Pretty sophisticated attack vector: low voltage attack on AMD secure execution environment during boot. I wonder how many tries you need to get whatever bits you need in the right place. Also, I imagine you only need to cut 12V wires to do this, but I admire the willingness to get in there direct on these systems. I'd be a little nervous to make those cuts personally.
Buried in the article is the claim that this will let them pull the RSA private key the car owns out for other uses -- while this is likely to remain a very niche attack vector, that's got to be really bad news for someone in vehicle security at Tesla. On the other hand, post jailbreak you could anonymize your location on Tesla's servers, which would be nice.
you're joking, but there's a whole genre of "adversarial fashion"[0][1] dedicated to making clothing that spams these sort of public data recognition services. Hoodies with license plates, face masks with weird facial features, etc. Often optimized against actual neural networks too
That’s really cool, I wonder effective these designs really are!
This reminds me of a font that came out 10 years ago ZXX [1] that was presumably designed to hide from OCRs.
If you're willing to go to the lengths of adversarial fashion, you're probably also willing to walk around with a stone in your shoe, or in high heels.
And set off hella red flags for everything else (probably wouldn't be too much of a problem if you just say "it's to foil gait detection" when you get interrogated about your third leg. people tend to be cool with all kinds of weird shit as long as it's for a reason). Could maybe work if gait detection is the only adversary in your life for sure.
This made me realize that recent openAI tech is able to cut through misleading or confusing images, even finding the potentially inferred humour or absurdity layered in the images. I wonder how we’ll find a way to trick that kind of technology as well.
This is actually a common practice. Thieves will jack someone’s plates (prefer that they don’t notice) after stealing a car. It is pretty effective, since most people don’t realize their plates have been swapped until they have been pulled over for vehicle theft, so the cops aren’t even looking for the right plate for a few days, and by then they’ve already swapped again.
That's why I wear an rpi connected to four lcd's on my face that display randomly chosen beard tiles.
It's also why I started Our Lady of the Anonymity Pool where we gather for music and fellowship, and to recharge and distribute beard screens to our congregants and visitors.
Against face recognition you could use CV dazzle makeup [1] to look less like a face. However I wouldn't recommend using that approach for your vehicle
Oh no, it's super easy to see, just harder to tell if it's a coupe or a sedan or whatever. New lines in the body panels get drowned out by the pattern, etc.
I vaguely recall reading (probably in the book All Corvettes Are Red) that the C5 Corvette was driven around with Camaro body panels to fool the media.
I think EU countries are supposed to be using the same legal privacy framework, although the exact way the laws are phrased and interpreted might differ from country to country.
I believe in Spain, generally speaking, it is legal to record your interactions with someone when you are in public.
But I think many people are not aware that this is legal, including some police officers, because privacy laws are perceived to be quite strict.
Similarly, I think dashcams are actually legal, even though most police probably think they are not.
I think these recordings can even be used in court cases, and in fact in many cases it's probably the reason why they are legal, otherwise it would be hard to see a legitimate purpose that would override the privacy drawbacks.
However, there are restrictions. Indiscriminate recording (i.e. CCTV) of public areas is illegal, as in Germany. This is also true for the entrances of personal homes: you are only allowed to have CCTV outside if it's pointing directly at your door, not the street in general (and you must post a sign).
An obvious restriction is that I think you are not allowed to publish a recording without either anonymizing the people in them or getting their permission.
An interesting restriction that comes to mind is that a few years ago, there was a court case of a man who was caught filming children on a school playground while positioned outside the school, which at the time it was presumed to be for sexual purposes, I think because of the way he was doing the recording (big lenses, I think?) and because he didn't have a legitimate motive for doing that (like being the parent of one of the children, or filming a documentary, etc).
He was sentenced and received a large fine, but I think the legal reasoning was that children on a school playground are expected to have a legal right to privacy, even though it's a public school. So the judge considered it the legal equivalent of filming someone in their private home from outside.
I'm very happy for cases like these where common sense prevails over legal / ideological dogma (even though I'm also aware of the dangers it can pose when laws aren't interpreted to the letter).
> you are only allowed to have CCTV outside if it's pointing directly at your door, not the street in general (and you must post a sign).
I forgot to mention that I highly disagree with this restriction.
It's really, really bad for home and personal security: pointing the CCTV at your door does absolutely nothing when a robber / kidnapper enters your house while wearing a ski mask.
However, pointing the camera outside could much more easily record their identity in the days previous to the crime while they were staking the house (even if they only get caught after the crime), as obviously it's not very feasible to stake a house wearing a ski mask.
Or at least, it would deter them much more heavily and possibly prevent a not-insignificant proportion of kidnapping cases, since most of them seem to occur in people's own homes, which seems to be the easiest choice.
I am similarly an extremely big critic of self-defense laws in European countries, which basically leave you completely defenseless in your own home even if you or your family are being kidnapped, due to the huge asymmetric advantage that an attacker has over you.
Or at the very least, you risk going to jail for many years if anything goes wrong.
A vast majority of kidnappings are done by family members. It's a movie thing that a ski mask vigilante enters your home to kidnap you. I'm almost 100% positive there's virtually no risk of being kidnapped at home by ski-mask wearing criminals that staked your house previously.
Or, if you are in that specific, very small target group for e.g. ransom etc, you probably should've been investing in home security beyond a front door camera anyways.
> Or, if you are in that specific, very small target group for e.g. ransom etc,
I am, as are many thousands of other people, in different fields. Although some of my personal circumstances contribute to my risk being especially high, even within these fields.
> you probably should've been investing in home security beyond a front door camera anyways.
I have, to an extent that has been called unreasonable by multiple "normal" people, and these people are not even aware of 90% of the security measures I've taken, including the best ones. Fortunately, my closest family has always been highly supportive in this endeavor.
And these measures are not even half of the recommendations I've been given by security professionals who have scrutinized my life with a fine-toothed comb. Some of these recommendations I've chosen not to take due to not being too adapted to my personal circumstances and lifestyle, but others were amazingly good, far beyond what I expected.
That said, the camera issue, gun restrictions, and strict self-defense laws in Europe are huge limitations that all contribute to vastly decreased personal security for me and my family. And I've been advised by experts in this area, so it's not like I'm setting an unreasonably high standard. I'm also generally anti-guns, but alas, in some cases their benefits outweigh their disadvantages (otherwise police wouldn't carry them) and I think gun laws in Europe don't contemplate this type of situation very well.
It's also a fallacy to think that there is any single set of measures that will protect you. It's not like you can just hire a bodyguard and suddenly you are safe, in fact this can make things even worse in some circumstances.
Physical security can be as much about being careful, having plans in place, keeping a low profile and adding security layers / friction / risk / deterrents as other forms of security such as infosec. In fact, infosec is also a part of physical security nowadays, as well as other similar measures.
But of course, you can't just add every possible security measure, either due to cost or friction / unpleasantness. As an example, almost nobody would like to literally live in a bunker, if you know what I mean.
Also, don't forget to consider that even when you have great home security, it can be very, very easy to bypass it. Even very famous celebrities with great security teams have been kidnapped in modern times, although many of these cases are unknown to the general public. You'd probably be surprised! And that's only the cases that have been made public, most of them are probably not even made public.
Furthermore, your closest family members may not be able to be as vigilant as you, for many different reasons. And it's not even possible to be 100% vigilant all the time, it's extremely easy to get complacent over the years or make mistakes that decrease your security.
To add to all that, attackers have a huge asymmetric advantage during an attack, as they have the surprise element.
"gun restrictions, and strict self-defense laws in Europe are huge limitations that all contribute to vastly decreased personal security for me and my family"
Even in germany it is quite easy to legally own a gun. All you have to do is be a member of a Schützenverein ("shooting club") for some time.
What is indeed very hard, is get permission to carry a gun with you.
But your main point seems to have been about home security and having a gun in your home is very possible. Unless you live somewhere with tighter gun laws than germany?
(Also most abductions for ransom happen outside, easier to snatch someone from the road, than come into his home)
"To add to all that, attackers have a huge asymmetric advantage during an attack, as they have the surprise element."
But you can also surprise them with security, they were not aware of and after that initial attack advantage, time is on your side. (Emergency call and panic room).
"It's not like you can just hire a bodyguard and suddenly you are safe, in fact this can make things even worse in some circumstances."
Yeah, because a common bodyguard mainly creates visibility. And the best defense is to not let the attacker know you exist as a target. But there are security guards, that are not visible to the bystander.
And all in all I have to say, that you do sound quite paranoid. And I cannot think of too many professions, where that paranoia in europe is warranted and where you do not have professional security assigned to you, or where you do in fact get permission to carry a weapon. If the walls you build around you are too tight, you eventually just build your own prison.
> But your main point seems to have been about home security and having a gun in your home is very possible. Unless you live somewhere with tighter gun laws than germany?
No, you are completely right, I had forgotten about that possibility!
Indeed, my main worry with gun laws in Europe is about home security, where the advantages can outweigh the drawbacks if you have a high risk profile, not about carrying them in public which I think could lead to other problems.
The hunting guns are much better than nothing, that's for sure!
> (Also most abductions for ransom happen outside, easier to snatch someone from the road, than come into his home)
From my experience (i.e. the many cases I'm familiar with, not that I've been a victim), this is not true, although I'm also familiar with cases like you describe.
But perhaps I'm simply not familiar with the cases that you know about, or about general statistics. I'm more familiar about cases similar to my risk profile.
> But you can also surprise them with security, they were not aware of and after that initial attack advantage, time is on your side. (Emergency call and panic room).
There are scenarios of home invasion for kidnapping purposes that I'm familiar with, which have really happened in Europe not too long ago, and which are impossible to defend against without extreme measures or very significant lifestyle changes, even taking into account what you just mentioned (which I'm obviously familiar with) but I really don't feel comfortable sharing more information.
> Yeah, because a common bodyguard mainly creates visibility.
Indeed, but even ignoring that (and the cost which is usually not a problem in these circumstances) there can also be quite a few more drawbacks that you didn't mention, but again, I don't really want to get into it.
> And the best defense is to not let the attacker know you exist as a target.
Not always possible, but completely agreed in-so-far as you can achieve that as much as possible!
I consider this to be one of the most important goals, assuming you are not a famous person already.
But even then, over the years there have been literally dozens of people who have become familiar with the riskiest part of my situation due to things that are completely outside my control, like different types of legislation which actually force me to disclose the most critical parts of my personal information to dozens of strangers for different (although usually similar) reasons.
Several databases also contain this critical information.
These strangers I mentioned are unlikely to lead to problems themselves, but information can travel easily or be leaked, and it's still an increase in risk.
> And all in all I have to say, that you do sound quite paranoid.
Yes, I'm 100% aware of that :) Don't think I haven't been told this by many people who are not entirely familiar with my situation.
That said, all of the people who have been aware of the details of my situation have shared exactly the same worries as me, and this includes people who have motivation to tell me the harsh truth rather than simply humoring me.
But of course, I try to share all of my details with as few people as possible, for obvious reasons.
In these kind of high-risk stakes, I make sure to really seek honest feedback rather than confirming my biases, because I just want to get the most useful information to make the best decisions I can, accepting that I can be very ignorant about things which I knew almost nothing about (like physical/personal security). The professionals who have assessed my situation have been really clear about all the stupid, unrealistic worries that I had, as well as all the things that I should be really worried about. They have also provided me with a numerical estimate of my personal risk (hopefully much less biased than my perceptions), along with justifications.
Yeah, I know I may be unreasonably paranoid, but on the other hand, are you really paranoid if they are really out to get you? lol!
> And I cannot think of too many professions, where that paranoia in europe is warranted and where you do not have professional security assigned to you, or where you do in fact get permission to carry a weapon.
Indeed, but there are many drawbacks to the solutions you are proposing and not many benefits in my particular situation, although I admit my situation is unusual. But really, I am already sharing more than I am comfortable with.
> If the walls you build around you are too tight, you eventually just build your own prison.
Indeed! That's why you need a good balance and accept some risk, because it's simply not possible to completely avoid it. But since I could afford to, I couldn't help but to take the most reasonable and "lowest hanging fruit" steps I could take to protect my family, under the circumstances.
Imagine not caring very much and then something really bad happens to your child or spouse, how would you feel?
Now, I can at least say that I did put a lot of effort into it, so even if something bad happens, it will be much, much easier for me to accept that the circumstances were simply outside my control.
This actually touches on something I was told by the security professionals I mentioned: some (although very few) of the security measures we've decided to take don't actually provide a meaningful amount of security, but even a tiny incremental improvement disproportionately contributed to us becoming more worry-free / experiencing greater piece of mind and being happier (but of course, this only works if it doesn't continuously affect your quality of life).
And the other thing to mention is that no matter what you do, some things are simply outside your control, so there's no point in obsessing over them, it's just something you have to accept. I think we have been extremely good in this area.
So I am happy to report that after the initial effort was finished (which lasted a few months), we have been able to live with a lot less worries and almost no decrease in quality of life for quite a few years already :)
""Yeah, because a common bodyguard mainly creates visibility."
Indeed, but even ignoring that (and the cost which is usually not a problem in these circumstances) there can also be quite a few more drawbacks that you didn't mention, but again, I don't really want to get into it."
I actually worked a bit in security and so I can tell that some of the other disadvantages are, that most security guys are treated badly, get very lowly paid and their morals are low - so their motivation to potentially sell you out (or not wake up when you need them) is actually quite high. Some high profile companies might be different, but I know I would not trust a common security company with anything (And the company that I worked for had a good reputation and was involved with securing government buildings, but I was a bit shocked to look behind the facade, it all only works, because most criminals are unprofessional as well)
Otherwise you do sound reasonable that you take the appropriate steps, but like you said, it is all about the right balance and yes, you have to accept some risk in life.
But of course, now I am really curious about your risk profile. Seems to be quite an unusual one.. but I can understand, that you don't want to share details. Because unlike often cited here, Security through obscurity is a real thing.
edit: but I have to relativate about the security guys I worked with: some of them were quite bad, but probably none of them would have actually ignored when a child was in danger, or activly helped an attacker for money. They just didn't give a shit in general, so maybe would miss the alarm.
And miss doing maintainance in alarm systems etc.
And not follow safety protocols (in theory there were actually too many of them, but even the simple and useful ones got ignored)
CCTV's only purpose for home security is for possible intruder to see it and decide to not intrude. If they come in and you get them in vidi then what? Who will you show it to? Police? What are they going to do?
> CCTV's only purpose for home security is for possible intruder to see it and decide to not intrude. If they come in and you get them in vidi then what?
If your CCTV can only film inside your house, it will not be able to record the identity of a sophisticated attacker.
> If they come in and you get them in vidi then what? Who will you show it to? Police? What are they going to do?
If you are able to record their identity (this is much more likely if you can film outside your house, within an area they would use to stake it), then there are several advantages:
1. Even if you are kidnapped or your house is robbed, it is more likely that the attacker's identity will be recognized, either during this attack, before another attack or even after they are caught in another attack, which would help to increase their sentences.
The chance this will help stop the current attack is minor, although not impossible if law enforcement acts in an expertly fashion (huge "if", I know).
2. For the same reasons above, it is also a huge deterrent, as it greatly increases the risk of the attack (for the attackers, of course), so it also helps to prevent you from being attacked.
3. Furthermore, it shows that you have taken security measures and therefore will increase the chance that the attackers will choose an easier target rather than you.
Dash cams are much more tightly regulated in the EU than elsewhere (you become a Data Processor and have all the responsibilities that comes with that).
Private ANPR in public spaces is unlawful in I think every EU state?
Coming from an American perspective (where, when you are in public, you have basically no expectation of privacy), this seems insane.
Does this mean that if I'm filming a vlog at Brandenburg Gate (which inevitably includes video of other people in the background enjoying the area), I'm in violation of privacy laws?
Does that mean if I take a video selfie of me and my family members (which, again, includes images of others in the background, and which is automatically uploaded to icloud) I'm a data processor and am in violation of privacy laws?
I assume there is some line here, but I can't think of the logic separating a person's dashcam from my examples?
The European perspective is broadly to have the "freedom from", whereas the American one is the "freedom to".
You've got the freedom to aquire an arsenal, I don't, but I prefer the freedom from other people gunning down my kids, which by extension limits the narrow personal freedoms of myself and others.
Likewise, the American perspective is to draw a hard line on "in public", the European one is more nuanced.
Yes, you can film your vlog without fear, but a random pedestrian in Berlin also has the freedom from being associated with your public vlog.
Therefore you have a responsibility to either get their permission to broadcast it, or to anonymize them.
A useful way to think about it is to shift your view from "can I do X?" to "will I bother anyone else by doing X?".
There is a lot of leeway to be had between "will I bother anyone else by doing X" and "will anyone else be bothered by me doing X": it's active interference versus passive objection-taking. Socially aware people can learn the difference.
Your response to "by that metric, essentially almost everything is disallowed" is "well yeah, just don't do it". I don't think that stance would sit well with most.
> Does this mean that if I'm filming a vlog at Brandenburg Gate (which inevitably includes video of other people in the background enjoying the area),
I don't know about the law in Germany but I think it is very impolite in any country. You should ask people's permission before putting them online. On Japanese TV they blur out faces of people passing by for example when filming an interview in the street.
> Does this mean that if I'm filing a vlog at Brandenburg Gate (which inevitably includes video of other people in the background enjoying the area), I'm in violation of privacy laws?
No (at least not in France, which also has pretty stringent privacy policy so I think it's still a relevant answer) you can film people or cars in public streets but you cannot do any kind of data processing on the things you film (you can't keep a database with the license plates you have on your personal videos for instance).
In short the line is: pictures and films by themselves are OK [1], but doing anything with the personal info you get from those video is forbidden.
[1]: (under conditions, you must not cause harm in the process: for instance no “happy slapping” videos)
As other have pointed out, the rules on photography vary from country to country within the bloc. However, the rules governing data protection and the processing of personal data (including photos) come from the GDPR, and very basically say that any processing of personal data requires a valid legal basis.
There is an exception for personal use - the household exemption - but as soon as you cross the line into commercial operations or certain activities such as publishing, creating databases, etc, you lose the benefit of that exception.
That doesn't mean you can't continue, just that you now need a legal basis and need to follow the rules (inform data subjects, allow the right to be forgotten, etc).
So in general, dashcams are fine (unless a local law prohibits them) as you have a legitimate interest in recording your driving in case of an accident. Creating a facial recognition or ANPR database with the same footage would be unlawful, however.
It's unlawful as it means you lose the household exemption, and so need a legal basis for the processing. You also need to inform others of the data collection in advance, the purpose for which the data is collected, and the contact details of the data controller.
Private ANPR-equipped vehicles are rare (and outright illegal in some EU states), but when you see them they'll have large decals with the above information on all sides.
Facial recognition is considered biometric data, which is special category data under the GDPR and forbidden to process except in very strict circumstances. Apart from law enforcement/government, it is more or less impossible to lawfully process biometric data with informed consent from the data subject. The household exemption does not apply.
There are differences between private photographs and commerical products.
Vlog/youtube would be considered to be potentially commerical .. so you would probably be responsible fore GDPR and likeness recording. (The onious is on you to blur)
Video selfie/photograph personal/non shared use - you're free do this
Fucking hell, here we go again: "Dash cams are much more tightly regulated in some parts of the EU than elsewhere."
It depends on the eu country of which there are several...including an ex-eu country.
How it comes accross:
One of the things i hate about America is that in new york all the californian building restrictions and zoning are killing free speech.
When talking about the EU, there are two types of laws (well, three if you include treaties), Directives and Regulations.
Directives are common goals which much be transposed into law by each country and there is indeed differences in implementation. An example of a directive is Directive 2012/27/EU on energy efficiency. It set goals on energy efficiency (and minimum targets), but each country implemented it's own legislation to transpose the Directive into law, and those implementations varied wildly.
However, EU Regulations are a different kettle of fish. Regulations are EU legal acts which are immediately enforceable as national law in all EU states. GDPR is a Regulation and so applies uniformly across the bloc.
Regulations are designed to harmonise legislation across the entire bloc. Obviously there are differences in enforcement, but the ultimate arbiter is the CJEU and decisions are binding in all EU states.
Just like we used to have cable box guys willing to sell you an unlocked box for premium channels, we are eventually going to have feature unlock guys that you go do and for a small fee perform some slightly more technical hack to enable features that are already there.
This market already exists for things like enabling Navigation on VW/Audi cars. People were offering to enable the hidden Android Auto support on my Porsche Macan for $600, which I almost went for until I found the scripts and instructions to do it myself.
This is how I got CarPlay on the used BMW I bought. Gave some guy in Thailand my VIN and $60, he sent me firmware to install, and now I drive around with working CarPlay and the vague notion that I've maybe been p0wned in ways I don't fully understand.
I did the same on a Mazda CX5 a few years back, but it was a software only hack to get root first. I suspect the actual physical hardware modification line is the one that most users are going to be unwilling to cross unless they are in the "Download a Car" crowd.
> I suspect the actual physical hardware modification line is the one that most users are going to be unwilling to cross unless they are in the "Download a Car" crowd.
Idk, hardware modification of the first Playstation that allowed to play ripped games became mainstream very quickly in my country (France) and you could even go to some shops that sold Playstations to get it done. It only stopped when it was made openly illegal.
“I paid for this shit, I do what I want with it” is a very powerful sentiment (and a legitimate one actually: corporation adding “Digital Right Management” system to deprive people from their property right is dystopian as hell).
By the time I got around to booting "backup" discs in that system, it could be done just with a dongle (like a GameShark type thing, maybe? Can't remember) although unlike a soldered-in mod chip, it required booting with any genuine game and quickly swapping to any copy of another game, using a spring to defeat the lid sensor thus avoiding a subsequent check for a genuine disc.
Not quite as convenient, but lack of invasive mod was the tradeoff.
> hardware modification of the first Playstation that allowed to play ripped games became mainstream very quickly
I remember this. Chip on chip iirc. The period is stored in my memory because it was also when DVD media first broke the $1/disc barrier. It wasn't very good media at $1 per but exciting times nonetheless.
Okay, but in that PlayStation example you DIDN'T pay for the games, but still decided to 'do what you want'. How is that legitimate but attempting to prevent it not?
Because you also prevent legitimate uses of such "feature", such as playing games you purchased legitimately from other regions, as that "feature" also allows to defeat region-locking. As for why not just buy those same game versions released in your region, some games were just never released in some regions. Another common use is running legitimate homebrew software.
So logically, it isn't modding/unlocking the console itself that's illegitimate. But it can be used for certain illegitimate actions, yes (along with legitimate ones).
This, or you want to have a backup of your disk because your younger brother isn't especially gentle, or you want to have a second copy of your game so that you can have one at Dad's home and one at Mom's.
And these use-cases aren't only legitimate, in France they are even legal and in exchange we pay a tax whenever we buy a media storage device (Taxe sur la copie privée).
It was built, and then disabled, as Porsche wasn't comfortable with Google's policies around data collection from Android Auto. You can pretty easily figure out how to turn it back on.
If you're in the market for a recent Porsche, which go for let's say ~$100k, $600 is cheap to you. Cheaper than the time you'd spend on doing it yourself really, but doing it yourself is half the fun.
> If you can't afford to maintain an expensive car, you can't afford to purchase an expensive car.
Depends on how you acquire it. I can get a couple BMW's for cheap to free but I've heard too many repair stories around the campfile to blind dive into that particular rabbit hole.
This has already been the case on European navigation systems (Audi and VW MMI/MIB) for many years now.
VW Audi Group developed an entire infrastructure called SWaP (Software as a Product) and FEC (Feature Enable Codes) many years ago, and ever since, there has been a cottage industry in bypassing the system to enable features like CarPlay, Navigation, and Performance Monitor which are usually locked by software trim levels.
It's always awesome seeing your comments about VW stuff. I've been using VCDS over 10 years now with nothing but various trims of Golfs for even longer than that. Luckily my Mk7 R came with all the FECs I'd ever want, stock! The secret menu doesn't show anything interesting in the diff between supported and installed.
Do you think there will ever be ECU/TCU tunes maintained as open source projects? Maybe not quite as user-friendly as the Cobb ecosystem and the like, but good enough to make $600+ tunes a thing of the past for DIY types who are into mucking about but want the peace of mind that comes with using maps that enough other people are already using? Not that tuners shouldn't be paid for their work, but I feel like they could focus on the custom tune segment and be ok. My current understanding is that free software exists (I haven't actually played with any myself yet, but I've heard of TunerPro, WinOLS, etc. and I see you maintain VW_Flash, very cool) but then the user needs to know how to create a custom tune from scratch, no free and widely used "off the shelf" / "staged" files floating around for common cars (the main value proposition of APR, EQT, IE, UM, etc.), correct?
All of the tools needed to do this are already there. However, maintaining this kind of project would be a thankless task riddled with bad users, regulatory/legal issues, and isn't likely to build a strong community for various reasons, so I don't think anyone has been highly incentivized to do it.
The only hack on cable style TV I remember is you could buy modified satellite authentication cards for DirectTV for a time - usually on eBay or similar sites - and they worked. No idea how long, I had an uncle that had one though, got all the premium channels etc.
I remember being out for a beer run with a friend during these days. On the way there he pulls into a parking lot and stops in front of a nail salon. He said, "Come on" and I followed him into the nail salon. There were about 10 women in there, not a guy in sight... he goes up to the desk and pushes a button that looks like a doorbell.
One of the ladies doing the nails says, "He no work here no more, check dry cleaner across the street." We get back in the car and I'm like, "What was that all about?". "My DirecTV card got disabled and that's where I get it reprogrammed".
We go across the street to the Dry Cleaners. There are three ladies in the lobby watching TV, and a guy behind the counter. He asks the man, "Is Ken here?" The man says, "I'll check" as he walks into the back. Now, the man was coming from the back when we came in, so I assume he already knows if Ken is there or not, but Ken probably only comes out if he recognizes my friend.
Sure enough, Ken comes right out all smiles and they have a quick chat. My friend hands over his card and Ken says, "we had to get new equipment, it's now $100, ATM next door".
Ken disappears for about 10 minutes and comes back. My friend gives him cash and away we went. About 4 months later, he had to get it reprogrammed again.
I worked for a cable company in the mid-90s. The amount of boxes that disappeared (and couldn't be located) was insane. The folks that procured them also used a "bullet blocker" (basically a resistor) to avoid the box being disabled.
In the satellite realm, DishNetwork was always the easier service to hack. The FTA scene was completely overrun with folks buying 3rd party tuners. Once Dish switched to an encrypted signal, a few vendors (nFusion if I recall) even could rotate keys in a matter of hours to decrypt Dish's new encryption schemes. I doubt any of that works these days simply because there's no reason to push too hard for content that is likely available via easier means.
I read an article about the early DirecTV hacking days and the cat and mouse game the hackers played with the company. DirecT cards were smart cards that ran programs for the decryption path. The hackers kept just duplicating whatever DirecTV sent down to keep them workign, mystery bits and all. Then one day a final update came out and those weird bits turned out to be a specially designed program that bricked all of the hacked cards. I'm sure that was a temporary setback for the hackers but it was a great story.
Didn’t this happen recently with a usb to serial port vendor or something like that? Vendor released a new driver that bricked all of the knockoff ones…
I think it is slightly more complicated than this. Removing these "artificial" locks raises the price of the base model. This can lead to people on a tighter budget from being able to afford it at all.
For this particular instance I don't feel too bad for a number of reasons:
1. Tesla is a luxury product so people on a tight budget will likely find a better value solution elsewhere.
2. The way these locks are implemented greatly restricts user freedom on the whole car so they see somewhat unethical to me.
But in general I believe that making one model and artificially locking it can be ethical. It is just taking advantage of economy of scale (by only making one model) without removing your base price point.
I unlocked a whole extra gallon on my i3's fuel tank (just about doubling its capacity) just by poking it with a computer, there's definitely people around willing to pay for this service.
This is because if the gas range was longer than the EV range it wouldn't qualify for the US federal EV tax rebate so BMW software limited the range. In europe it's not limited.
Good point. There is an exception in that act that allows the warrantor to waive coverage if the damage was caused by the consumer, so I guess Dodge can do it because the software mod in that case is causing the vehicle to perform outside of its design envelope. The warranty only covers manufacturer defects, and forcing the vehicle to do something it's not intended to do is not a defect.
So, I guess these Tesla hacks should be fine so long as they're only enabling things that the vehicle has been designed to do.
Internal employee controls have gotten way more sophisticated, and cared about since it's one of the things you need to do for business focused information security.
> I wonder how many tries you need to get whatever bits you need in the right place.
For the Xbox 360, the "Reset Glitch Hack" (which worked similarly) would just try over and over again until it got it right. A computer is happy to try tens or hundreds of times on your behalf.
However the next Xbox added active countermeasures against glitching attacks which force a reboot if the clocks, temperatures or voltages go outside of reasonable bounds, and that's never been defeated. Glitching attacks can be very powerful, but they have a limited shelf life if the hardware manufacturer cares to prevent them.
Supercharger auth is between the car and the charger and doesn't require an internet connection. I get billed the normal way via my Tesla account since the VIN is registered
There's some functionality loss but it's mostly been mitigated. I have a custom app I wrote since I can't use the stock app.
The one feature I miss is that there's no voice commands since that requires Tesla's servers but at the same time I also haven't been bothered enough to plug in a custom backend
It’s ok, the voice commands are barely understood anyway. At least in the UK they aren’t. Gets it drastically wrong and messes up your navigation destination, because you asked it to open the glovebox “navigating to Columbia”
I have reviewed the threat model carefully before. AMD never claims that their confidential compute offering is immune to attacks involving physical access. I assume what you mean by confidential compute is technology like AMD SEV SNP? Those are very different in that they allow you to run a trusted virtual machine on an untrusted hypervisor. This attack is completely different; it's akin to breaking Secure Boot on a PC.
Definitely sophisticated, but something console hackers have been doing for quite some time now including the boot flow. I'm wondering if a Tesla vehicle/computer is more sophisticated than say a PS5?
Since a few weeks you get a classic consent screen for various categories of tracking. At least in Norway. You can turn everything off but I think some data is still sent to your phone through the Tesla servers. And I assume it’s not end 2 end encrypted.
In short, there's now a hardware watchdog which reboots the system if anything weird happens to the clocks/temps/voltages, and they carefully structured their boot ROM (the only code they can't patch later) to ensure that even if you somehow manage to sneak one glitch past the watchdog, no single branch condition being inverted will lead to a compromised state.
That is really cool. I personally installed the reset glitch hack on several Xbox 360. Immediately thought about that when seeing this article on the Tesla
Make sure all security critical state is initialised to known values at reset, then have very tight tolerances on your power watchdog to initiate reset.
However, that doesn't make for a stable system when powered from batteries.
Semi related question I suppose. Do the Teslas simply use GPS for their location information? If so, couldn't one spoof the GPS using a hackRF or similar?
I have no idea about Tesla specifically but normally you'd also you cell and wifi information (in their case probably also information from other teslas around) and additionally you have accelerometer and the whole "self-driving" computer to estimate where the car is and where it's going. It's also a known attack vector and likely covered because GPS signal is really weak so it's easy for somebody outside the car to try to make a mess.
Yes, but it is unpatchable for any currently existing cars on the road, I believe that's the point they were trying to articulate (though not super well).
And yeah, you are correct, Tesla can close up that exploit in their newer hardware revisions.
On the black-hat-flip-side ; This is exactly what a Black Hat would want to say - preventing from Tesla stating that they "aint got shit" from the hackers...
So hackers can claim they called tesla, and tesla can ignore it and we no wiser
This is the same attack (and same people who developed) faulTPM[1] that was previously discussed[2]. This article is the same people demonstrating that attack against Tesla vehicles. The paper[1] and previous discussion[2] address the underlying problems with AMD's Secure Processor (AMD-SP) that is embedded in their CPU SoCs and previously and more commonly known as Platform Security Processor (AMD-PSP).
Unlike a web browser where W3C AntiFraudCG folk propose that websites would blacklist all impacted AMD-SP hardware and create massive amounts of e-waste[3], Tesla likely can't do much about this attack because Tesla (not users) would be responsible for a very expensive change of vehicle hardware.
If it's not an easy-to-execute attack like faulTPM, there are more complex (but becoming more mainstream and cheaper) IC reverse engineering methods like polishing the die down to take photos of each metal layer and regenerating VHDL, FIB editing an operational IC to bypass tamper detection methods, etc[4].
A security architect of the Xbox One presented a talk[5] a few years ago which provides some good background too. Largely the Xbox One has managed to avoid piracy because they made it economically not worth anyone's time to attack due to competitive pricing models versus high cost of attack. Similar to use of Denuvo for a month or two after release of a PC game, attackers aren't going to bother if their work amounts to nothing a month later.
Hacking a Tesla to enable additional features is worth a lot of money, so the economics are quite different. It's also different economics for printer cartridges, "pay to enable more features or performance" network equipment, etc. The cost of IC reverse engineering / FIB editing attacks (or other future attack methods) will keep reducing. IC tamper detection features will get more complex. Perhaps attackers will even get an advantage once they can readily reverse engineer 3nm ICs and defenders can't do much other than implementing ever more complex and obfuscated IC tamper detection features and VHDL logic (kind of like a Denuvo situation in hardware).
There's a lot of missing the point in these threads about software locks.
Building a car in a uniform way for economy of scale savings, fine.
Having a software unlock for hardware you already have (but didn't pay for in the price). Fine.
Using software to rent-seek on one time costs like heated seats. Not fine. Less fine too if the seat subscription can't carry to secondary market. This can he used to cripple secondary markets: sorry, the BMW account you have isn't linked to this VIN. Heated seats and android auto are disabled.
>Having a software unlock for hardware you already have (but didn't pay for in the price). Fine.
Tolerable, perhaps, but pretty far from fine. It's pretty shocking to me that people in our society build things and then deliberately break them so they can make more money. Is this really the best system we can come up with?
We have built a society where what is plainly crazy is rational.
> Tolerable, perhaps, but pretty far from fine. It's pretty shocking to me that people in our society build things and then deliberately break them so they can make more money. Is this really the best system we can come up with?
It's not as bad as it looks. If you think about it, it's basically a form of wealth redistribution.
Rich people will pay the premium, which subsidizes the cost of the car for others. In other words, poorer customers will get a cheaper car.
It's a pretty good deal for those who are less wealthy and don't really need the extra functionality.
Also, these poorer customers can always upgrade later if want to (because circumstances change and they want the functionality or because they get richer and can afford more luxury). This is not always possible with hardware-based customization, or even if it is, it would be more expensive.
The alternative would be to only install the extra hardware in the cars of the wealthier customers, but presumably this would make the car more expensive for everyone (both the poor and the rich owners), due to the added costs of hardware-based customization. So everyone would lose.
And even if the latter is not true, a similar car manufacturer could just offer you a better deal by selling you a similar, cheaper car without installing the hardware, which means that the manufacturer/brand that does the shenanigans would lose customers. Competition is pretty awesome like that.
>Rich people will pay the premium, which subsidizes the cost of the car for others. In other words, poorer customers will get a cheaper car.
This sorta thing is usually done because retooling an assembly line so the car can have different features can be incredibly costly. It's often the case that all cars are built with the same features and the cost of this hardware is also included the price of the cheaper car with the features disabled. The "rich people" just pay a premium to have 'off' switched to 'on'.
1. This scenario makes the car cheaper for the poorer customers, so they benefit from it. Or at least, it doesn't increase the price, so they get the added benefits of being able to upgrade their car more easily and cheaply than going to back to the shop to install the extra hardware.
2. Or, this situation makes the car more expensive for the poorer customers, but since they are much more price sensitive, it is very likely that they will choose to go to a competitor who actually sells them a similar car without the additional hardware (therefore cheaper), or without subscriptions.
Unless of course, there was a monopoly or cartel, but I don't think we are in that situation.
The fact that these companies are going in this direction, indicates that they are able to profit more in this situation, which indicates that they are providing more value (again, unless their customers didn't have a reasonable choice). It's not proof, but it's evidence that there are advantages.
That said, it's not as simple as I've just put, because sometimes it can be easy to trick people into making a worse choice for themselves in the long term, e.g. due to marketing, or buying things with credit or as subscriptions instead of one-time payments, for example.... which can definitely apply in this case!
>1. This scenario makes the car cheaper for the poorer customers, so they benefit from it.
Pardon my ignorance, but if the cost of the hardware is already baked into the cost of the cheapest options, which means they are paying for all of the hardware they have in their cars, including the hardware they can't use, how do they benefit? Cost, in that situation, is determined simply by the need to assemble efficiently. I can't see how the consumer benefits in that scenario by paying for something they can't use.
Responding to your edit:
>Or at least, it doesn't increase the price, so they get the added benefits of being able to upgrade their car more easily and cheaply than going to back to the shop to install the extra hardware.
Again, pardon my ignorance, but it feels disingenuous to call it "an upgrade" if the car already has the equipment, especially to be charged more to use what you've already paid for.
For 1, pricing in these scenarios assumes a portfolio effect on the total cost of production for all units sold. Premium features are built into every car, which enables customers to enable them at a later date, but the cost isn’t passed on. Instead the premium feature is marked up to cover costs plus profit for all cars sold with that build. As mentioned elsewhere there are mass production efficiencies involved as well, reducing the unit cost for all cars as there aren’t N variants being built but a single mass production line that’s invariant. The residual costs are covered by the minority who buy the premium features for every unit, enabled or not, and it’s priced that way. This translates into overall cheaper cars for people without the feature enabled, and cars with a better resale value because those features can be still enabled in a secondary market sale. It also translates into cheaper cars for the premium car purchaser as well even though they subsidize the feature build in all cars enabled or not.
> Pardon my ignorance, but if the cost of the hardware is already baked into the cost of the cheapest options, which means they are paying for all of the hardware they have in their cars, including the hardware they can't use, how do they benefit?
The idea is that the “cheaper” models are getting the hardware at a discount. Very simply: are getting $30,000 of hardware for $25,000 because features aren’t active. Others are willing to pay $35,000 for the same hardware with the features active.
Obviously this example is over simplification of pricing and value, but that’s the general idea.
If the manufacturer hadn't done this, they would have to produce at least 2 versions of the car: one without any extra hardware, and one with all the extra hardware.
It may turn out that doing separate versions of the car could cost $5,000 more per car over its entire lifetime, including production (extra design, assembly lines, etc) and support, rather than simply making one version of the car.
So if the car company hadn't done this, the car might have cost $30,000 anyway without the extra features, and $35,000 with the extra features, so the poorer customers would lose while the rich customers would pay the same.
This works more or less the same if these costs are comparable or higher than the costs of the extra hardware. And I suspect they are higher, as it seems highly likely that the price for these premium features in cars are a lot higher than the actual costs of the hardware itself.
Sure, the company could still engage in the same wealth redistribution / subsidization / price differentiation in the 2-car scenario (and they likely already do), but everyone could still lose anyway because the total costs of all the cars could still be higher in total.
The customer can be receiving extra hardware and still be paying a cheaper price due to the assembly line efficiencies you mentioned, as well as the support costs of having just one new car model every year instead of 10 slightly different car models every year.
In other words, the additional hardware costs might be lower than the other cost reductions due to the increased efficiency.
Furthermore, even if the customer is paying exactly the same as before for the car (but now they are getting additional hardware which they can't use), it would be cheaper and much easier for these customers to upgrade their car if they so choose.
This would also mean higher profits for the car manufacturers, which allows them to reduce the initial purchase price of the cars to compete more effectively in the market.
And if it turns out that the car is more expensive due to having to buy the additional hardware, since these customers are price-sensitive they can just go to a competitor who would sell them a car without the additional hardware, therefore cheaper.
EDIT:
> Again, pardon my ignorance, but it feels disingenuous to call it "an upgrade" if the car already has the equipment, especially to be charged more to use what you've already paid for.
Perhaps that's because you're only considering the cost of the hardware and not all the other costs of producing and supporting all the different car models for every combination of hardware features each customer would choose?
I mean, yeah, sure, car companies could just sell a car with all the hardware features enabled and charge all customers the same, but then the price of the cars would be higher for those who don't need all those features, as the company wouldn't be able to charge higher prices for premium customers to subsidize the cars for the "poorer" customers.
> if the cost of the hardware is already baked into the cost of the cheapest options, which means they are paying for all of the hardware they have in their cars ...
The way to think about it is that the people paying for these extra features / buying the premium model with software-unlocked features are paying to add these features (locked) to every car sold. Because this is cheaper than making a different physical model.
For example imagine that 1/5 people want heated seats. Assume that adding these seats costs $100 to the manufacturing costs of a single car. There are two options here:
1. Create a new model. This makes the base model cost more (because you are making 1/5 less units so the overhead of design, validation and setting up the production line is spread across less cars) and makes the premium model cost much more (because you are only making 1/5 of the units). So maybe now you add $10 to the cost of the base model and $1000 to the cost of the premium model.
2. Add the seats to all models. This raises the cost of the car by $100.
Let's imagine that the base model price shouldn't be affected by the addition of the premium model. So we want all of this extra cost to be passed to the premium model. In scenario 1 this is effectively $1040 extra per car ($1k for premium + $10x4 base models). In scenario 2 this is effectively $500 per car ($100 x 5).
So option 1 doesn't make sense. It costs more for no real benefit.
> I can't see how the consumer benefits in that scenario by paying for something they can't use.
This is the thing. In theory the base model doesn't need to pay extra. Yes, their car was more expensive to make, but this cost was paid for by those who bought the premium model.
I don't know if I would argue that the consumer of the base model "benefits". Their model could be subsidized, or it could cost more, money is fungible in that way. But there is no reason why having this hardware installed but locked should increase the price that they pay. Without further evidence one would hope that the price of the car is unaffected by the premium model. Or maybe even cheaper because of benefits of the economy of scale (especially if the ratio of people buying the expensive model is higher).
> It's pretty shocking to me that people in our society build things and then deliberately break them so they can make more money. Is this really the best system we can come up with?
All part of cost tradeoffs. Previously, they'd build the car with the ability to support all those add-ons even if the customer isn't getting them. Turns out it's cheaper not to do that.
That reminds me of this video: https://youtu.be/cLGcGnGJvL0 where they say how one of the reasons laptops are getting harder to upgrade is probably so they can make you buy an expensive configuration and still advertise a low starting price
Laptops have real physical limitations involved, similar to smartphones don't have RAM slots, so I don't buy the video. But silly as it is, at least you can "download" heated seats later if you change your mind.
Perhaps it is reasonable to solder parts to the motherboard. It's less reasonable to charge a massive markup on storage and memory. The margins on those upgrades are well over 100%.
Yeah, even if the soldering isn't intentional for non-upgreadability, they certainly took advantage of it in the pricing. And with the heated seats, the margin is infinite.
If you did this then everyone would have to pay the premium price. This may price out some people. At the end of the day someone has to pay for this extra hardware. When there is one physical model that price is being paid for those that pay extra to unlock these features. If all features where unlocked for everyone then the cost would have to be spread across everyone rather than just those who actually value the feature enough to pay for it.
The core idea is that if some amount of people want heated seats the most cost effective way to do that may be to add the seats to every car, then those who want it pay that cost. (So if 1/5 cars want the heated seats each car have effective cost of 5x the per car cost because for each person paying they also have to cover the cost to install the hardware into 4 cars that wont pay for it) However that cost is still likely much cheaper than setting up a completely new physical model (especially if you consider feature combinations). But if you enable this feature for everyone then no one is paying the "premium" price so the cost needs to be spread out across all sales.
Kinda what the chip Intel (and others chip makers?) have been doing for years. Make the best next gen chip, then strip out parts to slow it down and sell cheaper ones. Not 1:1 the same, but pretty similar.
The solution to these problems? Don't be a customer of said abusive company.
If they don't present value for money at a given price point (including these sorts of shenanigans), don't buy it. So long as you know about these issues up front I don't think it's that problematic (even if it feels a bit wasteful in a holistic sense)
I think the third is fine depending on how it is implemented. For example if the heated seats have a simple controller that requires a passphrase to enable and when I purchase the feature I get that passphrase then it seems reasonable.
If the feature is implemented by locking down the whole infotainment system or I need a new passphrase every month and its going to break when Tesla servers are down then I am less fine with that.
I think if you can accurately lock off a feature without affecting the rest of the user's freedom than that is pretty fair. (Sort of like CPU manufactures burning fuses to disable cores or features) But if the lock depends on locking down the entire system and restricting how I use the bits that I did pay for then I start to have a problem with it.
Second is "I pay $50 once to unlock heated seats in my car forever. This car now has heated seats and anyone that I sell it to also gets heated seats"
Third is "I pay $5/month for heated seats for the entire time I own the car. Anyone that I sell the car to would also have to pay $5/month for heated seats."
Edit: The other version of the third option (your BMW account is not tied to this vin) is something like "I pay $50 once for heated seats in my car. If I sell it to someone, they also have to pay $50 to unlock the heated seats"
> Software-locked features that need to be activated by the owner paying or subscribing to a service are becoming increasingly popular in the auto industry.
Sorry, WHAT? People should absolutely boycott companies that try to squeeze bucks in this miserable way.
You better be ok with building your own car then, because every major player is adding subscriptions for various features. Remote start and remote lock/unlock are the most common, along with satellite radio.
I could give companies a pass for features that require continuous maintenance from them, like remote unlock (properly secured servers). But there was a car company that tried to sell you your own seat warmers, which definitely crosses my barrier.
The seats get warm by running Javascript single page apps which need to be served from the servers, and frequently updated by the company's front end developers to use newer frameworks that make them get even hotter
big tech is trying to erase this concept from the consumer mind. Assuming someone tried to do everything legally (not pirating) when was the last time anyone "owned" anything. Music, Movies, TV shows, Software, you don't own any of it you are simply paying for server space.
It’s a point repeated practically infinite times daily on this website and any other tech community. It’s not a revelation deserving of accolades. It’s the nerd equivalent of “lower taxes!” at a political rally. This entire back and forth where all participants are clearly on the same side and are clearly regurgitating all the talking points of their shared ideology isn’t a conversation, it’s people patting eachother on the back.
Amazingly, this corporate desire goes back more than a hundred years. Edison cylinders had a "shrink-wrap" license trying to control what people did with the recordings they bought: https://www.flickr.com/photos/59414209@N00/5072909557/
I would say that it seems like it's time for some new legislation that supports consumer freedom. But given the state of American politics, I can only hope that Europe will do some pioneering work on this.
Option A: A vehicle that lacks the hardware for heated seats, heated steering wheel, and driver assist that costs $25,000 to produce and that you pay $25,000 for. If you want these items next year, you have to buy a new vehicle.
Option B: A vehicle that includes the hardware for heated seats, heated steering wheel, and driver assist that costs $27,000 to produce. You can pay $25,000 now and those features aren’t enabled. But next year you can enable them for a nominal fee. Or you can pay $30,000 now and there are enabled for life. Or $27,000 now and a $500/year subscription fee that you can later cancel.
If not having two separate designs and production lines means less cost to make that a reality, that seems like a reasonable trade off to me.
Features that need servers — which all remote ones do — have a running cost, so it's fine for them to be a subscription. However, paying to use the hardware you already have installed on your car, like heated seats or smart headlights, is absolutely not fine.
Or having an older car. Personally this concept doesn't bother me; I'd just not pay for the features. Many old cars have features locked behind buying the physical button to activate them. Hackers find their ways around that, and now it's becoming harder to hack. Fine, whatever. But I just don't trust the crappy software they increasingly put into new cars, so I'm riding out my old one for now.
People overreact to this. If this didn't exist, they would just manufacture cars the old way where multiple version of the same car are produced at high and low prices. I have seen no evidence provided this actually increases the total price of a high feature car. This might actually lower the average price paid because of the economies of scale achieved by making fewer different versions of the same car. Resale value can increase as well, since the person buying your car can get the features they want, even if you didn't originally purchase those features.
It strikes me as a far more fundamental shift: up until now I buy something and I own it. In the future I will effectively be renting part of my car. Instead of a one time payment I’m now I’m now required to make monthly payments until the day I stop using my car. That’s a massive difference.
Unless it’s something that requires the car manufacturer to also spend money on an ongoing basis (e.g. a cell data connection or something) it strikes me as absolutely immoral that these companies are going to band together and force this arrangement upon us.
I'm not overreacting to this. I'm absolutely tired to learn that subscriptions are being pushed everywhere. Having to pay for something that is already in a vehicle is insulting to me. Car manufacturers should sell cars, not subscriptions of ANY kind. What's going to be tomorrow? Will I have to subscribe to a service to actually let my speakers emit sound despite that I have payed for them? Ridiculous today, a business tomorrow.
Any country with even half decent consumer protection would stop your imagined slippery slope scenario. You bought the speakers, as speakers? Then they need to operate like speakers, unless it was clear ahead of time that more is needed.
Software locking like this is bad for environmental / waste reasons. All of this complaining about there being a disconnect between what you willingly paid for and what the physical hardware components in the product you receive can technically do, is just a nerd’s argument. I agree with it. Subscriptions suck when there’s no ongoing cost to the seller. But I’m not going to pretend that this is some moral crusade, or be as emotionally invested as you quite obviously are.
You have pretty strong opinions for somebody who has admittedly seen no evidence either way.
Personally, I think it's a terrible idea in that it further changes the relationship between buyers and sellers toward a relationship of long-term exploitation. It takes the notion of enshittification [1] and extends it into the realm of physical goods.
In an ideal world we could just give everyone those features if they didn’t cost any extra to add instead of creating an artificial pricing structure to get more money out of people. Maybe it can’t work that way but making people’s lives worse just to punish them for paying less in order to incentivise them to pay more, rather than as compensation to the company for doing more work, seems wrong
But they do cost extra to add. Heating coils and controllers aren't free. Doing it this way has real benefits.
1. Lower total cost of manufacturing (which should be passed on to consumers as lower purchase price).
2. The cost of this hardware is only paid for those who value it.
3. You can add these features later (maybe your budget is tight when you bought the car but want to add it later).
I am definitely not a fan of the subscription model for hardware features, but I think that locking features to the customers paying for it is a logical way to make these features available for less cost. If the unlock is one-time and reliable (doesn't rely on some external service to validate your subscription) then I don't have a fundamental problem with it.
I don't think providing a cheaper model is "punish[ing] them for paying less". It is making the car accessible to a wider audience. If the cheapest model included heated seats, self driving and more then they base price would be higher and the car would be less accessible.
Doesn't the same sort of apply to eg. Microsoft should give you access to all of their existing software titles when you buy an xbox? It's not like you paying for Flight Sim now compensates them for doing more work.
I'm torn. On one hand, I absolutely think that a capability available in the vehicle/device when you purchased it should be available for you to use, and not behind a software lock (heated seats, etc). On the other hand, an "upgrade" or 100% new software delivered via OTA (self driving, etc) seems a little more like it should be a separate thing.
Features cost money, so I should pay for them. Wether that's via an option package (traditional) at order time OR via a software update (Tesla) after purchase doesn't matter.
BUT! As long as that feature doesn't have recurring costs to the manufacturer (heated seats), it should be a one-time fee, and transfer with ownership.
Something like self-driving, where there might be an active internet connection and server costs - I'm ok with a recurring subscription.
Examples... BMW tried to charge a subscription to use Apple CarPlay. This should be a one-time fee (baked into model price, or a one-time software switch). Same for Toyota (I think) who tried to make remote-unlock a subscription (this was basic key fob unlock - no internet hosting/app maintenance involved). Also crappy move from them.
Hacking otherwise reasonable software-locked features feels like theft to me. If you want the feature, pay for it. At minimum, I'd expect Tesla (or whoever) to void warranties on cars with these hacks applied (within the bounds of Magnuson-Moss Act in the US).
> Hacking otherwise reasonable software-locked features feels like theft to me.
I disagree, pretty strongly. There is a line. They sold you something in its entirety, including the seats with wires.
I would agree with you if you had to download the control software from their servers.
I would agree with you if you if the upgrade provided you physical wires to install, even if you had to install them.
Related I think it would be fine to purchase the control software and/or heating wires from a third party that was not tesla and install it in your tesla car.
I think the burden is on the software developer to figure out what they need to do legally. It might be inconvenient for them to require a separate download, and they'd have to make peace with it if they deliver the functionality in its entirety to you during the first sale.
If you're purchasing the "not pro" version for a much cheaper cost, and it is a functional program (basic things like Save not locked behind the paywall), having different tiers of paid features is fine. You were able to pick to have the lower tier features, even if you end up downloading the same exact files.
When it comes to hardware, if they've already installed the feature, they've already factored the cost of it into the purchase price. Your out the door cost includes that heated seat hardware, even if it's not a line item. And you don't have the option to have it removed for a discount (or get a lower car package). You only have the option to pay to use the thing that's already in your car or not to pay to use it.
The counter-argument is that you are "unfairly" shifting the cost to others assuming that if a workaround wasn't available you would have paid the premium price. Let's say that it is expected that 1/3 of people will purchase heated seats. If you unlock your seats without paying then you are harming Tesla because the heated seats package was priced assuming that 1/3 buy it (so it was priced at 3x the per-car hardware cost plus some markup). Now less than 1/3 people buy it (as they are hacking it to be available) so it was underpriced and they lose money. Next year Tesla adjust their expectations to 1/4 people buy it and accordingly raise the price of the package (Now 4x per-car hardware cost + markup because it still has to cover the cost of installing the hardware in all cars). Now you are harming the people who are buying the package because they are paying for the cost of the hardware that you are using without paying.
> They sold you something in its entirety, including the seats with wires.
This is the part I have to agree with. There should be nothing to legally prevent me from doing whatever I want with my hardware. It may be unethical to use this hardware without paying for it, but I shouldn't be legally prevented from doing it. They did sell me this hardware even if the cost was paid for by those buying the heated seat package and I should be able to do whatever I want with it.
I think this works quite well with things like CPUs where they blow hardware fuses to disable features and it is infeasible to restore this functionality at any practical scale. However for things like seat warmers where the controller is likely easy to bypass (and in this case the lock is actually implemented very far away in the infotainment system) it will likely turn into a arms race between tamper-resistant hardware and those who what to unlock the feature without paying for it.
Maybe it's not quite theft, but like I said, at minimum, I'd expect Tesla to refuse warranty repairs (hack the software to open Plaid mode, lose your drivetrain coverage, etc).
Trying to think about it in terms of "normal" cars - unlocking Plaid is similar to reprogramming the ECU on an ICE to deliver more power.
I don't have any trouble with plaid - it is hardware/software with 3 motors and other hardware, plus control software.
There is also law in place to refute what you said. Manufacturers can not deny warranty coverage if you jailbreak your phone or hot rod your car, and this is similar. (I believe they have the burden of proof if it seems you did the damage)
Yes, I mentioned that law above. It doesn’t protect consumer who modify their cars beyond original spec…
If the manufacturer can show the change contributed to the failure, they can deny coverage. Vastly increasing the power output of the drivetrain would likely cause a voided warranty on the drivetrain.
Unlocking heated seats wouldn’t void the warranty on the drivetrain, but could void it on the seats and related electronics.
If the feature is built in to the car from the factory and disabled via software so they can charge more then you are already paying for the parts and lugging around the added weight in the vehicle thus costing you more in fuel. Software locking a hardware feature that is integrated is an awful practice.
Telsa chose to do this presumably to only have to buy a single seat configuration and streamline installs so they could hit production quotas.
For many features it makes sense. Heated seats for example have trivial hardware costs. It's basically a couple resistive wires, plus the necessary controls. The process costs of manufacturing some cars with and some without heated seats likely far exceed the cost of the heated seats themselves, so it's cheaper to just put them in every car. But heated seats are a great upselling opportunity, people are willing to pay $200-400 for them, more if you bundle them in a package with other stuff the customer doesn't actually need but that creates a vague sense of value.
The compromise that minimizes production costs and still allows that upsell is to put them in every car and disable them via software.
They could do that but would have to raise the base price. These addon features allows a cheaper entry point and price discrimination for those who are willing to pay more.
Whether it ends up being wasteful is complicated, there are would be operating effeciencies in putting the same hardware into every car.
>> They could do that but would have to raise the base price.
Why? The component is already in every vehicle. This is not like binning for chips: every vehicle must (and does) have the capability because it’s unknown whether a consumer will pay for the upgrade. If anything, the price should go down because software costs have decreased by removing the software locks.
You're assuming that the cost of the component is being recovered through the base price of every vehicle, but that's not likely because the base price has to compete on price against other vehicles without the feature.
Instead if, for example, the component adds $30 to the BOM and they know from market research that 10% of buyers will pay $500 for the software unlock within 3 months of purchase, they don't have to include the cost in the base price and still make very good margin on it.
The value of the option could be enough to allow below-cost pricing on the base model. Completely made up napkin math…
Base price: $10,000.
Cost to produce (including profit): $11,000.
Cost of option: $2000.
51% of buyers opt for the option at purchase.
Some % of resales result in additional sales of the option.
Heated seats were a "standard feature" and every single car had them? I guess maybe, if you drove porsches and higher trim Mercedes cars 20 years ago (or any comparable luxury vehicles).
Otherwise, I can totally assure you they were not "standard features", and they didn't even exist for most car models, regardless of the trim.
Or maybe your definition of "older" vehicles means those that were produced in the past 5-10 years, but that's a fairly controversial definition of "older".
Not heated seats specifically, but any "option" that was cheaper to include than not. That's the definition of a standard feature, where it's just built into every car.
Power windows were originally an expensive option, but they got cheaper, and the fraction of cars ordered with manual crank windows dwindled, to that point that power windows are simply standard on most cars now.
If somebody said, okay every car has power windows but yours don't work unless you pay a monthly fee, I'd break out the wire cutters right in the dealer lot and fix the problem myself. Screw that. It's a standard feature and someone broke it, I'm fixing it.
I'd be hard pressed to imagine a greater waste of resources than to include all possible hardware in all possible sold goods, with only some of the features enabled. That maximizes waste with only a portion of buyers able to use those things.
Right. Instead of manufacturing a 50, 80, and 100 kWh battery pack, and having to go through the whole process of getting certifications and everything for each size, they just make 100 kWh packs all day long, and then software limit them to 50. Which means, in the case of an emergency, the company can bestow extra range on lower-end vehicles, which they did for Hurricane Irma.
Ongoing costs aside, it’s important to also recognize that there may have been massive up-front costs to develop something like self-driving before it generates revenue, which the manufacturer should have the right to recoup/monetize. If they choose to do that through a subscription, that feels like it’s within their right.
Customers are not responsible for the company's business model.
I'm fine paying for software. And I'm fine with a subscription model if I actually get new things periodically during my subscription.
Put another way, if you sell me a static, unchanging piece of software (like a software update to enable heated seats), then that should be a one-time charge. If you sell me a self-driving package that gets regular updates over time, then I'm fine with a subscription.
(Self-driving software is a bit of a grey area, though. I should probably have to pay for new features, like "now it can drive on some more roads where it would previously disengage and require a human to handle it". But I should not have to pay for an update that fixes safety issues with existing functionality.)
That strikes me as a pretty dissonant argument on HN. If we play that out, no software creator would have a defensible way to monetize what they invested time, energy and money to create. Enforceable laws protecting IP are the difference between entire sectors of the economy existing vs. not being worth the effort.
I strong disagree. I'm not talking about making unauthorized copies of the car. I'm just going with the principle that's as old as the whole concept of property: once I buy something, it's mine.
If I own a shoe, I can paint it to look different or change its shoelaces. If I own a book, I can tear out the pages and rearrange them. If I own a TV, I can hook anything I want up to it. And if I own a car, I can modify it as I see fit. Those things are mine. If I no longer want them, I can sell them (barring a specific contract with the manufacturer, see https://en.wikipedia.org/wiki/First-sale_doctrine). And if a company wants me to pay them money while still retaining some kind of legal right to restrict how I use it, they can negotiate a discounted price for me to pay them.
When I walk onto a car lot, I'm not saying "whoa, check out this IP!" The salesperson doesn't hype me up by saying "you could own significant portions of this beauty today!" We don't sign a "purchase (most of it) contract". I don't pay "sales-but-all-rights-reserved" tax on it. The DMV lists me as the owner, not the IP licensee.
If I had to choose whether to support laws protecting IP versus laws protecting ownership, I'll pick ownership 100% of the time.
But the carmarker is surely within their rights to refuse to continue servicing your car, or declare that any attempt at modifying the electronics/software potentially makes it unroadworthy.
Having said that, I don't entirely understand why Tesla don't keep the software unloaded from the vehicles until the user chooses to purchase the add-on features: compared to everything else the software does, that's not exactly a particularly difficult engineering challenge.
That would likely be highly illegal of them, per the Magnuson-Moss Warranty Act. Unless they could prove that the process of you enabling the confiscated features caused something else to break, they're still on the hook for it.
I don't think that's true at all, or what the person you're replying to is getting at.
If you sell me a bunch of hardware, that hardware is now mine, and I should be able to do whatever I want with it. If you sell that hardware with a bunch of software on it, I should again be able to do anything I want with that software.
That doesn't entitle me to updates of that software, or ongoing use of the company's cloud infrastructure. It's fine to require payment for that.
IP laws just aren't particularly relevant to the discussion at hand. I don't think anyone is suggesting we should be able to legally "pirate" the software running on our devices.
Only if your modifications directly cause the damage that would have been covered under warranty. That’s actually been covered multiple times in US law and is fully your rights as a consumer, to maintain the warranty.
I run a news website. I charge $2 to view the news website. You paid to view to my news website, thanks!!
Let’s say you really prefer dark mode, but my news website is bright white. You install something like DarkReader, to make it inverted colors, so problem solved!
But now I realize that this is a market that I could charge for. So I start charging $5 for “news site with dark mode”.
Should it be illegal for you to use dark reader to view my news website with your light-mode-only license?
Technically I’ve shipped you the text and style for my website, which you are completely allowed to access and have paid for.. Then you’ve modified it for your own use after receiving the product. Is that wrong?
> BUT! As long as that feature doesn't have recurring costs to the manufacturer (heated seats), it should be a one-time fee, and transfer with ownership.
What if it's a sort of payment plan?
E.g. if we assume heated seats costs $1000 and the consumer wants to pay for this monthly over ten years then it'll be 1000/12/10=$8.33 plus interest per month.
Of course, this should mean that once repaid, it's the property of the owner and therefore transferred at resale.
Even if it is a bool there is probably an extra factor: Liability in case there is an fire or other incident. Tesla probably on its side reduces it's cost as well, by only insuring (be it by having cash reserves or actual insurance) it's liability only for the cases where it is enabled.
It's of course hard to prove as cause, but if there is a liability case it might become "interesting"
Edit: Also relevant: even without incident, the disabled heated chairs may be broken. By not being enabled Tesla doesn't have to repair them under warranty as the aren't a feature. Thus they maybe can reduce quality in the production
Isn't it rediculous to assume a seat-heating feature could cause a fire? I would assume there are even hardware limitations in place to prevent heating that would otherwise cause damage.
I imagine the situation at court "you implemented combustive seat-heating for this model?¿"
If the hardware for the feature is present and hooked up, and the software (if any) that's needed to run it is installed, then it is indeed "just a bool somewhere".
If the hardware requires non-trivial software to enable the feature, and that software is not provided with the device, then it's fair to require additional payment to buy that software. But also no one should be able to prevent a third party from reverse engineering the hardware and writing their own software for it.
I think "who gets to decide?" is a somewhat silly question. It's the same answer we'd accept for just about any situation: someone reasonably well-versed in the technology.
IBM and I'm sure others have shipped enterprise hardware for years that was partially locked. You might get a machine with 16 cpus but you only paid for 8, for example, but you could license the rest as you grew. It seems a little similar and it was in no way underhanded, everyone knew what the deal was.
However I'll echo what another poster said. I say Tesla should be free to sell whatever they want, but if the end user finds a way around it too bad.
I don’t mind hardware shipping locked and being an optional fee to unlock. I have paid for the rear heated seats in my model 3.
What I’m vehemently opposed to is ongoing fees for things that don’t have ongoing costs. BMW wants to charge monthly for seat heaters or carplay, but those things are not a service and don’t have ongoing costs for BMW to provide. If anything creating an ongoing software lock creates an availability risk. If BMW’s authorization service is unavailable do you lose heated seats?
Several manufacturers are offering either monthly or one time costs for certain features. I’m less clear how I feel about that. Maybe quite valuable for someone who lives somewhere warm and only needs seat heat one month a year. It would take many years of paying for a single month to justify paying for the fully unlocked feature. I think I can live with optional monthly fees for things as long as you can always pay once and just have something that stays for her life of the car.
> What I’m vehemently opposed to is ongoing fees for things that don’t have ongoing costs.
IMO, the real issue is the price. There is pretty broad and well established equivalency between OPex and CAPex. The problem is that car companies are trying to charge OPex as if there was a 1 year depreciation schedule, when cars typically last for decades.
I think that if BMW charged 1/240th[1] the cost to buy the option in order to rent it per month, very few people would complain. Especially if that price were locked in for the life of the car.
...and if I could continue paying this price and it would continue to work without third-party servers or network connectivity.
One of the worst problems with this subscription-based everything is that it creates an ongoing reliance on the company instead of allowing things to be pure local.
For example Netflix downloads are a huge pain because of refreshing and re-verifying. In theory these wouldn't exist if they didn't need to worry about your license expiring. You would never run into a scenario where you couldn't play the video that was stored locally because they can't prove that you are still subscribed (even though I'm only half way through my month so it is literally impossible for my subscription to have ended yet).
So yes, if I could guarantee that I could pay a fairly reasonable price for as long as I wanted to and it would work flawlessly for that entire time it wouldn't be too bad. But in practice I can't rely on that and have to dread the day I am offline and can't get heated seats or they take the licensing server down since it wasn't worth maintaining for the 8 people who are still subscribed to this service.
My Honda has heated seats. I bought the car in Hawaii and brought it to Socal with me. I didn't care about heated seats when I got the car at all. It just came with my trim. It was nice having it when I went skiing but I would never remember to turn on a premium service for one ski trip and then turn it back off. For a premium car I'd resent it on my ride up the mountain. It would ruin the experience for me entirely just because of how much I'd overthink the cost value benefit in my head. It would seriously make me unreasonably upset. Hard pass on any car that charges monthly for it.
I don't understand the mental gymnastic here. They built car with heated seats. You paid for car with heated seats that are technically fully functional but you can't use them until you pay even more. No, doesn't make sense to me.
> I don't understand the mental gymnastic here. They built car with heated seats. You paid for car with heated seats that are technically fully functional but you can't use them until you pay even more. No, doesn't make sense to me.
That's because you don't understand.
The customer didn't pay for a car with heated seats. The manufacturer included them anyway, but disabled them in software.
Presumably, a consumer could go to the dealership and pay for heated seats as an aftermarket add-on. Or they could pay to enable heated seats (software unlock) on a month-to-month basis.
> The customer didn't pay for a car with heated seats.
Well, when you buy a car your payment gives you ownership of the entire car.
There may not be a written contract or specification explicitly saying that the valves in the tyres are included in the deal, but they're your property nonetheless (in the absence of obvious errors like the dealer letting you drive the wrong car off the lot)
The customer paid for a car with heated seats present but inoperable. If the customer wants to modify their property, that's their business.
This all boils down to the contract, really. If the contract states that you do not own the heated seats, you have to pay for them. You can't skip reading the contract and say that you own the entire car now.
Not saying that BMW is in the right. Hell yeah they are extracting every penny they can, but you can simply protest by not buying from them. People support their decisions by buying their products and complain afterwards. There are many alternatives.
> Well, when you buy a car your payment gives you ownership of the entire car.
Sure.
> If the customer wants to modify their property, that's their business.
If you were talking about a vacuum cleaner or something, I'd agree. But modern cars are "fly by wire". It is not, in fact, only the customer's business if they modify their car's software.
I think the problem here is that courts have allowed software vendors to use a legal trick to get around how owning things normally works. Software gets copied into memory to run, and courts have accepted the theory that making such a copy requires a license even though it's not a copy in the traditional sense (it can't be given to a third party so that they can also use it).
A book is copyrighted too, but when I buy one, I can legally write in it, paste in pages of my own, cut out pages, etc.... I can even sell it after I've done that.
I'm 95% certain the law should be changed to restore the first sale concept to software, and even more certain when it comes to embedded software that's necessary to use hardware owned by end-users.
> The customer didn't pay for a car with heated seats. The manufacturer included them anyway, but disabled them in software.
Sure they did. Maybe they didn't pay the full price for those heated seats, but they definitely paid more for the car with them (but disabled) than for a car without them entirely.
The carmaker is hoping that people will pay for the unlock in order to recoup their costs. But they're certainly not going to ship those heated seats in every car without inflating the cost of the base vehicle by some amount.
Put another way, it might look like this:
1. Car without heated seats at all: $10,000
2. Car with heated seats, but locked: $10,100
3. Car with heated seats, unlocked: $10,500
If the carmaker offered options 1 & 3, then customers would pay for what they want and get, and nothing more. If carmakers only offer option 2, then even customers who don't ever want heated seats will still pay some premium.
The carmaker might estimate that only 50% of their customers will pay an unlock fee for a car sold to them. They want to still cover their costs and make a tidy profit, so they might charge more than the $400 difference to unlock the feature. And that's if they're doing it in the non-shady way, and are charging a one-time fee. If they decide to charge a subscription, they might do something like charge $100/year for it, and then eventually they're just making pure profit for no added value.
Also consider that the carmaker's own costs could be, on average, greater per car if they have to offer two different options 1 & 3. Offering only option 2 (regardless of whether or not people are able to defeat the software lock) might be cheaper for them. I don't see why we need to subsidize their business decisions.
But all of this is still kinda irrelevant: bottom line is that if you sell piece of hardware to a customer, that hardware now belongs to the customer, and you don't get to tell the customer what they can and can't do with it.
Money is fungible so it is really hard to say but it is entirely possible that the base model doesn't pay anything for the seats. They could sell the car with $10,000 and expect that 1/2 of the customers pay $500 for the upgrade. Those customers are essentially paying to install the seat hardware in all cars (because it is cheaper than them paying for a new production line that makes 1/2 the number of cars). So in 2 the purchaser of that car still pays $10k and their "other half" who statistically bought the heated seats paid for the $100 cost in their car.
You can also picture this as a marketing cost. Maybe Tesla things that a $100/car marketing cost is worth paying because they expect that 1/2 of the cars will pay $500 so they have $150 expected return.
it reminds me of those hardware hacks to unlock processors [0]
the upside is that by not having much difference between SKUs, and "locking" one SKU from becoming the other, the costs are lower, and manufacturers might turn those savings into lower prices
in both cases, as in cell phones, I believe like you still own the hardware, including everything in it, including software [1], so if you want to "unlock it", that's your right, as is smashing it, reflashing it, and having sex with it. If that makes for an unsustainable business model, nobody is entitled to their preferred business model being sustainable. Analogous examples here might be unofficial Keurig pods, or printer ink cartridges, which bypass manufacturer DRM intending to lock customers into an otherwise arguably unsustainable business model.
sometimes, though, you have to fight for your rights, e.g. build/buy/download and use unofficial tools
[1]: this inclusion stems from my belief that, where possible, you have an absolute right to view every bit of data that happens across hardware you own, whether gadgetry or eyeballs, in any format you desire, as well as the right to remember what you've viewed, as well as the right to modify or prevent modification of any arbitrary bit on said hardware
I've always been curious if the ongoing fees for BMW end up covering repairs if the hardware covering the function breaks. It would seem absolutely insane if not, yet I am pretty sure the answer is not.
I usually lean towards consumer rights on this type of thing, and the idea of paying a subscription for something like heated seats is annoying to me.
That said I am trying to play devil's advocate here. Other people have mentioned the analogy of locking out some CPUs on a die for a cheaper version of hardware, and I think that kind of applies here, at least for a one time payment.
If I'm willing to accept that, is it so unreasonable that they could rent this feature to me, even if it's only a software switch? After all, the idea of renting physical property isn't very controversial.
Again, I don't like the idea and would never want to rent the heated seats software switch, but I'm having a hard time justifying why it shouldn't be allowed.
I feel different about extra cores on a CPU than I do about heated seats.
The manufacturing price delta between an 8 core CPU and a 16 core, nowadays is functionally meaningless.
The manufacturing cost between a car with heated seats and without headset seats is functioningaflly meaningful.
The way I see it, for things like heated seats or CarPlay, I'm already paying for the base hardware cost (plus some margin) as part of the base price of the car, charging me for the upgrade is charging me a markup on what I already paid for. Making it a service is insult to injury.
> The manufacturing cost between a car with heated seats and without headset seats is functioningaflly meaningful.
Citation needed. The way assembly lines and product mix work, it could be meaningfully less expensive to have all the hardware be identical with software unlocks.
> The manufacturing cost between a car with heated seats and without headset seats is functioningaflly meaningful
I don't believe that is the case. BMW determined it was more expensive to have the supply chain, inventory, and manufacturing management to build both heated and non-heated versions of their seats. Rather than just make heated seats a standard feature they saw an opportunity to maintain and even expand their highest margin revenue stream: options.
Also keep in mind that heated seats may not be the only option available. If you add in a few other options like backup camera, self driving/driver assist and maybe a few more you end up making a dozen or so different production lines and complex logistics. If you have a dozen features you are basically making custom cars at this point. It can definitely be cheaper to make a single model of car and lock features instead of dealing with all of that complexity. Sure, for one commonly purchased feature like heated seats it make make sense to have 2 production lines (at least for the seats) once you start adding dimensions to that matrix it gets expensive very quickly.
I believe that the worst thing is the use of natural resources to produce those things without any function whatsoever. Assuming the majority of customers don't pay extra, it just makes it worse.
>The manufacturing cost between a car with heated seats and without headset seats is functioningaflly meaningful.
You could probably buy something that would heat your seat at home for under $4 on Temu. And that includes multiple middle companies and shipping across the ocean. It probably costs them pennies, where the upside is, this owner doesn't want heated seats, but a car can easily have 2-3 owners in its first 10 years. maybe the 2nd and 3rd owners will want the heated seats, worth the money it would take to install it
I would also add that those sorts of subscriptions shouldn't have a lock-in period, at least not more than a month.
And auto-renew should require explicit opt-in. For most subscriptions I have, automatic renewal is desirable, but invariably I forget to cancel trials or one month subs of things I just wanted to test.
I'm of the opinion that these two things aren't comparable. True, IBM and others have locked extra capability through software... but they were only ever selling/renting to the corporate world, which presumably had enough in-house legal expertise to not be completely dicked over.
To take that business practice, and then try to foist it on consumers who don't have $500/hour lawyers on retainer looking out for them is more than just morally questionable, it crosses a line into some sort of fraud/extortion-adjacent realm.
If Tesla was really upset about this, it's a problem completely within their capacity to solve. Only send bugfixes OTA, require a service visit for new features. I'm betting that their software's such a trainwreck they wouldn't be able to compartmentalize it properly like that to save their own lives.
We’re not talking about enterprise software here. I think people can understand the concept of paying for a seat heater and the like without a team of lawyers.
What are you talking about... Tesla is one of only a handful of OEMs that can even issue OTA updates.
Their cars from 2013 can still get modern features OTA. Please explain how you classify that as a train wreck compared to software cobbled together from 100 vendors (none of whom specialize in software)
> Please explain how you classify that as a train wreck compared to software cobbled together from 100 vendors
Tesla gets plenty of software from other vendors. And doesn't always test it particularly well - there was a story here of a firmware vendor who had a test harness that took ~36h to verify. They shipped a bug fix to Tesla, told them it was available...
... four hours later, "Great, this is awesome, looks like we fixed the issue."
???
"We just flashed one of the cars here and took it for a drive."
Would you mind providing a citation stating that someone has gone to jail in any country as a result of bypassing DRM for personal use on things they purchased? I am skeptical that this has ever occurred.
Even in the US, which has quite draconian anti-circumvention law under the DMCA, the criminal penalties associated with this behavior only apply to those that violate the statute “willfully and for purposes of commercial advantage or private financial gain”. A person who bought a DVD or blu ray and decrypted it for their own use would not be criminally liable.
I’m not defending the law, which I disagree with, merely pointing out that “looking at jail time” for non commercial bypassing of purchased BluRay DRM is a stretch.
I think the concept of "licensing" should not apply to something you own. If they want to rent you a CPU, fine, but then they should also bear the costs for when it breaks.
> However I'll echo what another poster said. I say Tesla should be free to sell whatever they want, but if the end user finds a way around it too bad.
I think thats the stance I'm leaning towards as well. To quote another commenter[1]:
> If a manufacturer wants to lock features behind a paywall, that is fine. However, they shouldn't be allowed to complain when consumers modify the thing they bought to get around that paywall. If Tesla really wants to make sure absolutely no one gets FSD or heated seats without paying, then they should make a point of only including the relevant hardware or software in the vehicle at the time of purchase.
These were likely sold down due to demand imbalance or more likely due to QA failures in the disabled cores. It's a lot cheaper to get some value from a defective chip than no money. So... by all means try to unlock more cores but don't start whining when your computer acts like Windows ME on a good day (only crashing a few dozen times a day! So stable!)
I think the problem becomes when you figure out a way to unlock those extra CPUs without paying IBM, and then IBM sues you or terminates your contract with them entirely.
People should not be constrained in doing whatever they want with the hardware they have bought.
> I absolutely think that a capability available in the vehicle/device when you purchased it should be available for you to use, and not behind a software lock (heated seats, etc).
While I intuitively agree with you, I'm having a hard time arguing against the economic argument in favor it. Producing a single version of a product is generally cheaper than producing two different versions. Also offering a lower-margin, software-locked variant can (in certain conditions) make things cheaper for everyone, and it gives the consumer more choice: if you don't need or want the features of the premium model, you don't have to pay for it.
For example, imagine a manufacturer that sells two versions of its product, a basic model that makes up 20% of sales which costs $1000 to manufacture, and a premium model that makes up 80% of sales and costs $1250 to manufacture; this gives an average cost of $1200/unit. If they can save $100 per unit by only manufacturing the premium version and software-locking it, that reduces the average cost of goods sold to $1150/unit. They can pass on half of the savings to the customer, and still come out $50/unit ahead.
Producing the extra weight of the seat heater requires extra fuel to burn. Now multiply that by the number of cars on the road. Will cost the customer a (small) amount extra in fuel costs for a part that is not being used. So there is an economic argument that ya, we can subsidize manufactures by taxing people more. Seems like a bad deal to me.
Now lets talk about CO2 output of driving around extra dead weight. Makes it worse.
I think the usual "heated seats" example is a poor one, since it's so obviously an optional feature that not everyone would want to hack around.
Let's say instead that BMW decided all their car models would be physically 4 seaters, but in order to be allowed to use the back two seats, you had to pay a large monthly "sedan fee". And if they caught you using the back seats without paying, they'd sue you. Would anyone accept this? Likely no. And the reason you shouldn't accept this is the same reason you shouldn't accept the "seat heat" fee.
I wouldn't be so sure, it's all about the price. There's plenty of people that don't have a need for the backseats, and at a certain discount on the purchase price it becomes worth it to have two unusable seats in the back of the car. Think about the extreme case, in which the car is free: there are certainly people that would take that deal.
Not sure what you're getting at, but the back seat example here has all the same issues I pointed out above. They actually would weigh even more than seat heaters. I only gave some examples above of why it's bad but there are many more off the top.
Either way if I truly think I am right, then BMW, etc should just go ahead with this plan. It should be a money loser for them in the long run. But on second thought why burn all this CO2 just to prove a point. We should probably collectively put a stop to it sooner rather than later.
Haha yeah I wasn't quite sure from the response, so I just expanded on what I was saying before. I wonder if there is any examples of it being a good thing in any way shape or form.
The extra weight/fuel costs just shifts the price point where it's a good deal (as it makes the product slighly worse), it doesn't change anything fundamental to the argument.
Or to put it in another perspective: carmakers have never optimized for weight at the cost of everything else (as otherwise we'd all be driving around in cars made from titanium or carbon fiber). What's the difference between putting in a heavier seat with a non-functional heater to reduce production costs, and using steel instead of aluminium to reduce production costs?
> Now lets talk about CO2 output of driving around extra dead weight
We're talking about a few grams of extra weight on an ICE vehicle over 1.5 tons, if not even an SUV over two tons. If you put a spare bottle of water in your car you'll most likely have similar dead weight.
Now, I get where you're coming from, but the amount of dead weight this adds is so miniscule compared to the general overhead any modern vehicle carries that making this argument is borderline disingenuous.
I question it myself a bit but I think I will stick to my argument. Yes it is a small amount of weight, but from what I understand passenger cars contribute a lot (28%) to total greenhouse gas emissions. 290.8M cars on the road in USA alone. I will say a copper heating coil in a seat weighs 3 Lbs. 4,094 Lbs is the average weight of car. So we could save .1% of the weight of the car maybe? Over the lifetime of a vehicle couldn't it add up?
Then we can add in the CO2 emission of manufacturing dead material to place in the car.
You're probably right that the loss in gas mileage or EV range is pretty small, to the point of being statistical noise.
But a few grams is definitely not correct. It's probably more on the order of 3-5lbs per seat.
If we don't like the heated seat example, let's use power seats. Those are much heavier than the equivalent seat with manual controls to adjust its position and angle. Granted, I don't know of any car manufacturer gating power seats behind a software lock...
I wonder if you framed the question a different way if people would be more accepting of the arrangement.
Option A: Buy our car for $50,000
Option B: Buy our car for $40,000, but we'll software lock the "full self driving" feature
It sounds bad if you frame it as the company withholding functionality. It sounds better if you frame it as the company offering a discount, given some software stipulations.
This is really about paying for software. When you spend $400 for Ableton Live you are "unlocking" new capabilities for your PC. When you buy the latest PC game you are "unlocking" new capabilities for your GPU.
If you wanted to do all this yourself you are technically able to do so, at great difficulty and expense. You could develop your own software to operate your vehicle. (Not advisable.)
I prefer to look at it as a value proposition, rather than a battle of ideals. If a car with x, y, and z features disabled at a price of a is attractive to you, then buy it. If not, don't.
That assumes consumers are entirely rational, totally informed beings. Except every economist knows that's not actually true. So you give the consumer option B to get them in the door, and then spring the cost of full self driving on them. Option B can even end up being more than option A. See also: buying a cellphone on contract, back in the day.
First, they absolutely will not pass the savings on to the customer. Prices are governed by what people will pay, not by what it costs to make the car. If they can make the cars for $100 cheaper, they will pocket the $100, unless market forces (like cheaper cars from other manufacturers) signal that they should lower their prices.
Second, heated seats are heavier than non-heated seats. Customers who get software-locked heated seats and don't want the feature will get slightly worse gas mileage or EV range. So not only is the manufacturer potentially saving money building the car (savings they likely are not passing on to the customer), but they're pushing added operational costs onto the customer.
I think it's fine (though somewhat shady[0]) for a company to use these sorts of software interlocks. But the product sold to the customer belongs to the customer. If they want to hack or mod it to disable that software interlock, the company should just have to live with that, and shouldn't be allowed to punish the customer in other ways (like refusing to provide software updates, refusing to do maintenance, making that maintenance more expensive, etc.).
[0] Ultimately they can do whatever is legal. But customers don't like being nickel-and-dimed for things, and doing too much of this might cause customers to find alternatives. For example, I refuse to fly on super-low-cost airlines like Frontier and Spirit because I don't want a super-bare-bones experience where I have to pay extra for every little quality of life improvement. Flying is already not a particularly great experience, and I don't care to make it worse. It's Frontier & Spirit's prerogative to operate like that (and clearly enough customers are fine with it for these companies to be successful), but it's also my choice to spend my money elsewhere. But if the only option was airlines like these (or car manufacturers who software-lock everything), that would really suck.
It shouldn't be illegal to bypass the security of your own property. On the other hand, it shouldn't be illegal either for manufacturers to make security features that are impossible to bypass.
And that's the problem. Companies should just accept that hardware and software will never be perfect, and people bypassing imperfect security/revenue-enhancing features is just a risk and cost you have to accept when doing business.
Instead, we have bullshit like the DMCA anti-circumvention provisions that companies pushed so they could get the government to legally enforce their crappy business models.
We already have a system in place for this: civil liability and criminal culpability. If you hack your car negligently, you can be sued for negligence or charged with manslaughter.
Neither agreeing nor disagreeing with you, but it follows that you should also maintain this: "It should not be illegal to drink alcohol while you drive. If it affects your driving performance negatively, that, in isolation, is what should be penalized."
And because the impact is exponentially larger. Arguments for regulation prohibiting individuals from tinkering with their cars does no such thing, because those laws are not currently in place, and there is not an epidemic of runaway user-modified vehicles.
On the other hand, such regulation would serve to prevent users from enjoying the property they purchased and to facilitate exploitative practices by manufacturers and retailers. It is all the more absurd given that existing law already provides mechanisms for deterrence and punishment, namely: the notion of negligence.
I cannot stress how terrible this idea is. This would severely degrade consumer rights and do virtually nothing to protect people.
It really depends what you are modifying. By all means have a custom entertainment system and I detest the software locked features such as heated seats.
If you are messing with safety critical software then it is no help to me that you are prosecuted for negligence if I am killed.
Even if your safety critical software works it still is negligent, there should be some barrier to entry for such software. It shouldn't be out there in the wild made by whoever with no oversight.
The road worthiness of your modded car is a question between you and the DMV, though. Once you start adding a fifth wheel to your Lada, it's not the manufacturer's responsibility.
(Tesla's software killing people is also not their responsibility, because you're 'supposed' to use it in a way that nobody actually uses it.)
From the perspective of a customer, what is the difference between a heated seat that doesn't work because it doesn't exist, and one that is locked out by software? Assuming the customer isn't paying up front for that feature.
Some people don't want to pay for heated seats. Turns out the manufacturer found it cheaper to just include the hardware anyway rather than differentiate on the production line. What's the big deal? The ability to change your mind and pay for the feature after purchase without getting an aftermarket seat heater seems like a nice bonus. Everyone wins.
People are pushing back against the idea that you can't do whatever you want with a physical thing that you own. You own the heating mechanism in the seats, you own the hardware needed to turn them on, and you own the computer which activates it. If Toyota sold me a car with heated seat mechanisms installed and no switch, they couldn't stop me from installing my own switch. That you might not be able to do what you want with a physical object you own, in theory, makes this different.
The thing is, in the long run it doesn't matter whether you are legally allowed to install your own switch. The price manufacturers charge for a car will adjust based on whether they can get revenue from subscriptions or not. If they can't successfully charge subscriptions, base car prices will go up.
This could stand in as justification for any odious pricing practice. "Sure, they sneak cocktails onto their customers's bills, but if they didn't do that, they would have just charged them more for their dinner, so it doesn't matter."
The thing is, base car prices go up anyway, and subscriptions are an additional revenue stream. If manufacturers can get away with charging for anything, they will surely charge for it.
I'm wondering if there might be a reasonable market for aftermarket ECUs for some of these "software enabled" vehicles when they start showing up on the used market or coming off warranty...
>Some people don't want to pay for heated seats. Turns out the manufacturer found it cheaper to just include the hardware anyway rather than differentiate on the production line.
If it's that cheap then it should just always be included, period. Otherwise it's just transparent greed. Why charge your customers extra for something that costs you literally nothing extra? Why not do the same for everything? The radio volume knob is software-locked and it's either at 100% or off, unless you pay extra to unlock it. The entertainment system will play ads continuously while the car is running unless you pay extra for the no-ads version. When you unlock the doors they will stay locked for five more minutes unless you pay extra for the Instant Unlock feature.
> Why charge your customers extra for something that costs you literally nothing extra?
Because that's not how business works, whether cars, computers, or any other widget. The cost of manufacturing is only tangentially related to the retail value.
Your examples, while contrived, could easily work the same way. As long as the customer knows what they're buying, and there are other choices on the market, then we will find out pretty quickly how valuable a non-binary volume knob is.
You may not want to know the answer to that one, if you pay much attention to airline ticket pricing and consumer behavior.
It's boggles the mind that a car company would spend millions on styling and then do something like that to completely cheapen the experience. Of course, software companies do that sort of thing all the time. Just...ugh.
That's the entire point. They design a "luxury" car to be sold at a luxury price, with high margins. But by doing so, they go above budget for many potential customers.
So they make a cheaper version, with lower margins, but they deliberately cheapen the experience so that those who can afford the "luxury" version don't buy the "cheap" version instead.
If you want to sell a cheaper version then actually make that cheaper version. Don't sell the exact same version with the switch locked in the off position by a logic puzzle and then sell the solution for an exorbitant price. Hell, make a single version and physically break the feature at the factory. Remove a critical component. Anything but this bullshit.
Sometime it is simpler and cheaper to just lock the switch. It depends on how the manufacturing is done. In some cases (maybe not with Tesla) the feature is there but it may be defective. Sometimes it is worth making a completely different "cheap" version.
In any case, it shouldn't change anything for the end user, hardware or software, you pay a premium for premium features. And even if it involves actual hardware, it will cost you a lot more than what the part is worth. That's how manufacturers target both the premium and budget market with the same product. I think it benefits most people in the end, especially on the "cheap" side since people can get something they wouldn't be able to afford at all otherwise, at the cost of a bit of luxury.
Now, you can get smart, buy the cheap version and hack the software, or install much cheaper third party hardware. Same idea as ink refills for printers, or ad-blocking ad-supported websites. Often, that's you right, but don't expect the manufacturer to play along, you are on your own.
> Why charge your customers extra for something that costs you literally nothing extra?
Because (1) you can, and (2) it maximizes profit.
> Why not do the same for everything?
Because of estimates about what people will accept not having in the base model and what some will be willing yo pay extra for. Why do you think there would be some other principal at work here?
In reality, you're still paying for the hardware. Don't think for a second that these 'optional' features don't figure into the price.
Sure, maybe they have a lower markup if you don't buy the license up front, but you still paid for it. These types of gimmicks are free money for the company pulling them.
Cheaper to manufacture, yes, but the cost of the hardware is still included in what you pay for the software-locked car. You've paid for the hardware and you own it, even if it's software-locked. At that point, you're just being asked to fork over $1k or whatever the additional charge is for what essentially amounts to an "on/off" switch.
Edit: Hell, to make it sound even more stupid, you're being asked to fork over $1k or whatever the additional charge is in order to change a bit from 0 to 1.
> the cost of the hardware is still included in what you pay for the software-locked car.
Not true. The price you have decided you are willing to pay assumes it is not there. Your payment allocates no portion to the hardware. If you have decided a car is worth $30,000, that is what you are willing to pay, regardless of whether or not they include the hardware.
And, in actuality, you might even consider a car with said hardware to be worth less as it adds weight which will require more fuel and wear and tear expenses over the operating lifetime of the vehicle. The car worth $30,000 without heated seats is, perhaps, only worth $29,000 if the hardware is included.
The cost to manufacturer is their problem. Your value determination is entirely independent of that. Should it cost them $1 or $100,000 to build that $30,000 car – it doesn't matter. You are paying for the value you think you will derive from owing the car, not what it cost them to make it.
Indeed, in the long run the value has to exceed the cost of manufacture, else the business will soon find itself filing for bankruptcy. But in the short term, it is not uncommon to see input costs exceed the value of the product, resulting in a net loss for the business. The buyer doesn't care. Input costs mean absolutely nothing to them.
That's no different to paying $1K for a CAD licence.
People just need to come to terms with the fact that the line between HW and SW is becoming blurry.
Obviously, I don't like up-paying for features I don't get to use. The price of the product must be the same, having benefited from mass production.
With that being the case, I'm actually glad I have the option to save money now and upgrade later.
The concept isn't a problem, it's companies taking advantage of it (and us).
I'm paying $1K for a CAD license because I can't write a CAD program myself. I can easily change a 0 to a 1, why should I pay $1K (or however much) for a piece of software that does this?
It's closer to using a CAD package and finding out you need to pay extra to save files.
Which is a real thing that has actually happened.
The functionality exists, the code already has been written, but it's disabled so as to extract more money.
The arguments about cheaper manufacturing is pretty well pointless. If the cost of adding seat heaters is negligible, what justification is there for charging extra? You pay for the hardware either way. This is rent seeking and nothing more.
This is a topic that's been beaten to death in the electronics industry for years. Oscilloscope manufacturers design and sell a 500MHz scope, but cripple it to 200MHz unless you pay 50% more. Or they put 16MSample of memory in and restrict you to 8 unless you pay $400 for an "upgrade". The cost of buying the lower model and upgrading it later is usually much higher than just buying the high end model.
In any case, it's not like manufacturers are selling the lower tier model at a loss. They're taking lower margins on the crippled hardware, yes, but then they charge you ridiculous prices that are orders of magnitude above the real cost of the additional hardware.
> From the perspective of a customer, what is the difference between a heated seat that doesn't work because it doesn't exist, and one that is locked out by software?
In the former case, I didn't pay you money, so you didn't give me a good / service / whatever. That feels fair, because you need money to provide those things.
In the latter case, I didn't pay you money, so you didn't flip a switch. That seems like a dick move.
So I guess the difference is that in only one of these cases does it feel like the manufacturer is an asshole.
heated seats are hardware, not software, even if they interact with software
a car is hardware, not software, even if it interacts with software
the fact that the switch is implemented via software is irrelevant to the fact that hardware is more analagous, e.g. a printer you want to use off-brand cartridges in, or a cell phone you want to root
I bought a kindle fire at a discount because it was ad-supported, then rooted it and removed all the adware+bloatware, and don't feel even a little bit bad, because all I was doing was using my hardware as I saw fit
sorry not sorry that this breaks amazon's business model (in reality it's so rare it doesn't), but my hardware, my property, my rules
Which is why Stallman got pissed at the lack of source code and worked so hard to make source code always available. So that the economic limitations line up more closely with the physical limitations.
That's true. It happens, though, and has for years. My last car had a seat ventilation fan that was inoperable because the switch and corresponding electronics (some kind of PWM controller) to turn it on weren't installed. Seat ventilation wasn't offered on that model at all, but the seats were built with the fan. They didn't yank the fan out on principle, they just installed the seats as built.
Some people don't want to pay for a 4th bedroom. Turns out the builder found it cheaper to just include the extra bedroom rather than differentiate on blueprints. What's the big deal? The ability to change your mind and increase your mortgage without having to deal with construction in the future seems like a nice bonus. Everyone wins.
Cars are property. It would be absurd to think portions of my property are off limits to me. The best part about all of this, is that none of these car manufacturers are going to win, it's a rat race and plenty of people are going to buy the cheapest car and mod the car software. I actually love it. I also love how the people doing this have physical access to their property and nobody can stop them.
Aside from the significant associated increase in maintenance costs on e.g. the roof that would come with such an option, I bet you the market would be fine with that. Stamp out houses that are all alike except some have less bedrooms enabled. Hell, offer the extra bedroom capacity as a rental option.
If the customer only paid for 1 bedroom, they're going to save a lot of money. It's the extra maintenance costs of that roof and the associated space taken up by the structure that would make it a harder sell, otherwise dynamically growing living space would be very interesting.
You think builders are going to create rooms people might not buy and not pass off the cost to the buyers, or development company? You have more faith in companies or maybe builders than I do.
Also, how will you keep me out of the room in my house that I didn't buy? You can't effectively.
Capitalism has done way dumber things than that, so I don't think it's impossible that company A builds 100 houses or apartments exactly the same and company B sells them as different sizes, based on how much the customer pays.
A creative tenant could certainly break through a wall that's been put up in place of a door, but that seems pretty extreme. I've seen some creative construction projects to make use of crawl spaces that weren't originally designed for people to live in though, but that's far from the norm.
That's kind of just how cars work in general even outside of software. I put in the oem fog lights in my old car. All I had to do was basically screw through a plastic bracket in the grill that was installed at the factory specifically for the lights, plug in the lights into one end of the harness that was already in the car, pop out the preinstalled plastic cap in the dash and pop back in the fog light switch after connecting it with the other end of this harness that's already there near the button, routed through the firewall for me. The fuse was even already there in the fuse box for the fogs.
Basically everyone with this car is paying for 95% the actual hard work of what you need for the fog lights already. Very few owners end up going for the fog lights but everyone subsidizes their installation.
You can also look at this the other way. Most people don't value the fog lights, so the very few owners pay the cost to install fog lights in every car because it is cheaper than creating a separate production line. So you are "cheating" the system by taking advantage of that hardware without sharing the cost of it.
I don't think there's any need to be "torn" on that; you can certainly hold different opinions for different nuances without conflict.
Hardware features that are actually present in the product when purchased should be available for use. If manufacturers want to put those features behind a software lockout, I guess that's their prerogative, but they shouldn't be allowed to complain or punish the customer if they find a way to circumvent it.
Charging for ongoing services that require the manufacturer to spend money to maintain infrastructure (like a remote engine start or remote lock/unlock) seems entirely fair, though.
But as a big fat asterisk to that last statement, it pisses me off that I can't run my own server infra for that myself. I bought a Mercedes E-class a little over a year ago, and it included a free year of their online services. Fortunately continuing the subscription is pretty cheap (something like $150/year). But it's an all-or-nothing deal. I want to be able to do remote lock/unlock and engine start, but I don't want Mercedes tracking my location wherever I go, and I don't care about map updates (since I use Google Maps via Android Auto for navigation).
I would much rather be able to spin up my own server to handle some of the remote capabilities, and not have the car talk to Mercedes' infra at all (except perhaps for software updates, which I would manually approve/accept).
I get why car makers won't do this. Even if they didn't want a stranglehold over providing services, I'm sure they still wouldn't do it: it would require extra "advanced" settings in the car and in the app to allow the customer to set an alternate server backend. And customers will inevitably make security mistakes with their own server backend, which could create liability for the carmaker, or at least cause bad press, even if it shouldn't.
It gets a lot more ambiguous when the features being offered also come with increased risk of warrantly liability. I'm thinking of things like acceleration boost here rather than FSD and other driver assistance features.
For FSD, part of the payment is for ongoing maintenance. It is likely that the countermeasure would be subscriptions, and they already seem to be progressing in that direction.
FSD is a little trickier. FSD hardware is installed in your car and is used for ADAS. FSD is completely different firmware and has to be downloaded from Tesla servers which will check to see if you paid for that service.
It might be possible to subscribe to FSD, wait for it to download, then unsubscribe, and hack it to re-enable the firmware. But FSD is still beta and you'd be risking being exposed to get future updates.
In a sense it's something car manufacturers have made for years. Most of the time the difference from one model of a car and another with more power is the mapping on the engine control computer.
Till this day it wasn't a problem since this was not really locked down, and despite the fact that is illegal, people did modify the car software to unlock more power quite easily.
But... that "locking" of feature kind of made sense, since a car with less kW pays less taxes (at least in my country you pay more if the car is more powerful) so selling a locked down model was also an advantage for the user that wasn't interested in having more.
Locking down heated seats... it's just a move against the user. Buying a car you payed for that seats, since they are there, why the manufacturer should ask you another fee to use for something you already payed? To me this shouldn't be possible.
I've done a fair bit of work with engine ECUs and remapping for more power is almost never "free". It's not like manufactures are offering different power outputs strictly via software, though sometimes they'll make different _tradeoffs_ between power/drivability/reliability.
I mean, it's easy to get 20% more power out of an engine if you don't care if it idles like a washing machine. And for some applications, that's just fine.
Sure, you're basically running the engine with a different tuning and you can't optimize for everything. Getting more peak power, or a broader power band out of an engine often means sacrificing smoothness in other parts of the power band.
This analogy/mental model of what things are when you purchase them breaks down for software. It’s less environmentally wasteful to build a single sku and unlock paid software features requiring teams of devs.
This makes it easy for me to make up my mind about. FSD is about far more than just the hardware - there's many teams of devs working on it.
> heated seats
There's little (no?) justification for software locking heated seats. Press the button, make the seats hot. This is just capitalist bullshit and we shouldn't put up with it.
If you enabled a seat heater, enabling hardware that the car already has installed, or hot-rodding the engine, I don't think it is that big a deal.
But if you downloaded and installed software from tesla that didn't come with the car, or did something like enabling free supercharging, that would be more like theft of services.
I expect if this becomes a thing, features will have to be downloaded after purchase.
I think the disabling features of a used car has some nuances.
1) If tesla took possession of the used car and then sold it to you, I think they can disable features.
2) If you sold your car to someone, and THEN tesla disabled features I am not ok with that.
With case #1, I think it is like any used car. People flip cars. They can take a car, remove expensive rims or other options and sell the car without them. People also buy cars and part them out, selling each piece individually. This is ok because the flipper owns the car before selling it and they can do what they want.
Here's a solid example - in 2016 all teslas came with free supercharging for life. In 2017 they changed it to be non transferable. If you buy the car directly from someone tesla won't know but there has been cases where they've found out (warranty repairs for example) where tesla then removed it.
If the seller didn't tell the buyer, or the seller themselves didn't know - who's fault is that?
It would be the same if the volume rockers on the iPhone would only work if you have a paid subscription, or if you needed to pay extra to unlock 120fps while the device is capable but locked to 60fps because you’re not giving Tim Cook more money.
This is less true nowadays than it used to be, some games have quite a substantial amount of DLC of which no part is shipped with the base game. The Rock Band series comes to mind there, for one.
I'm not sure 'MS charged $800 more for NT server when it was basically the same as NT', given how much they're known for unfair and fraudulent business practices, is the greatest argument.
Expecting capitalism to be fair is probably where we're all going wrong here.
Game theory at play. Tesla and its customers are adversaries, vying for the same dollars. Tesla implementing these security measures directly translates to being able to charge more for services. Same as John Deere and many others. This is a minmax problem. How to pay the least to cause the other actor to pay the most. If the feature costs $15K and breaking security costs $15K then it is effective security. Obviously not the case here.
> Game theory at play. Tesla and its customers are adversaries, vying for the same dollars
Umm, I think this is more like "airlines vs passengers" when passengers read about "hidden city ticketing" in a travel blog, think it sounds cool yet haven't properly understand it, yet decide to go to town on it anyway.[0]
Since most providers are entirely at liberty to tell a customer they're no longer welcome, as a customer you have to be really really sure you want to own up to the provider as being an adversary, since you might end up needing another provider. For ever.
(Full disclosure: have been looking for, booking, and flying on less-than-entirely-legitimate airfares for a looong time. Have occasionally broken out in a cold sweat at an airport in some far-flung country on a dodgy itinerary when I think I've been rumbled...)
Fascinating article, didn't know skip lagging was a thing or that it is illegal. It definitely shouldn't be, just seems to be government protecting entrenched corporate interests at the cost of the populace. aka par for the course.
So if you buy a Tesla and the T&Cs prohibit you from hacking it/modding it, then you decide to hack away at it anyway, what happens if Tesla were to brick the online features of your vehicle and/or completely cancel you as a customer?
I mean the whole point is that Telsa should not be able to brick the car you purchased because you changed something in your car. Why does a car come with conditions?
Granted I may not be in the demographic for a telsa, i wouldn't ever want my car connected to the internet.
In america the current legal standard is that you go and get fucked. You do not have a right to something you have purchased anymore as long as the seller puts enough magic fine print together.
I make a video game and charge $50 for it. Later I make a DLC and charge $25 for it.
Is your claim that if I keep them as separate purchasable downloads, I'm not rent seeking?
But if instead combine the game and dlc into a single executable (to simplify build and distribution) and put the dlc behind a software lock, somehow that is now rent seeking/overreach and I deserve to have hackers unlock it for everyone for free?
Even though that is not exactly the issue I refer to, I still say yes, that is my claim, from a moral perspective.
If the content is on the disc or shipped as part of the files of the base game, then it should be accessible without additional purchase. Otherwise, you're undercharging for the original deliverable, and overcharging for the actual "downloadable content".
Imagine this taken to the logical extreme. I sell you a printer. It comes with an amount of ink. However, I've decided that instead of allowing all of the ink to be used, I will limit the printer to only give you X number of pages per cartridge, regardless of actual ink content. Buuuuut, you can also pay me $5 for the "ability" to use all of the ink in your cartridges instead of only part of it. Would it be wrong for hackers to unlock my printers to use all of the ink without having to pay a subscription fee?
> Otherwise, you're undercharging for the original deliverable, and overcharging for the actual "downloadable content".
This is called price discrimination and it’s a great thing. You’re talking about under/over charging but that’s absurd: there is no such thing. People pay what something is worth to them.
What you’re advocating for creates actual economic inefficiencies: the people who don’t want the DLC must either pay a higher price, or not make the purchase at all, and the people who would happily pay for the additional DLC now get a net cheaper price, despite a willingness to pay more.
Seems morally dubious. When you purchase software, it doesn't mean you automatically own the bytes and can do whatever you want with them. There are things call licenses that dictate what you are allowed to do, and you agree to the license when you decide to use the software. If you agree not to use the software for commercial purposes when you purchase it, you can't morally decide "my bytes my choice" and just to use it for commercial purposes anyway. Just because money has changed hands doesn't mean you now have free reign to do whatever you want with the bytes. If someone sells you linux for $1000, that doesn't mean you are allowed to make it closed source for further development because the GPL license you agreed to prevents you from doing so.
If I buy a car, then, yes, "my hardware my choice". Software should be no different.
I personally think end user license agreements are immoral. If you want to attach conditions to use, you should have to spend the time to work out a proper contract, executed by both parties, with consideration provided on both sides.
But I still think that's weird. To use your "commercial use" example, if I buy a lawnmower, the company that sells it to me should not be able to dictate that I can only use it for personal use, on my own lawn. If I want to use it to mow my neighbors' lawns and charge them for it, they can't stop me.
Copyright licenses like the GPL are interesting. I've released software under the GPL in the past (though these days I usually choose more permissive licenses like Apache or MIT). The GPL itself is essentially a hack that rides on our current awful copyright law in order to creatively subvert it. If our copyright laws were more reasonable and more aimed toward benefiting the public commons, we may not even have a need for the GPL; it's even possible that big parts of it would be unenforceable in a more reasonable copyright regime.
Just a note on this:
> If you agree not to use the software for commercial purposes when you purchase it, you can't morally decide "my bytes my choice" and just to use it for commercial purposes anyway
While this may be true under current law, there's nothing inherent in the universe that makes it this way. We as a society have decided that, legally, some things are out of bounds when it comes to contractual obligations. As an extreme example, you can't contractually sign yourself into slavery. No court (in the US and quite a few other places, at least) would consider that contract valid. The idea that you can sign away your rights to use a piece of software commercially is not some absolute moral good. We could decide as a society that this sort of thing isn't ok, and enshrine it into law.
Yes. You've already distributed the binary to their machine and are using their resources to store it. In my view, it belongs to them and they should have full access.
By that logic, do you think that after someone has paid for 1 month of netflix, and downloaded their entire catalog to your phone for offline viewing, that all the videos "belongs to them and they should have full access"?
Yes, absolutely, if that were a feature the Netflix app allowed.
Obviously it does not: your downloads expire after a certain amount of time, and if you cancel your subscription, you won't be able to get a key to decrypt the files.
Companies are free to try to put restrictions on that sort of thing, but I think if customers are able to circumvent those restrictions (the DMCA anti-circumvention laws notwithstanding), the company should not get to complain about this.
No because Netflix is not a one time purchase, it allows to use the service for as long as you have an active subscription. Also you should know that the download function is limited to 100 titles.
If the game had a base cost of 0 and a monthly price to play it it would be acceptable. Quake Live worked like this and I believe Game Pass.
>No because Netflix is not a one time purchase, it allows to use the service for as long as you have an active subscription
Suppose netflix added a $10 upfront cost for subscriptions to combat people churning subscriptions or whatever. Would that make it justified to download all the shows they let you?
>Also you should know that the download function is limited to 100 titles.
I shouldn't know, because I don't subscribe to netflix :^)
That would be a better comparison (with bundling a game and DLC into single binary) if Netflix insisted that you keep those files on disk past your subscription period. If they did that, yes. But since they don't, no.
I don't think you'd "deserve" to have hackers unlock it, but I also think that you should have no legal right to prevent people from unlocking it without your permission, and I don't think it's unethical or immoral for anyone to do so. If you sell something to someone, and put it in their hands, they should have the right to do whatever they want with it.
Presumably you've made the choice to bundle the base game and the DLC together like that in order to reduce your costs somehow, and I'm not responsible for your business model or logistical issues. If you're worried about people unlocking the DLC for free, don't put it in their hands without charging them for it.
Either way, I think it's entirely reasonable to classify the concept of "charging extra at a later date for something you've already given the customer" as rent-seeking or overreach. Even more so if, instead of a one-time charge, you choose to charge a subscription for something that does not require any ongoing costs for you to provide.
That's fine, since there's an on-going cost to maintain the cloud infrastructure that the game needs to function. The company is well within its rights to say "if you stop paying us, you stop getting to use our cloud services".
But if there was a single-player or LAN version of the game (I know that's not really possible with something like WoW, but for the sake of the argument...), then players should absolutely not have to pay an on-going subscription fee to play that way.
how is this even a question? this is exactly what happened with Star Wars Battlefront II, and EA was once again absoutely crucified by the decision to have paid unlocks for content you technically could grind for but was essentially unfeasible.
the only difference between now and 2017 is people saw EA raking in the money anyway and have followed suit, so it's now more common. the outrage was proved toothless... cause star wars sells, and so does te$la.
The real question is Tesla Supercharger capability. If you can't plug your car into that network, then you've lost a ton of value. But here's the thing. In order to disable supercharging, Tesla remotes into your vehicle to turn it off. It doesn't happen on the charger side, it happens on the vehicle. So if you have root on your Tesla, you can make sure you can always supercharge, which isn't mentioned anywhere else.
Here's a question for the lawyers out there: if you notify Tesla that they're no longer authorized to access YOUR car, and they remote into it anyways, would that come under Computer Fraud and Abuse?
IANAL. It seems like it should probably be covered anyway, without the notification. Assumed consent would cover updates and improvements. No-one is consenting to their car being crippled, surely.
It gets me wondering how well Teslas will function with zero connectivity w/ Tesla. I mean, if the company goes under or (more likely) they drop support for older models, do older cars get bricked and disabled like clients for a multiplayer game that's gone offline?
I doubt they'll completely brick (the car can reboot itself mid-drive while still having throttle/brakes/steering) but I could see most/all infotainment features ceasing to function.
So one can never revoke access or change the access terms to one's own car/computer? That just seems wrong. I'm pretty sure Tesla can and does change access terms to their servers and charging networks.
This should be "hacked" by the regulator and not by the hackers. If they sold you a car with heated seats (so if the hardware is there), the heated seats should be available for the consumer to use.
So people should not have the option of paying less of paying less for less features? Everyone must pay for features that only a subset of customers use?
You make a common argument that's deceptively anti-consumer.
Yes, this can be abused - but that's a different argument.
If they sell you a car with heated seats, you should have heated seats. They already sold you the heated seats, you already have the heated seats, and they just want more money for something they already got money for, and you already have.
But they didn't get money for it. They get money for it from the people who enable it. If they didn't get money from people paying for it the effective cost of manufacturing the car they sold you would go up (and they may need to raise the price they charged you to cover it).
Imagine that 1/2 of the owners want heated seats. It is more cost effective to just install the hardware in every car rather than creating a new production line. These owners now need to pay 2x the raw cost of installing the seats (because they need to cover the cost of installing the hardware in the car that won't purchase it) in order to cover the cost (and of course there is some profit margin on top). But this can still be much cheaper than the extra overhead of setting up a second production line. But in this model the price of the car that didn't pay for the seats hasn't changed. The cost increase is covered by those who do pay for the seats. Making two separate production lines would raise the cost (of both models) for no benefit. Adding the feature to all cars would necessitate raising the price for the base (and only) model to cover the additional manufacturing cost.
(Ok, money is fungible so it is a little hard to say anything for certain, but in theory it is rational and fair)
If their business model is broken, it's their problem.
You bought a car, paid for the car, and that car has heated seats. Now they want more money for using hardware you already bought, paid for and received.
I would understand if they had recurring costs with your heated seats (like they do with eg. a music streaming service or something like that), but nope, they sold you the hardware and now are blackmailing you for more money to use something you already own.
Not adding heated seats does not mean a different production line, just one skipped step for the seats without heating, and this was done on every car before they started with this subscripton and "pay extra" crap. This would also reduce e-waste for those who do not want and/or need heated seats.
Do you really want to live in a world, where you have to pay extra to use something you already bought?
You paid for a car with non-functional heated seats. You got a car with non-functional heated seats.
I agree that if people figure out how to easily enable those seats they have a problem. Because now they are getting less payment for those seats (as some people are using them without paying). But that doesn't make it wrong to sell you a car with non-functional heated seat hardware.
> blackmailing you
They aren't blackmailing you. There is no threat. They are making you an offer. They can turn your disabled heated seats into functioning heated seats.
Skipping a step effectively creates a different production line. Now you need to track these inventories separately, ensure stock of each, schedule the production and ensure that various stockpiles around the world have each model. There are very significant cost there. It is entirely possible that this complexity and cost results in more e-waste. But it definitely increases cost.
> where you have to pay extra to use something you already bought?
But you didn't buy it. You bought a car without heated seats. (or with disabled heated seats if you prefer). You got exactly what you were promised and what you agreed to pay for.
You bought a car with functioning heated seats, where the manufacturer intentionally implemented a lockout system, so you can't use them unless you pay. This is like buying a house with an extra room, but the door is locked until you pay. Yes, you own the house, you own the room, you can break the lock, but if a shitty timing chain breaks within the warranty period, the fact that you broke the lock on that room will cause the manufacturer to complain and not want to fix the timing chain because you supposedly voided the warrantly.
>So people should not have the option of paying less of paying less for less features?
They should, it's called buying a different car without those features installed.
>Everyone must pay for features that only a subset of customers use?
You are already paying for those features upfront as part of buying the car - there is no recurring expense to the manufacturer. If you do not want or are unable to pay for those features, you buy a different car without them installed.
What you're arguing for is for everyone to have to pay another monthly subscription, and conflating "paying more for a car" with "paying monthly for non-consumable resources for a car".
But this would simply result in both groups paying more for no benefit. Due to less volume both models would end up costing more.
I do agree that making this a subscription is ridiculous, especially such an expensive subscription. But I think making two models of car and raising the price for everyone is illogical.
I'd be happy paying less for less features. Or paying less and then hacking the features in. It's kinda like ad-supported YouTube, pretty nice for me cause I just ad-block.
> So people should not have the option of paying less of paying less for less features? Everyone must pay for features that only a subset of customers use?
Yes. I'm sick of concern for the value-conscious dragging down the entire market.
I think this can then be “hacked” back by not selling you car, but instead renting it for something like $1/yr + the price of the car as a contract setup price. Personally, this is not the world I would like to live in.
I would have thought that EFF and FSF would be more active in trying to promote open source in automobiles for privacy, security and being able to repair and modify the vehicle. I would think that it would be rather mind blowing how much information is gathered by the new vehicles about oneself. I have enough money to buy any model of Tesla, but will not due to privacy, security and safety reasons. (I consider drive by wire braking and acceleration a safety issue. With a stick shift I can insert the clutch and know that the drive system can be disabled. I also consider that the software can be modified over the air forcibly by Tesla a safety issue because it could be used for nefarious purposes.)
Sooner or later, some city is going to be held for ransom by a group that has disabled (or hijacked) all of the Teslas in it. "Give us a king's ransom or your roads will be clogged with immovable cars, and thus unusable, for weeks". Right now, there are not enough software-hijackable cars on the road for this to work, but that is changing. Once you have a critical mass of perhaps even just 5% of the cars, you can bring all traffic to a halt until your demands are met.
Something close happened with a used-car dealership where every car got a remote immobilizer added in order to make repossession easier. One ex-employee logged into the system and locked up every car, including cars that were paid off or had been sold to unsuspecting customers.
I do agree with the sentiment, but in this particular example if I were the local government I’d endure the pain for the 24-36 hours it’d take to get the inflicted vehicles gathered up and then simply ban them from driving until the manufacturer fixes the issue.
If I didn’t have the legal authority to do it I’d probably still do it and rather pay the damages than the ransom.
Well, that may happen too, but you don't want to impair the victim city's ability to pay the ransom. But, I'm afraid, we'll just have to see which happens first.
That would make for a good topic. Also, it is difficult to maintain older cars going when parts become harder to get. So, even if one does not want to buy a new car; at some point one might be forced to getting a newer car. I very much appreciate these hackers and hope that there will be a thriving and vibrant hacking community for new vehicles. I am personally not interesting in unlocking unpaid for features; but for privacy, security and safety reasons.
While the exploit that allows them to run arbitrary code is unfixable, that doesn't mean Tesla couldn't update the vehicle to make accessing these features more difficult. For example, simply not delivering chunks of FSD to unauthorized vehicles server-side.
I guess my point is: This will start an arms race. Eventually you'll need to pick between an on-network Tesla getting software updates from them, or an off-network Tesla with FSD and other things that unlocked can provide. Heated seats can likely be re-enabled electronically without software (i.e. splice in a switch).
Personally, purely from a utilitarian perspective, I wouldn't choose to use FSD that wasn't getting continuous updates because it may not include road changes, state law changes, and frankly still has a lot of room for safety/reliability improvement. Maybe "Enhanced Autopilot" ($6K) just for lane change.
PS - 9/10 of Tesla's recalls have been software updates. So you'd lose those with an off-network Tesla.
Seeing this gives me the same warm, fuzzy feeling I had when I jailbroke my first iPhone to gain features that were impossible otherwise.
I wonder if Tesla will start using physical one-shot fuse bits buried deep in hard-to-access components (eg. hardwire a heater control relay open in the final programming step at the factory) to make these type of attacks more difficult. Of course that would preclude up-selling the feature later.
I think it's all about the possibility to later upsell. I don't think the economics work out where it's cheaper to install something like a seat heater in every car and permanently disable for price discrimination purposes (the way you might for e.g. a CPU).
My brain can kind of rationalize this as "it makes the up-front price lower, and you can add features to your car without even visiting a dealer", but my heart definitely recoils at the idea of paying for something like that already in my possession.
I agree that it feels really wrong but I don't think it is actually unethical to lock features like this. (Although the way the locks are implemented may be unethical.)
It allows making multiple logical models with a single production line. This lowers the cost and in theory that is valuable to consumers. I imagine that if there was no ability to "upgrade" later this wouldn't even be news. Consumers would just see it as a base model and a premium model, and Tesla found a very cost effective way to provide two models of car. Or four models if you count self-driving.
But upgrading later is actually valuable. Why not let someone add features as their budget allows? It does "expose" that these are only software locks but I think that is actually fine. In theory it is just the people who purchase the premium upgrades that are paying for these features in all cars. It shouldn't necessarily affect the price of the base model and you aren't really paying for the feature unless you purchase the upgrade.
That's very cool. Especially if this could compromise the desktop version of this tech as well. Extracting my own TPM keys could be useful if MS/GOOG decides to boil the frog even harder.
Will be interesting to see how they did it. Using low cost off the shelf parts means nothing if you have to dismantle the entire car and solder to the tiniest of points. I still remember the first Xbox mod...30+ wires attached to the smallest of points on the motherboard.
At least in France if you have a serious accident there’s a technical examination of your car. If the insurance company finds out you tampered your car software (debridage) you’re left without any coverage.
> Software-locked features that need to be activated by the owner paying or subscribing to a service are becoming increasingly popular in the auto industry.
Popular is the wrong word. Common, maybe. But popular?
Call me pedantic but I think using the word popular without qualifying it any further really begs for you to interpret it more generally, even in this context. Prevalent or common are better terms here in my opinion, since they regard the status quo rather than opinions.
"Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities."
No, the word "autonomous" should not be used in conjunction with any Tesla vehicles. That means it can drive itself with no one inside. No Tesla vehicle is anywhere near autonomous.
Now comes the funny part, were tesla tries to make the platform trusted and locked down, and then people start to flash there own firmware and solder chip-mods, cause there is nothing GNUnder the sun.
Wouldn't be surprised if Tesla has a defeat-device buried somewhere that allows for remote permanent deactivation once parked in case of piracy
I would have said I'm surprised that so many "hAcKeRz" are eager to prostrate themselves at the altar of eternal rent-seeking and powerlessness, but a lot of people here love simping for profit extractors, especially Lord Xoldermort. Another day, another rote disappointment.
They haven't broken the encryption technique, they've bypassed it by extracting the key using weaknesses in the hardware-software. You have to redo the process for each physical device to extract the particular key in use in that device.
There are already third party garages offering to unlock various things for less than Tesla wants (or upgrades Tesla simply doesn't sell).
They tend to involve a gizmo intercepting can messages though. The gizmo is usually keyed to the serial number of the car so you can't clone/move/resell them.
My main worry is that by incentivizing customers to install dubious software on their own vehicles in a rent-seeking money grab, manufactures will make us all less safe.
For now. They will plug the hole, just like Apple will stop any undocumented use of their GPU when it suits them. Why waste your time on these companies?
Possibly because it's their job, it's interesting, educational, maybe there's a monetary reward, maybe the reward was the journey all along.
The article mentions it can't be fixed by software update.
I kinda get it. Rather than maintaining a supply of multiple parts which complicates your supply chain and install/repair procedures, Tesla is making cars nearly 100% identical physically and differentiating in software.
The supply and install problem clearly isn't that hard, auto makers have been doing it for many decades at this point.
Plus, it seems backwards from a business standpoint. You always have the cost of installing the hardware, but now you only get a % of users who agree to pay for the additional cost? The only way to "fix" that is to artificially raise the price of the product so effectively everyone is paying, which means now you're double-dipping from the people who do want it.
It's just crap. If I buy a physical device (not renting) then I own it and should be able to use its full capabilities. The only thing that should cost more is anything that has ongoing cost to the manufacturer if I use it.
From the perspective of the manufacturer, having fewer model variations and factory/assembly configurations may end up saving more money overall.
They may also believe that there is a large-enough group of people who would decide not to get heated seats installed at purchase time, but would later regret that and wish they had it. The manufacturer might make more on "install hardware unconditionally and charge a fee for zero work later" than "install hardware later on demand".
The true cost of things to the manufacturer often depends on more than just the cost of that item and the direct labor cost to install it.
But I absolutely agree that we should applaud people who get around these sorts of software lockouts. If the company is going to give you a piece of hardware, it should be fair game for you to figure out how to get the most use out of it.
>The only way to "fix" that is to artificially raise the price of the product so effectively everyone is paying
You know what's better than "artificially raising the price of the product" so you can pay for the heated car seats or whatever? Raising the price of the product, and not installing the car seat in the first place and keeping the extra money for yourself. The idea that carmakers can pass the cost of software locked (ie. non-functional) parts to consumers makes zero sense.
> The supply and install problem clearly isn't that hard, auto makers have been doing it for many decades at this point.
Are you referring to the legacy auto manufacturers that still can't make EVs profitably in 2023? Perhaps Ford with its negative 58.9% EBIT margin on their EV division [1]?
Of course you can "solve" a more complex supply-chain and multiple vehicle configurations. It just costs more money. And therefore reduces your profit margin. If you do too much problem-solving of this type, your margin might end up negative. Not every EV manufacturer can subsidize their EV business with a high-margin ICE business.
Isn't that fully borne by the manufacturer? Suppose you're the manufacturer of a car that costs $30k to make and sells for $50k. You're posed with the question of whether to add a non-functional part that costs $5k. If you add the part and don't raise the price, then you're eating a $5k loss. If you add the part and raise the price by $5k, you don't eat the loss, but it also means you could have charged $55k for the car. No rational consumer is going to be like "I would have paid $50k for this car, but now that it contains $5k of non-functional component, I'm willing to pay $5k more for it now!".
Premium audio isn't a software-disabled feature. You can buy a wiring harness on Amazon to enable the disabled, yet installed, speakers: https://amzn.to/3rVBrel
From what I understand the foglight is there but disabled from computer. The aftermarket lights bypass this lock completely by tapping into the main light cluster harness.
Before November of 2021, the cheapest Model 3 had heated front seats, and the rear heated seats could be unlocked for $300 (later reduced to $200).[1]
In November of 2021, they made heated seats standard. I think the only software unlocks available for current vehicles are acceleration boost, enhanced autopilot, and FSD.
This video seemed to have pretty good performance actually, but I've seen articles where the car just gets stuck, makes unsafe maneuvers or just violates laws and this guy (whole mars catalogue) defends it. Watching prior videos shows it fail to yield to stop lights, stop in the middle of intersections or just total incompetence about highway etiquette (such as the highly watched SF -> LA video (in this video the whole highway is dubious, also violations at 1:18, 1:24, 1:30, maybe 17:24, probably others I missed... 3 in the span of 15 seconds)). I'm not at the point where I trust this thing.
Frankly the sped up versions are more useful for understanding the technology because most driving is boring, even for a self-driving system. But it is good to be able to go to the raw version if needed.
You cannot get rid of the entire computerization because of the battery management. Also having some smarts for different terrain conditions generally enable some efficiencies. The hard truth is energy in Lithium ions will never be as energy dense as breaking a hydrocarbon bond. So electrification will always need some computers unlike the efficiencies we can gain from changing the mechanical design of the engine (which can also and did improve with computers).
However as many industries the car companies try to keep the infinite growth premise alive by entirely computerizing all parts and close off any innovation with patents. Just like ICs, in the future nobody will own their car and those who want that will need hundreds of billions to burn to create companies that has no chance of competition.
It really depends on your definition, pretty much every car for the past 50 years has been computerized. If what you're really after is an ev with no lockouts there are plenty of ev's where the only lockouts are to ensure you don't do anything stupid (no over-discharge destroying the battery for slightly more range, etc) But if you're after complete control you'll find that in ev conversions with dedicated speed controllers will give you complete control, so you can shoot yourself in the foot if need be.
This line of reasoning is what is used to justify lock-in and anti-right to repair legislation. Following this reasoning you shouldn’t be allowed to change a flat tire on your car as it could be improperly tightened and fly off at speed.
Technical constraints to lock out owners/users only serve to enforce a manufacturer’s feudalistic rent seeking and revenue extraction policies.
In the overall scope of driving a personal automobile cellphone use or even adjusting the car entertainment system are far more common causes of accidents and death and yet these are not locked away via technical controls despite being very easy to accomplish.
Two things can be true at the same time: 1. It's a sketchy idea for the manufacturer to lock away features behind paywalls. 2. It's a really bad idea to monkey with the internals of a self-driving car.
Everyone accepts a certain risk simply by driving, and we all have relative risk tolerance. Point in case: I knew of a 20-year-old driver who owned a nice, safe vehicle but was too afraid to drive on an interstate highway because they were afraid. That's not a "hunk of metal" issue but a risk-comfort "issue," which really is relative.
Regardless, your point highlights the eternal fight between liberty and "safety and security." A society which tolerates little risk seeks to minimize liberty and maximize safety and security. A society which tolerates much risk seeks to maximize liberty and minimize safety and security.
To use cars as the prime example: why am I required to purchase a vehicle equipped with airbags [1]? They're expensive, bulky, decrease fuel economy, and may cause harm to a passenger if it improperly inflates. By owning a vehicle, I assume sole responsibility for the correct and proper operation of it as well as the physical well-being of any passengers. Frankly, I should be able to purchase a vehicle equipped without airbags to decrease the overall purchase price, thereby allowing me to use that money on other things.
The same argument doesn't apply to certain things like ABS, which I argue should be regulated because poor braking affects people both inside and outside the car. Airbags, on the other hand, only apply to people inside the car. By carrying any passenger in the vehicle, the owner assumes legal responsibility for their safe carriage.
I think it makes more sense if you frame it that the manufacturer is required to sell cars with airbags. We don't, as a society, want people to have to make a choice between safety and cost in that particular situation, so we mandate that the manufacturer can't even sell without them.
Beyond that, if we assume airbags, on average, decrease injuries and deaths, then society also has an interest in helping to ensure that. Heavily injured and dead people put more of a strain on our health care system, and the costs for that are not solely borne by the person who gets injured or dies.
Certainly there's room for disagreement on whether or not all that is worth the added per-individual cost, the regulatory cost, etc. But let's remember that there are many things that, on first glance, seem to only affect an individual, but actually ripple out and affect others as well.
> why am I required to purchase a vehicle equipped with airbags?
The same reason that you can't sell food that's sweetened with lead. You can add lead to your own food if you want, just like you can drive a car without airbags.
Yes, keep lead out of food. The comparison is not accurate because the risk-reward profiles of lead-in-food and airbags-in-cars are misaligned. Food is consumed under all circumstances, whereas airbags are only employed during an emergency situation.
You're also right that I can drive a car without airbags, but the point is that you can't buy a new car without airbags.
As someone who made and drives a rat rod, it's basically the same situation?
If the car fails due to my physical hacking, it's on me. Should be same for software.
I never said they shouldn't be able to do it; I said it's a bad idea to do it.
To put it in your terms: I'm happy for you to be allowed to drive a rat rod (hello, fellow old? I haven't heard that term in a looong time), but clearly a car with likely no crumple zones, air bags, antilock brakes, etc., etc. is less safe than a modern sedan.
I enthusiastically endorse this sentiment until I remember I'm a software engineer whose career depends pretty fundamentally on copyright law.
As an industry, we sell things that make hardware more useful. That's what software is. But the software we sell* comes with legal restrictions on what the buyer* can and can't do with it. Which means that we're restricting what our customers can do with the hardware that they own. And we do all that for money. *Substitute whatever you think the right terms are for these words (licensor, licensee, borrower, tenant, serf...)
If we sold an app on a mobile-phone store, and a h4ck0rz came out with a crack that unlocked the premium features on it, we'd take measures to stifle it (patching the code, increasing the obfuscation, sending a complaint upstream of whoever was distributing it, etc.), and I don't think any of us would think we're bad guys for doing so. We're just trying to feed our families. And I doubt any of us would feel compassion for someone who said they paid for that phone, own its hardware, and can do whatever they want with it including run your paid software for free.
Tesla's sin, if any, is that they sold us hardware that's designed to work only with their software. And "their" software could include software they licensed from your company, if you work in their software supply chain.
Where is the right line between "my hardware, my rules" and "my software, my rules"?
> Where is the right line between "my hardware, my rules" and "my software, my rules"?
If someone roots their phone or car, which they own, despite the manufacturer's best efforts to prevent this, it should be legal because they are modifying a physical object they purchased. If they teach other people to root their devices, it should be legal the same way teaching lockpicking is legal if you're just lockpicking something you own.
Nobody is asking manufacturers to stop trying to get in the way of people hacking their devices. Most people won't have the skills or desire to jailbreak anyway.
But John Deere will sue farmers who try to fix their tractors themselves, Sony will sue you for jailbreaking your PS3, etc etc. That's wrong.
Additionally, DRM generates physical waste by making it hard for people to fix things they bought. The right to repair is important.
For software, illicit redistribution is covered by copyright law, no? But the same is true: if you own a copy of software and want to hack it (e.g. mod a game you bought) why should that be illegal, provided you were able to get around the game's built-in circumventions?
As a software engineer, I don't sell software, I'm paid to make it. I don't even own it afterwards. I hear some people are paid to develop open source software. I don't think my career depends "pretty fundamentally" con copyright law, as if the software I produce is otherwise worthless. Most people on the planet can't do the work I do, which means that somebody pays me for this work. Changing copyright law wouldn't change this fact -- at most it could affect my pay grade.
> Where is the right line between "my hardware, my rules" and "my software, my rules"?
There's something obscene about unlocking existing physical features with more money, but there's also our mental model of what ownership means. Imagine you buy a new fridge, and it has an extra compartment that is installed, gets cooled but you have to pay to unlock. No one could ever verify that you didn't rip it open yourself. I don't think anyone would object either.
The current monetization strategies for software favor the corporations. They can withhold service in case of no payment, and they are trying to do the same to hardware. I personally feel we should regulate this as soon as possible, otherwise things like right to repair will simply disappear.
Yeah these discussions always give me a bit of cognitive dissonance.
On one hand, I like owning my software or content I purchased (talking about DRM)
On the other, people expect most things to be a "live service" in terms of updates, which isn't sustainable if you only ever get paid a small onetime fee for your software. If you make the fee large, like Modo/Photoshop did, then it acts as a financial gatekeeper to your product. Even then, I feel like it creates wrong incentives for the product, so I'm not sure it's good either.
> On the other, people expect most things to be a "live service" in terms of updates
Do they? Most people I know don't want anything to update as long as it's working. They don't want new features. They don't want new UI changes. They'll dismiss/ignore prompts to update for as long as they possibly can. In very very rare cases people want "live service". They want their GPS to give them traffic information for example, but otherwise they don't want anything but bug fixes.
Photoshop for example doesn't need to be constantly updated and a version of photoshop from 10-15 years ago would be just fine for the vast majority of people. The idea that software has to either be insanely expensive or a subscription is a false dichotomy.
> But the software we sell* comes with legal restrictions on what the buyer* can and can't do with it. Which means that we're restricting what our customers can do with the hardware that they own.
I'd say the software equivalent to right to repair would specifically be about restrictions against inspecting/decompiling/modifying the software running on your machine.
While I also think copyright is flawed in general, restrictions against redistribution of the software seem like a separate matter - in the same way hardware right to repair doesn't mean you can set up a manufacturing line for new John Deere tractors to sell to others.
> h4ck0rz came out with a crack that unlocked the premium features on it
If someone grafts on useful features using only what you have already downloaded to my device, I think that's fair game.
IP has gone too far. We're seeing more and more instances of computers forced into perfectly good physical products for the express purpose of degrading their functionality unless a ransom is paid. Now instead of toggling a relay, you have to go through an entire software stack and license check to heat your seats.
I want to add agreement to this, but to be more precise: people should own the things they buy and artificial (software ) means of locking people out of features shouldn't be allowed.
The doctrine of first sale says that companies cannot restrict the second (or later owner) of a thing. You may notice that some books printed in the UK have some wording on the copyright page about how you can't sell the book (nor give it away) without requiring the subsequent owner to follow the same "license". In the US, I can give away a book, or sell it, and no condition that the publisher makes me agree to will apply to the next person.
Physical goods should be required to follow the doctrine of first sale. There should never be any possible conditions on subsequent owners. If the first owner "unlocks" a feature, it should be unlocked for every subsequent owner.
If you opt out of the heated seat package when you purchase the car, that doesn't mean the manufacturer can't add that hardware in a disabled state. That also doesn't mean you own the heating feature after you opted out
That's like asking Intel to fix a processor you overclocked
Here's an analogy: the year is 1950. I bought a car and a radio is built in. But I didn't pay the extra radio fee, so a wire is intentionally left out and the radio does not work. But the car is mine--I could choose to scrap it, radio hardware and all; I owe the company nothing, and I am the owner of a car with a nearly-functional radio. Then how could somebody object to my going in and fixing the radio, if it is my property to begin with?
Back then, the dealer would remove the radio before handing the car over to you. In its place would be a panel blocking the hole in the dashboard.
I used to work for a radio shop, and it was reasonably common for us to remove the radio when customers did not want it in their new car. Some wanted to have no radio for religious reasons, some businesses wanted the absolute cheapest vehicle possible for their employees, most wanted to install their own aftermarket radio.
If I paid them money and they gave me hardware (in this case a heated seat) then I can do what I want with it, sucks for them if they don't want me to. They can give me the non-heated seat. And yeah if I brick my car trying to jailbreak it that's on me, fine.
The manufacturer sold the hardware configured in a certain state; the same device could have been configured differently depending on price. Once the device is sold, the new owner is a petty tyrant over the state of his own property.
But if I don't own the heating "feature" (promise of a result), I don't care. I am pretty sure that the warranty indemnifies the company against the hardware actually being fit for said purpose and therefore will not guarantee a result anyway, so what do you "own" in the first place, if not the device itself?
The far better analogy for what Tesla is doing is "it's like Intel preventing you from overclocking your chip". Sure, you should not expect support for your hacked seat warmers.
Nah, that's like asking Intel to enable two more cores on a two core processor made from a four core binned chip that they also sell four core processors based on. The only difference is software.
It was abandoned due to backlash but that didn't stop Intel from doing artificial segmentation, so instead of buying a chip with "3MB" of cache and being able to unlock it to 4MB later, now you buy a chip with "3MB" of cache and 1MB of dark silicon that's permanently lasered off at the factory. I get the objections, but the alternative isn't really an improvement.
I've been thinking about this as a thought experiment lately.
Let's say there's two versions of the car. Higher spec has heated seats, lower spec doesn't. Let's say it's a $1000 price difference.
At what point below are you ticked off ?
Level 1: The higher spec car has the physical seat heaters, all the wiring, all the plugs and all the software. The lower spec car has none of that.
(I think this is how cars have always been sold, so it's "normal" and "acceptable" and nobody would complain - they paid $1000 less and got less features.)
Level 2: The lower spec car has the physical seat heater inside the seat, but none of the wiring, plugs or software to make it function. (It was cheaper for them to just build the seats with the heater in there, so they did, but it will never "work")
Level 3: The lower spec car has the physical seat heater inside the seat and some wiring, but the main loom doesn't have provision for the high current draw, so it can't work.
Level 4: The lower spec car has the physical seat heater inside the seat, all the wiring, but none of the plugs to actually connect it.
Level 5: The lower spec car has the physical seat heater inside the seat, all the wiring, all the plugs (so all the physical hardware is there), but the software to turn it on is not present / not licensed.
(Note: If you got ticked off at level 5, it's pretty much like buying a brand new MacBook and being ticked off that it can theoretically run Final Cut Pro, but you have to pay to make it work. Surely you gotta pay for software ? )
Level 6: The lower spec car has the physical seat heater, all the wiring, all plugged in, all the software, and a setting added (for extra production cost) that makes it not work and can't be changed by the car owner.
We are talking about this one. The entire thread is about this one, and none of your options even passed through the conversation.
This is identical to 5, in my view. Its not licensed. Is anyone upset that if you download a version of software that has a "basic" and a "premium" version, but the premium costs more money, that you don't get the premium functionality? Just like you "can't change" whether you get premium functions if you don't pay for it, the same could be said for fsd or seat heaters.
I disagree with the premise of locking someone out of something they physically own. You HAVE the seat heater in your car, the wiring works, you just aren't allowed to turn it on. I don't see this as the same as a basic vs premium version of a piece of software. The person owning the car owns the heater, the car, the wiring, they have to pay the miniscule extra cost of carrying that hardware around in their car. If Tesla offered to remove it at no cost if the car owner didn't want to pay the fee, I'd have no issue.
Where do you draw the line?
Next they'll be making you pay a fee to use low gears, or a power steering fee, a radio listening license, a Bluetooth permit, a reverse allowance, power window season pass, air condition authorization.
You HAVE the code for the premium software. It exists. The code all works. You downloaded it when you downloaded the basic package. You pay the minuscule extra cost of downloading and installing the extra code you don't use.
That argument doesn't hold up. Nobody should claim they are entitled to the premium features if they only have the basic license/software.
I agree that I don't want death by a thousand subscription fees, but this isn't exactly the same situation here. BMW's offerings is. Frankly, if BMW offered it with only the one-time charge, I'd consider it similar.
>You pay the minuscule extra cost of downloading and installing the extra code you don't use.
This really is where I have the issue. If I have to pay for my ISP to allow me to access the internet and use my bandwidth to download it, my power bill to allow my PC to install it, use up my storage space to host the software, then I should be able to do whatever I want to/with it and you shouldn't hinder me from doing so.
If I have to pay a fee for premium, and then additional components are downloaded and installed, fair game.
I wonder if there's any law that covers such a scenario, aside from EULA allowing the software dev to do what they want as long as the user agrees.
Level 5 is exactly where it bugs me. Levels 1-4 are all concrete (if marginal) cost savings as compared to the full version. But your level 5 means someone spent _extra_ money and engineering time to make something _less_ functional.
None of the levels you mention (until Level 5) operate any differently from this feature. In any of those cases, if I replace the missing parts, I get my heated seats. I would be ticked off if Level 2 had physically integrated seat warmers had some protection people could not work around so they had to cut out and replace the seat warmers.
Level 5, and this case, all I'm doing is adding the missing component. A flag or something.
Yeah, I don't get the outrage. People should be happy because it allows people to hack the software and get heated seats, assuming they are ok voiding any warranty.
I mean honestly level 1 is frustrating when the cost is negligible or for safety. Plus it isn't like you can choose which features you get, and it is not like the seat costs 1000 dollars to heat. Somewhere between 3 and 4 should have legislation against it. (Also level 5 isn't like final cut pro not being installed, it's like Apple blocking port 22 unless you pay for a special developer license)
I won all my groceries, but once I consume them, they still turn to shit.
-
I think we need to hold all EV companies "responsible for their shit"
So, if you buy a tesla - only tesla should be responsible for recovery from every crash and and turn in.
Thus the environmental impact due to the heavy metals and all the plastics made are sole responsible from a closed, boring lopp to hyper the link to the fact that all these materials were made by stars. X.
Does enabling FSD come with any liability / terms of service? If it is backdoor enabled and the vehicle crashes, what is Tesla's liability? If the OTA patches to the system are needed and the car is running the base, unupdated (buggy) build, what is Tesla's liability?
Alternatively, if a vehicle is running software that hasn't gone through Tesla's subscription how much of the liability for any software problems will Tesla be able to transfer to the vehicle owner?
Hypothetically, if Tesla were licensing 3rd party software and that license was based on installed uses and Tesla was reporting the subscriptions for FSD (rather than sales of the vehicle), what would enabling the software open up Tesla to? Would Tesla then be able to sue the person who unlocked it for the additional licensing costs they incurred?
> There are few federal laws addressing automated driving. So, Mercedes Vice President of Automated Driving George Massing tells R&T, “we will probably have to deal with each individual state.” But the company plans to accept legal liability for what the car does while Drive Pilot is engaged.
As far as I can tell there still isn’t some webpage where you can submit a claim to Mercedes-Benz for a failure of their self-driving tech…
> Since they are technically right, as autopilot disengages before.
> To ensure our statistics are conservative, we count any crash in which Autopilot was deactivated within 5 seconds before impact, and we count all crashes in which the incident alert indicated an airbag or other active restraint deployed.
I think the mercedes taking responsibility thing was at least partially clever marketing. there are really extreme limitations last I saw, which honestly is understandable.
I'm not a Tesla fan, but Mercedes doesn't have a fleet anywhere near Tesla's. This is a well-run marketing campaign to try to get Tesla to also accept responsibility and bring prices up, IMO. Mercedes isn't really accepting liability for shit at this point, because they only have like one car with level 3 and it's a super top trim and there won't be very many people using it. Once they have a large amount of vehicles out there with this tech, then we'll see what they really accept responsibility for.
> to try to get Tesla to also accept responsibility and bring prices up
If Tesla actually believed that their self-driving works (which they unequivocally and demonstrably don't, as their refusal to accept liability indicates), then it would cost them virtually nothing to accept liability.
Every company that offers self-driving should accept liability to prove that they have faith in their system, and we shouldn't allow any self-driving system on the road for which this isn't the case.
Except history hasn't really played out that way. Less serious but Grand Theft Auto had a sex game added to one of their titles that wasn't supposed to be accessible by gamers. People figured out how to unlock it using a modified save file. This ended up in all sorts of legal liability to the company: https://en.wikipedia.org/wiki/Hot_Coffee_(minigame)
Hot Coffee is and was an absurd case with absolutely no merit behind it.
It only became a large issue because it was a social fad for politicians and mass-media to dogpile "evil gaming companies corrupting poor mindless children", and Rockstar in particular with the GTA series was one of the most popular targets of said social fad.
So if you're using unlocked a version of FSD that has been recalled and don't get an OTA update then any and all faults that may be traced back to FSD even if it was clear that this is a bug in the software (e.g. the reason for the recall) the vehicle owner has full liability?
Software is a legal grey area as others pointed out. In your example, the vehicle owner modified the software version and used an unsupported one. The manufacturer cannot be liable when there is no legal contract.
The problem here is that this is functionally similar to using an outdated version of photoshop but the consequences are vastly different.
I'm ok with charging subscription fees for services with ongoing costs (things like cell connectivity for remote monitoring or something), and I'm ok with charging one time fees for unlocking features that are already there, since it allows for price discrimination, cheaper and more efficient manufacturing, and better prices to the customer overall (potentially at least). But the flip side of that is that...if you put it on the car that the customer bought, and they figure out how to unlock it.....well good for them and sucks for you. This kind of thing _should_ 100% be legal (if it isn't already, and my understanding is that it is). If you want to _100% guarantee_ that they don't get a feature without paying for it, then I guess pony up for the more complicated manufacturing process where it isn't installed on some models.
As for "they didn't pay for the license"....no....you gave it to them without asking them to sign a license agreement. They paid you money, and you gave them a product. How they use it is up to them.
So contract law and copyright aren't a thing because people don't want it to be? You own the hardware (you can shuck the car, part it out, mod it), you don't own the code it runs. By all means, root the car and take the features you want, but don't be shocked when Tesla either a) nukes the features remotely or b) sues you. You are taking issue with an existing legal and contract law framework. No one is forcing you to buy a Tesla and be bound by agreements with them around their IP. Would you support a software company nuking someone's license to operate their software remotely if the customer defeated a license module they didn't pay for?
(registered security researcher for my rooted Teslas)
Contract law is running afoul of the first-sale doctrine here. Tesla can not enforce many clauses in a potential contract or license via the legal system, so it's not as cut-and-dry as "you don't own the code".
Copyright has zero application here unless you redistribute Tesla's code or binaries. Reverse-engineering is a legal practice (in US law, at least).
> Copyright has zero application here unless you redistribute Tesla's code or binaries. Reverse-engineering is a legal practice (in US law, at least).
Reverse engineering to utilize software you didn't pay for and don't have a license or some other legal authority to use is unlikely to pass muster legally, versus for interoperability purposes.
Tesla can't sue you if you splice a switch into the seat heater relays! I don't know if that's a good idea. Or maybe they thought of that and they don't turn on unless there's some of key exchange.
That's BMW, not Tesla. Tesla only offers subscriptions for premium mobile network connectivity and FSD. A quality rocker switch would meet your needs for the BMW seat heater use case.
EDIT: I stand corrected. It appears there was a window of time where Tesla offered rear heated seats as an upgrade on a base trim standard range Model 3.
The cheapest Tesla's offered a one time unlock for rear seat seat heaters. Not any different from bmw, except bmw also offered a subscription option (bmw also offered a lifetime unlock... at a much higher price).
> Using a copyrighted work without license is copyright infringement
Only for the kinds of “use” that involve the exclusive rights of the copyright owner (“use” generally does not), and even then not always, because there are exceptions to copyright.
I'm not sure how contract law is relevant at all. As for copyright, they aren't copying or distributing it in any way. If you give me the code on it, I am allowed to execute it as I see fit. The only way I see copyright issues is if they weren't actually shipping the code and I had to pirate it and side load it. Which is a completely different issue than is being discussed.
If you sell me a book, I'm not allowed to copy that book and sell those copies. I am allowed to chop it up and and repaste my own copy however I see fit.
If I'm wrong and current copyright law does not permit this kind of thing, then current copyright law is bad and should be changed.
I'm fully supportive of someone going to court and finding out what happens when they do this. It is far more valuable than wild speculation. Copyright law is bad and should be changed, but that is unlikely a winning defense in the course of a civil suit (or criminally, if prosecuted for DMCA violations, such as circumvention of digital mechanisms for access control per 17 U.S.C. § 1201(a)(1)) [1] [2]. I am fairly confident (not an attorney, not your attorney) this applies to access to Tesla's FSD digital work.
[2] https://www.law.cornell.edu/definitions/uscode.php?width=840... (circumvent a technological measure
(3) As used in this subsection— (A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and (B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.)
> This kind of thing _should_ 100% be legal (if it isn't already, and my understanding is that it is).
It may fall afoul of the (terribly written, but still law) Section 1201 of the DMCA, if it's arguable that the circumvention provides access to computer software (and I think it is arguable).
I agree that this should be legal, but I'm not nearly as convinced that it is legal currently.
Agree with this. The DMCA makes stuff like this illegal.
Recall that when CD copy protection was starting to be deployed, you could negate it with a black marker. The DMCA then made black markers illegal, because it bans "tools which may be used to circumvent copyright" as well as the "circumvention of copy protection measures". (Not that anyone tried to enforce it, but the letter of the law was pretty clear that black markers were then illegal to possess)
The DMCA should be amended or revoked to make these shenanigans no longer enforceable.
> but the letter of the law was pretty clear that black markers were then illegal to possess
That is wrong. It's legal to possess a hammer but illegal to bash someone on the head with one. It was legal to possess a black marker and arguably illegal to use it to circumvent copy protection.
>"As for "they didn't pay for the license"....no....you gave it to them without asking them to sign a license agreement. They paid you money, and you gave them a product. How they use it is up to them."
That's not true and it's most definitely not a valid legal position to take in defense
The entire concept of "intellectual property" is an attempted theft of our own physical property, and I for one don't appreciate it. I understand that my values on this don't align with much of the rest of the legal systems of the world, but the absurdity of intellectual property is never more clear than when some far away company attempts to assert ownership over something that you use every day.
The article claims this is not patchable but it also says that the hackers have not yet unlocked FSD with this technique. I strongly suspect that the “unpatchable” part would not apply to any potential FSD unlock because of the large amount of server-side functionality involved for FSD. Server side components aren’t going to be easily fooled by a car-local exploit.
Knowing Tesla, even if they can’t patch the vulnerability OTA I would be very concerned about their being able to detect the use of this bypass and remote-brick cars in response until the customer agrees to bring their car in for a hardware patch.
Edit: a now-dead reply says there is no server side functionality whatsoever for FSD. I don’t own a Tesla but find it very unlikely that FSD has not even usage telemetry in what are otherwise highly connected cars.
Hmm, is the code already present? Would enabling it be putting unexpected load on Tesla's servers? If it's just a local feature (like the heated seats) that's shipped turned off, I'd say enabling it doesn't feel especially different to me (trusting it to drive you around of course is different).
Self driving has an ongoing cost to Tesla for them to keep it updated and to improving upon its performance.
It’s only a subscription because it doesn’t make financial sense to purchase it outright for $15k up-front (with a 6% interest rate, you’d need to own the car for 102 months to pay less than paying for the FSD subscription for those 102 months, and it costs more per month in your loan than the subscription https://docs.google.com/spreadsheets/d/e/2PACX-1vSjfzhdfj0FU... )
Sure, though that highlights why someone would be interested in unlocking it (even without updates going forward). Personally I think I'd want mission-critical sw to be as current as possible, I can see someone arguing they should be able to run what's already sitting there on the computer in their car.
the software stack is different as far as I know. if you buy FSD and sign up for the beta program, you get a fairly massive software package downloaded. it is not instant and already on the device.
of all the things to hate about elon, tesla, and this whole concept of locking down features in a car, FSD really isn't one of them, as its just a software issue and its a totally separate package that isn't core to the operational capability of the car's components.
i dont have a settled opinion on software unlockable stuff. in general i think users should be able to hack it without repercussions. however, thinking about the concepts you present i had some hypotheticals. if tesla does all the self driving processing outside the car, it feels a little reasonable to pay them for their processing. but what if they just moved the heat seating processing out of the car (comparing the actual temperature to the desired temperature and modulating the power) ? that would seem unreasonable to me because the car is fully capable of doing it. So then what if tesla ships an intentionally terrible processor so that most data processing happens outside the car ? maybe it's reasonable again . ..
Here's my attitude: The consumer should have complete control over any hardware and software in any product they buy.
If a manufacturer wants to lock features behind a paywall, that is fine. However, they shouldn't be allowed to complain when consumers modify the thing they bought to get around that paywall. If Tesla really wants to make sure absolutely no one gets FSD or heated seats without paying, then they should make a point of only including the relevant hardware or software in the vehicle at the time of purchase.
Yep, there would be issue at all if they sold the car and you install FSD with a download and a license key but if it comes with the car that's on you if/when the owner breaks the lock they own to access it.
If you sell me a house with a safe in it and want to charge
me for the code that's fine, but if get a welder to just break the door open you have no right to tell me no.
in general you would think this is just a DRM race then between tesla and unlockers. however, with so many of tesla's features existing outside the car, tesla has a lot of leverage. a music cd or blu ray is generally finished content. a tesla is constantly getting software patches and most owners use the app which i'm sure is going through teslas servers
is it reasonable for tesla to lock you out of the app or software updates if the software hash doesn't match what they provide ? would it be okay for them to void the warranty if you run software they didn't provide ?
> is it reasonable for tesla to lock you out of the app or software updates if the software hash doesn't match what they provide ?
Of course, and I don't think anyone here is arguing against that.
> would it be okay for them to void the warranty if you run software they didn't provide ?
There are laws governing this exact thing (in the US it's the Magnuson–Moss Warranty Act), and in general Tesla would have to prove your unauthorized modification caused the failure which you're claiming under warranty.
Haven’t we already been through this type of shit with EA?
Back in, I think it was bad company 2, EA delivered content on disk, but locked it behind a paywall. Then they got their wrists slapped for locking already available content behind a paywall.
Softlocking hardware that exists in the car (heated seats) behind a paywall seems to be the exact same thing, and is not legal everywhere.
Arguably you didn't buy it. Sure you physically own the hardware but you didn't pay for it.
Depending on how you look at it the hardware was paid for by:
1. Tesla as a "marketing" expense. They expect that the $50 of hardware will make a significant number of people pay $500 for the feature. If 1/5 people upgrade that is an expected return of $100 for that $50 marketing cost.
2. The people who purchase the heated seat upgrade. It was more cost effective to install the hardware in all cars than to set up a second production line. So if 1/5 people buy this package their effective cost is $250 ($50 * 5 cars) and $250 is Tesla's buffer + profit margin. So the people who pay for this package effectively pay for the hardware in all cars.
If you enable this feature for all users both of these no longer exist. So the effective cost goes up which would likely raise the price. (Yes, I know that cost and price aren't directly related).
Okay great, but now the lowest cost of the car is an extra $10k because the manufacturing just got a lot more complicated as a result of not being able to build every car the same way.
This is naive. Tesla isn't selling the base model below cost. If they did, then Tesla would be wiped out unless people shelled out for the extras, because they'd be losing money on every car sold.
Instead, what's happening is that the current price fully reflects the cost of production, and holding the extras hostage is pure gravy.
Then customers have the choice to purchase a vehicle from a manufacturer with more scruples who is willing to sell those features without charging to "unlock" them.
"Hacking" carries quite a lot of negative connotations in most realms. These are people making sure you are able to make full use of your own stuff. There shouldn't be anything contentious about that.
"Freedom fighters" has a lot of negative connotations in many realms as well. It evokes images of rebels using violence to push some political agenda. Sometimes for worthy causes, sometimes less so.
While I agree with that image problem (I couldn't come up with any that didn't have it, and at least this one is descriptive)... I feel pretty confident claiming that "hackers" carries clearer and more consistent negative connotations to the general public (definitely not HN though).
We don't care about any of that; we just care about HN discussions being fresh and interesting vs. tedious and boring. Generic flamewar tangents are the latter, especially when they're re-repeated as often as this one has, so please don't take threads in those directions.
If you have a substantive point to make about resale value, or something like that, that's totally fine, as long as you do it in a way that isn't flamefodder/snark/name-calling.
Who cares about upvotes/downvotes.. and I agree, Tesla is just meme hype, and for that reason I will never buy “smart” car that spies on me and my family, while these videos are shared as a joke among Tesla employees.
Let's say you have a Tesla, but you didn't buy the "full" self driving package. You sell your Tesla to a third-party. Tesla (of course) resets the system to disable "full" self driving, but you have the tool to activate it so you turn it on for the new owner. Presumably you received money in exchange for the vehicle, as is traditional in our culture. You take some of that money and buy a 1958 Dodge D100 pickup truck and the Hayes Manual so you know where the spark plugs go. You use the remainder of the money to purchase a mix of mutual funds, Ford Motors stock, artwork by mediocre, yet somehow popular modern artists and maybe a crate of 2018 red wine.
In 10 years you still have the D100, though you have spent more money on spark plugs and air filters than you would have imagined possible. The Hayes manual is covered with grease stains so it is no longer re-sellable. The Ford Motors stock has (of course) tanked, but it allows you to justifiably rant on internet message boards. The artwork has appreciated and you recently sold it to a European collector for a profit. The red wine would have appreciated in value, but by this time you've drunk all of it.
Care to elaborate without this much analogy? I suspect you're trying to say the value of a Tesla ain't going to be there in 10 years, but I'm not quite sure that's true.
Am I the only one who thinks it's incredibly irresponsible to disclose this without going through proper channels first? They claim this hack unlocks a host of other features. Seems like a great way to get a bunch of people messing with their cars which could lead to all kinds of catastrophic consequences.
I don't think anyone's taking a soldering iron to their on-board computer in a standard ICE vehicle. The fact that tesla has vehicle control code running on it (beyond your typical lane assist) makes this infinitely worse. Or am I missing something? I get that people disagree with these features being locked down and I agree. My point is this isn't like changing a cold air intake in your ICE car. This can have you go into a fucking wall at high speeds.
There's no reason to limit the components people can tinker with to electronics! Everyone is free to (attempt to) replace their brake fluid - or repair the brakes - which can cause disaster at high speeds if not done correctly. I'm yet to hear anyone asking for access to vehicular hydraulics to be locked down in order to protect people from themselves.
The part they're messing with it's "just" the infotainment system. The autopilot system and a lot of other things are "protected" by a gateway.
You'd still need Tesla's signing key to rewrite the Autopilot software or mess up some more important components.
Now, the CID is still coordinating some parts of it - but AFAIK the car works also without that, to the point that you can simply reboot the infotainment system without losing control of the vehicle / Autopilot
No, fuck that. Tesla is locking people out of their own cars' features. Being allowed to mess with your own car is one of the privileges of owning a car.
Buried in the article is the claim that this will let them pull the RSA private key the car owns out for other uses -- while this is likely to remain a very niche attack vector, that's got to be really bad news for someone in vehicle security at Tesla. On the other hand, post jailbreak you could anonymize your location on Tesla's servers, which would be nice.