to Tesla will smack some sense of responsibility into them and any other tech companies that needs it.
> "Reuters contacted more than 300 former Tesla employees "
300! They tried extra hard to dig up dirt.
> "all speaking on condition of anonymity"... Of course. They don't work there any more, but happy to sling mud anonymously for Reuters clickbait.
> "Reuters wasn’t able to obtain any of the shared videos or images"... Oh no! You'll have to write extra-descriptive words about the "shocking" images.
> "The news agency wasn’t able to determine how widespread it was"
So what exactly was Reuters able to determine? Not much. By the sounds of it, users elected to share video, and some 20-something meme junkies at Tesla shared a few images internally... which is slap-on-write level stuff. Nobody kept any of the images, nothing leaked except anonymous stories from ex-employees!
> "Some former employees said the only sharing they observed was for legitimate work purposes"..
So... contradictory reports about images that don't exist, that might have been shared internally, to a degree we can't determine. Got it!
Because that’s not what was reported, and it’s not what happened. But they certainly didn’t go out of their way to make that clear.
If the car drives past someone who is naked, the cameras record it, and the driver has opted in to data sharing, then someone on Tesla’s labeling team might see it.
I think it’s bad the videos were being pulled out of the controlled labeling system / screen-shotted and shared.
This is video that drivers opt-in to sharing with a very clear description of what is being sent back to Tesla in the UI. It obviously doesn’t say they’ll make memes out of it, but it’s no surprise at all Tesla has snippets of the external camera video feeds that are being labeled by humans.
I wonder what impacts this will have on Teslas being in potentially sensitive areas, like parking lots for military bases.
I don’t think they were looking because it related to their work. I got the impression that it was quite impressive, and some kind of disaster voyeurism.
The only three things keeping me here are:
1. It’s a waste to sell this and buy a new car
2. Tesla still have the best charging network by far
3. Tesla are one of the only car company outfitting their vehicles with decent processors. Which is extra important now that everyone moves their stuff to touch screens running Linux or android automative.
The second point will be moot soon with regulations requiring sharing network access.
The third is getting less important as more brands support CarPlay , and according to last wwdc, CarPlay is getting support to control more of your car. (Though GM went the other direction)
Which leaves the wasteful part…which maybe it’s worth it to have a car that isn’t spying on me and changing its UI around every few months in new and awful ways. Seriously, the driver can’t see the music info anymore because it’s moved to their blind spot AND it’s further for the passenger to control? Do Tesla designers drive the cars before shipping their UI?
And now this flagrant invasion of privacy, with seemingly no controls for access or opt-in? Ridiculous.
Where are the settings for those?
Also my pre-order from > year ago for a Rivian is still 1.5 years away from my build date (June 2024 is their estimate). :-/
Yes, I know soon all autos will have internet and I think most already have bluetooth.
>"Tesla says there are "two types of camera recordings that are eligible to be transmitted from your vehicle to Tesla: Safety Event and Fleet Learning camera recordings." The Safety Event recordings last up to 30 seconds and are "captured only if a serious safety event occurs such as a vehicle collision or airbag deployment," Tesla says."
The article states that they could see people doing their laundry. Presumably because the washer/dryer was in the garage or else the car was parked in front of a laundromat. Neither of these sounds like a Safety Event or a Fleet Learning So why would allow a video from a parked car in a garage or in front of a laundromat ever be transmitted?
If I had a friend or family member who was an employee of such a publicly facing tech company, I’d be grilling them about their data security and privacy practices. I’ve been burned enough times by Indian companies so ridiculously free with their data sharing that I’ve stopped giving out my contact info to everything but the most essential of services.
Most Indians will lean towards believing the GP because they know how aggressively their personal data is being abused, unless Paytm comes out with concrete details of how they protect privacy inside and outside the firm.
How about not willingly providing information of people that actually don’t NEED it?
Edit: I'm responding specifically to this: The issue is that there doesn't really seem to be a way to substantiate your anecdote.
No, that's not “negligent”. Or even “reckless”; the violation of privacy is deliberate.
No, that's not just “negligent” or even “reckless”, its intentional wrongdoing.
In my experience, everything bad you can imagine, a for-profit has already done.
Is this really becoming standard? If so, that really bums me out.
I considered buying a Subaru for my latest car but one of the big negatives was an internal camera pointed at the driver that couldn't be disabled. It was, at least in part, for driver attention monitoring but performed horribly. It would ding contantly, even when I was staring straight ahead.
I have no faith that these video feeds will be kept private and really, really don't want to have to worry that any awkward or embarassing thing I've ever done in a car could be released to the world.
I'd be pretty surprised if any of the cameras routinely stream. Too much of a bandwidth hog.
What?
https://devblogs.microsoft.com/azure-depth-platform/time-of-...
Is this true? That's yet another reason to avoid buying newer cars.
Edit: I wouldn’t want to touch a Tesla even if it was gifted to me. Seeing the founder behave the way he does (latest incident: Changing Twitter’s logo to a shitcoins image) makes him extremely unsympathetic to me.
On paper. But there are plenty of examples of companies doing things that they shouldn't be doing.
Given that point, doge is an avatar of stupidity personified (caninified?) and so is a good fit for Twitter.
> Privacy is taken extremely seriously here in Germany.
Yes, to the point nothing can get done anymore and e. g. having an outdated, non-digitalized healthcare system.
Tesla is doing it wrong. But Germany is also doing it wrong - just on the other extreme.
As a counterpoint, BMW started putting feature behind premium subscriptions couple years ago such as steering wheel. Such micro transactions are really hard to combine with privacy.
I find this hard to believe considering their numerous lies about their car emissions and the extent they went to cover it up.
This kind of culture was unacceptable back then, of course, but the founders and owners were little more than children themselves. It was at least understandable if not excusable.
What completely boggles my mind is that, some 20 years later, this kind of culture is still happening. And it's not happening at some small tech startup founded and run by young men barely out of school - it's happening at a wildly successful car company which has been around for over a decade run by the richest man in the world.
The culture at Tesla must be rotten to the very core for this to persist so long.
Why? Do you feel human nature has evolved in the span of 20 years? Or more money in the industry begets professionalism?
Well, Amazon doesn't like unions neither.
We've come to expect privacy as a first class right. That's why turning a customer's potentially embarrassing action into an internally shared meme feels like an extreme violation.
Which is terrifying to me, they have to be a top company in that aspect, and I don't even fully trust them to get it right.
The little guy, unfortunately, has no chance :/
Reminds me of the Uber Christmas party story where they had things like this on a projector
> Tesla managers sometimes "would crack down on inappropriate sharing of images on public Mattermost channels since they claimed the practice violated company policy," Reuters wrote.
somewhat implies that this has been a known issue for a while, already. (This shouldn't be triggered exclusively by a public scandal.)
... and televisions, and phone apps, and solar inverters (with wifi!) and air purifiers (with wifi!) and drones (with wifi to activate) and scooters (to activate), and on and on...
Yes, OnStar, but that's 1) not specific to EVs, and 2) trivial to disable.
So it has the capability to connect? No thanks. I don't think that's the distinction OP was trying to make.
Dacia Spring if you live in Europe. Doesn't get any more barebones than that.
Just a normal car, but electric.
We have an Audi etron now and I can’t stand it. I miss the bolt.
What is wrong with the Audi?
I have a European-made EV that has no "intelligent" (surveillance) capability at all.
A bare bones, maximum efficiency, rugged EV.
A man can dream.
This is an easy way to excuse Tesla's behavior. You're implying everyone does it. <shrug> What can ya do, right?
There's 0 evidence other car companies are allowing PII like this to be spread internally, and employees are so brazen as to use them as the basis for memes.
And absolutely no surveillance built in. Until then I'll stick to gasoline cars.
The absence of evidence isn't evidence of absence. Even so, there are documented security issues with most connected vehicles.
I'm not sure how difficult or possible it is to actually get a car so configured, but you can always rip out the GSM radio yourself if you wish (which voids your warranty, natch).
It's worse! The cars recorded videos (while off) of private residences, garages etc. The lead quote is "we could see them doing laundry and really intimate things. We could see their kids"
If that doesn't cause you concern, I don't know what would.
There’s a very detailed Data Sharing settings right in the UI where you turn on or off sharing any clips with Tesla, and you have to click Yes for the car to share these clips.
I'm not sure how the opt-in procedure works for Tesla. Is it truly opt-in? That is, does a Tesla driver positively select to share data, or are they "opted-in" by default? If the latter, are they presented with the option to opt out, or do they have to dig around in the menu to find where to opt out?
Regardless, it's not informed consent if Tesla misrepresents how it uses that footage, as it seems they do.
They've also got a really different definition of anonymous data than I've ever seen...
Just completely unprofessional. Like school children level. Which makes sense considering the CEO.
Imagine the same scenario with your security cameras.
Or Amazon sharing all their Ring footage and Alexa recordings with the police?
Almost all these devices share their recordings to the cloud and have employees watch/listen to it. Tesla at least asked first if you want to share the clips.
By "come down on", I hope you meant "fire".
In this case employees are tasked with watching the video clips that car owner intentionally shared with them in order to label it (draw boxes around specific objects).
After spending 8 hours a day drawing boxes around fire hydrants, they would joke about the funny things they saw with their coworkers.
This is literally how all human labeled AI training works. You can’t teach an AI to identify crucial features on the road without building the labeled data set to train it with.
Amazon does the same thing with Alexa. Apple does the same thing with Siri. Security camera companies all do the same thing with their motion and object detection software.
They were sharing recordings and screenshots on internal message boards, even making memes of them. It wasn't just funny stuff either, graphic stuff too. That's far from joking around with your coworkers, even that would be totally inappropriate and worthy of termination imo.
Clicking through a we-can-do-whatever-we-want agreement is hardly the same as intentionally sharing something.
Let's be real. Nobody cares about your (or my) privacy.
They definitely don't, but at least there is electoral pressure applied to them from constituents who they represent. In the case of private orgs it is gobble up anything you can and there's no way for regular users to hold them accountable.
… yes? Develop against a test DB, then when you think you’re ready, run against prod with auditing and oversight
And hence, am unfamiliar with the vast majority of them.
Is this supposed to be comforting? "without a business justification" means that if there is business justification (e.g. more revenue) they will violate privacy.
Edit: oh, you were probably talking about FSD.
It can't drive itself yet, in case you didn't notice. Not across the neighborhood, much less across the country. At the risk of being uncharitable, I'm going to assume you're going to disagree about whether sufficient fine print exists to absolve Tesla of responsibility, legally or morally, for what they've advertised FSD to be over the years. We don't need to rehash that, you won't convince me to change my position either. If I had bought FSD for either of my Model 3s, I'd be quite irritated by now.
Compared to systems from Mercedes it's not performing good at all.
It looks like Teslas are optimised or tested in the US.
There is a Privacy section with a big button “Data Sharing”
It pops up a large dialog box which says the following;
“We are working hard to improve autonomous safety features and make self-driving a reality for you. You can help Tesla in this effort by sharing diagnostic and usage vehicle data. This data includes short video clips, using the vehicle’s external cameras to learn how to recognize things like lane lines, street signs and traffic light positions. The more fleet learning of road conditions we are able to do, the better your Tesla’s self driving ability will become.
We want to be super clear that the diagnostic and usage data such as short video clips are not linked to your vehicle identification number. In order to protect your privacy, personal information is either not logged at all, is subject to privacy preserving techniques, or is removed from any reports before they’re sent to Tesla. You may enable or disable the collection of this data at any time
Do you agree to allow us to collect this data?
Yes. No. Ask each drive.
Then there are additional sections concerning the interior cabin camera, and concerning navigation and traffic.
I believe all these sections are OPT-IN, I recall getting prompted about sharing interior cabin data after the software update that enabled it, and having the selection be blank to start, but I may be misremembering.
Sharing/uploading is a setting in the UI. I don't have a screenshot handy but you can see the details on https://www.tesla.com/about/legal.
My sister and I used to complain that our parents were more strict than everyone else's. My mom talked to my friends' moms and said "they all have about the same rules we do." My reply was "but they get yelled at for five minutes tops when they break the rules, and we get grounded!"
There’s no excuse for a big company like Tesla to not protect data. And there’s a big difference between turning a blind eye to a culture of abusing access/not working to prevent unnecessary access, and what will likely happen here where a handful of people are sacrificed after the fact because it generated bad publicity.
From a game theory perspective, "being first" is a Schelling point. That makes a huge difference between Dogecoin and Bitcoin.
I can't count the number of times I've heard naive users blame themselves when it's a device/system/app misaligned with their interests.
I don't know the world of Apple machines, but at least outside of Appleworld there are several cameraless options out there from major manufacturers. I assume they're sold mostly to businesses, because I've worked at a few companies who only allow machines that don't have cameras and microphones built in.
The founder title is one that a company gives to individuals crucial in the early formation of the company. Musk clearly qualifies.
I'm saying all this because I think it's very lame that Musk critics try to say he's not a founder of Tesla. Hate Musk all you want, just use real criticism and not this sophomoric "he's not a Tesla founder" stuff.
In some countries, "moral rights" ban the practice of buying and selling the right to change facts like authorship.
That line made me shiver with disgust... good for those countries.
The system may be slow and not very digital but it is very much not outdated. As someone who has seen a friend go through a terminal illness and has researched quite a lot about cancer treatments, the care you can get in Germany is top notch. And all that for free (except for hospital bed that you have to pay sometimes if you stay longer than a set amount. Which is about 11EUR if I remember correctly). Yes things can be improved and privacy can be a hurdle but it is not quite a bleak as HN commenters make it out to be. I would take it over having everything beging top notch digital without any regards for privacy like it is in the US. (and often very poor or non-existent non-digital solutions)
There was only one "Dieselgate company", Volkswagen Group. BMW and Mercedes-Benz had nothing to do with it. And yes, I would rather buy a car that cheats on emissions tests than a car which spies on me. That's an easy choice (or would be, if I had any real confidence that VW cars truly don't spy on their users too. Which I don't.)
Really? You need to run with a better set of people. It's true that there are plenty of corrupt, terrible people out there -- but it's also true that there are plenty who aren't.
The requirement of proof is the other way around:
If PayTM decides to sue the owner of the comment, it would be the owner of the comment to prove what he is saying.
Did Tesla ask the owners if they wanted their video records meme'd?
I'd love to read that clause in the privacy t and c's.
"I just wanted to verify that this is the correct email address for you, and that the following info is correct:" and proceeded to list my full name including middle initial, name, phone number, date of birth and full SSN."
Mind blown on a couple of levels. Was tempted to reply back "I have no idea who this is - this isn't the correct email".
They also found my girlfriend on social media, got her phone number and called her to "verify my identity".
To be clear, this was a run of the mill SRE position, not any type of background check for a clearance.
Instead, I told my new employer, and they were as livid as I was, profusely apologetic to me, and fired that background check company that day.
There are some exceptions, but most of the time you need a license to go snooping around. These PI licenses are also a major perk of law enforcement careers, as it's sometimes difficult to get the required work experience without time in law enforcement (unless you don't mind working for nearly-nothing under a PI taking photos of insurance & workers compensation cheats, unfaithful spouses, etc. for years).
That background check company was almost certainly operating within the bounds of the law. They were just doing it Really Poorly.
An overzealous IT security manager literally covered the demo with his body until it was taken down. All under the pretense that "You never know, that could be someone's real information."
Many modern cars are this way. Tesla is just egregious about it. Ford, Toyota etc can still do it.
Remember the remote start payment plan for Toyota?
https://www.thedrive.com/news/43329/toyota-made-its-key-fob-...
Or even the reports of hacking a cars canbus?
https://www.dmv.com/blog/can-your-car-be-remotely-hacked-523...
All that said though. I totally agree. I will never drive a car like this or one that tells me I need to update before I can drive.
And if I do get a computer car (at least one like a Tesla that runs something resembling a Linux or bsd kernel, then I would expect to be able to access that system just like the engine etc). It’s my property.
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
Have you been in a Tesla ?
It approaches the interior quality of a 3 series or A4 … from below.
It is completely inappropriate to classify a Tesla as a luxury car.
All well and good for you, and I don't fault you for making that decision for yourself. OP's stated requirement was...
>not an always-connected surveillance device
... which without opting into the service, the Leaf is not.
Happy to have OP clarify for themselves, though.
I'm betting the car always connects, it's just whether or not you enable any benefits of the connection.
Anyone with actual knowledge about cars with such devices willing to chime in?
Edit: consider how the car knows whether or not you're paying for any service.
Other systems... I can say my Maverick lets you select whether to have vehicle location data shared or not, but TBH I don't trust opt-outs. [0] I've also run into the issue on my said car, where my opt-outs got de-opted when the dealer runs updates.
[0] - Also as a side note, I've had at least one loan note in the past (from a larger bank) where they stated a tracking device may be placed in the vehicle. Not sure whether they sell that data.
I don’t think so. I was trying to get a firmware update, and I can’t without going to a dealer as far as I can tell.
The important question is: what would the consequences be to a German car manufacturer given similar circumstances?
As far as I can tell, German companies are very good at keeping their shenanigans under wraps because they know that being caught has terrible consequences. Occasionally they slip up and then you see what a complex conspiracy they've been operating.
At which point the Data Protection Authorities (GDPR enforcement) would get involved. They would almost certainly levy a hefty fine against the auto manufacturer.
Probably attempted to be hidden in collaboration with the German government like they did with Dieselgate.
Also: working in R&D doesn't necessarily give you insight into what operations people are up to and what kind of access they have to sensitive data. I've looked at plenty of companies in Germany and not all of them are lily white in this respect. MB may well be one of the better ones, I haven't looked at them in particular. But they use an awful lot of components from companies that have a less good reputation.
And then there was this:
https://dieselgate.legal/news/bosch-leaks
Which mentions MB explicitly.
They also had things like this happen:
https://www.bleepingcomputer.com/news/security/mercedes-benz...
I'll reserve judgment, but this is a less than stellar record from my perspective.
If you go from grill station to manager at McDonalds, that's a career.
My general approach is I can trust that the data is not being exfiltrated from my device/car/network if I have configured it not to be uploaded to the cloud.
But if agree to share the clips and have them viewed by humans, then I certainly expect those humans to look at them, and yes potentially even laugh at them.
So yes of course the ads were public, you could pick up a free copy of the newspaper at any gay bar on Toronto's Church Street. But the details about the customers placing ads were extremely sensitive.
———
Oh man, the stories I heard... Many extremely sad to me, when I think about why people felt the need to be closeted and so on.
How often do you need to trash production (which should be never -- copying and scrabling is plenty bad enough) that you need a menu shortcut for it?!?
<?php
if (! $isProd) {
showMixedFruit();
}
But, I'm sure you've figured this all out by now.
Third parties have analyzed the firmware and sniffed the traffic logs on their network to confirm it.
You could go as far as to snip the LTE antenna.
The biggest part of my question and what holds me up the most, if the entity was able to verify the metadata from a certain application/process on Infotainment - what if the manufacturer enforces the opt out at the server level? What if it's a server that Tesla doesn't own and belongs to a company are selling their data to? I could go on and on with these questions. The truth is that nothing should satisfy you if you simply opt out from a button on the Infotainment system.
My last position involved creating and enforcing security specs at one of the biggest auto manufacturers on what was then fairly cutting edge Infotainment systems. I also did MITM stuff to verify encryption of third party applications from suppliers. This was something I did on the side, not instructed, as protecting customer data was very important to me. One of my least favorite pastimes was arguing with managers over customer data and opt out/opt in. You may or may not be surprised about the rhetoric of the auto manufacturers - they don't look at it as the customer's data. It's their data and you are a product they can keep making money from, long after you bought the car. I lost these battles, and was one of the bigger reasons I left the company.
The only solution is to remove the Infotainment system from the car totally. Removing the antenna won't work on it's own. They have auto connecting WiFi's, bluetooth, etc.
The fact that PayTM doesn't guard sensitive personal data even when it's a local tech behemoth makes me not want to use digital payments and switch to cash.
I’ve never dared test the auditing of the user-data-logs, but I have tested the auditing of the network-logs — when I tried ssh’ing from my work laptop to my personal web server (so that I could run an IRC client there), it took seconds for the security team to react ^^;
ICE to EV has been around for a while before EV’s were mainstream and was much more expensive ultimately than buying a new Tesla, with significantly lower construction quality and performance results.
https://news.ycombinator.com/newsguidelines.html
Edit: We've had to ask you this many times before. I don't want to ban you but if you keep breaking HN's rules we are going to have to. We've cut you a ton of slack already; it's not infinite, so please fix this.
https://www.npr.org/2022/09/30/1126078948/live-spiders-and-c...
Thank God for "state-affiliated media" (https://www.npr.org/2023/04/05/1168158549/twitter-npr-state-...)
It seems to be a campaign by eBay execs who were physically harassing a couple that published a newsletter the execs did not like. That would only require finding out where they live.
I just found that out in a few minutes from information on their website and a guess that they probably live not too far away from where their company is, followed by a public records search based on that guess which verified that the guess was right and gave me their address.
The fact that the humans doing the labeling are “entertained” by certain clips… how could they not be? Imagine what that job is like for a minute.
Take this ProPublica report about Facebook hiring thousands of contractors to read through private WhatsApp messages for instance. [1]
Did users in that case opt-in for their messages to be read? No, in fact Zuck went on the record saying they never see them. But turns out when another user on the chat flags messages as spam or abuse, or an algorithm scans it and decides it could be illegal, they do look, and even report it to authorities.
Going back to Tesla, the article says video clips were allegedly shared on an internal chat between the labelers. How is this in any way surprising? The job is to draw bounding boxes around objects in an endless list of videos. Short of implementing some sort of mind control a la the show “Severance”, how could we possibly expect that the employees who do the labeling all day not talk and joke about the strange or scandalous things that they came across?
[1] - https://www.propublica.org/article/how-facebook-undermines-p...
Will drive it till it rusts out and in praying the market will have corrected by then
Also two words: Crumple zones. You don’t want a super hard Skelton, that will only increase crash forces.
I hate the Mail search, because I know it misses all kinds of things. I have to go open up my gmail account in the web browser to find things that I know exist.
> Google engineer who allegedly used his internal clearances to access private Gmail and GTalk accounts so that he could spy on and harass people, including four minors.
In this article, it says some people in Tesla posted a few pics of funny signs and pets on an internal message channel read by some tens of people, and at least one intimate, but not nude pic. Which is not what I thought when I first read the headline here.
I guess there were some more concerning things, like someone approaching the car naked, but it doesn't have any context and that could be something they might be reporting as a crime for all I know. The article doesn't say one way or another and leaves us to assume that all incidents are the same as the people captioning pet pictures, but there's no clear relation.
One was targeted and the other was not, but they are in the same class of issues even if the severity is different.
While having it be ok as corporate culture is a bit worse, fundamentally the problem is that private personal data is available to these corporations so at that level it is the same problem.
The only systems which are safe are those which either never send private data outside of local (local to the user) devices, or, where data sent out is encrypted client-side with keys which are generated, stored and only ever available to the client.
Anything else, will be abused.
There is indeed a culture problem.
The quote is consistent with his behavior and attitudes since then, and with other accounts of his behavior and attitudes at the time. I don't see any reason to believe it's a fake quote. People on HN get upset when the quote is posted because it's posted so frequently, and the reason it's posted so frequently is because it continues to be relevant to and consistent with Zuckerberg's behavior and attitudes to this day.
Streisand effect?
TL;DR: there is factual stuff Zuck does right in the open and is worse than a sketchy internet quote.
Meta is a normal developer word - like Uber was. I personally never even knew there was a movie called Meta, although it is entirely obvious there should be at least one. Not saying Zuck wasn’t referencing the movie, but I am saying it is reasonably likely that wasn’t the reason.
All that shit lends credence to the veracity of the quote (which comes from Business Insider, not the amorphous "internet"). A quote which Zuckerberg has never even bothered to deny.
> it could be an urban legend or an internet echo or the reincarnation of tubgirl.
Please.
Ban away if you need to but I'll continue to level valid critiques at a tech company selling an $80,000 luxury sedan without a spare tire.
On any given day there are 30 fresh topics getting lambasted by the terminally online nerds that populate this site but the second someone brings up Tesla-- Mods show up to enforce "civility" and pass out bans to anybody with 'wrong' opinions.
Hacker News being pointlessly negative is such a meme that people blackhole links coming from HN just to avoid the "free condescending advice", seems fitting these same reply guys can't handle the lightest of criticisms against their god-king or his ewaste cars.
We get called "the orange site" because name dropping Hacker News on social media causes a swarm of scavengers to attack you like a dead fish hitting the ocean floor.
I understand you have a difficult job making sense of the above + trying to prevent it from getting worse but genuinely this interaction leaves me feeling like getting my main account banned from HN would be a badge of honor.
Dismissing someone as a simp is worse than ad hominem because, while an ad hominem criticizes a trait that someone actually has, anyone who disagrees with you on this issue can be labeled a simp. Get over yourself; people can disagree with you for reasons other than being blinded by irrationality.
They still expect the same sort of treatment that they get from their traditional health care providers and banks etc, with strong regulations enforcing the correct behavior.
No shit, that's why I mention a helmet.
Roll cages, if properly done, do not affect crumple zones. The passenger compartment should not be crumbling and that's the only part a roll cage should be in. Keep in mind that actual race cars have a rigid occupant compartment, crash at higher speeds, and have great safety records due in part to the protection offered from a harness, helmet, and hans. On the other hand, airbags are more prone to failure and can injure or even kill people.
The only reason I mention a roll cage is because it would be for dual use. You could use a helmet/hans in place of an airbag in a regular street car and would likely be safer. Again, the only reasons we have for not doing that is that some people don't use their seat belts and most people would find it inconvenient.
> the second someone brings up Tesla-- Mods show up to enforce "civility" and pass out bans to anybody with 'wrong' opinions
This is illusory. It feels that way only because you have strong feelings about $topic and are more likely to notice the moderation cases that feel wrong to you (see https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...). In reality, the distribution is more or less random. We have zero interest in moderating Tesla topics or any $topic more than any other, and we don't care what your or anyone else's $opinion is.
Literally the only thing we care about is people posting in the intended spirit of the site: thoughtful, substantive, curious conversation, as outlined in https://news.ycombinator.com/newsguidelines.html.
If you had expressed your opinion in that way, I'd never have replied; and if you had expressed the opposite opinion in the same way, I'd have replied the same way. As a matter of fact I have no clue what your opinion even is.
As for "civility" - we haven't used that word in many years and it doesn't reflect how we think about moderation.
As to meta, yes, it's a common dev word. But Facebook is using it as short for "metaverse", which Zuck has admitted to lifting from Snow Crash's dystopian world.
But while my memory is imperfect, I believe that I hardcoded that feature to only work when running on my personal Mac SE/30, and also changed the feature/name to have a tossed salad metaphor.
Something I have seen done before that I thought was good was that every so often a production database was synced, but during the sync process, things that could identify a customer were redacted or obfuscated. Then almost anyone who had need to work with production data would use the munged version.
They eventually pivoted to supporting the web (and PHP!), but this story predates all of that.
4th Dimension was orginally called "Silver Surfer," and it is the centerpiece of a story Guy Kawasaki used to tell about how big companies work. Apple was trying to get everyone to write software for the new Macintosh, they gave free hardware and engineering support to Ashton-Tate to port its popular PC database to Mac, &c.
Meanwhile, indie companies like Aldus (who would go on to literally rescue Apple when they released PageMaker) and ACIUS (A company Guy formed in partnership with the original developer to distribute 4th Dimension) shipped software that people actually bought and actually used.
https://en.wikipedia.org/wiki/4th_Dimension_(software)
Apple would have done better if they'd told people like Ashton-Tate to "Ship or GTFO," but the history of technology companies is one of people skating to where the puck has been...
> ...I would copy their db onto my Mac, run the mongler on it, and then I would take the database home with me, without worrying whether the theft of my Mac could lead to lives being ruined.
From that, it was definitely run against a copy of the database.
The code that you showed looks like PHP display code. So it will change what is shown to the user, but unless showMixedFruit is horribly misnamed, will not change what is in the database. And therefore does not address the problem that the mongler was trying to solve.