And once you've gotten rid of Google and Apple, your telecom company tracks you, your CC payments help track you and even cameras in public do.

It's hard to not want to throw your hands in the air screaming "whatever" when almost everything you use in public is somehow used to track you either as you move around, or in the future.

Is there any information about precisely what vehicle telemetry they capture and retain?

I know the laws are far from perfect, but isn't there some legislation compelling them to disclose what they collect?

What specifically would be the most relevant law/regulation? (If it varies by geography, pick any major market, eg. California, that is big enough to impact their engineering design and the content of published material). You mentioned they're cagey, and my aim is to examine if there's a gap between what they're supposed to disclose and what they do, which could be rectified by litigation. Eg. If they just say "vehicle telemetry" that doesn't tell you much, and I'd happily contribute to an EFF effort to get them to elaborate.

Alternatively someone who works close to this code could provide some examples of what a "typical" smartphone OS platform collects these days.

> They are both very cagey with how they talk about this (or don't).

No, not really - at least not apple. They are very clear on what CarPlay’s privacy stance is, and they’ve got privacy white papers on pretty much everything:

Eg. https://www.apple.com/privacy/docs/Location_Services_White_P...

Again, at least on the apple front this comes off as a ton of “stated without evidence “

You need GrapheneOS to sever the link to Google. You can also deny specify apps and services Internet access.

Standard Carplay is essentially an additional screen for your phone - your existiing privacy settings carry across. What's your concern?

>if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota

Source? Can bluetooth devices do that without the user's knowledge?

> then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota

How?

A 12v bluetooth to FM transmitter can at least give you tunes and a speaker phone feature.

In a perfect world they wouldn't collect it either, but I'd rather Apple have it than the car manufacturer (or rather, only Apple vs both Apple and the car manufacturer)

I use android auto through grapheneos thankfully! this is crazy!

What about if it's just paired as an audio device rather than through an app?

I trust Apple more than I trust Toyota.

> The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.

Do you have evidence or a citation for this? Or is it just the sort of statement that’s made in the pretty certain expectation of upvotes on HN?

Yeah, but at least for now they don’t have the power to remotely disable my car or jack up my insurance prices and I trust Apple 1000% more than any of the other random car companies do not sell my data.

> then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota [...] so I exclusively use CarPlay via USB.

I would be concerned that a passenger connecting their phone to it while I was driving.

In other cars I've been successful picking up the relevant modules for peanuts from surplus/scrap then just desoldering the RF-active components (like bt radios, etc) and swapping them in. YMMV but if it doesn't work you're just out the cost of a junk part.

Even if some radio feature is benign its existence means that its hard to be confident that there isn't some other telemetry feature you missed. With no connectivity at all you don't need to worry that you missed something because you can monitor the car with a spectrum analyzer and observe its never transmitting.

Unfortunately in some newer cars you can't swap any modules without a dealer tool to pair the module to the car, presumably in a bid to prevent third parties from fixing the car (presumably preventing people from lobotomizing their surveillance isn't on their radar yet).

They are cagey because they get nearly $100k upfront with crazy interest rates, and then they make a ton of money through their spyware.