The engineers and managers responsible for this should spend the rest of their lives in prison, or be executed.
We do not want people willing to do this in society. It's obviously reckless and evil.
Quite likely this would mean the end of Subaru as a functioning company – good chance that knowledge and involvement of this goes all the way to the C-level management. That's fine. Fuck them.
Monday edition of *Car privacy is an absolute nightmare*:
Subaru's employee portal holds a year's worth of location data for all internet-connected cars. 
We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.
Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.
I seriously doubt any owner has a clear idea that this data is being collected on them.
But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)
Literally no car owner has asked for their whip to be turned into a surveillance portal.
And yet..
Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.
Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things.
Reading list:
The Subaru research: https://samcurry.net/hacking-subaru
News report on it: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
Mozilla Foundation's key investigation into car privacy: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
View quoted note →
Subaru's employee portal holds a year's worth of location data for all internet-connected cars.
We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.
Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.
I seriously doubt any owner has a clear idea that this data is being collected on them.
But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)
Literally no car owner has asked for their whip to be turned into a surveillance portal.
And yet..
Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.
Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things.
Reading list:
The Subaru research: https://samcurry.net/hacking-subaru
News report on it: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
Mozilla Foundation's key investigation into car privacy: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
