View Full Version : OnStar Begins Spying On Customers' For Profit

09-21-2011, 11:54 AM
I didn't see this feature advertised... :eek: Time to disconnect that system if you haven't already...


"Jonathan Zdziarski (http://www.zdziarski.com/blog/?p=1270)
Sept 21, 2011
I canceled the OnStar subscription on my new GMC vehicle today after receiving an email from the company about their new terms and conditions. While most people, I imagine, would hit the delete button when receiving something as exciting as new terms and conditions, being the nerd sort, I decided to have a personal drooling session and read it instead. Im glad I did. OnStar’s latest T&C has some very unsettling updates to it, which include the ability to sell your personal GPS location information, speed, safety belt usage, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling.

The complete update can be found here. Not surprisingly, I even had to scrub the link as it included my vehicle’s VIN number, to tell OnStar just what customers were actually reading the new terms and conditions.

The first section explains the information that’s collected from the vehicle. No big deal. Sounds rather innocuous and boring. I imagine most people probably drool out and close the window by the time they get this far. Your contact information, billing information, etc. is collected. Nobody cares about tire pressure and crash information being collected – after all, that’s what OnStar is there for. Toward the end, you’ll read about how GPS data is collected, including vehicle speed and seat belt status. Again, in an emergency, this is very useful and most customers want an emergency services business to collect this information - when necessary. And the old 2010 terms and conditions only allowed OnStar to collect this information for legitimate purposes, such as recovering a stolen vehicle, or when needed to provide other OnStar services to customers on demand. As you scroll down the list of information collected, you see that once you get past important emergency services (what we pay OnStar for), OnStar now has given themselves the right to also use this information to stuff their pockets. OnStar has granted themselves the right to collect this information “for any purpose, at any time, provided that following collection of such location and speed information identifiable to your Vehicle, it is shared only on an anonymized basis.” – This provides carte blanche authority for OnStar to now track and collect information about your current GPS position and speed any time and anywhere, instead of only in the rare, limited circumstances the old contract outlined.

Anonymized GPS data? There’s no such thing! We’ve all seen this before – anonymized searches, for example, that were not-so-quite anonymized. But in this case, it’s impossible to anonymize GPS data! If your vehicle is consistently parked at your home, driving down your driveway, or taking a left or right turn onto your street, its pretty obvious that this is where you live! It’s like trying to say that someone’s Google Map lookup from their home is “anonymized” because it doesn’t have their name on it. It still shows where they live! What’s unique even more-so to OnStar is that the data they claim they sell as part of their business model is useless unless it’s specific; that is, not diluted to the nearest 10 mile radius, etc. This combination of analytics, and their prospective customers (law enforcement, marketers, etc) requires the data be disturbingly precise. Anyone armed with Google can easily do a phone book or public records search to find the name and address that resides at any given GPS coordinate.

So the GPS location of your vehicle and your vehicle’s speed are likely going to be collected by OnStar and sold to third parties. What kind of companies are interested in this data? OnStar would have you believe that respectable agencies, like departments of transportation and various law enforcement agencies (for purposes of “public safety or traffic services” – A.K.A ticket writing). I can imagine this data COULD be used for good, to create traffic based analytics to improve future road construction or even emergency response. But given that those types of decisions are only made once a decade in most cities, OnStar isn’t likely to benefit much financially from “respectable” companies.

What is more profitable to OnStar that your personal GPS data could be used for? Hmm, well how about the obvious – tracking you and your vehicle. It would be extremely profitable to be able to identify all vehicles within OnStar’s network that frequently speed, and provide law enforcement “traffic services” the ability to trace them back to their homes or businesses, as well as tell them where to set up speed traps. Or perhaps insurance companies who want to check and make sure you’re wearing your seat belt, or automatically give you rate increases if you speed, even if you’re never in an accident? How about identifying all individuals who shop at certain stores, and using that to determine whose back yard to put the next God-awful Wal-Mart store? How about employers who purchase these records from these third parties to see where their employees (or prospective employees) travel to (and how fast), sleaze bag lawyers who want to subpoena these records to use against you if you’re ever sued, government agencies who want to monitor you, marketing firms who want to spam you, and a long list of other not-so-squeaky-clean people who use (and abuse) existing online, credit card, financial, credit, and other analytics to destroy our privacy?

Add to this OnStar’s use policy of your personal information – the stuff that does identify who you are and ties it to your GPS records. While I have no problem using my personal information in events of an emergency, OnStar also uses my information to “allow us, and our affiliates, your Vehicle Maker, and Vehicle dealers, to offer you new or additional products or services; and for other purposes“. So not only is OnStar going to sell my vehicle’s GPS location data to a number of third parties, but they’re also going to use it and my personal information for marketing purposes. Imagine your personal data being sold to any number of their “affiliates”, and a few months later, you start to receive targeted, location-specific advertising based on where you’ve traveled. Go to Weight Watchers every week? Expect an increase in the amount of weight loss advertising phone calls. Go to the bar frequently? Anticipate a number of sleazy liquor ads to show up in your mailbox. Sneak out to Victoria Secret for something special for your lover? You might soon be inundated with adult advertising in your mailbox.

OnStar’s new T&C continues, explaining that part of the company may at some point be sold, and all of your information with it. It sounds as though OnStar is poising part of their analytics department to be purchased by a large data warehousing company, such as a Google, or perhaps even an Apple. Do you trust such companies with unfettered access to the entire GPS history of your vehicle?

This is too shady, especially for a company that you’re supposed to trust your family to. My vehicle’s location is my life, it’s where I go on a daily basis. It’s private. It’s mine. I shouldn’t have to have a company like OnStar steal my personal and private life just to purchase an emergency response service. Taking my private life and selling it to third party advertisers, law enforcement, and God knows who else is morally inept. Shame on you, OnStar. You disgust me.

To make matters even more insulting, it was difficult to ensure the data connection was shut down after canceling. I still have no guarantee OnStar did what they were supposed to. I had to request the data connection be shut down repeatedly, after the OnStar rep attempted to leave it on and ignore my requests.

When will our congress pass legislation that stops the American people’s privacy from being raped by large data warehousing interests? Companies like OnStar, Google, Apple, and the other large abusive data warehousing companies desperately need to be investigated.

These terms don’t go into effect until December 2011, and it takes up to 10 days to have the account fully cancel, and another 14 days for the data connection to be shut down… so if you want to get out of these new terms and conditions, you’ll need to do it soon.

09-21-2011, 10:13 PM
Not really suprised to tell you the truth.
Never really liked the potential for abuse in theis system.
It does a lot, they have the history of the vehicle's use.
They'll know if your out tracking a car etc.

Also the service aspect, they e-mail you vehicle faults & attempt to push you to the closest dealer's lot.

09-22-2011, 04:49 PM
How to disconnect OnStar:
Camaro5 Chevy Camaro Forum / Camaro ZL1, SS and V6 Forums - Camaro5.com - View Single Post - How to disconnect OnStar? (http://www.camaro5.com/forums/showpost.php?p=1140366&postcount=54)
How to Take OnStar Out of a Car | eHow.com (http://www.ehow.com/how_5330281_onstar-out-car.html)

09-22-2011, 10:28 PM
Not surprising that OnStar/GM is not a member of the Digital Due Process (DDP) coalition, which is supporting amendments to ensure the government can't track your cell phone or obtain online content such as emails, photos, documents and backup files without first going to court to get a search warrant.

According to the EFF, the current version of the ECPA (Electronic Communications Privacy Act) is vague on whether these documents and information -- including the tracking of your cell phone -- are presently protected from government intrusion without any form of warrant.

OnStar is in part, basically a cell phone...

Digital Due Process :: Who We Are (http://digitaldueprocess.org/index.cfm?objectid=DF652CE0-2552-11DF-B455000C296BA163)


09-29-2011, 12:28 AM
Now OnStar is backpedaling, until you forget about this...

TomTom was also caught selling customer data this year:
TomTom apologise for selling customer satnav data used for police speed traps | Mail Online (http://www.dailymail.co.uk/sciencetech/article-1381491/TomTom-apologise-selling-customer-satnav-data-used-police-speed-traps.html)

TomTom To Sell GPS Data To Road Authorities, Private Companies (http://www.smh.com.au/digital-life/cartech/outrage-over-tomtom-speed-traps-for-motorists-20110506-1ebc2.html#ixzz1LeEc4DCe)

It is not dead, this is a temporary measure to fool people. TomTom took the same tactic in the past where they were sharing/selling data, stopped, but guess what, reportedly they are doing it AGAIN.

So will OnStar!

Not only that, but Maryland is testing an in-car spy system, I'm sure other states are thinking similar 1984 schemes:

Maryland MVA Trials In-Car Spy System Alex Jones' Infowars: There's a war on for your mind! (http://www.infowars.com/maryland-mva-trials-in-car-spy-system/)

This is real.

02-18-2012, 10:32 AM
This is why I always have my location disabled in my cell phone and I also disable any background data. Interesting how Android market forces you to enable background data to even get in. I do my updates and disable it right away.

02-20-2012, 12:35 PM
Tony Soprano took the On Star out of his white Esclade