4G Modem Disabling Instructions:

[drummerboy]

has it been confirmed the modem is the hardware sending this info? Neither of my Fords have the modem and both of them report lots of details in FordPass. I thought it was tied to the WiFi/GPS bits in the Sync computer.

Yes, in theory it would do the same thing over Wi-Fi, but I'm not in a rush to test that out right now. That said, I'm not sure I'd even be able to test it as I believe pulling the fuse to the TCU stops both the 4G and Wi-Fi connections. I'll verify that tomorrow and report back.

Don't worry about the GPS, completely different and separate from this. I haven't looked into it, but I don't think it's necessary as what we have are GPS receivers. I believe how that works is that the satellites are constantly transmitting, and the GPS receiver calculates your location based on that. But no data is transmitted back out when it comes to GPS.

Sponsored

 

[fpa1974]

The snitch is out

I also verified that my Wifi still works (it is able to connect scan and find wireless networks).

Otherwise kudos to OP for figuring all this out.

 

[Caballus]

The snitch is out

I also verified that my Wifi still works (it is able to connect scan and find wireless networks).

Otherwise kudos to OP for figuring all this out.

When your wifi connects, does it send messages to Ford?

 

[fpa1974]

When your wifi connects, does it send messages to Ford?

It says it is used only for Sync updates. Now it is up to you if you believe them (or not). I disabled the WiFi as well in the end. I can update the car with the USB drive if I need to.

 

[Caballus]

It says it is used only for Sync updates. Now it is up to you if you believe them (or not). I disabled the WiFi as well in the end. I can update the car with the USB drive if I need to.

Thanks. Good point. I choose not to believe them. Never connected to WiFi. Only used USB updates for previous car and this one. Actually find it easier, since I can update while driving.

 

[Tomster]

Don't worry about the GPS, completely different and separate from this. I haven't looked into it, but I don't think it's necessary as what we have are GPS receivers. I believe how that works is that the satellites are constantly transmitting, and the GPS receiver calculates your location based on that. But no data is transmitted back out when it comes to GPS.

The GPS antenna is passive. It also acts as the sat radio receiver antenna.

 

[superman07]

The modems are locked to a Vin.

Zero chance this data isn't indexed or easily traced to the Vin. Period. It is a very simple step to bring it together.

I work for a rather large data and analytics company, I might have to talk to one of our privacy attorneys.

What is Personally Identifiable Information (PII)?
Personally Identifiable Information (PII) includes:
“(1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”1
Examples of PII include, but are not limited to:

• Name: full name, maiden name, mother’s maiden name, or alias
• Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number
• Personal address information: street address, or email address
• Personal telephone numbers
• Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
• Biometric data: retina scans, voice signatures, or facial geometry
  
  
• Information identifying personally owned property: VIN number or title number
  
  
• Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person

I know folks at Ford IT, and they are not that "High End".

In about a week you could write and train several models that would find data that would be much more concise, and extremely valuable to the insurance companies. No noise, no ingestion. Its just a matter of knowing what you want to do with it. Your assuming that Ford would give either raw, or the entire data stream, no they wont. We sell data packages to companies, often just for them, we even have self service API's where they are charged on usage and they can grab, process, and build their own models.

Anyone can collect and store data. Not everyone can look at it and make it valuable. Anyone that gives out their raw data will be out of business.

that’s just not how the systems on the back end work. The system that tracks connected vehicle info (location, fuel level, etc.) is tied to a unique vehicle ID in the digital system. The data scheme that this is collected in isn’t compatible with systems like State Farm or Geico. Keep in mind the data scheme for all manufactures is different. And there’s no way an insurer has the resources to build ingestion systems that work for everything.

So instead they all use universal APIs that speak a common language and put the data in a universal “language” that’s labeled correctly. This makes it easy for a third-party entity to consume the data because everyone has universally agreed on its schema.

All this takes multiple complex steps that requires pushing the data through multiple intensive ingestion, preparation, analysis, and back end systems. Somewhere along the lines SOME of this data will be made available to the service that powers stuff like FordPass. This service has all the security, UI/UX, web app code, etc. that makes it safe to share this data at scale and across the internet. So naturally, the backend systems that runA something like FordPass likely runs the same service that shares data with third-parties because it’s cheaper and more efficient to develop and run all those capabilities once instead of multiple times. Not to mention versioning would be a huge bitch. Back on topic, what does this all mean? Your connected car data is tied to your account. That’s what is used to control how the data is used. Your name is tied to your account ID (typically your email) just as is the VIN. If you don’t have a FordPass account, the data is still being sent to ford (assuming to don’t physically disable the comms hardware), but that doesn’t mean they’re doing anything with it. There’s no ID to relate it to.

this all ignores the fact that Ford sharing your data without your consent isn’t really beneficial to them. What do they gain out of it? The benefits pale in comparison to the risk - losing customers from handling their data incorrectly, class action lawsuits, etc. they have massive incentive to make sure your data is protected.

the real risks tied to connected cars today, IMHO, are governments forcing automakers to share data because of “national security,” bad actors hacking the cars due to automakers not being cyber security experts, and users inadvertently enabling external data sharing because they don’t understand what they’re agreeing to.

sorry if this is all confusing - typing on mobile.

 

[fpa1974]

The modems are locked to a Vin.

Zero chance this data isn't indexed or easily traced to the Vin. Period. It is a very simple step to bring it together.

I work for a rather large data and analytics company, I might have to talk to one of our privacy attorneys.

What is Personally Identifiable Information (PII)?
Personally Identifiable Information (PII) includes:
“(1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”1
Examples of PII include, but are not limited to:

• Name: full name, maiden name, mother’s maiden name, or alias
• Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number
• Personal address information: street address, or email address
• Personal telephone numbers
• Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
• Biometric data: retina scans, voice signatures, or facial geometry
  
  
• Information identifying personally owned property: VIN number or title number
  
  
• Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person

I know folks at Ford IT, and they are not that "High End".

In about a week you could write and train several models that would find data that would be much more concise, and extremely valuable to the insurance companies. No noise, no ingestion. Its just a matter of knowing what you want to do with it. Your assuming that Ford would give either raw, or the entire data stream, no they wont. We sell data packages to companies, often just for them, we even have self service API's where they are charged on usage and they can grab, process, and build their own models.

Anyone can collect and store data. Not everyone can look at it and make it valuable. Anyone that gives out their raw data will be out of business.

Being in the field as well, I could not agree more. It really makes no difference from a technical/engineering standpoint if you index by VIN or by FordPass account id. And VIN numbers are PII.

 

[honeybadger]

Being in the field as well, I could not agree more. It really makes no difference from a technical/engineering standpoint if you index by VIN or by FordPass account id. And VIN numbers are PII.

Well, it sorta does. It depends on what systems what data is in. Some services might not refresh quickly enough to be useful for some applications.As a normal example, I have Ecoobee presence sensors for my thermostat. But I can't use them to trigger smart lights in my HA system because the refresh rate is so bad you'd likely be out of the room again before it registered.

If the data were pulled once a month for a report, then ya, probably wouldn't matter. But as I said earlier, if you wanted to make this data available for folks to consume for their internal reporting or ingest in their own systems (like an insurance carrier), it would need to be prepped, structured, and a system built to provide access to do so (assuming we are talking about it in terms of a "service offering"). The systems running Fordpass would make that kind of stuff easy as I assume they have a huge data lake powering stuff in the back end. If they don't, then they're even more behind then I thought it.

Still, I'd argue that ya'll are forgetting one thing - corporate red tape. Just because it could be done from a technical standpoint, doesn't mean it's realistically feasible for the budgets, skill set, and infrastructure the company has. I see stuff every day in my job that I could turn on and configure in minutes, but spend years trying to get customers to do

 

[honeybadger]

The modems are locked to a Vin.

Zero chance this data isn't indexed or easily traced to the Vin. Period. It is a very simple step to bring it together.

I work for a rather large data and analytics company, I might have to talk to one of our privacy attorneys.

What is Personally Identifiable Information (PII)?
Personally Identifiable Information (PII) includes:
“(1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”1
Examples of PII include, but are not limited to:

• Name: full name, maiden name, mother’s maiden name, or alias
• Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number
• Personal address information: street address, or email address
• Personal telephone numbers
• Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
• Biometric data: retina scans, voice signatures, or facial geometry
  
  
• Information identifying personally owned property: VIN number or title number
  
  
• Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person

I know folks at Ford IT, and they are not that "High End".

In about a week you could write and train several models that would find data that would be much more concise, and extremely valuable to the insurance companies. No noise, no ingestion. Its just a matter of knowing what you want to do with it. Your assuming that Ford would give either raw, or the entire data stream, no they wont. We sell data packages to companies, often just for them, we even have self service API's where they are charged on usage and they can grab, process, and build their own models.

Anyone can collect and store data. Not everyone can look at it and make it valuable. Anyone that gives out their raw data will be out of business.

I don't think we're disagreeing with each other, but not quite clear on what you're saying in regards to my quote.

FWIW, I am coming at this from a "how do take this data make it profitable for me" perspective. In that area, they'd have to spin up a service to do it (similar to your self-service APIs) and there's a lot more to that than people think. I have absolutely no doubt that they have all the data they need inside the company to do it, but I am not convinced it's actually being pulled together and made useful. If they are, they sure aren't doing much useful crap with it. And this doesn't even touch your point about it being PII and all the risk associated with sharing that type of data.

Lots of folks seem to give companies and governments way too much credit in this area. Not everyone is Google, Facebook, FBI, NSA, etc.

 

[drummerboy]

I don't think it's about if they're competent or not, if they're sitting on it or not, just the fact that they're collecting. Data collection is cheap and easy. We know they're collecting enough data for someone to purchase, process, and do something with. Maybe they can, maybe they can't, maybe they do, maybe they don't...

Too many maybe's for me, easy to pull the fuse and fuhgettaboutit.

Furthermore, imagine if you could pull a fuse and google/facebook stop getting their endless stream of data. That's what this is about. Simple solution for one of the (admittedly smaller) tentacles.

 

[crimson_crowd_eater]

Does this block FordPass or Android Auto or does this only change the Wifi? I have no use for wifi but I do text people with Android Auto.
What does this actually change if I pull the fuse?

 

[ice445]

Does this block FordPass or Android Auto or does this only change the Wifi? I have no use for wifi but I do text people with Android Auto.
What does this actually change if I pull the fuse?

It only blocks Fordpass and the convenience features that it offers.

 

[Haas]

Deleted my car off ford pass app. Hard reset sync. Turned off all WiFi features after. Pulled the switch

I still feel like they are watching me

 

[fpa1974]

Well, it sorta does. It depends on what systems what data is in. Some services might not refresh quickly enough to be useful for some applications.As a normal example, I have Ecoobee presence sensors for my thermostat. But I can't use them to trigger smart lights in my HA system because the refresh rate is so bad you'd likely be out of the room again before it registered.

My point was made from the point of view of being able to index on certain pieces of data and not based on how close to real time you need to process it. While related to a point they are not the same and yes you are correct that certain (most) data has some aging constraints (like in your example where data becomes stale or irrelevant after a short (or a long) while.

If the data were pulled once a month for a report, then ya, probably wouldn't matter. But as I said earlier, if you wanted to make this data available for folks to consume for their internal reporting or ingest in their own systems (like an insurance carrier), it would need to be prepped, structured, and a system built to provide access to do so (assuming we are talking about it in terms of a "service offering"). The systems running Fordpass would make that kind of stuff easy as I assume they have a huge data lake powering stuff in the back end. If they don't, then they're even more behind then I thought it.

Insurance companies (because this is what we are talking about) do not really need real time data. They are ok with batches spanning seconds/minutes/hours//days or even a bit more - at least based on how the industry is setup at this point. It would be fun to think about a world where rates adjust more dynamically based on real time data feed but we are not there yet (fortunately or unfortunately depending on how you look at it). Or FordPass making you offers based on where you are at a certain point in time (this is where the ability to process data close to real time is important).

Still, I'd argue that ya'll are forgetting one thing - corporate red tape. Just because it could be done from a technical standpoint, doesn't mean it's realistically feasible for the budgets, skill set, and infrastructure the company has. I see stuff every day in my job that I could turn on and configure in minutes, but spend years trying to get customers to do

Not going to argue this one since you are spot on. That is why I mentioned that it is possible technically - that is not a guarantee of success as you pointed out because of many other factors.

I think in the end @drummerboy 's point is probably what IMO we should be concerned - they are collecting our data (PII on top of everything else). And without clear retention policies or the right to be forgotten, while potentially incapable technically to do something useful with it nowadays that can change with enough time and money. Or they might get hacked tomorrow and that data ends up in the wrong places because they are not that top notch, security conscious tech company as we agreed. I would rather not risk it

Sponsored