Car software closed source

the thing is there are some snooptube people that are notorious for pitching the “electric-model” car but don’t speak about the many OTHER cons of purchasing one …

they mainly say just … “it’s on the expensive side … but the TCO is lower over time”

1 Like

Thanks for the encouraging info. Besides, I’ve just put this on my wish (dream about) list:

Is this something to take into account, is it feasible to count on? To me this looks promising:

@Gavaudan, please help out, are 2020 Subaru Legacy and 2020 Subaru Outback models the ones that you purposely referred to:

The particular Subaru I was referring to was a 2020 WRX.

1 Like

Thanks, enjoy anyway! I might bet that the next WRX will have Starlink infotainment platform on board and I’m very glad that Subaru supports Linux community.


I’m pretty sure mine does, but I don’t use it because I don’t want my car connected to the internet. I’d rather Subaru nor anyone else know where I’ve been or what my oil life is or whatever “helpful” information gets sent to the cloud.

1 Like

Sorry to necro this, but in my case it actually does read the signs. I know this because it often misreads the signs (e.g., a sign at the edge of town noting a default speed limit that doesn’t apply to the major road I am on, gets read as being a speed limit); I also know this because for a couple of weeks a particular sign on my commute was down (raising the speed limit) and the car would continue to display the prior speed limit). It’s not consulting a database (which at least wouldn’t impinge on my privacy provided the database is in my car); it’s not phoning home to get the correct info.

1 Like

I have to admit I haven’t read this thread trough but cars currently are potentially connected to net (at least in EU) due to requirement of automated emergency call (all new cars since 2018). So new cars at least have a link.

Second thing of interest to this thread is - because at a glance, I don’t think it has come up - a research from last fall by Mozilla foundation about just how creepy and invasive the automotive industry is slurping up driver/passenger data (this was made from the American market and EU may have it a bit better with GDPR requirements curbing the most egregious practices, but potentially same tech is used here):

It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

Here are some of the highlights, which are a lot, but I encourage to read the report (bolded emphasis from the report page):

The gist is: they can collect super intimate information about you – from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car – in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests.

most (84%) of the car brands we researched say they can share your personal data – with service providers, data brokers, and other businesses we know little or nothing about. Worse, nineteen (76%) say they can sell your personal data.

All but two of the 25 car brands we reviewed earned our “ding” for data control, meaning only two car brands, Renault and Dacia (which are owned by the same parent company) say that all drivers have the right to have their personal data deleted.

A failure to properly address cybersecurity might explain their frankly embarrassing security and privacy track records. We only looked at the last three years, but still found plenty to go on with 17 (68%) of the car brands earning the “bad track record” ding for leaks, hacks, and breaches that threatened their drivers’ privacy.

Some not-so-fun facts about these rankings: :warning:

  • Tesla is only the second product we have ever reviewed to receive all of our privacy “dings.” (The first was an AI chatbot we reviewed earlier this year.) What set them apart was earning the “untrustworthy AI” ding. The brand’s AI-powered autopilot was reportedly involved in 17 deaths and 736 crashes and is currently the subject of multiple government investigations.

  • Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.” Yes, reading car privacy policies is a scary endeavor.

  • None of the car brands use language that meets Mozilla’s privacy standard about sharing information with the government or law enforcement, but Hyundai goes above and beyond. In their privacy policy, it says they will comply with “lawful requests, whether formal or informal.” That’s a serious red flag.

  • All of the car brands on this list except for Tesla, Renault, and Dacia signed on to a list of Consumer Protection Principles from the US automotive industry group ALLIANCE FOR AUTOMOTIVE INNOVATION, INC. The list includes great privacy-preserving principles such as “data minimization,” “transparency,” and “choice.” But the number of car brands that follow these principles? Zero. It’s interesting if only because it means the car companies do clearly know what they should be doing to respect your privacy even though they absolutely don’t do it.

What’s the solution? Public transport, bike or old car (which preferably has been converted to an electric one)? :walking_man: :walking_woman: :walking_man: :walking_woman: :biking_man: :biking_woman: :bus: :bus: :steam_locomotive: :train: :train:

(Just how much sex are people having in their cars and can someone pay to get their data amended so it looks like they are having more fun? :wink:)


It has come up elsewhere on the Purism community forums.

Thank you for finding this thread for me; I was having a difficult time remembering it earlier.

1 Like

I unfortunately own a new spy mobile. I’ve done what I can to forbid it from doing things.

One of the more annoying things is they got rid of the Aux jack for the stereo. With it, I could simply plug my phone’s headphone output to the stereo, control what’s playing from the phone, and the stereo would simply mindlessly play what it’s being fed.

Instead, if I want my music on the car, I need to use bluetooth or android auto or apple play (the last being moot for me, I have an android spyphone for now).

Fortunately (?) my cellphone provider made my prior phone obsolete, forcing me to buy a new Android Spyphone (I bought the cheapest one), so I could basically reset and lobotomize the old phone. It has no sim card, so I removed every app that has nothing to do with playing music (that it would let me uninstall), then loading my music library onto it. It’s rather like a retro iPod at that point. I bluetoothed that to the car.

I still want to snip the wires to the antenna, and will once the warranty runs out. Also the in-cabin microphone needs a kill switch.


Public transport is often not privacy orientated. Cameras around the bus, tram or train rooms where you don’t know if just the bus driver etc can see it or if it’s send to an Amazon server or if it analyze things via AI (even if forbitten). Also there are often cameras around train stations or special public places (bus central stations). Also think about automation of ticket controls, especially if you use personal tickets (abo).

Still much better than spycars. I’m just happy that I can do 99% of my stuff via walking or biking.

Anyone here with enough money to become an e-car manufacturer that creates a car with GNU/Linux board computer and HKS for sensors and connections? :smile:


Well they were about to announce the LibremCar, but you’ve stolen the surprise.

(Just Kidding!)


That depends on your threat model. I occasionally walk and/or use public transit when necessary, but otherwise I refrain from traveling.


Not USB? That’s what I mostly use. The in-car software does a pretty good job of providing flexible access to the contents of the flash drive (e.g. sort by artist, sort by title etc.).


In my country, apart from the video surveillance-overload, it is becoming more difficult to use an anonymous travel card and in any case they may still be recording data about the use of each anonymous card.

LOL. I’m guessing “no” on that one.

1 Like

What do you mean by that?

To use public transport in some Australian capital cities, you have to use a card (for use with proximity readers). When you buy the card you can buy it anonymously or you can buy it and register it to your name. Either way, the card has a unique number. (Registering it to your name could be good if the card is lost or stolen.)

If you register the card to your name then, like a mobile phone in a sense, you are carrying a tracking device. As you move around the public transport network, each time you enter or leave a bus, train, tram or ferry, a location record can be created against your name.

If you keep the card anonymous, then those location records can still be created but they can only be associated with you if your use of the card can be associated with you e.g. through the use of manual or automatic facial recognition via the extensive network of surveillance cameras or e.g. if you choose to transfer money into the card’s account to top up the balance (and you do of course have to have a non-zero balance in order to travel) and you transfer money in a way that can be associated with you (and I suppose likewise when you buy the card you make a choice about payment method).

(So realistically an anonymous travel card may not be very anonymous.)

I hope this gives an understanding of some of the privacy challenges of public transport in my country. Hence



In fact I wanted to write something similar, but decided to write it in another way.

Even if you can buy a paper ticket, digital solutions are coming more and more and with those the surveillance, too. But just a crazy idea: why not making public transport for free (payed via public money)? No ticket infrastructure and so also no ticket-surveillance. There are also a lot of other positive things for nearly everyone that just doesn’t matter on a privacy discussion.


It sounds like the same situation as Translink in the Lower Mainland of British Columbia.

However, you can acquire Compass Tickets at Compass Vending Machines, and are single-use only.

That would rely on political representatives to listen to peoples’ interests.


USB is abysmal. I tried it first. I could not “drill down” artist->album->track with it. I could go artist->track, but when a lot of your stuff is classical, most tracks are named “allegro” and without the album context (i.e., which symphony it is), it’s utterly useless.

And even when it’s not classical, going to an artist simply jumbles all of the tracks together from their…possibly a dozen…albums into a random mess. Now I have to scroll and hunt through dozens of tracks to find the one (!) track I actually wanted to hear.

Also every time the car started, it reloaded the entire library and began playing what it deemed to be the first track in the library (some fairly obscure work by Bach).

Absolutely dogsh*t useless.


Fair enough. Obviously it’s going to depend on the capability of the in-car software.

I don’t have anything classical on my flash drive (which is synched with the server on an ad hoc basis from time to time) so I haven’t personally seen that problem.

I think you are right that, even on my car, when doing sort-by-title, it does not show the album name until it starts playing. However that specific kind of duplicate (same title but not actually the same track) seems rare enough that it hasn’t disturbed me.

(Digressing further, on my internal web DLNA interface to the audio collection, I have specifically set it up so that it clearly distinguishes in the title between the above type of duplicate and the other type of duplicate: same title because it is actually the same track and just happens to occur on more than one album. This is achieved by altering the title on the fly when doing sort-by-title - and even then may be somewhat heuristic but it works well enough.

So I guess in theory you could do that as the music is copied to the flash drive. That would mean that you couldn’t just copy to the flash drive using a single command and would instead need a shell script or program. Alternatively, you could fix it up on the flash drive retrospectively.

If doing in a shell script, and assuming MP3, it looks like you will need to use the id3v2 command, or similar, to mess around with the MP3 metadata in the copy on the flash drive.

Worth a shot?)

FWIW, my car seems to remember correctly exactly where I was up to - and simply continues on - even after the flash drive has been removed for a while.

Perhaps next time your car is in for service, you should see whether a firmware update is available.

1 Like

My son owns a DMV services business and sells the occasional… old car or truck. He is trying to get authorization from the regime (don’t get me started on the evils of licensure!) to run a dealership. I suggested he name the company Privacy Motors.