FordPass & PAAK use cancelled unless you give away ALL personal and real-time driving data ?!

breeves002

Well-Known Member
First Name
Sam
Joined
Feb 21, 2021
Threads
90
Messages
1,731
Reaction score
3,548
Location
St. Louis, MO
Vehicles
2021 Mach-E GT PE
Country flag
Dan, thank you for the laughs. Finally read through all of this.

Unplug the TCU and live with it if you're that scared or sell the car. Ford isn't nefarious, they're not selling your data, everyones made all these points but hell I'll throw my hat in the ring too.

Enjoy the car, life's too short to worry about a non-issue. What conspiracy theories do you believe in out of curiosity?
Sponsored

 

21st Century Pony

Well-Known Member
First Name
Martin
Joined
May 21, 2022
Threads
31
Messages
1,702
Reaction score
1,755
Location
Arlington, Virginia
Vehicles
Ford Mustang Mach E 2022 Premium AWD ER
Country flag
A practical observation: there is a modem in our cars, easily accessed by pulling out the lower trim panel on the left (driver's side in North America) cargo trim wall.

The modem lives directly above the center of the wheel / rear axle. It is the highest-placed of several modules on that metal wall. It's the big black box with the large white label in the attached picture. I found it while installing the Ford of Europe tow trailer control module, the white one in the far lower left corner.

It has easy plug & play connectors and a label which identifies it as a modem.

I have no idea whether this is the only modem built into the Mach E.

"Disconnect at your own risk and consequence".

Of note, the two white protruding bolts in the lower center of the wall MAY BE the mount points for the missing front cargo net ring in our North American Mach Es... a member in Europe is working with me to confirm that the missing (cheap) part, available in Europe, will indeed work for us. TBC...

20230124_155328.jpg
 

Space Ghost GT

Well-Known Member
Joined
Aug 4, 2022
Threads
2
Messages
164
Reaction score
155
Location
Delaware Ohio
Vehicles
GLE 450, space white GT received 11/04/22
Occupation
Nerd
Country flag
my phone provider is not threatening me with denial of service if I opt-out, and it is possible to opt out...

This new TOS looks like Ford is not honoring Settings allowing opt-out of transmission of personal data while retaining existing functionality. That's not hilarious to me.
Sounds like someone has top secret gov documents that tripped and fell into his filing cabinet. Hilarious
 

Ride_the_lightning

Well-Known Member
Joined
Jul 11, 2021
Threads
6
Messages
546
Reaction score
1,070
Location
Midwest
Vehicles
Mach E Premium SR AWD
Occupation
Engineer
Country flag
While I agree it’s the world we live in, here is what grinds my gears. Example: on my last car I could remote start by holding a button on the key fob. On my MME, in order to use remote start I have to give up all semblance of privacy and agree to use FordPass. The choice I would prefer is to have the old way, but keep my privacy, or the new one, and give it up. But we don’t have that choice, because all OEMs are doing the same thing. So now the choice is new tech (and zero privacy) or no tech. And it’s because the USA has absolutely zero useful data privacy laws.

We as consumers don’t really have a choice until laws reign in these practices. IMHO regulations should put some reasonable obligations on companies to design features in a way that doesn’t require giving up data. I’m an EE. So many features now “require” complex, data-heavy cloud services that could easily be accomplished cheaply with simple local hardware or a cheap embedded chip. But the design process is “how can we get access to even more private customer data” instead of “how can we best accomplish a task for our customers in a way that provides the functions they need while limiting the personal data they give up to so it.”

FordPass and a cloud connection are only required for PAAK because Ford designed it that way. I’m sorry, but “we need to watch you cause security” is a lazy excuse to not design something well. There is no reason they couldn’t design an app that’s completely offline with no cloud connection, you know, like back before 4G connections were ubiquitous. If a vulnerability is found, then push an update. I even remember when I could use Microsoft office without a cloud connection!
 

Mockey313

Member
Joined
Jun 7, 2021
Threads
0
Messages
8
Reaction score
1
Location
Detroit
Vehicles
2021 Mach E.
Country flag
The insure option is a wholly separate option / function. It's got its own slider. Ford does jack shit if your vehicle is stolen as others here have posted in regarding to a theft of their MME.
Insure has its own slider. What would happen if you had the Insurance slider on but turn off share vehicle data/analytics? Would the vehicle continue to send data? The answer is yes. But, the data would only be seen by the insurance company. A FordPass guide or dealer wouldn't be able to see it.

That's why the TOS says that they can override the settings for instances where your options present a conflict. Otherwise, you would automatically be unenrolled from the insurance program as soon as you turn off share vehicle data/analytics.
 


OP
OP
dtbaker61

dtbaker61

Well-Known Member
First Name
Dan
Joined
May 11, 2020
Threads
104
Messages
3,974
Reaction score
3,646
Location
santa fe,nm
Website
www.envirokarma.org
Vehicles
MME (delivered 2/26/21), DIY eMiata BEV
Occupation
Solar Sales/install
Country flag
Dan, thank you for the laughs. Finally read through all of this.

Unplug the TCU and live with it if you're that scared or sell the car. Ford isn't nefarious, they're not selling your data, everyones made all these points but hell I'll throw my hat in the ring too.
But this TOS basically reads 'all the toggles on screen that look like you can choose to export real-time data or not don't mean jack shit, Ford gets ALL the data regardless if you use FordPass, and can do what ever we want to with it'.

Enjoy the car, life's too short to worry about a non-issue. What conspiracy theories do you believe in out of curiosity?
I do enjoy the car, and I would like to continue using PAAK. I am not a subscriber to any conspiracy theories, nor am I concerned in specific about my personal driving habits being sold to my Insurance company because I do not have a Policy that gives 'safe driver habit points'.

The main thing that pisses me off about this is that the Privacy Settings toggles available apparently are completely meaningless and do not actually prevent export of data as they appear to, and that toggling 'auto-update=off' doesn't actually prevent OTA without knowledge or consent.

The second thing that pisses me off about this is that @Ford Motor Company is using our data for their purposes and profit, but NOT using remote access to sensor data and DTC when it would help Owners.

One Case in point being the HVBJB code verification process. Ford has had the ability to verify error codes all along, but requires Owners to schedule appointments for FDRS reads before they will initiate parts shipped to Dealer Service Inventory.

Second case is stolen car recovery.... has Ford helped, or ignored requests to find cars reported stolen?
 
OP
OP
dtbaker61

dtbaker61

Well-Known Member
First Name
Dan
Joined
May 11, 2020
Threads
104
Messages
3,974
Reaction score
3,646
Location
santa fe,nm
Website
www.envirokarma.org
Vehicles
MME (delivered 2/26/21), DIY eMiata BEV
Occupation
Solar Sales/install
Country flag
While I agree it’s the world we live in, here is what grinds my gears. Example: on my last car I could remote start by holding a button on the key fob. On my MME, in order to use remote start I have to give up all semblance of privacy and agree to use FordPass. ... instead of “how can we best accomplish a task for our customers in a way that provides the functions they need while limiting the personal data they give up to so it.”

FordPass and a cloud connection are only required for PAAK because Ford designed it that way.
exactly
why doesn't PAAK just look at some unique id of the phone via BT upon proximity approach once it's been configured? why rely on cloud, FordPass App and communication to FordPass server for local operation of the vehicle?
 

macchiaz-o

Well-Known Member
First Name
Jonathan
Joined
Nov 25, 2019
Threads
168
Messages
8,157
Reaction score
15,299
Location
🔑 ]not/A/gr8'Place.2.store-mEyePassword[ 👀
Vehicles
MY21 J1 Premium RWD SR
Country flag
Unplug the TCU and live with it if you're that scared
What about the super secret backup TCU? (I heard it's inside one of the large contactor cans, inside the backup HVBJB.)

The insure option is a wholly separate option / function. It's got its own slider. Ford does jack shit if your vehicle is stolen as others here have posted in regarding to a theft of their MME.
Second case is stolen car recovery.... has Ford helped, or ignored requests to find cars reported stolen?
Yes, Ford cooperates with legitimate law enforcement requests. For example,

https://www.macheforum.com/site/threads/my-mach-e-was-stolen.10945/post-274335
 

bbulkow

Well-Known Member
First Name
Brian
Joined
Aug 30, 2022
Threads
13
Messages
325
Reaction score
199
Location
menlo park, california
Vehicles
Honda CRV, Porsche Cayman S
Country flag
Hi. I have worked professionally on digital privacy at a very large company that has deep interest in privacy. Here's what you do.

1) Stop arguing about what the TOS says. Download it and post it and highlight the areas that are of concern. If these aren't available on the website where downloading is easier, or there is no download button on the ford app, this alone is a serious reason for complaint. I'm going an looking for it right now.

2) I agree that, if the agreement as as you say, wholesale sharing of fine grained location and speed data is not OK with me (don't use the word "real time" it's not what you care about: the term of art is "fine grained"). Personally, I am probably OK with ford having the data for product improvement, but not for any other purpose. I also strongly agree that there should be a way to use PAAK without signing up for fine-grained data capture and use; it is a feature we paid for with a particular privacy guarantee.

3) I assume you are in the US. The covering regulatory body is the FTC. The current FTC has a very high level of diligence in this area. They do a lot of things quietly: essentially, they send letters to companies saying "wouldn't you rather fix this than have a public investigation" and things get done. Or not, and there is a public investigation, then there are concequences. They've been turning up the knob on consequences: go look at the numbers for COPPA violations, it'll run into +10B / year for a large company, and that'll sting. I know Ronald Regan amplified our huge skepticism over government doing something good, and the FTC is not fully awesome, but you might be surprised if you heard what's really happening (of course I can't tell you the stories I know so don't ask).

4) Press matters. The FTC has a lot of latitude, and major press gets good pickup in articles like this, and the FTC pays attention. "Is Ford selling your speed and location data?" that's an article that would get clicks. Take a version of your FTC writeup, make it more popular, and send it to the tip lines of every major news source you can think of. Since Ford is an American icon, you expect "liberal" press like NYT to pick this up, not so much "Fox news". WAPO doesn't love this kind of article. Do send it to tech oriented outlets like Ars Technica, because large sites watch small sites like that and amplify a few weeks later. Ars should love this story, partially because of the narrative "non-tech company pulls a fast one that Google, Facebook, Apple couldn't due to bias"

TL;DR - download the revised TOS "privacy agreement". Write up your case, and take the time to revise and think (write it in a document). Send your complaint to the FTC and major news sites.

While this might seem to fly into the void, and you can request followup, you might not get any, and you might or might not see an impact in a better written TOS 6 months from now.

Thank you for bringing this up. I'll go get a download going myself.

PS. If you ask the question "how would Ford make sure data is used for only the legally allowed purpose", this is an area of current technical innovation, and the FTC has technical people who audit the technology in companies like this to make sure they are doing what it says on the tin. While they can't cover every bolthole, they're trying, and technologists are working on the core issues (which are mostly issues of large scale cryptography). I'd like to keep the pressure up.

PPS. There never was any way that PAAS data recorded would not be available for subpoena. The carve out for "legitimate law enforcement" will always be there, don't try tilting against that windmill, it'll take the air out of your sails for the solid argument that Ford shouldn't use this data for other purposes.
 

Gimme_my_MME

Well-Known Member
Joined
Oct 12, 2020
Threads
11
Messages
1,716
Reaction score
5,451
Location
Dearborn
Vehicles
Grabber Blue First Edition Mustang Mach-E
Occupation
Engineer
Country flag
OP
OP
dtbaker61

dtbaker61

Well-Known Member
First Name
Dan
Joined
May 11, 2020
Threads
104
Messages
3,974
Reaction score
3,646
Location
santa fe,nm
Website
www.envirokarma.org
Vehicles
MME (delivered 2/26/21), DIY eMiata BEV
Occupation
Solar Sales/install
Country flag
1) Stop arguing about what the TOS says. Download it and post it and highlight the areas that are of concern. ...
done, trimmed version of what I am personally concerned about I attached to the top post. I followed the link to a viewable version online, but Ford did not make it easy to download.... I'll attach the full .html to top post as well.

2) I agree that, if the agreement as as you say, wholesale sharing of fine grained location and speed data is not OK with me
not only granular data, but can be combined with personal identifiers like name, address, email and ANY other data Ford has .

I also strongly agree that there should be a way to use PAAK without signing up for fine-grained data capture and use; it is a feature we paid for with a particular privacy guarantee.
thanks for seeing the validity of my concerns

I do not have the time to take this to FTC or social media beyond posting here and hoping someone else has the time and interest.... or Ford will evaluate the pushback and volunteer a less draconian approach to get us to accept FordPass TOS and retain use of PAAK at the very least.
 

Space Ghost GT

Well-Known Member
Joined
Aug 4, 2022
Threads
2
Messages
164
Reaction score
155
Location
Delaware Ohio
Vehicles
GLE 450, space white GT received 11/04/22
Occupation
Nerd
Country flag
Umm PAAK has to be linked to the cloud along with the car. Why? Well you’d have to keep your phone in a faraday cage with your key fob so someone with Bluetooth scanner doesn’t just drive off with your car in the grocery store parking lot. A singular code for PAAK is just about the worst security idea ever. But hey restore a model T and be happy with all that privacy.
 

21st Century Pony

Well-Known Member
First Name
Martin
Joined
May 21, 2022
Threads
31
Messages
1,702
Reaction score
1,755
Location
Arlington, Virginia
Vehicles
Ford Mustang Mach E 2022 Premium AWD ER
Country flag
Umm PAAK has to be linked to the cloud along with the car. Why? Well you’d have to keep your phone in a faraday cage with your key fob so someone with Bluetooth scanner doesn’t just drive off with your car in the grocery store parking lot. A singular code for PAAK is just about the worst security idea ever. But hey restore a model T and be happy with all that privacy.
No evaluation or tech judgment on THIS technology here... this proposed tech solution came to my attention several years ago because of the somewhat er.... "law-less" environment in that coutry, from the point of view of a common citizen's search for protection of personal assets like cars.

Here is tbe URL:
https://www.ucdsys.ru/?page_id=1335&lang=en
 

Ride_the_lightning

Well-Known Member
Joined
Jul 11, 2021
Threads
6
Messages
546
Reaction score
1,070
Location
Midwest
Vehicles
Mach E Premium SR AWD
Occupation
Engineer
Country flag
Umm PAAK has to be linked to the cloud along with the car. Why? Well you’d have to keep your phone in a faraday cage with your key fob so someone with Bluetooth scanner doesn’t just drive off with your car in the grocery store parking lot. A singular code for PAAK is just about the worst security idea ever. But hey restore a model T and be happy with all that privacy.
Then Bluetooth isn’t the right technology for PAAK. Fact is, wireless key fobs exist and aren’t cloud connected. My phone can also be an NFC credit card. Either use a secure technology or don’t. But don’t remove features I used to have on my key fob and replace them with an insecure Bluetooth app, then tell me you have to spy on me in order for it to work.
 
 




Top