772 comments

[ 1.8 ms ] story [ 843 ms ] thread
Good. People who buy things should own the things they buy.
But they don't own the license to use the software (Full Self Driving). I agree with you about the heated seats though.
Hmm, is the code already present? Would enabling it be putting unexpected load on Tesla's servers? If it's just a local feature (like the heated seats) that's shipped turned off, I'd say enabling it doesn't feel especially different to me (trusting it to drive you around of course is different).
(comment deleted)
i dont have a settled opinion on software unlockable stuff. in general i think users should be able to hack it without repercussions. however, thinking about the concepts you present i had some hypotheticals. if tesla does all the self driving processing outside the car, it feels a little reasonable to pay them for their processing. but what if they just moved the heat seating processing out of the car (comparing the actual temperature to the desired temperature and modulating the power) ? that would seem unreasonable to me because the car is fully capable of doing it. So then what if tesla ships an intentionally terrible processor so that most data processing happens outside the car ? maybe it's reasonable again . ..

no point to this, just thinking out loud

Software lockable stuff sounds like in-app purchases. Should unlocking this content become legal ?
Self driving has an ongoing cost to Tesla for them to keep it updated and to improving upon its performance.

It’s only a subscription because it doesn’t make financial sense to purchase it outright for $15k up-front (with a 6% interest rate, you’d need to own the car for 102 months to pay less than paying for the FSD subscription for those 102 months, and it costs more per month in your loan than the subscription https://docs.google.com/spreadsheets/d/e/2PACX-1vSjfzhdfj0FU... )

Sure, though that highlights why someone would be interested in unlocking it (even without updates going forward). Personally I think I'd want mission-critical sw to be as current as possible, I can see someone arguing they should be able to run what's already sitting there on the computer in their car.
the software stack is different as far as I know. if you buy FSD and sign up for the beta program, you get a fairly massive software package downloaded. it is not instant and already on the device.

of all the things to hate about elon, tesla, and this whole concept of locking down features in a car, FSD really isn't one of them, as its just a software issue and its a totally separate package that isn't core to the operational capability of the car's components.

Here's my attitude: The consumer should have complete control over any hardware and software in any product they buy.

If a manufacturer wants to lock features behind a paywall, that is fine. However, they shouldn't be allowed to complain when consumers modify the thing they bought to get around that paywall. If Tesla really wants to make sure absolutely no one gets FSD or heated seats without paying, then they should make a point of only including the relevant hardware or software in the vehicle at the time of purchase.

Yep, there would be issue at all if they sold the car and you install FSD with a download and a license key but if it comes with the car that's on you if/when the owner breaks the lock they own to access it.

If you sell me a house with a safe in it and want to charge me for the code that's fine, but if get a welder to just break the door open you have no right to tell me no.

in general you would think this is just a DRM race then between tesla and unlockers. however, with so many of tesla's features existing outside the car, tesla has a lot of leverage. a music cd or blu ray is generally finished content. a tesla is constantly getting software patches and most owners use the app which i'm sure is going through teslas servers

is it reasonable for tesla to lock you out of the app or software updates if the software hash doesn't match what they provide ? would it be okay for them to void the warranty if you run software they didn't provide ?

> is it reasonable for tesla to lock you out of the app or software updates if the software hash doesn't match what they provide ?

Of course, and I don't think anyone here is arguing against that.

> would it be okay for them to void the warranty if you run software they didn't provide ?

There are laws governing this exact thing (in the US it's the Magnuson–Moss Warranty Act), and in general Tesla would have to prove your unauthorized modification caused the failure which you're claiming under warranty.

They can void the warranty, as long as they can prove that my modifications are what actually caused the malfunction I am making a warranty claim on.
I think it was even a post here, because somebody had to fix something on his car, he don't even had the licence to use it.
I'm ok with charging subscription fees for services with ongoing costs (things like cell connectivity for remote monitoring or something), and I'm ok with charging one time fees for unlocking features that are already there, since it allows for price discrimination, cheaper and more efficient manufacturing, and better prices to the customer overall (potentially at least). But the flip side of that is that...if you put it on the car that the customer bought, and they figure out how to unlock it.....well good for them and sucks for you. This kind of thing _should_ 100% be legal (if it isn't already, and my understanding is that it is). If you want to _100% guarantee_ that they don't get a feature without paying for it, then I guess pony up for the more complicated manufacturing process where it isn't installed on some models.

As for "they didn't pay for the license"....no....you gave it to them without asking them to sign a license agreement. They paid you money, and you gave them a product. How they use it is up to them.

So contract law and copyright aren't a thing because people don't want it to be? You own the hardware (you can shuck the car, part it out, mod it), you don't own the code it runs. By all means, root the car and take the features you want, but don't be shocked when Tesla either a) nukes the features remotely or b) sues you. You are taking issue with an existing legal and contract law framework. No one is forcing you to buy a Tesla and be bound by agreements with them around their IP. Would you support a software company nuking someone's license to operate their software remotely if the customer defeated a license module they didn't pay for?

(registered security researcher for my rooted Teslas)

I'm not sure how contract law is relevant at all. As for copyright, they aren't copying or distributing it in any way. If you give me the code on it, I am allowed to execute it as I see fit. The only way I see copyright issues is if they weren't actually shipping the code and I had to pirate it and side load it. Which is a completely different issue than is being discussed.

If you sell me a book, I'm not allowed to copy that book and sell those copies. I am allowed to chop it up and and repaste my own copy however I see fit.

If I'm wrong and current copyright law does not permit this kind of thing, then current copyright law is bad and should be changed.

I'm fully supportive of someone going to court and finding out what happens when they do this. It is far more valuable than wild speculation. Copyright law is bad and should be changed, but that is unlikely a winning defense in the course of a civil suit (or criminally, if prosecuted for DMCA violations, such as circumvention of digital mechanisms for access control per 17 U.S.C. § 1201(a)(1)) [1] [2]. I am fairly confident (not an attorney, not your attorney) this applies to access to Tesla's FSD digital work.

[1] https://www.law.cornell.edu/uscode/text/17/1201 (17 U.S. Code § 1201 - Circumvention of copyright protection systems)

[2] https://www.law.cornell.edu/definitions/uscode.php?width=840... (circumvent a technological measure (3) As used in this subsection— (A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and (B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.)

Contract law is running afoul of the first-sale doctrine here. Tesla can not enforce many clauses in a potential contract or license via the legal system, so it's not as cut-and-dry as "you don't own the code".

Copyright has zero application here unless you redistribute Tesla's code or binaries. Reverse-engineering is a legal practice (in US law, at least).

> Copyright has zero application here unless you redistribute Tesla's code or binaries. Reverse-engineering is a legal practice (in US law, at least).

Reverse engineering to utilize software you didn't pay for and don't have a license or some other legal authority to use is unlikely to pass muster legally, versus for interoperability purposes.

https://www.eff.org/issues/coders/reverse-engineering-faq (Control-F "What Exceptions Does DMCA Section 1201 Have To Allow Reverse Engineering?")

Tesla can't sue you if you splice a switch into the seat heater relays! I don't know if that's a good idea. Or maybe they thought of that and they don't turn on unless there's some of key exchange.
That's BMW, not Tesla. Tesla only offers subscriptions for premium mobile network connectivity and FSD. A quality rocker switch would meet your needs for the BMW seat heater use case.

https://www.theverge.com/2022/7/12/23204950/bmw-subscription...

EDIT: I stand corrected. It appears there was a window of time where Tesla offered rear heated seats as an upgrade on a base trim standard range Model 3.

https://electrek.co/2020/02/15/tesla-rear-heated-seats-model...

The cheapest Tesla's offered a one time unlock for rear seat seat heaters. Not any different from bmw, except bmw also offered a subscription option (bmw also offered a lifetime unlock... at a much higher price).
Using software without the license to is copyright infringement, full stop.
In what way? No copy was ever made.
Using a copyrighted work without license is copyright infringement. Not sure how to make that clearer to you.
> Using a copyrighted work without license is copyright infringement

Only for the kinds of “use” that involve the exclusive rights of the copyright owner (“use” generally does not), and even then not always, because there are exceptions to copyright.

If I put a book a don't have a license to under a table leg to make it stop wobbling, it is not copyright infringement
This just sounds like "you get all the downsides of ownership but we get all the upsides of a subscription model".
(comment deleted)
> This kind of thing _should_ 100% be legal (if it isn't already, and my understanding is that it is).

It may fall afoul of the (terribly written, but still law) Section 1201 of the DMCA, if it's arguable that the circumvention provides access to computer software (and I think it is arguable).

I agree that this should be legal, but I'm not nearly as convinced that it is legal currently.

Agree with this. The DMCA makes stuff like this illegal.

Recall that when CD copy protection was starting to be deployed, you could negate it with a black marker. The DMCA then made black markers illegal, because it bans "tools which may be used to circumvent copyright" as well as the "circumvention of copy protection measures". (Not that anyone tried to enforce it, but the letter of the law was pretty clear that black markers were then illegal to possess)

The DMCA should be amended or revoked to make these shenanigans no longer enforceable.

Black markers are/were very obviously not illegal. The law doesn’t work like code, it’s filtered by humans.

No court would ever come to the conclusion that something as mundane as black markers are illegal to possess.

You almost understood the point.

The DMCA is a problem because putting copy protection on (for example) heated seats is a similar level of silliness to outlawing black markers.

> but the letter of the law was pretty clear that black markers were then illegal to possess

That is wrong. It's legal to possess a hammer but illegal to bash someone on the head with one. It was legal to possess a black marker and arguably illegal to use it to circumvent copy protection.

>"As for "they didn't pay for the license"....no....you gave it to them without asking them to sign a license agreement. They paid you money, and you gave them a product. How they use it is up to them."

That's not true and it's most definitely not a valid legal position to take in defense

Haven’t we already been through this type of shit with EA?

Back in, I think it was bad company 2, EA delivered content on disk, but locked it behind a paywall. Then they got their wrists slapped for locking already available content behind a paywall.

Softlocking hardware that exists in the car (heated seats) behind a paywall seems to be the exact same thing, and is not legal everywhere.

The entire concept of "intellectual property" is an attempted theft of our own physical property, and I for one don't appreciate it. I understand that my values on this don't align with much of the rest of the legal systems of the world, but the absurdity of intellectual property is never more clear than when some far away company attempts to assert ownership over something that you use every day.
(comment deleted)
The article claims this is not patchable but it also says that the hackers have not yet unlocked FSD with this technique. I strongly suspect that the “unpatchable” part would not apply to any potential FSD unlock because of the large amount of server-side functionality involved for FSD. Server side components aren’t going to be easily fooled by a car-local exploit.

Knowing Tesla, even if they can’t patch the vulnerability OTA I would be very concerned about their being able to detect the use of this bypass and remote-brick cars in response until the customer agrees to bring their car in for a hardware patch.

Edit: a now-dead reply says there is no server side functionality whatsoever for FSD. I don’t own a Tesla but find it very unlikely that FSD has not even usage telemetry in what are otherwise highly connected cars.

(comment deleted)
(comment deleted)
Okay great, but now the lowest cost of the car is an extra $10k because the manufacturing just got a lot more complicated as a result of not being able to build every car the same way.
They can't even build two cars the same way everytime, I think we'll be okay.
That's variance, not intentional.
Then customers have the choice to purchase a vehicle from a manufacturer with more scruples who is willing to sell those features without charging to "unlock" them.
...can you name one? Because every manufacturer does this.
That sounds like problem of a manufacturer not problem of a user.
The price of the product being higher isn't a problem for the user?
Correct. That's a problem of a manufacturer for not having a competing product.
Would be a nice story if it weren’t for the inconvenient fact that Teslas are selling like crazy as they are.

Sounds like it would be problem for the consumer, though clearly a solved one.

Adding 10k to the cost of the lowest priced car is definitely a problem for both the user and the manufacturer.
This is naive. Tesla isn't selling the base model below cost. If they did, then Tesla would be wiped out unless people shelled out for the extras, because they'd be losing money on every car sold.

Instead, what's happening is that the current price fully reflects the cost of production, and holding the extras hostage is pure gravy.

Nobody claimed Tesla was selling base models at cost? Completely unrelated to the point.
Does enabling FSD come with any liability / terms of service? If it is backdoor enabled and the vehicle crashes, what is Tesla's liability? If the OTA patches to the system are needed and the car is running the base, unupdated (buggy) build, what is Tesla's liability?

Alternatively, if a vehicle is running software that hasn't gone through Tesla's subscription how much of the liability for any software problems will Tesla be able to transfer to the vehicle owner?

Hypothetically, if Tesla were licensing 3rd party software and that license was based on installed uses and Tesla was reporting the subscriptions for FSD (rather than sales of the vehicle), what would enabling the software open up Tesla to? Would Tesla then be able to sue the person who unlocked it for the additional licensing costs they incurred?

If something is opened or modified without manufacturer consent, there is no question of liability because there is none.
Except history hasn't really played out that way. Less serious but Grand Theft Auto had a sex game added to one of their titles that wasn't supposed to be accessible by gamers. People figured out how to unlock it using a modified save file. This ended up in all sorts of legal liability to the company: https://en.wikipedia.org/wiki/Hot_Coffee_(minigame)
Hot Coffee is and was an absurd case with absolutely no merit behind it.

It only became a large issue because it was a social fad for politicians and mass-media to dogpile "evil gaming companies corrupting poor mindless children", and Rockstar in particular with the GTA series was one of the most popular targets of said social fad.

So if you're using unlocked a version of FSD that has been recalled and don't get an OTA update then any and all faults that may be traced back to FSD even if it was clear that this is a bug in the software (e.g. the reason for the recall) the vehicle owner has full liability?

https://www.cnbc.com/2023/02/16/tesla-recalls-362758-vehicle...

Software is a legal grey area as others pointed out. In your example, the vehicle owner modified the software version and used an unsupported one. The manufacturer cannot be liable when there is no legal contract.

The problem here is that this is functionally similar to using an outdated version of photoshop but the consequences are vastly different.

It never has been Tesla’s responsibility if the FSD fails (whereas for Mercedes they take responsibility)
Did they ever figure that out?

> There are few federal laws addressing automated driving. So, Mercedes Vice President of Automated Driving George Massing tells R&T, “we will probably have to deal with each individual state.” But the company plans to accept legal liability for what the car does while Drive Pilot is engaged.

As far as I can tell there still isn’t some webpage where you can submit a claim to Mercedes-Benz for a failure of their self-driving tech…

https://www.kbb.com/car-news/mercedes-well-be-liable-for-sel...

In the opposite, Tesla sounds more like the type of company that would sue you if you claim autopilot brought you into a crash.

Since they are technically right, as autopilot disengages before.

> Since they are technically right, as autopilot disengages before.

> To ensure our statistics are conservative, we count any crash in which Autopilot was deactivated within 5 seconds before impact, and we count all crashes in which the incident alert indicated an airbag or other active restraint deployed.

https://www.tesla.com/VehicleSafetyReport

I'm not a Tesla fan, but Mercedes doesn't have a fleet anywhere near Tesla's. This is a well-run marketing campaign to try to get Tesla to also accept responsibility and bring prices up, IMO. Mercedes isn't really accepting liability for shit at this point, because they only have like one car with level 3 and it's a super top trim and there won't be very many people using it. Once they have a large amount of vehicles out there with this tech, then we'll see what they really accept responsibility for.
> to try to get Tesla to also accept responsibility and bring prices up

If Tesla actually believed that their self-driving works (which they unequivocally and demonstrably don't, as their refusal to accept liability indicates), then it would cost them virtually nothing to accept liability.

Every company that offers self-driving should accept liability to prove that they have faith in their system, and we shouldn't allow any self-driving system on the road for which this isn't the case.

I think the mercedes taking responsibility thing was at least partially clever marketing. there are really extreme limitations last I saw, which honestly is understandable.
The limitations are due to the legal framework Mercedes lives up to. The updated version only recently came out.
I do think they are doing it more responsibly for sure. Just that given the limitations it’s difficult to compare the offerings at this point
I've been thinking about this as a thought experiment lately.

Let's say there's two versions of the car. Higher spec has heated seats, lower spec doesn't. Let's say it's a $1000 price difference.

At what point below are you ticked off ?

Level 1: The higher spec car has the physical seat heaters, all the wiring, all the plugs and all the software. The lower spec car has none of that.

(I think this is how cars have always been sold, so it's "normal" and "acceptable" and nobody would complain - they paid $1000 less and got less features.)

Level 2: The lower spec car has the physical seat heater inside the seat, but none of the wiring, plugs or software to make it function. (It was cheaper for them to just build the seats with the heater in there, so they did, but it will never "work")

Level 3: The lower spec car has the physical seat heater inside the seat and some wiring, but the main loom doesn't have provision for the high current draw, so it can't work.

Level 4: The lower spec car has the physical seat heater inside the seat, all the wiring, but none of the plugs to actually connect it.

Level 5: The lower spec car has the physical seat heater inside the seat, all the wiring, all the plugs (so all the physical hardware is there), but the software to turn it on is not present / not licensed.

(Note: If you got ticked off at level 5, it's pretty much like buying a brand new MacBook and being ticked off that it can theoretically run Final Cut Pro, but you have to pay to make it work. Surely you gotta pay for software ? )

Level 6: The lower spec car has the physical seat heater, all the wiring, all plugged in, all the software, and a setting added (for extra production cost) that makes it not work and can't be changed by the car owner.

We are talking about this one. The entire thread is about this one, and none of your options even passed through the conversation.

This is identical to 5, in my view. Its not licensed. Is anyone upset that if you download a version of software that has a "basic" and a "premium" version, but the premium costs more money, that you don't get the premium functionality? Just like you "can't change" whether you get premium functions if you don't pay for it, the same could be said for fsd or seat heaters.
I disagree with the premise of locking someone out of something they physically own. You HAVE the seat heater in your car, the wiring works, you just aren't allowed to turn it on. I don't see this as the same as a basic vs premium version of a piece of software. The person owning the car owns the heater, the car, the wiring, they have to pay the miniscule extra cost of carrying that hardware around in their car. If Tesla offered to remove it at no cost if the car owner didn't want to pay the fee, I'd have no issue.

Where do you draw the line?

Next they'll be making you pay a fee to use low gears, or a power steering fee, a radio listening license, a Bluetooth permit, a reverse allowance, power window season pass, air condition authorization.

You HAVE the code for the premium software. It exists. The code all works. You downloaded it when you downloaded the basic package. You pay the minuscule extra cost of downloading and installing the extra code you don't use.

That argument doesn't hold up. Nobody should claim they are entitled to the premium features if they only have the basic license/software.

I agree that I don't want death by a thousand subscription fees, but this isn't exactly the same situation here. BMW's offerings is. Frankly, if BMW offered it with only the one-time charge, I'd consider it similar.

>You pay the minuscule extra cost of downloading and installing the extra code you don't use.

This really is where I have the issue. If I have to pay for my ISP to allow me to access the internet and use my bandwidth to download it, my power bill to allow my PC to install it, use up my storage space to host the software, then I should be able to do whatever I want to/with it and you shouldn't hinder me from doing so.

If I have to pay a fee for premium, and then additional components are downloaded and installed, fair game.

I wonder if there's any law that covers such a scenario, aside from EULA allowing the software dev to do what they want as long as the user agrees.

Yeah, I don't get the outrage. People should be happy because it allows people to hack the software and get heated seats, assuming they are ok voiding any warranty.
None of the levels you mention (until Level 5) operate any differently from this feature. In any of those cases, if I replace the missing parts, I get my heated seats. I would be ticked off if Level 2 had physically integrated seat warmers had some protection people could not work around so they had to cut out and replace the seat warmers.

Level 5, and this case, all I'm doing is adding the missing component. A flag or something.

I mean honestly level 1 is frustrating when the cost is negligible or for safety. Plus it isn't like you can choose which features you get, and it is not like the seat costs 1000 dollars to heat. Somewhere between 3 and 4 should have legislation against it. (Also level 5 isn't like final cut pro not being installed, it's like Apple blocking port 22 unless you pay for a special developer license)
Level 5 is exactly where it bugs me. Levels 1-4 are all concrete (if marginal) cost savings as compared to the full version. But your level 5 means someone spent _extra_ money and engineering time to make something _less_ functional.

Boo. Hiss.

I want to add agreement to this, but to be more precise: people should own the things they buy and artificial (software ) means of locking people out of features shouldn't be allowed.
If you opt out of the heated seat package when you purchase the car, that doesn't mean the manufacturer can't add that hardware in a disabled state. That also doesn't mean you own the heating feature after you opted out

That's like asking Intel to fix a processor you overclocked

The far better analogy for what Tesla is doing is "it's like Intel preventing you from overclocking your chip". Sure, you should not expect support for your hacked seat warmers.
If I paid them money and they gave me hardware (in this case a heated seat) then I can do what I want with it, sucks for them if they don't want me to. They can give me the non-heated seat. And yeah if I brick my car trying to jailbreak it that's on me, fine.
(comment deleted)
Nah, that's like asking Intel to enable two more cores on a two core processor made from a four core binned chip that they also sell four core processors based on. The only difference is software.
Intel briefly did have a scheme where you could pay to unlock parts of the processor that were disabled for segmentation reasons: https://en.wikipedia.org/wiki/Intel_Upgrade_Service

It was abandoned due to backlash but that didn't stop Intel from doing artificial segmentation, so instead of buying a chip with "3MB" of cache and being able to unlock it to 4MB later, now you buy a chip with "3MB" of cache and 1MB of dark silicon that's permanently lasered off at the factory. I get the objections, but the alternative isn't really an improvement.

Here's an analogy: the year is 1950. I bought a car and a radio is built in. But I didn't pay the extra radio fee, so a wire is intentionally left out and the radio does not work. But the car is mine--I could choose to scrap it, radio hardware and all; I owe the company nothing, and I am the owner of a car with a nearly-functional radio. Then how could somebody object to my going in and fixing the radio, if it is my property to begin with?
The answer is: the year is 1950, and property rights are respected.

The year is 2023. The goal of Big Tech is the elimination of ownership and the rise of perpetual rental income.

Back then, the dealer would remove the radio before handing the car over to you. In its place would be a panel blocking the hole in the dashboard.

I used to work for a radio shop, and it was reasonably common for us to remove the radio when customers did not want it in their new car. Some wanted to have no radio for religious reasons, some businesses wanted the absolute cheapest vehicle possible for their employees, most wanted to install their own aftermarket radio.

Then they should pay me rental fees in compensation for electricity I have to purchase to haul their hardware around.
There are semantic games at play here, I suspect.

The manufacturer sold the hardware configured in a certain state; the same device could have been configured differently depending on price. Once the device is sold, the new owner is a petty tyrant over the state of his own property.

But if I don't own the heating "feature" (promise of a result), I don't care. I am pretty sure that the warranty indemnifies the company against the hardware actually being fit for said purpose and therefore will not guarantee a result anyway, so what do you "own" in the first place, if not the device itself?

[edit: grammar, readability]

The doctrine of first sale says that companies cannot restrict the second (or later owner) of a thing. You may notice that some books printed in the UK have some wording on the copyright page about how you can't sell the book (nor give it away) without requiring the subsequent owner to follow the same "license". In the US, I can give away a book, or sell it, and no condition that the publisher makes me agree to will apply to the next person.

Physical goods should be required to follow the doctrine of first sale. There should never be any possible conditions on subsequent owners. If the first owner "unlocks" a feature, it should be unlocked for every subsequent owner.

IP has gone too far. We're seeing more and more instances of computers forced into perfectly good physical products for the express purpose of degrading their functionality unless a ransom is paid. Now instead of toggling a relay, you have to go through an entire software stack and license check to heat your seats.
I won all my groceries, but once I consume them, they still turn to shit.

-

I think we need to hold all EV companies "responsible for their shit"

So, if you buy a tesla - only tesla should be responsible for recovery from every crash and and turn in.

Thus the environmental impact due to the heavy metals and all the plastics made are sole responsible from a closed, boring lopp to hyper the link to the fact that all these materials were made by stars. X.

(my point was I PAy/taxxed/etc) for my X-crement...

I think my logic is off WRT analogy, but I beleive you get the premise...

Can we find a complete model of the impact of the matters which are being affected by the musks?

(im not judging musk - I am judging actions... many of these actions suck. IIATAH?

I enthusiastically endorse this sentiment until I remember I'm a software engineer whose career depends pretty fundamentally on copyright law.

As an industry, we sell things that make hardware more useful. That's what software is. But the software we sell* comes with legal restrictions on what the buyer* can and can't do with it. Which means that we're restricting what our customers can do with the hardware that they own. And we do all that for money. *Substitute whatever you think the right terms are for these words (licensor, licensee, borrower, tenant, serf...)

If we sold an app on a mobile-phone store, and a h4ck0rz came out with a crack that unlocked the premium features on it, we'd take measures to stifle it (patching the code, increasing the obfuscation, sending a complaint upstream of whoever was distributing it, etc.), and I don't think any of us would think we're bad guys for doing so. We're just trying to feed our families. And I doubt any of us would feel compassion for someone who said they paid for that phone, own its hardware, and can do whatever they want with it including run your paid software for free.

Tesla's sin, if any, is that they sold us hardware that's designed to work only with their software. And "their" software could include software they licensed from your company, if you work in their software supply chain.

Where is the right line between "my hardware, my rules" and "my software, my rules"?

This is probably not productive, but I think the response would be; I bought the software from you so it's mine now.
Yeah these discussions always give me a bit of cognitive dissonance.

On one hand, I like owning my software or content I purchased (talking about DRM)

On the other, people expect most things to be a "live service" in terms of updates, which isn't sustainable if you only ever get paid a small onetime fee for your software. If you make the fee large, like Modo/Photoshop did, then it acts as a financial gatekeeper to your product. Even then, I feel like it creates wrong incentives for the product, so I'm not sure it's good either.

> On the other, people expect most things to be a "live service" in terms of updates

Do they? Most people I know don't want anything to update as long as it's working. They don't want new features. They don't want new UI changes. They'll dismiss/ignore prompts to update for as long as they possibly can. In very very rare cases people want "live service". They want their GPS to give them traffic information for example, but otherwise they don't want anything but bug fixes.

Photoshop for example doesn't need to be constantly updated and a version of photoshop from 10-15 years ago would be just fine for the vast majority of people. The idea that software has to either be insanely expensive or a subscription is a false dichotomy.

Yeah, exactly this. Companies want live services because they want to charge recurring fees. Customers want to buy and own software.
As a software engineer, I don't sell software, I'm paid to make it. I don't even own it afterwards. I hear some people are paid to develop open source software. I don't think my career depends "pretty fundamentally" con copyright law, as if the software I produce is otherwise worthless. Most people on the planet can't do the work I do, which means that somebody pays me for this work. Changing copyright law wouldn't change this fact -- at most it could affect my pay grade.
> Where is the right line between "my hardware, my rules" and "my software, my rules"?

If someone roots their phone or car, which they own, despite the manufacturer's best efforts to prevent this, it should be legal because they are modifying a physical object they purchased. If they teach other people to root their devices, it should be legal the same way teaching lockpicking is legal if you're just lockpicking something you own.

Nobody is asking manufacturers to stop trying to get in the way of people hacking their devices. Most people won't have the skills or desire to jailbreak anyway.

But John Deere will sue farmers who try to fix their tractors themselves, Sony will sue you for jailbreaking your PS3, etc etc. That's wrong.

Additionally, DRM generates physical waste by making it hard for people to fix things they bought. The right to repair is important.

For software, illicit redistribution is covered by copyright law, no? But the same is true: if you own a copy of software and want to hack it (e.g. mod a game you bought) why should that be illegal, provided you were able to get around the game's built-in circumventions?

That isn't the only way to sell software, it is a relatively recent invention, I honestly wouldn't care if that went away.
> Where is the right line between "my hardware, my rules" and "my software, my rules"?

There's something obscene about unlocking existing physical features with more money, but there's also our mental model of what ownership means. Imagine you buy a new fridge, and it has an extra compartment that is installed, gets cooled but you have to pay to unlock. No one could ever verify that you didn't rip it open yourself. I don't think anyone would object either.

The current monetization strategies for software favor the corporations. They can withhold service in case of no payment, and they are trying to do the same to hardware. I personally feel we should regulate this as soon as possible, otherwise things like right to repair will simply disappear.

> But the software we sell* comes with legal restrictions on what the buyer* can and can't do with it. Which means that we're restricting what our customers can do with the hardware that they own.

I'd say the software equivalent to right to repair would specifically be about restrictions against inspecting/decompiling/modifying the software running on your machine.

While I also think copyright is flawed in general, restrictions against redistribution of the software seem like a separate matter - in the same way hardware right to repair doesn't mean you can set up a manufacturing line for new John Deere tractors to sell to others.

> h4ck0rz came out with a crack that unlocked the premium features on it

If someone grafts on useful features using only what you have already downloaded to my device, I think that's fair game.

Arguably you didn't buy it. Sure you physically own the hardware but you didn't pay for it.

Depending on how you look at it the hardware was paid for by:

1. Tesla as a "marketing" expense. They expect that the $50 of hardware will make a significant number of people pay $500 for the feature. If 1/5 people upgrade that is an expected return of $100 for that $50 marketing cost.

2. The people who purchase the heated seat upgrade. It was more cost effective to install the hardware in all cars than to set up a second production line. So if 1/5 people buy this package their effective cost is $250 ($50 * 5 cars) and $250 is Tesla's buffer + profit margin. So the people who pay for this package effectively pay for the hardware in all cars.

If you enable this feature for all users both of these no longer exist. So the effective cost goes up which would likely raise the price. (Yes, I know that cost and price aren't directly related).

Ah yes, "full" self driving
The video being sped up makes it feel dishonest. Would have been nice to have a regular recording.
Omar post raw versions of all his FSD videos. There’s a link in the YouTube description. Here’s the one for this drive:

https://www.youtube.com/watch?v=oFYspCLoLTY

Frankly the sped up versions are more useful for understanding the technology because most driving is boring, even for a self-driving system. But it is good to be able to go to the raw version if needed.

(comment deleted)
This video seemed to have pretty good performance actually, but I've seen articles where the car just gets stuck, makes unsafe maneuvers or just violates laws and this guy (whole mars catalogue) defends it. Watching prior videos shows it fail to yield to stop lights, stop in the middle of intersections or just total incompetence about highway etiquette (such as the highly watched SF -> LA video (in this video the whole highway is dubious, also violations at 1:18, 1:24, 1:30, maybe 17:24, probably others I missed... 3 in the span of 15 seconds)). I'm not at the point where I trust this thing.
I'm torn. On one hand, I absolutely think that a capability available in the vehicle/device when you purchased it should be available for you to use, and not behind a software lock (heated seats, etc). On the other hand, an "upgrade" or 100% new software delivered via OTA (self driving, etc) seems a little more like it should be a separate thing.
I'm somewhat torn too.

IBM and I'm sure others have shipped enterprise hardware for years that was partially locked. You might get a machine with 16 cpus but you only paid for 8, for example, but you could license the rest as you grew. It seems a little similar and it was in no way underhanded, everyone knew what the deal was.

However I'll echo what another poster said. I say Tesla should be free to sell whatever they want, but if the end user finds a way around it too bad.

> However I'll echo what another poster said. I say Tesla should be free to sell whatever they want, but if the end user finds a way around it too bad.

I think thats the stance I'm leaning towards as well. To quote another commenter[1]:

> If a manufacturer wants to lock features behind a paywall, that is fine. However, they shouldn't be allowed to complain when consumers modify the thing they bought to get around that paywall. If Tesla really wants to make sure absolutely no one gets FSD or heated seats without paying, then they should make a point of only including the relevant hardware or software in the vehicle at the time of purchase.

[1] https://news.ycombinator.com/item?id=36988514

I'm of the opinion that these two things aren't comparable. True, IBM and others have locked extra capability through software... but they were only ever selling/renting to the corporate world, which presumably had enough in-house legal expertise to not be completely dicked over.

To take that business practice, and then try to foist it on consumers who don't have $500/hour lawyers on retainer looking out for them is more than just morally questionable, it crosses a line into some sort of fraud/extortion-adjacent realm.

If Tesla was really upset about this, it's a problem completely within their capacity to solve. Only send bugfixes OTA, require a service visit for new features. I'm betting that their software's such a trainwreck they wouldn't be able to compartmentalize it properly like that to save their own lives.

We’re not talking about enterprise software here. I think people can understand the concept of paying for a seat heater and the like without a team of lawyers.
What are you talking about... Tesla is one of only a handful of OEMs that can even issue OTA updates.

Their cars from 2013 can still get modern features OTA. Please explain how you classify that as a train wreck compared to software cobbled together from 100 vendors (none of whom specialize in software)

Have you perhaps considered that OTAs aren't a desirable feature in a safety critical system?
> Please explain how you classify that as a train wreck compared to software cobbled together from 100 vendors

Tesla gets plenty of software from other vendors. And doesn't always test it particularly well - there was a story here of a firmware vendor who had a test harness that took ~36h to verify. They shipped a bug fix to Tesla, told them it was available...

... four hours later, "Great, this is awesome, looks like we fixed the issue."

???

"We just flashed one of the cars here and took it for a drive."

> I say Tesla should be free to sell whatever they want, but if the end user finds a way around it too bad.

The same should go for DVDs, BluRays and streaming media and yet here we are looking at jail time for bypassing the DRM.

That certainly depends on the country. Breaking DRM to access something you've paid for is perfectly legal here.
"perfectly legal" largely hasn't stopped IP owners from finding ways to hassle people involved.
Yeah, I am in a country like that. I was referring to the state of affairs States-side.
Would you mind providing a citation stating that someone has gone to jail in any country as a result of bypassing DRM for personal use on things they purchased? I am skeptical that this has ever occurred.

Even in the US, which has quite draconian anti-circumvention law under the DMCA, the criminal penalties associated with this behavior only apply to those that violate the statute “willfully and for purposes of commercial advantage or private financial gain”. A person who bought a DVD or blu ray and decrypted it for their own use would not be criminally liable.

https://law.justia.com/codes/us/2021/title-17/chapter-12/sec...

I’m not defending the law, which I disagree with, merely pointing out that “looking at jail time” for non commercial bypassing of purchased BluRay DRM is a stretch.

(comment deleted)
I don’t mind hardware shipping locked and being an optional fee to unlock. I have paid for the rear heated seats in my model 3.

What I’m vehemently opposed to is ongoing fees for things that don’t have ongoing costs. BMW wants to charge monthly for seat heaters or carplay, but those things are not a service and don’t have ongoing costs for BMW to provide. If anything creating an ongoing software lock creates an availability risk. If BMW’s authorization service is unavailable do you lose heated seats?

Several manufacturers are offering either monthly or one time costs for certain features. I’m less clear how I feel about that. Maybe quite valuable for someone who lives somewhere warm and only needs seat heat one month a year. It would take many years of paying for a single month to justify paying for the fully unlocked feature. I think I can live with optional monthly fees for things as long as you can always pay once and just have something that stays for her life of the car.

I've always been curious if the ongoing fees for BMW end up covering repairs if the hardware covering the function breaks. It would seem absolutely insane if not, yet I am pretty sure the answer is not.
100% agree about the ongoing features. Let me pay one time to own the software unlocks please.
I would also add that those sorts of subscriptions shouldn't have a lock-in period, at least not more than a month.

And auto-renew should require explicit opt-in. For most subscriptions I have, automatic renewal is desirable, but invariably I forget to cancel trials or one month subs of things I just wanted to test.

> What I’m vehemently opposed to is ongoing fees for things that don’t have ongoing costs.

IMO, the real issue is the price. There is pretty broad and well established equivalency between OPex and CAPex. The problem is that car companies are trying to charge OPex as if there was a 1 year depreciation schedule, when cars typically last for decades.

I think that if BMW charged 1/240th[1] the cost to buy the option in order to rent it per month, very few people would complain. Especially if that price were locked in for the life of the car.

---

1. 20 * 12 = 240

...and if I could continue paying this price and it would continue to work without third-party servers or network connectivity.

One of the worst problems with this subscription-based everything is that it creates an ongoing reliance on the company instead of allowing things to be pure local.

For example Netflix downloads are a huge pain because of refreshing and re-verifying. In theory these wouldn't exist if they didn't need to worry about your license expiring. You would never run into a scenario where you couldn't play the video that was stored locally because they can't prove that you are still subscribed (even though I'm only half way through my month so it is literally impossible for my subscription to have ended yet).

So yes, if I could guarantee that I could pay a fairly reasonable price for as long as I wanted to and it would work flawlessly for that entire time it wouldn't be too bad. But in practice I can't rely on that and have to dread the day I am offline and can't get heated seats or they take the licensing server down since it wasn't worth maintaining for the 8 people who are still subscribed to this service.

I feel different about extra cores on a CPU than I do about heated seats.

The manufacturing price delta between an 8 core CPU and a 16 core, nowadays is functionally meaningless.

The manufacturing cost between a car with heated seats and without headset seats is functioningaflly meaningful.

The way I see it, for things like heated seats or CarPlay, I'm already paying for the base hardware cost (plus some margin) as part of the base price of the car, charging me for the upgrade is charging me a markup on what I already paid for. Making it a service is insult to injury.

> The manufacturing cost between a car with heated seats and without headset seats is functioningaflly meaningful.

Citation needed. The way assembly lines and product mix work, it could be meaningfully less expensive to have all the hardware be identical with software unlocks.

Electrical wiring typically involves materials gained through mining, which is carbon dioxide intensive.
> The manufacturing price delta between an 8 core CPU and a 16 core, nowadays is functionally meaningless.

Semi yields?

I believe that the worst thing is the use of natural resources to produce those things without any function whatsoever. Assuming the majority of customers don't pay extra, it just makes it worse.
> The manufacturing cost between a car with heated seats and without headset seats is functioningaflly meaningful

I don't believe that is the case. BMW determined it was more expensive to have the supply chain, inventory, and manufacturing management to build both heated and non-heated versions of their seats. Rather than just make heated seats a standard feature they saw an opportunity to maintain and even expand their highest margin revenue stream: options.

Also keep in mind that heated seats may not be the only option available. If you add in a few other options like backup camera, self driving/driver assist and maybe a few more you end up making a dozen or so different production lines and complex logistics. If you have a dozen features you are basically making custom cars at this point. It can definitely be cheaper to make a single model of car and lock features instead of dealing with all of that complexity. Sure, for one commonly purchased feature like heated seats it make make sense to have 2 production lines (at least for the seats) once you start adding dimensions to that matrix it gets expensive very quickly.
Congratulations on getting six zeros in your comment id: 37000000.
>The manufacturing cost between a car with heated seats and without headset seats is functioningaflly meaningful.

You could probably buy something that would heat your seat at home for under $4 on Temu. And that includes multiple middle companies and shipping across the ocean. It probably costs them pennies, where the upside is, this owner doesn't want heated seats, but a car can easily have 2-3 owners in its first 10 years. maybe the 2nd and 3rd owners will want the heated seats, worth the money it would take to install it

At the time I worked on the IBM hardware, these were not cores that were disabled by default.

They were entire cpus in sockets.

My Honda has heated seats. I bought the car in Hawaii and brought it to Socal with me. I didn't care about heated seats when I got the car at all. It just came with my trim. It was nice having it when I went skiing but I would never remember to turn on a premium service for one ski trip and then turn it back off. For a premium car I'd resent it on my ride up the mountain. It would ruin the experience for me entirely just because of how much I'd overthink the cost value benefit in my head. It would seriously make me unreasonably upset. Hard pass on any car that charges monthly for it.
I don't understand the mental gymnastic here. They built car with heated seats. You paid for car with heated seats that are technically fully functional but you can't use them until you pay even more. No, doesn't make sense to me.
> I don't understand the mental gymnastic here. They built car with heated seats. You paid for car with heated seats that are technically fully functional but you can't use them until you pay even more. No, doesn't make sense to me.

That's because you don't understand.

The customer didn't pay for a car with heated seats. The manufacturer included them anyway, but disabled them in software.

Presumably, a consumer could go to the dealership and pay for heated seats as an aftermarket add-on. Or they could pay to enable heated seats (software unlock) on a month-to-month basis.

> The customer didn't pay for a car with heated seats.

Well, when you buy a car your payment gives you ownership of the entire car.

There may not be a written contract or specification explicitly saying that the valves in the tyres are included in the deal, but they're your property nonetheless (in the absence of obvious errors like the dealer letting you drive the wrong car off the lot)

The customer paid for a car with heated seats present but inoperable. If the customer wants to modify their property, that's their business.

> Well, when you buy a car your payment gives you ownership of the entire car.

Sure.

> If the customer wants to modify their property, that's their business.

If you were talking about a vacuum cleaner or something, I'd agree. But modern cars are "fly by wire". It is not, in fact, only the customer's business if they modify their car's software.

I think the problem here is that courts have allowed software vendors to use a legal trick to get around how owning things normally works. Software gets copied into memory to run, and courts have accepted the theory that making such a copy requires a license even though it's not a copy in the traditional sense (it can't be given to a third party so that they can also use it).

A book is copyrighted too, but when I buy one, I can legally write in it, paste in pages of my own, cut out pages, etc.... I can even sell it after I've done that.

I'm 95% certain the law should be changed to restore the first sale concept to software, and even more certain when it comes to embedded software that's necessary to use hardware owned by end-users.

This all boils down to the contract, really. If the contract states that you do not own the heated seats, you have to pay for them. You can't skip reading the contract and say that you own the entire car now.

Not saying that BMW is in the right. Hell yeah they are extracting every penny they can, but you can simply protest by not buying from them. People support their decisions by buying their products and complain afterwards. There are many alternatives.

> The customer didn't pay for a car with heated seats. The manufacturer included them anyway, but disabled them in software.

Sure they did. Maybe they didn't pay the full price for those heated seats, but they definitely paid more for the car with them (but disabled) than for a car without them entirely.

The carmaker is hoping that people will pay for the unlock in order to recoup their costs. But they're certainly not going to ship those heated seats in every car without inflating the cost of the base vehicle by some amount.

Put another way, it might look like this:

1. Car without heated seats at all: $10,000

2. Car with heated seats, but locked: $10,100

3. Car with heated seats, unlocked: $10,500

If the carmaker offered options 1 & 3, then customers would pay for what they want and get, and nothing more. If carmakers only offer option 2, then even customers who don't ever want heated seats will still pay some premium.

The carmaker might estimate that only 50% of their customers will pay an unlock fee for a car sold to them. They want to still cover their costs and make a tidy profit, so they might charge more than the $400 difference to unlock the feature. And that's if they're doing it in the non-shady way, and are charging a one-time fee. If they decide to charge a subscription, they might do something like charge $100/year for it, and then eventually they're just making pure profit for no added value.

Also consider that the carmaker's own costs could be, on average, greater per car if they have to offer two different options 1 & 3. Offering only option 2 (regardless of whether or not people are able to defeat the software lock) might be cheaper for them. I don't see why we need to subsidize their business decisions.

But all of this is still kinda irrelevant: bottom line is that if you sell piece of hardware to a customer, that hardware now belongs to the customer, and you don't get to tell the customer what they can and can't do with it.

Money is fungible so it is really hard to say but it is entirely possible that the base model doesn't pay anything for the seats. They could sell the car with $10,000 and expect that 1/2 of the customers pay $500 for the upgrade. Those customers are essentially paying to install the seat hardware in all cars (because it is cheaper than them paying for a new production line that makes 1/2 the number of cars). So in 2 the purchaser of that car still pays $10k and their "other half" who statistically bought the heated seats paid for the $100 cost in their car.

You can also picture this as a marketing cost. Maybe Tesla things that a $100/car marketing cost is worth paying because they expect that 1/2 of the cars will pay $500 so they have $150 expected return.

it reminds me of those hardware hacks to unlock processors [0]

the upside is that by not having much difference between SKUs, and "locking" one SKU from becoming the other, the costs are lower, and manufacturers might turn those savings into lower prices

in both cases, as in cell phones, I believe like you still own the hardware, including everything in it, including software [1], so if you want to "unlock it", that's your right, as is smashing it, reflashing it, and having sex with it. If that makes for an unsustainable business model, nobody is entitled to their preferred business model being sustainable. Analogous examples here might be unofficial Keurig pods, or printer ink cartridges, which bypass manufacturer DRM intending to lock customers into an otherwise arguably unsustainable business model.

sometimes, though, you have to fight for your rights, e.g. build/buy/download and use unofficial tools

[0]: http://computer-communication.blogspot.com/2007/06/unlocking...

[1]: this inclusion stems from my belief that, where possible, you have an absolute right to view every bit of data that happens across hardware you own, whether gadgetry or eyeballs, in any format you desire, as well as the right to remember what you've viewed, as well as the right to modify or prevent modification of any arbitrary bit on said hardware

> What I’m vehemently opposed to is ongoing fees for things that don’t have ongoing costs.

Especially if that rent-seeking doesn't come with any kind of support for the "offering".

If the heated-seats break for a "subscriber", will BMW repair them for no additional cost?

I usually lean towards consumer rights on this type of thing, and the idea of paying a subscription for something like heated seats is annoying to me.

That said I am trying to play devil's advocate here. Other people have mentioned the analogy of locking out some CPUs on a die for a cheaper version of hardware, and I think that kind of applies here, at least for a one time payment.

If I'm willing to accept that, is it so unreasonable that they could rent this feature to me, even if it's only a software switch? After all, the idea of renting physical property isn't very controversial.

Again, I don't like the idea and would never want to rent the heated seats software switch, but I'm having a hard time justifying why it shouldn't be allowed.

AMD shipped CPUs for quite some time where if you were lucky you could unlock additional cores that had been disabled for various reasons
These were likely sold down due to demand imbalance or more likely due to QA failures in the disabled cores. It's a lot cheaper to get some value from a defective chip than no money. So... by all means try to unlock more cores but don't start whining when your computer acts like Windows ME on a good day (only crashing a few dozen times a day! So stable!)
I tried that on my 3-core something back in the day. I was not one of the lucky ones.
I think the concept of "licensing" should not apply to something you own. If they want to rent you a CPU, fine, but then they should also bear the costs for when it breaks.
Sun Microsystems did this in the early 2000’s
I think the problem becomes when you figure out a way to unlock those extra CPUs without paying IBM, and then IBM sues you or terminates your contract with them entirely.

People should not be constrained in doing whatever they want with the hardware they have bought.

Does that mean all feature-gating iOS App Store IAP should be unlocked for iPhone owners?
Not interested in having a whataboutism discussion. There is a clear distinction here of software vs hardware
Is there though?

Even on game consoles, the “DLC” is often a couple meg download because the actual content is already built into the game.

You could turn Windows NT 3.51 Workstation into Server by just changing a registry key!

https://www.landley.net/history/mirror/ms/differences_nt.htm...

I'm not sure 'MS charged $800 more for NT server when it was basically the same as NT', given how much they're known for unfair and fraudulent business practices, is the greatest argument.

Expecting capitalism to be fair is probably where we're all going wrong here.

I’m not arguing whether or not it’s fair, just that at this point this is a long standing industry practice going back decades.
This is less true nowadays than it used to be, some games have quite a substantial amount of DLC of which no part is shipped with the base game. The Rock Band series comes to mind there, for one.
I see it all the time with RPGs still.
Your argument is not the same as the parent.

It would be the same if the volume rockers on the iPhone would only work if you have a paid subscription, or if you needed to pay extra to unlock 120fps while the device is capable but locked to 60fps because you’re not giving Tim Cook more money.

This analogy/mental model of what things are when you purchase them breaks down for software. It’s less environmentally wasteful to build a single sku and unlock paid software features requiring teams of devs.
> paid software features requiring teams of devs.

This makes it easy for me to make up my mind about. FSD is about far more than just the hardware - there's many teams of devs working on it.

> heated seats

There's little (no?) justification for software locking heated seats. Press the button, make the seats hot. This is just capitalist bullshit and we shouldn't put up with it.

From the perspective of a customer, what is the difference between a heated seat that doesn't work because it doesn't exist, and one that is locked out by software? Assuming the customer isn't paying up front for that feature.

Some people don't want to pay for heated seats. Turns out the manufacturer found it cheaper to just include the hardware anyway rather than differentiate on the production line. What's the big deal? The ability to change your mind and pay for the feature after purchase without getting an aftermarket seat heater seems like a nice bonus. Everyone wins.

The wasted economy on lugging around the extra weight for a useless seat heater.
That's true. It happens, though, and has for years. My last car had a seat ventilation fan that was inoperable because the switch and corresponding electronics (some kind of PWM controller) to turn it on weren't installed. Seat ventilation wasn't offered on that model at all, but the seats were built with the fan. They didn't yank the fan out on principle, they just installed the seats as built.
In reality, you're still paying for the hardware. Don't think for a second that these 'optional' features don't figure into the price.

Sure, maybe they have a lower markup if you don't buy the license up front, but you still paid for it. These types of gimmicks are free money for the company pulling them.

Because of the way production lines work it can actually be cheaper to include it on every seat and unlock it with software.
Cheaper to manufacture, yes, but the cost of the hardware is still included in what you pay for the software-locked car. You've paid for the hardware and you own it, even if it's software-locked. At that point, you're just being asked to fork over $1k or whatever the additional charge is for what essentially amounts to an "on/off" switch.

Edit: Hell, to make it sound even more stupid, you're being asked to fork over $1k or whatever the additional charge is in order to change a bit from 0 to 1.

That's no different to paying $1K for a CAD licence. People just need to come to terms with the fact that the line between HW and SW is becoming blurry.

Obviously, I don't like up-paying for features I don't get to use. The price of the product must be the same, having benefited from mass production. With that being the case, I'm actually glad I have the option to save money now and upgrade later.

The concept isn't a problem, it's companies taking advantage of it (and us).

>The concept isn't a problem, it's companies taking advantage of it (and us).

To borrow a phrase you used earlier, I truly don't believe that we need to come to terms with companies blurring this line and taking advantage of us.

I'm paying $1K for a CAD license because I can't write a CAD program myself. I can easily change a 0 to a 1, why should I pay $1K (or however much) for a piece of software that does this?
It's closer to using a CAD package and finding out you need to pay extra to save files.

Which is a real thing that has actually happened.

The functionality exists, the code already has been written, but it's disabled so as to extract more money.

The arguments about cheaper manufacturing is pretty well pointless. If the cost of adding seat heaters is negligible, what justification is there for charging extra? You pay for the hardware either way. This is rent seeking and nothing more.

This is a topic that's been beaten to death in the electronics industry for years. Oscilloscope manufacturers design and sell a 500MHz scope, but cripple it to 200MHz unless you pay 50% more. Or they put 16MSample of memory in and restrict you to 8 unless you pay $400 for an "upgrade". The cost of buying the lower model and upgrading it later is usually much higher than just buying the high end model.

In any case, it's not like manufacturers are selling the lower tier model at a loss. They're taking lower margins on the crippled hardware, yes, but then they charge you ridiculous prices that are orders of magnitude above the real cost of the additional hardware.

(comment deleted)
> the cost of the hardware is still included in what you pay for the software-locked car.

Not true. The price you have decided you are willing to pay assumes it is not there. Your payment allocates no portion to the hardware. If you have decided a car is worth $30,000, that is what you are willing to pay, regardless of whether or not they include the hardware.

And, in actuality, you might even consider a car with said hardware to be worth less as it adds weight which will require more fuel and wear and tear expenses over the operating lifetime of the vehicle. The car worth $30,000 without heated seats is, perhaps, only worth $29,000 if the hardware is included.

The cost to manufacturer is their problem. Your value determination is entirely independent of that. Should it cost them $1 or $100,000 to build that $30,000 car – it doesn't matter. You are paying for the value you think you will derive from owing the car, not what it cost them to make it.

Indeed, in the long run the value has to exceed the cost of manufacture, else the business will soon find itself filing for bankruptcy. But in the short term, it is not uncommon to see input costs exceed the value of the product, resulting in a net loss for the business. The buyer doesn't care. Input costs mean absolutely nothing to them.

You're also paying for the software they used to lock you out of the features.
People are pushing back against the idea that you can't do whatever you want with a physical thing that you own. You own the heating mechanism in the seats, you own the hardware needed to turn them on, and you own the computer which activates it. If Toyota sold me a car with heated seat mechanisms installed and no switch, they couldn't stop me from installing my own switch. That you might not be able to do what you want with a physical object you own, in theory, makes this different.
I'm wondering if there might be a reasonable market for aftermarket ECUs for some of these "software enabled" vehicles when they start showing up on the used market or coming off warranty...
The thing is, in the long run it doesn't matter whether you are legally allowed to install your own switch. The price manufacturers charge for a car will adjust based on whether they can get revenue from subscriptions or not. If they can't successfully charge subscriptions, base car prices will go up.
The thing is, base car prices go up anyway, and subscriptions are an additional revenue stream. If manufacturers can get away with charging for anything, they will surely charge for it.
This could stand in as justification for any odious pricing practice. "Sure, they sneak cocktails onto their customers's bills, but if they didn't do that, they would have just charged them more for their dinner, so it doesn't matter."
(comment deleted)
>Some people don't want to pay for heated seats. Turns out the manufacturer found it cheaper to just include the hardware anyway rather than differentiate on the production line.

If it's that cheap then it should just always be included, period. Otherwise it's just transparent greed. Why charge your customers extra for something that costs you literally nothing extra? Why not do the same for everything? The radio volume knob is software-locked and it's either at 100% or off, unless you pay extra to unlock it. The entertainment system will play ads continuously while the car is running unless you pay extra for the no-ads version. When you unlock the doors they will stay locked for five more minutes unless you pay extra for the Instant Unlock feature.

It's boggles the mind that a car company would spend millions on styling and then do something like that to completely cheapen the experience. Of course, software companies do that sort of thing all the time. Just...ugh.
$$$, that's why. $X isn't good enough for them, when they can find a way to get $X+Y
Do they even get more money from stuff like that or do they lose customers because the UI now looks like ass?
That's the entire point. They design a "luxury" car to be sold at a luxury price, with high margins. But by doing so, they go above budget for many potential customers.

So they make a cheaper version, with lower margins, but they deliberately cheapen the experience so that those who can afford the "luxury" version don't buy the "cheap" version instead.

If you want to sell a cheaper version then actually make that cheaper version. Don't sell the exact same version with the switch locked in the off position by a logic puzzle and then sell the solution for an exorbitant price. Hell, make a single version and physically break the feature at the factory. Remove a critical component. Anything but this bullshit.
Sometime it is simpler and cheaper to just lock the switch. It depends on how the manufacturing is done. In some cases (maybe not with Tesla) the feature is there but it may be defective. Sometimes it is worth making a completely different "cheap" version.

In any case, it shouldn't change anything for the end user, hardware or software, you pay a premium for premium features. And even if it involves actual hardware, it will cost you a lot more than what the part is worth. That's how manufacturers target both the premium and budget market with the same product. I think it benefits most people in the end, especially on the "cheap" side since people can get something they wouldn't be able to afford at all otherwise, at the cost of a bit of luxury.

Now, you can get smart, buy the cheap version and hack the software, or install much cheaper third party hardware. Same idea as ink refills for printers, or ad-blocking ad-supported websites. Often, that's you right, but don't expect the manufacturer to play along, you are on your own.

Stop giving them ideas!
> Why charge your customers extra for something that costs you literally nothing extra?

Because that's not how business works, whether cars, computers, or any other widget. The cost of manufacturing is only tangentially related to the retail value.

Your examples, while contrived, could easily work the same way. As long as the customer knows what they're buying, and there are other choices on the market, then we will find out pretty quickly how valuable a non-binary volume knob is.

You may not want to know the answer to that one, if you pay much attention to airline ticket pricing and consumer behavior.

> Otherwise it's just transparent greed.

Welcome to capitalism, it seems you are new here.

> Why charge your customers extra for something that costs you literally nothing extra?

Because (1) you can, and (2) it maximizes profit.

> Why not do the same for everything?

Because of estimates about what people will accept not having in the base model and what some will be willing yo pay extra for. Why do you think there would be some other principal at work here?

> From the perspective of a customer, what is the difference between a heated seat that doesn't work because it doesn't exist, and one that is locked out by software?

In the former case, I didn't pay you money, so you didn't give me a good / service / whatever. That feels fair, because you need money to provide those things.

In the latter case, I didn't pay you money, so you didn't flip a switch. That seems like a dick move.

So I guess the difference is that in only one of these cases does it feel like the manufacturer is an asshole.

> In the latter case, I didn't pay you money, so you didn't flip a switch.

This is the case for all software. There is no physical exchange of goods, and nearly zero effort to distribute the bits.

heated seats are hardware, not software, even if they interact with software

a car is hardware, not software, even if it interacts with software

the fact that the switch is implemented via software is irrelevant to the fact that hardware is more analagous, e.g. a printer you want to use off-brand cartridges in, or a cell phone you want to root

I bought a kindle fire at a discount because it was ad-supported, then rooted it and removed all the adware+bloatware, and don't feel even a little bit bad, because all I was doing was using my hardware as I saw fit

sorry not sorry that this breaks amazon's business model (in reality it's so rare it doesn't), but my hardware, my property, my rules

Which is why Stallman got pissed at the lack of source code and worked so hard to make source code always available. So that the economic limitations line up more closely with the physical limitations.

  Some people don't want to pay for a 4th bedroom. Turns out the builder found it cheaper to just include the extra bedroom rather than differentiate on blueprints. What's the big deal? The ability to change your mind and increase your mortgage without having to deal with construction in the future seems like a nice bonus. Everyone wins.
Cars are property. It would be absurd to think portions of my property are off limits to me. The best part about all of this, is that none of these car manufacturers are going to win, it's a rat race and plenty of people are going to buy the cheapest car and mod the car software. I actually love it. I also love how the people doing this have physical access to their property and nobody can stop them.
Aside from the significant associated increase in maintenance costs on e.g. the roof that would come with such an option, I bet you the market would be fine with that. Stamp out houses that are all alike except some have less bedrooms enabled. Hell, offer the extra bedroom capacity as a rental option.

If the customer only paid for 1 bedroom, they're going to save a lot of money. It's the extra maintenance costs of that roof and the associated space taken up by the structure that would make it a harder sell, otherwise dynamically growing living space would be very interesting.

You think builders are going to create rooms people might not buy and not pass off the cost to the buyers, or development company? You have more faith in companies or maybe builders than I do.

Also, how will you keep me out of the room in my house that I didn't buy? You can't effectively.

Capitalism has done way dumber things than that, so I don't think it's impossible that company A builds 100 houses or apartments exactly the same and company B sells them as different sizes, based on how much the customer pays.

A creative tenant could certainly break through a wall that's been put up in place of a door, but that seems pretty extreme. I've seen some creative construction projects to make use of crawl spaces that weren't originally designed for people to live in though, but that's far from the norm.

I'm not torn at all. It's my car. I should be able to "hack" it as long as it doesn't involve illegal access to anyone's servers.
The exact same way you should be able to install your own software on your iPhone
your phone isn't a 3500 lb metal box of death on public roads with other cars, cyclists, and pedestrians
We already have a system in place for this: civil liability and criminal culpability. If you hack your car negligently, you can be sued for negligence or charged with manslaughter.
Same thing if you sell unsafe food, yet we have regulations, because it's preferable to not be killed in the first place.
And because the impact is exponentially larger. Arguments for regulation prohibiting individuals from tinkering with their cars does no such thing, because those laws are not currently in place, and there is not an epidemic of runaway user-modified vehicles.

On the other hand, such regulation would serve to prevent users from enjoying the property they purchased and to facilitate exploitative practices by manufacturers and retailers. It is all the more absurd given that existing law already provides mechanisms for deterrence and punishment, namely: the notion of negligence.

I cannot stress how terrible this idea is. This would severely degrade consumer rights and do virtually nothing to protect people.

It really depends what you are modifying. By all means have a custom entertainment system and I detest the software locked features such as heated seats.

If you are messing with safety critical software then it is no help to me that you are prosecuted for negligence if I am killed.

Even if your safety critical software works it still is negligent, there should be some barrier to entry for such software. It shouldn't be out there in the wild made by whoever with no oversight.

Do you think you should be allowed to change your brake pads? How about bleed your brake lines?
Yes, I would trust people to generally be competent enough.

Writing your own self driving software, go ahead, as long as your driving on private land I have no issue.

Neither agreeing nor disagreeing with you, but it follows that you should also maintain this: "It should not be illegal to drink alcohol while you drive. If it affects your driving performance negatively, that, in isolation, is what should be penalized."
The road worthiness of your modded car is a question between you and the DMV, though. Once you start adding a fifth wheel to your Lada, it's not the manufacturer's responsibility.

(Tesla's software killing people is also not their responsibility, because you're 'supposed' to use it in a way that nobody actually uses it.)

It shouldn't be illegal to bypass the security of your own property. On the other hand, it shouldn't be illegal either for manufacturers to make security features that are impossible to bypass.
> it shouldn't be illegal either for manufacturers to make security features that are impossible to bypass

No such thing as impossible to bypass, which is exactly why companies turn to the courts and police for enforcement instead.

And that's the problem. Companies should just accept that hardware and software will never be perfect, and people bypassing imperfect security/revenue-enhancing features is just a risk and cost you have to accept when doing business.

Instead, we have bullshit like the DMCA anti-circumvention provisions that companies pushed so they could get the government to legally enforce their crappy business models.

> I absolutely think that a capability available in the vehicle/device when you purchased it should be available for you to use, and not behind a software lock (heated seats, etc).

While I intuitively agree with you, I'm having a hard time arguing against the economic argument in favor it. Producing a single version of a product is generally cheaper than producing two different versions. Also offering a lower-margin, software-locked variant can (in certain conditions) make things cheaper for everyone, and it gives the consumer more choice: if you don't need or want the features of the premium model, you don't have to pay for it.

For example, imagine a manufacturer that sells two versions of its product, a basic model that makes up 20% of sales which costs $1000 to manufacture, and a premium model that makes up 80% of sales and costs $1250 to manufacture; this gives an average cost of $1200/unit. If they can save $100 per unit by only manufacturing the premium version and software-locking it, that reduces the average cost of goods sold to $1150/unit. They can pass on half of the savings to the customer, and still come out $50/unit ahead.

Producing the extra weight of the seat heater requires extra fuel to burn. Now multiply that by the number of cars on the road. Will cost the customer a (small) amount extra in fuel costs for a part that is not being used. So there is an economic argument that ya, we can subsidize manufactures by taxing people more. Seems like a bad deal to me.

Now lets talk about CO2 output of driving around extra dead weight. Makes it worse.

I think the usual "heated seats" example is a poor one, since it's so obviously an optional feature that not everyone would want to hack around.

Let's say instead that BMW decided all their car models would be physically 4 seaters, but in order to be allowed to use the back two seats, you had to pay a large monthly "sedan fee". And if they caught you using the back seats without paying, they'd sue you. Would anyone accept this? Likely no. And the reason you shouldn't accept this is the same reason you shouldn't accept the "seat heat" fee.

Not sure what you're getting at, but the back seat example here has all the same issues I pointed out above. They actually would weigh even more than seat heaters. I only gave some examples above of why it's bad but there are many more off the top.

Either way if I truly think I am right, then BMW, etc should just go ahead with this plan. It should be a money loser for them in the long run. But on second thought why burn all this CO2 just to prove a point. We should probably collectively put a stop to it sooner rather than later.

I agree with you 100%. Sometimes on HN we assume when someone replies to us they're disagreeing!
Haha yeah I wasn't quite sure from the response, so I just expanded on what I was saying before. I wonder if there is any examples of it being a good thing in any way shape or form.
> Would anyone accept this? Likely no.

I wouldn't be so sure, it's all about the price. There's plenty of people that don't have a need for the backseats, and at a certain discount on the purchase price it becomes worth it to have two unusable seats in the back of the car. Think about the extreme case, in which the car is free: there are certainly people that would take that deal.

No need to imagine. That's public transportation. You can physically enter a bus and sit there and get to places for free.

But you're supposed to get a ticket. Or is it fair game to use public transport for free because you can?

> Now lets talk about CO2 output of driving around extra dead weight

We're talking about a few grams of extra weight on an ICE vehicle over 1.5 tons, if not even an SUV over two tons. If you put a spare bottle of water in your car you'll most likely have similar dead weight.

Now, I get where you're coming from, but the amount of dead weight this adds is so miniscule compared to the general overhead any modern vehicle carries that making this argument is borderline disingenuous.

You're probably right that the loss in gas mileage or EV range is pretty small, to the point of being statistical noise.

But a few grams is definitely not correct. It's probably more on the order of 3-5lbs per seat.

If we don't like the heated seat example, let's use power seats. Those are much heavier than the equivalent seat with manual controls to adjust its position and angle. Granted, I don't know of any car manufacturer gating power seats behind a software lock...

I question it myself a bit but I think I will stick to my argument. Yes it is a small amount of weight, but from what I understand passenger cars contribute a lot (28%) to total greenhouse gas emissions. 290.8M cars on the road in USA alone. I will say a copper heating coil in a seat weighs 3 Lbs. 4,094 Lbs is the average weight of car. So we could save .1% of the weight of the car maybe? Over the lifetime of a vehicle couldn't it add up?

Then we can add in the CO2 emission of manufacturing dead material to place in the car.

To top it all off, no one wants this.

The extra weight/fuel costs just shifts the price point where it's a good deal (as it makes the product slighly worse), it doesn't change anything fundamental to the argument.

Or to put it in another perspective: carmakers have never optimized for weight at the cost of everything else (as otherwise we'd all be driving around in cars made from titanium or carbon fiber). What's the difference between putting in a heavier seat with a non-functional heater to reduce production costs, and using steel instead of aluminium to reduce production costs?

I wonder if you framed the question a different way if people would be more accepting of the arrangement.

Option A: Buy our car for $50,000

Option B: Buy our car for $40,000, but we'll software lock the "full self driving" feature

It sounds bad if you frame it as the company withholding functionality. It sounds better if you frame it as the company offering a discount, given some software stipulations.

This is really about paying for software. When you spend $400 for Ableton Live you are "unlocking" new capabilities for your PC. When you buy the latest PC game you are "unlocking" new capabilities for your GPU.

If you wanted to do all this yourself you are technically able to do so, at great difficulty and expense. You could develop your own software to operate your vehicle. (Not advisable.)

I prefer to look at it as a value proposition, rather than a battle of ideals. If a car with x, y, and z features disabled at a price of a is attractive to you, then buy it. If not, don't.

That assumes consumers are entirely rational, totally informed beings. Except every economist knows that's not actually true. So you give the consumer option B to get them in the door, and then spring the cost of full self driving on them. Option B can even end up being more than option A. See also: buying a cellphone on contract, back in the day.
It's not so simple, though.

First, they absolutely will not pass the savings on to the customer. Prices are governed by what people will pay, not by what it costs to make the car. If they can make the cars for $100 cheaper, they will pocket the $100, unless market forces (like cheaper cars from other manufacturers) signal that they should lower their prices.

Second, heated seats are heavier than non-heated seats. Customers who get software-locked heated seats and don't want the feature will get slightly worse gas mileage or EV range. So not only is the manufacturer potentially saving money building the car (savings they likely are not passing on to the customer), but they're pushing added operational costs onto the customer.

I think it's fine (though somewhat shady[0]) for a company to use these sorts of software interlocks. But the product sold to the customer belongs to the customer. If they want to hack or mod it to disable that software interlock, the company should just have to live with that, and shouldn't be allowed to punish the customer in other ways (like refusing to provide software updates, refusing to do maintenance, making that maintenance more expensive, etc.).

[0] Ultimately they can do whatever is legal. But customers don't like being nickel-and-dimed for things, and doing too much of this might cause customers to find alternatives. For example, I refuse to fly on super-low-cost airlines like Frontier and Spirit because I don't want a super-bare-bones experience where I have to pay extra for every little quality of life improvement. Flying is already not a particularly great experience, and I don't care to make it worse. It's Frontier & Spirit's prerogative to operate like that (and clearly enough customers are fine with it for these companies to be successful), but it's also my choice to spend my money elsewhere. But if the only option was airlines like these (or car manufacturers who software-lock everything), that would really suck.

It gets a lot more ambiguous when the features being offered also come with increased risk of warrantly liability. I'm thinking of things like acceleration boost here rather than FSD and other driver assistance features.

For FSD, part of the payment is for ongoing maintenance. It is likely that the countermeasure would be subscriptions, and they already seem to be progressing in that direction.

FSD is a little trickier. FSD hardware is installed in your car and is used for ADAS. FSD is completely different firmware and has to be downloaded from Tesla servers which will check to see if you paid for that service.

It might be possible to subscribe to FSD, wait for it to download, then unsubscribe, and hack it to re-enable the firmware. But FSD is still beta and you'd be risking being exposed to get future updates.

I can see two different ways of looking at this

If you enabled a seat heater, enabling hardware that the car already has installed, or hot-rodding the engine, I don't think it is that big a deal.

But if you downloaded and installed software from tesla that didn't come with the car, or did something like enabling free supercharging, that would be more like theft of services.

I expect if this becomes a thing, features will have to be downloaded after purchase.

The flip side of that is when they disable features that were purchased when a car is purchased used.
I think the disabling features of a used car has some nuances.

1) If tesla took possession of the used car and then sold it to you, I think they can disable features.

2) If you sold your car to someone, and THEN tesla disabled features I am not ok with that.

With case #1, I think it is like any used car. People flip cars. They can take a car, remove expensive rims or other options and sell the car without them. People also buy cars and part them out, selling each piece individually. This is ok because the flipper owns the car before selling it and they can do what they want.

Case 2 definitely has happened.
Here's a solid example - in 2016 all teslas came with free supercharging for life. In 2017 they changed it to be non transferable. If you buy the car directly from someone tesla won't know but there has been cases where they've found out (warranty repairs for example) where tesla then removed it.

If the seller didn't tell the buyer, or the seller themselves didn't know - who's fault is that?

supercharging for life is a service.
That's kind of just how cars work in general even outside of software. I put in the oem fog lights in my old car. All I had to do was basically screw through a plastic bracket in the grill that was installed at the factory specifically for the lights, plug in the lights into one end of the harness that was already in the car, pop out the preinstalled plastic cap in the dash and pop back in the fog light switch after connecting it with the other end of this harness that's already there near the button, routed through the firewall for me. The fuse was even already there in the fuse box for the fogs.

Basically everyone with this car is paying for 95% the actual hard work of what you need for the fog lights already. Very few owners end up going for the fog lights but everyone subsidizes their installation.

You can also look at this the other way. Most people don't value the fog lights, so the very few owners pay the cost to install fog lights in every car because it is cheaper than creating a separate production line. So you are "cheating" the system by taking advantage of that hardware without sharing the cost of it.
In a sense it's something car manufacturers have made for years. Most of the time the difference from one model of a car and another with more power is the mapping on the engine control computer.

Till this day it wasn't a problem since this was not really locked down, and despite the fact that is illegal, people did modify the car software to unlock more power quite easily.

But... that "locking" of feature kind of made sense, since a car with less kW pays less taxes (at least in my country you pay more if the car is more powerful) so selling a locked down model was also an advantage for the user that wasn't interested in having more.

Locking down heated seats... it's just a move against the user. Buying a car you payed for that seats, since they are there, why the manufacturer should ask you another fee to use for something you already payed? To me this shouldn't be possible.

I've done a fair bit of work with engine ECUs and remapping for more power is almost never "free". It's not like manufactures are offering different power outputs strictly via software, though sometimes they'll make different _tradeoffs_ between power/drivability/reliability.

I mean, it's easy to get 20% more power out of an engine if you don't care if it idles like a washing machine. And for some applications, that's just fine.

>I mean, it's easy to get 20% more power out of an engine if you don't care if it idles like a washing machine

Can you explain this? How does remapping an ecu make the idle different?

Sure, you're basically running the engine with a different tuning and you can't optimize for everything. Getting more peak power, or a broader power band out of an engine often means sacrificing smoothness in other parts of the power band.
It's relatively clear to me...

Features cost money, so I should pay for them. Wether that's via an option package (traditional) at order time OR via a software update (Tesla) after purchase doesn't matter.

BUT! As long as that feature doesn't have recurring costs to the manufacturer (heated seats), it should be a one-time fee, and transfer with ownership.

Something like self-driving, where there might be an active internet connection and server costs - I'm ok with a recurring subscription.

Examples... BMW tried to charge a subscription to use Apple CarPlay. This should be a one-time fee (baked into model price, or a one-time software switch). Same for Toyota (I think) who tried to make remote-unlock a subscription (this was basic key fob unlock - no internet hosting/app maintenance involved). Also crappy move from them.

Hacking otherwise reasonable software-locked features feels like theft to me. If you want the feature, pay for it. At minimum, I'd expect Tesla (or whoever) to void warranties on cars with these hacks applied (within the bounds of Magnuson-Moss Act in the US).

If the feature is built in to the car from the factory and disabled via software so they can charge more then you are already paying for the parts and lugging around the added weight in the vehicle thus costing you more in fuel. Software locking a hardware feature that is integrated is an awful practice.

Telsa chose to do this presumably to only have to buy a single seat configuration and streamline installs so they could hit production quotas.

Right. Instead of manufacturing a 50, 80, and 100 kWh battery pack, and having to go through the whole process of getting certifications and everything for each size, they just make 100 kWh packs all day long, and then software limit them to 50. Which means, in the case of an emergency, the company can bestow extra range on lower-end vehicles, which they did for Hurricane Irma.

https://www.theverge.com/2017/9/10/16283330/tesla-hurricane-...

Does that imply there is not much of a manufacturing cost difference between 50 kWH and 100 kWH battery pack?
Great reply!

It's either so close that you're overpaying for the 100kWH, or it's not very close in which case you're overpaying for the 50kWH.

Either way: the 50kWH is hit: carrying dead weight on a smaller capacity. A not insignificant weight.

No, they were selling 75 kWh packs as 60. The gap was nowhere near 50 -> 100.
For many features it makes sense. Heated seats for example have trivial hardware costs. It's basically a couple resistive wires, plus the necessary controls. The process costs of manufacturing some cars with and some without heated seats likely far exceed the cost of the heated seats themselves, so it's cheaper to just put them in every car. But heated seats are a great upselling opportunity, people are willing to pay $200-400 for them, more if you bundle them in a package with other stuff the customer doesn't actually need but that creates a vague sense of value.

The compromise that minimizes production costs and still allows that upsell is to put them in every car and disable them via software.

Just because it is easier and cheaper for you to do something doesn't make it right to do it.
I'd be hard pressed to imagine a greater waste of resources than to include all possible hardware in all possible sold goods, with only some of the features enabled. That maximizes waste with only a portion of buyers able to use those things.
Back in the day we used to just call those "standard features" and every car had them.
They could do that but would have to raise the base price. These addon features allows a cheaper entry point and price discrimination for those who are willing to pay more.

Whether it ends up being wasteful is complicated, there are would be operating effeciencies in putting the same hardware into every car.

>> They could do that but would have to raise the base price.

Why? The component is already in every vehicle. This is not like binning for chips: every vehicle must (and does) have the capability because it’s unknown whether a consumer will pay for the upgrade. If anything, the price should go down because software costs have decreased by removing the software locks.

The value of the option could be enough to allow below-cost pricing on the base model. Completely made up napkin math…

Base price: $10,000. Cost to produce (including profit): $11,000. Cost of option: $2000. 51% of buyers opt for the option at purchase. Some % of resales result in additional sales of the option.

You're assuming that the cost of the component is being recovered through the base price of every vehicle, but that's not likely because the base price has to compete on price against other vehicles without the feature.

Instead if, for example, the component adds $30 to the BOM and they know from market research that 10% of buyers will pay $500 for the software unlock within 3 months of purchase, they don't have to include the cost in the base price and still make very good margin on it.

Heated seats were a "standard feature" and every single car had them? I guess maybe, if you drove porsches and higher trim Mercedes cars 20 years ago (or any comparable luxury vehicles).

Otherwise, I can totally assure you they were not "standard features", and they didn't even exist for most car models, regardless of the trim.

Or maybe your definition of "older" vehicles means those that were produced in the past 5-10 years, but that's a fairly controversial definition of "older".

Not heated seats specifically, but any "option" that was cheaper to include than not. That's the definition of a standard feature, where it's just built into every car.

Power windows were originally an expensive option, but they got cheaper, and the fraction of cars ordered with manual crank windows dwindled, to that point that power windows are simply standard on most cars now.

If somebody said, okay every car has power windows but yours don't work unless you pay a monthly fee, I'd break out the wire cutters right in the dealer lot and fix the problem myself. Screw that. It's a standard feature and someone broke it, I'm fixing it.

Ongoing costs aside, it’s important to also recognize that there may have been massive up-front costs to develop something like self-driving before it generates revenue, which the manufacturer should have the right to recoup/monetize. If they choose to do that through a subscription, that feels like it’s within their right.
As the end user, I couldn’t care less about a manufacturer’s costs. That’s a them problem, not a me problem.

I understand your point. I just don’t care. They sold me a thing, and now it’s mine.

That strikes me as a pretty dissonant argument on HN. If we play that out, no software creator would have a defensible way to monetize what they invested time, energy and money to create. Enforceable laws protecting IP are the difference between entire sectors of the economy existing vs. not being worth the effort.
I don't think that's true at all, or what the person you're replying to is getting at.

If you sell me a bunch of hardware, that hardware is now mine, and I should be able to do whatever I want with it. If you sell that hardware with a bunch of software on it, I should again be able to do anything I want with that software.

That doesn't entitle me to updates of that software, or ongoing use of the company's cloud infrastructure. It's fine to require payment for that.

IP laws just aren't particularly relevant to the discussion at hand. I don't think anyone is suggesting we should be able to legally "pirate" the software running on our devices.

I agree in principle. Are you also absolving them of any warranty on the car once you begin modifying it?
Only if your modifications directly cause the damage that would have been covered under warranty. That’s actually been covered multiple times in US law and is fully your rights as a consumer, to maintain the warranty.
I strong disagree. I'm not talking about making unauthorized copies of the car. I'm just going with the principle that's as old as the whole concept of property: once I buy something, it's mine.

If I own a shoe, I can paint it to look different or change its shoelaces. If I own a book, I can tear out the pages and rearrange them. If I own a TV, I can hook anything I want up to it. And if I own a car, I can modify it as I see fit. Those things are mine. If I no longer want them, I can sell them (barring a specific contract with the manufacturer, see https://en.wikipedia.org/wiki/First-sale_doctrine). And if a company wants me to pay them money while still retaining some kind of legal right to restrict how I use it, they can negotiate a discounted price for me to pay them.

When I walk onto a car lot, I'm not saying "whoa, check out this IP!" The salesperson doesn't hype me up by saying "you could own significant portions of this beauty today!" We don't sign a "purchase (most of it) contract". I don't pay "sales-but-all-rights-reserved" tax on it. The DMV lists me as the owner, not the IP licensee.

If I had to choose whether to support laws protecting IP versus laws protecting ownership, I'll pick ownership 100% of the time.

But the carmarker is surely within their rights to refuse to continue servicing your car, or declare that any attempt at modifying the electronics/software potentially makes it unroadworthy.

Having said that, I don't entirely understand why Tesla don't keep the software unloaded from the vehicles until the user chooses to purchase the add-on features: compared to everything else the software does, that's not exactly a particularly difficult engineering challenge.

That would likely be highly illegal of them, per the Magnuson-Moss Warranty Act. Unless they could prove that the process of you enabling the confiscated features caused something else to break, they're still on the hook for it.
Ok, here’s a web software analogy.

I run a news website. I charge $2 to view the news website. You paid to view to my news website, thanks!!

Let’s say you really prefer dark mode, but my news website is bright white. You install something like DarkReader, to make it inverted colors, so problem solved!

But now I realize that this is a market that I could charge for. So I start charging $5 for “news site with dark mode”.

Should it be illegal for you to use dark reader to view my news website with your light-mode-only license?

Technically I’ve shipped you the text and style for my website, which you are completely allowed to access and have paid for.. Then you’ve modified it for your own use after receiving the product. Is that wrong?

Customers are not responsible for the company's business model.

I'm fine paying for software. And I'm fine with a subscription model if I actually get new things periodically during my subscription.

Put another way, if you sell me a static, unchanging piece of software (like a software update to enable heated seats), then that should be a one-time charge. If you sell me a self-driving package that gets regular updates over time, then I'm fine with a subscription.

(Self-driving software is a bit of a grey area, though. I should probably have to pay for new features, like "now it can drive on some more roads where it would previously disengage and require a human to handle it". But I should not have to pay for an update that fixes safety issues with existing functionality.)

> But I should not have to pay for an update that fixes safety issues with existing functionality.

“I want free updates”

(comment deleted)
Heated seats is essentially a bool somewhere in the code implemented as artificial limitation.

Self-Driving is much more complex and abides much more as an argument to your view.

But who gets to decide? Usually the more uneducated a person is of some particular product, the more they think a feature is "just a bool somewhere".

(personally I'm very much on the side of giving people control of their own software and hardware)

If the hardware for the feature is present and hooked up, and the software (if any) that's needed to run it is installed, then it is indeed "just a bool somewhere".

If the hardware requires non-trivial software to enable the feature, and that software is not provided with the device, then it's fair to require additional payment to buy that software. But also no one should be able to prevent a third party from reverse engineering the hardware and writing their own software for it.

I think "who gets to decide?" is a somewhat silly question. It's the same answer we'd accept for just about any situation: someone reasonably well-versed in the technology.

Even if it is a bool there is probably an extra factor: Liability in case there is an fire or other incident. Tesla probably on its side reduces it's cost as well, by only insuring (be it by having cash reserves or actual insurance) it's liability only for the cases where it is enabled.

It's of course hard to prove as cause, but if there is a liability case it might become "interesting"

Edit: Also relevant: even without incident, the disabled heated chairs may be broken. By not being enabled Tesla doesn't have to repair them under warranty as the aren't a feature. Thus they maybe can reduce quality in the production

Isn't it rediculous to assume a seat-heating feature could cause a fire? I would assume there are even hardware limitations in place to prevent heating that would otherwise cause damage.

I imagine the situation at court "you implemented combustive seat-heating for this model?¿"

> Hacking otherwise reasonable software-locked features feels like theft to me.

I disagree, pretty strongly. There is a line. They sold you something in its entirety, including the seats with wires.

I would agree with you if you had to download the control software from their servers.

I would agree with you if you if the upgrade provided you physical wires to install, even if you had to install them.

Related I think it would be fine to purchase the control software and/or heating wires from a third party that was not tesla and install it in your tesla car.

How do you feel about software that has various 'pro' features that cost more but are unlocked with a key and don't require a separate download?
I think the burden is on the software developer to figure out what they need to do legally. It might be inconvenient for them to require a separate download, and they'd have to make peace with it if they deliver the functionality in its entirety to you during the first sale.
If you're purchasing the "not pro" version for a much cheaper cost, and it is a functional program (basic things like Save not locked behind the paywall), having different tiers of paid features is fine. You were able to pick to have the lower tier features, even if you end up downloading the same exact files.

When it comes to hardware, if they've already installed the feature, they've already factored the cost of it into the purchase price. Your out the door cost includes that heated seat hardware, even if it's not a line item. And you don't have the option to have it removed for a discount (or get a lower car package). You only have the option to pay to use the thing that's already in your car or not to pay to use it.

Maybe it's not quite theft, but like I said, at minimum, I'd expect Tesla to refuse warranty repairs (hack the software to open Plaid mode, lose your drivetrain coverage, etc).

Trying to think about it in terms of "normal" cars - unlocking Plaid is similar to reprogramming the ECU on an ICE to deliver more power.

I don't have any trouble with plaid - it is hardware/software with 3 motors and other hardware, plus control software.

There is also law in place to refute what you said. Manufacturers can not deny warranty coverage if you jailbreak your phone or hot rod your car, and this is similar. (I believe they have the burden of proof if it seems you did the damage)

https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty...

Yes, I mentioned that law above. It doesn’t protect consumer who modify their cars beyond original spec…

If the manufacturer can show the change contributed to the failure, they can deny coverage. Vastly increasing the power output of the drivetrain would likely cause a voided warranty on the drivetrain.

Unlocking heated seats wouldn’t void the warranty on the drivetrain, but could void it on the seats and related electronics.

The counter-argument is that you are "unfairly" shifting the cost to others assuming that if a workaround wasn't available you would have paid the premium price. Let's say that it is expected that 1/3 of people will purchase heated seats. If you unlock your seats without paying then you are harming Tesla because the heated seats package was priced assuming that 1/3 buy it (so it was priced at 3x the per-car hardware cost plus some markup). Now less than 1/3 people buy it (as they are hacking it to be available) so it was underpriced and they lose money. Next year Tesla adjust their expectations to 1/4 people buy it and accordingly raise the price of the package (Now 4x per-car hardware cost + markup because it still has to cover the cost of installing the hardware in all cars). Now you are harming the people who are buying the package because they are paying for the cost of the hardware that you are using without paying.

> They sold you something in its entirety, including the seats with wires.

This is the part I have to agree with. There should be nothing to legally prevent me from doing whatever I want with my hardware. It may be unethical to use this hardware without paying for it, but I shouldn't be legally prevented from doing it. They did sell me this hardware even if the cost was paid for by those buying the heated seat package and I should be able to do whatever I want with it.

I think this works quite well with things like CPUs where they blow hardware fuses to disable features and it is infeasible to restore this functionality at any practical scale. However for things like seat warmers where the controller is likely easy to bypass (and in this case the lock is actually implemented very far away in the infotainment system) it will likely turn into a arms race between tamper-resistant hardware and those who what to unlock the feature without paying for it.

> BUT! As long as that feature doesn't have recurring costs to the manufacturer (heated seats), it should be a one-time fee, and transfer with ownership.

What if it's a sort of payment plan?

E.g. if we assume heated seats costs $1000 and the consumer wants to pay for this monthly over ten years then it'll be 1000/12/10=$8.33 plus interest per month.

Of course, this should mean that once repaid, it's the property of the owner and therefore transferred at resale.

You can make the same argument that pirating software is ok
In the world which disrespects FOSS for so much it is OK. Pirating books is 100% OK.
I don't think there's any need to be "torn" on that; you can certainly hold different opinions for different nuances without conflict.

Hardware features that are actually present in the product when purchased should be available for use. If manufacturers want to put those features behind a software lockout, I guess that's their prerogative, but they shouldn't be allowed to complain or punish the customer if they find a way to circumvent it.

Charging for ongoing services that require the manufacturer to spend money to maintain infrastructure (like a remote engine start or remote lock/unlock) seems entirely fair, though.

But as a big fat asterisk to that last statement, it pisses me off that I can't run my own server infra for that myself. I bought a Mercedes E-class a little over a year ago, and it included a free year of their online services. Fortunately continuing the subscription is pretty cheap (something like $150/year). But it's an all-or-nothing deal. I want to be able to do remote lock/unlock and engine start, but I don't want Mercedes tracking my location wherever I go, and I don't care about map updates (since I use Google Maps via Android Auto for navigation).

I would much rather be able to spin up my own server to handle some of the remote capabilities, and not have the car talk to Mercedes' infra at all (except perhaps for software updates, which I would manually approve/accept).

I get why car makers won't do this. Even if they didn't want a stranglehold over providing services, I'm sure they still wouldn't do it: it would require extra "advanced" settings in the car and in the app to allow the customer to set an alternate server backend. And customers will inevitably make security mistakes with their own server backend, which could create liability for the carmaker, or at least cause bad press, even if it shouldn't.

Let's start calling them what they are:

Freedom fighters.

"Hacking" carries quite a lot of negative connotations in most realms. These are people making sure you are able to make full use of your own stuff. There shouldn't be anything contentious about that.

"Freedom fighters" has a lot of negative connotations in many realms as well. It evokes images of rebels using violence to push some political agenda. Sometimes for worthy causes, sometimes less so.

No, we're keeping the word "hacker".

While I agree with that image problem (I couldn't come up with any that didn't have it, and at least this one is descriptive)... I feel pretty confident claiming that "hackers" carries clearer and more consistent negative connotations to the general public (definitely not HN though).
I mean, we used to use the word "cracker" for this up until the late 90s. A hacker was someone who created something cool.
"A group of security researchers (aka hackers)" is an especially bad connection to be drawing for the general public.
(comment deleted)
Will be interesting to see how they did it. Using low cost off the shelf parts means nothing if you have to dismantle the entire car and solder to the tiniest of points. I still remember the first Xbox mod...30+ wires attached to the smallest of points on the motherboard.
[flagged]
Care to elaborate?
Let's say you have a Tesla, but you didn't buy the "full" self driving package. You sell your Tesla to a third-party. Tesla (of course) resets the system to disable "full" self driving, but you have the tool to activate it so you turn it on for the new owner. Presumably you received money in exchange for the vehicle, as is traditional in our culture. You take some of that money and buy a 1958 Dodge D100 pickup truck and the Hayes Manual so you know where the spark plugs go. You use the remainder of the money to purchase a mix of mutual funds, Ford Motors stock, artwork by mediocre, yet somehow popular modern artists and maybe a crate of 2018 red wine.

In 10 years you still have the D100, though you have spent more money on spark plugs and air filters than you would have imagined possible. The Hayes manual is covered with grease stains so it is no longer re-sellable. The Ford Motors stock has (of course) tanked, but it allows you to justifiably rant on internet message boards. The artwork has appreciated and you recently sold it to a European collector for a profit. The red wine would have appreciated in value, but by this time you've drunk all of it.

Care to elaborate without this much analogy? I suspect you're trying to say the value of a Tesla ain't going to be there in 10 years, but I'm not quite sure that's true.
Step 1. Unlock the "full" self driving feature you did not purchase.

Step 2. Sell your tesla.

Step 3. Unlock the "full" self driving feature for the new owner.

Step 4. Take the money the new owner gave you and use it to purchase another vehicle.

Step 5. Profit

In this sequence of events, the value of the tesla in 10 years is of no consequence to you because you do not own it.

Who cares about upvotes/downvotes.. and I agree, Tesla is just meme hype, and for that reason I will never buy “smart” car that spies on me and my family, while these videos are shared as a joke among Tesla employees.
But it also has the great benefit that the data it collects doesn't belong to you. It belongs to tesla.
"Eschew flamebait. Avoid generic tangents."

https://news.ycombinator.com/newsguidelines.html

[flagged]
We don't care about any of that; we just care about HN discussions being fresh and interesting vs. tedious and boring. Generic flamewar tangents are the latter, especially when they're re-repeated as often as this one has, so please don't take threads in those directions.

If you have a substantive point to make about resale value, or something like that, that's totally fine, as long as you do it in a way that isn't flamefodder/snark/name-calling.

https://news.ycombinator.com/newsguidelines.html

Pretty sophisticated attack vector: low voltage attack on AMD secure execution environment during boot. I wonder how many tries you need to get whatever bits you need in the right place. Also, I imagine you only need to cut 12V wires to do this, but I admire the willingness to get in there direct on these systems. I'd be a little nervous to make those cuts personally.

Buried in the article is the claim that this will let them pull the RSA private key the car owns out for other uses -- while this is likely to remain a very niche attack vector, that's got to be really bad news for someone in vehicle security at Tesla. On the other hand, post jailbreak you could anonymize your location on Tesla's servers, which would be nice.

Anonymizing your location - until you put in route and your car asks for traffic information from teslas servers.
If the map can't talk to Tesla it'll use Google maps directly. I usually don't allow connections to Tesla on my rooted Model 3
Hoe did you root yours? Did you lose out on any functionality?
There's some functionality loss but it's mostly been mitigated. I have a custom app I wrote since I can't use the stock app.

The one feature I miss is that there's no voice commands since that requires Tesla's servers but at the same time I also haven't been bothered enough to plug in a custom backend

wait

So the company that goes "we don't need physical buttons since we have voice commands" also goes "you don't need those in underground parkings"?!

It’s ok, the voice commands are barely understood anyway. At least in the UK they aren’t. Gets it drastically wrong and messes up your navigation destination, because you asked it to open the glovebox “navigating to Columbia”
I also would like to subscribe to your newsletter.
I've got a blog if you're interested haha https://fn.lc/post/

I've been hacking on my car and creating my own self driving models

Code is at https://github.com/d4l3k/torchdrive

How does this work with their charging network? Are you still able to use their chargers, or are you stuck with home charging & third parties?
Supercharger auth is between the car and the charger and doesn't require an internet connection. I get billed the normal way via my Tesla account since the VIN is registered
Oh no, don't give them ideas. It'll become the HP instant ink of car charging
Your L2 charging wire is low on copper, please replace the entire cable.
Are there api keys for google maps in the car? Or does it emulate some client like a browser or android phone?
>that's got to be really bad news for someone in vehicle security at Tesla.

It says in the article: "Generally, these exploits are shared with Tesla, and it helps the automaker secure its systems."

So it's only a matter of time till Tesla patches it.

More relevant quotes from the article:

> The group of hackers claims that their “Tesla Jailbreak” is “unpatchable” and allows to run “arbitrary software on the infotainment.”

And the full quote of what you put:

> Electrek’s Take

> Generally, these exploits are shared with Tesla, and it helps the automaker secure its systems.

> In this case, the hackers said that despite the exploit, they believe Tesla’s security is better than other automakers.

Doesn't seem like the security researchers actually shared the exploit with Tesla, at least as far as I understand.

The information in this article alone is likely enough for some Tesla engineers to sit down and figure out the exploit themselves.

And if this research group wants to enable regular people to "jailbreak" their cars, they have to publish their full methodology anyway.

That's likely because it's a hardware issue, nothing really for tesla to do.
Apologize for my ignorance, but isn't it up to Tesla to define what hardware they want to integrate? Or is there no design alternative?
What they meant is that it is not possible to fix it without replacing the hardware.
I see. But replacing the hardware would still be very much in the purview of "Tesla's problem" if you think they are a car manufacturer.
Yes, but it is unpatchable for any currently existing cars on the road, I believe that's the point they were trying to articulate (though not super well).

And yeah, you are correct, Tesla can close up that exploit in their newer hardware revisions.

Changing hardware would mean a recall and this doesn’t seem to warrant it.
But how much time until the hardware is changed? And all the current models?
They will share the details at Blackhat next week
Although this seems unpatchable without an HW upgrade
On the black-hat-flip-side ; This is exactly what a Black Hat would want to say - preventing from Tesla stating that they "aint got shit" from the hackers...

So hackers can claim they called tesla, and tesla can ignore it and we no wiser

> I wonder how many tries you need to get whatever bits you need in the right place.

For the Xbox 360, the "Reset Glitch Hack" (which worked similarly) would just try over and over again until it got it right. A computer is happy to try tens or hundreds of times on your behalf.

However the next Xbox added active countermeasures against glitching attacks which force a reboot if the clocks, temperatures or voltages go outside of reasonable bounds, and that's never been defeated. Glitching attacks can be very powerful, but they have a limited shelf life if the hardware manufacturer cares to prevent them.

https://www.youtube.com/watch?v=U7VwtOrwceo

Definitely. Not arguing that this can't be fixed, but rather outlining how a similar successful attack was made more reproducible.
Just like we used to have cable box guys willing to sell you an unlocked box for premium channels, we are eventually going to have feature unlock guys that you go do and for a small fee perform some slightly more technical hack to enable features that are already there.
This market already exists for things like enabling Navigation on VW/Audi cars. People were offering to enable the hidden Android Auto support on my Porsche Macan for $600, which I almost went for until I found the scripts and instructions to do it myself.
Hidden as in it's not available normally, or hidden as in it's a paid feature?
It was built, and then disabled, as Porsche wasn't comfortable with Google's policies around data collection from Android Auto. You can pretty easily figure out how to turn it back on.
I did the same on a Mazda CX5 a few years back, but it was a software only hack to get root first. I suspect the actual physical hardware modification line is the one that most users are going to be unwilling to cross unless they are in the "Download a Car" crowd.
Doesn't the Mazda CX-5s all ship with Android Auto and Apple Carplay by default?
2016 Didn't, I also enabled the built in navigation while I was at it.
> I suspect the actual physical hardware modification line is the one that most users are going to be unwilling to cross unless they are in the "Download a Car" crowd.

Idk, hardware modification of the first Playstation that allowed to play ripped games became mainstream very quickly in my country (France) and you could even go to some shops that sold Playstations to get it done. It only stopped when it was made openly illegal.

“I paid for this shit, I do what I want with it” is a very powerful sentiment (and a legitimate one actually: corporation adding “Digital Right Management” system to deprive people from their property right is dystopian as hell).

Okay, but in that PlayStation example you DIDN'T pay for the games, but still decided to 'do what you want'. How is that legitimate but attempting to prevent it not?
Because you also prevent legitimate uses of such "feature", such as playing games you purchased legitimately from other regions, as that "feature" also allows to defeat region-locking. As for why not just buy those same game versions released in your region, some games were just never released in some regions. Another common use is running legitimate homebrew software.

So logically, it isn't modding/unlocking the console itself that's illegitimate. But it can be used for certain illegitimate actions, yes (along with legitimate ones).

This, or you want to have a backup of your disk because your younger brother isn't especially gentle, or you want to have a second copy of your game so that you can have one at Dad's home and one at Mom's.

And these use-cases aren't only legitimate, in France they are even legal and in exchange we pay a tax whenever we buy a media storage device (Taxe sur la copie privée).

> hardware modification of the first Playstation that allowed to play ripped games became mainstream very quickly

I remember this. Chip on chip iirc. The period is stored in my memory because it was also when DVD media first broke the $1/disc barrier. It wasn't very good media at $1 per but exciting times nonetheless.

By the time I got around to booting "backup" discs in that system, it could be done just with a dongle (like a GameShark type thing, maybe? Can't remember) although unlike a soldered-in mod chip, it required booting with any genuine game and quickly swapping to any copy of another game, using a spring to defeat the lid sensor thus avoiding a subsequent check for a genuine disc.

Not quite as convenient, but lack of invasive mod was the tradeoff.

$600 is not cheap. What model year do you have? Does Porsche not provide an update or possibility to upgrade.
If you're in the market for a recent Porsche, which go for let's say ~$100k, $600 is cheap to you. Cheaper than the time you'd spend on doing it yourself really, but doing it yourself is half the fun.
If $600 is something you have to think about, you should never own a Porsche.

If you can't afford to maintain an expensive car, you can't afford to purchase an expensive car.

> If you can't afford to maintain an expensive car, you can't afford to purchase an expensive car.

Depends on how you acquire it. I can get a couple BMW's for cheap to free but I've heard too many repair stories around the campfile to blind dive into that particular rabbit hole.

This is how I got CarPlay on the used BMW I bought. Gave some guy in Thailand my VIN and $60, he sent me firmware to install, and now I drive around with working CarPlay and the vague notion that I've maybe been p0wned in ways I don't fully understand.
When your car idles, it's contributing to his Folding@Home account rank
Heh... or mining coins... or these days, factoring LLM's...
Wait, CarPlay is a "premium" feature on a BMW?
On older models. Current models come with it.
Current ones instead charge you a recurring subscription for seat heating, right?
The only hack on cable style TV I remember is you could buy modified satellite authentication cards for DirectTV for a time - usually on eBay or similar sites - and they worked. No idea how long, I had an uncle that had one though, got all the premium channels etc.

I doubt any of this works anymore though

I remember being out for a beer run with a friend during these days. On the way there he pulls into a parking lot and stops in front of a nail salon. He said, "Come on" and I followed him into the nail salon. There were about 10 women in there, not a guy in sight... he goes up to the desk and pushes a button that looks like a doorbell.

One of the ladies doing the nails says, "He no work here no more, check dry cleaner across the street." We get back in the car and I'm like, "What was that all about?". "My DirecTV card got disabled and that's where I get it reprogrammed".

We go across the street to the Dry Cleaners. There are three ladies in the lobby watching TV, and a guy behind the counter. He asks the man, "Is Ken here?" The man says, "I'll check" as he walks into the back. Now, the man was coming from the back when we came in, so I assume he already knows if Ken is there or not, but Ken probably only comes out if he recognizes my friend.

Sure enough, Ken comes right out all smiles and they have a quick chat. My friend hands over his card and Ken says, "we had to get new equipment, it's now $100, ATM next door".

Ken disappears for about 10 minutes and comes back. My friend gives him cash and away we went. About 4 months later, he had to get it reprogrammed again.

Why did you take the car to cross the road?
It's a big busy road with a median in the middle. There were no crosswalks nearby, and we had to go back that direction anyway. Why do you ask?
I worked for a cable company in the mid-90s. The amount of boxes that disappeared (and couldn't be located) was insane. The folks that procured them also used a "bullet blocker" (basically a resistor) to avoid the box being disabled.

In the satellite realm, DishNetwork was always the easier service to hack. The FTA scene was completely overrun with folks buying 3rd party tuners. Once Dish switched to an encrypted signal, a few vendors (nFusion if I recall) even could rotate keys in a matter of hours to decrypt Dish's new encryption schemes. I doubt any of that works these days simply because there's no reason to push too hard for content that is likely available via easier means.

I read an article about the early DirecTV hacking days and the cat and mouse game the hackers played with the company. DirecT cards were smart cards that ran programs for the decryption path. The hackers kept just duplicating whatever DirecTV sent down to keep them workign, mystery bits and all. Then one day a final update came out and those weird bits turned out to be a specially designed program that bricked all of the hacked cards. I'm sure that was a temporary setback for the hackers but it was a great story.
Let me tell you what's wrong with this:

Nothing.

I think it is slightly more complicated than this. Removing these "artificial" locks raises the price of the base model. This can lead to people on a tighter budget from being able to afford it at all.

For this particular instance I don't feel too bad for a number of reasons:

1. Tesla is a luxury product so people on a tight budget will likely find a better value solution elsewhere.

2. The way these locks are implemented greatly restricts user freedom on the whole car so they see somewhat unethical to me.

But in general I believe that making one model and artificially locking it can be ethical. It is just taking advantage of economy of scale (by only making one model) without removing your base price point.

This has already been the case on European navigation systems (Audi and VW MMI/MIB) for many years now.

VW Audi Group developed an entire infrastructure called SWaP (Software as a Product) and FEC (Feature Enable Codes) many years ago, and ever since, there has been a cottage industry in bypassing the system to enable features like CarPlay, Navigation, and Performance Monitor which are usually locked by software trim levels.

It's always awesome seeing your comments about VW stuff. I've been using VCDS over 10 years now with nothing but various trims of Golfs for even longer than that. Luckily my Mk7 R came with all the FECs I'd ever want, stock! The secret menu doesn't show anything interesting in the diff between supported and installed.

Do you think there will ever be ECU/TCU tunes maintained as open source projects? Maybe not quite as user-friendly as the Cobb ecosystem and the like, but good enough to make $600+ tunes a thing of the past for DIY types who are into mucking about but want the peace of mind that comes with using maps that enough other people are already using? Not that tuners shouldn't be paid for their work, but I feel like they could focus on the custom tune segment and be ok. My current understanding is that free software exists (I haven't actually played with any myself yet, but I've heard of TunerPro, WinOLS, etc. and I see you maintain VW_Flash, very cool) but then the user needs to know how to create a custom tune from scratch, no free and widely used "off the shelf" / "staged" files floating around for common cars (the main value proposition of APR, EQT, IE, UM, etc.), correct?

All of the tools needed to do this are already there. However, maintaining this kind of project would be a thankless task riddled with bad users, regulatory/legal issues, and isn't likely to build a strong community for various reasons, so I don't think anyone has been highly incentivized to do it.
Internal employee controls have gotten way more sophisticated, and cared about since it's one of the things you need to do for business focused information security.
This is true, but if I remember correctly, Apple has a very similar issue with user locked devices.

Employees have opened their own "stores", where they remove activation locks, or unlock iphones remotely for a small fee.

Be careful though, some automakers are tracking software mods and voiding warranties. Example: https://www.motorbiscuit.com/beware-dodge-challenger-mods-do...
I don't think how that could work with the Magnuson–Moss Warranty Act ?
Good point. There is an exception in that act that allows the warrantor to waive coverage if the damage was caused by the consumer, so I guess Dodge can do it because the software mod in that case is causing the vehicle to perform outside of its design envelope. The warranty only covers manufacturer defects, and forcing the vehicle to do something it's not intended to do is not a defect.

So, I guess these Tesla hacks should be fine so long as they're only enabling things that the vehicle has been designed to do.

One advantage of having blown through the warranty on my Tesla already!

On the other hand, I don't think my car has any unlocked features I want. I mean, I didn't pay for FSD / Autopilot but I'm not sure I'd use either.

Mod chips for consoles and mod chips for cars don't seem too dissimilar
I had a friend that made a tidy sum in college by selling replacement chips for high end cars that overrode some governors built into the firmware.
And gray market chips you could swap into your US Robotics Sportster modem for dual standard 56k baud compatibility!
I unlocked a whole extra gallon on my i3's fuel tank (just about doubling its capacity) just by poking it with a computer, there's definitely people around willing to pay for this service.
This is because if the gas range was longer than the EV range it wouldn't qualify for the US federal EV tax rebate so BMW software limited the range. In europe it's not limited.
I don’t understand how you can defend against low voltage attacks like this.
The Xbox 360 was broken by voltage glitching, and Microsoft successfully prevented it from happening again with the Xbox One: https://www.youtube.com/watch?v=U7VwtOrwceo

In short, there's now a hardware watchdog which reboots the system if anything weird happens to the clocks/temps/voltages, and they carefully structured their boot ROM (the only code they can't patch later) to ensure that even if you somehow manage to sneak one glitch past the watchdog, no single branch condition being inverted will lead to a compromised state.

That is really cool. I personally installed the reset glitch hack on several Xbox 360. Immediately thought about that when seeing this article on the Tesla
Make sure all security critical state is initialised to known values at reset, then have very tight tolerances on your power watchdog to initiate reset.

However, that doesn't make for a stable system when powered from batteries.

> you could anonymize your location on Tesla's servers

I already anonymise my location on Tesla's servers by simply not owning a Tesla

Ah, but where's the challenge in that?
Your car is filmed and recognized by other teslas.
That can't be legal? Not in the EU, anyway.
Are you saying dash cams are illegal broadly there?
Dash cams are much more tightly regulated in the EU than elsewhere (you become a Data Processor and have all the responsibilities that comes with that).

Private ANPR in public spaces is unlawful in I think every EU state?

Coming from an American perspective (where, when you are in public, you have basically no expectation of privacy), this seems insane.

Does this mean that if I'm filming a vlog at Brandenburg Gate (which inevitably includes video of other people in the background enjoying the area), I'm in violation of privacy laws?

Does that mean if I take a video selfie of me and my family members (which, again, includes images of others in the background, and which is automatically uploaded to icloud) I'm a data processor and am in violation of privacy laws?

I assume there is some line here, but I can't think of the logic separating a person's dashcam from my examples?

> Does this mean that if I'm filing a vlog at Brandenburg Gate (which inevitably includes video of other people in the background enjoying the area), I'm in violation of privacy laws?

No (at least not in France, which also has pretty stringent privacy policy so I think it's still a relevant answer) you can film people or cars in public streets but you cannot do any kind of data processing on the things you film (you can't keep a database with the license plates you have on your personal videos for instance).

In short the line is: pictures and films by themselves are OK [1], but doing anything with the personal info you get from those video is forbidden.

[1]: (under conditions, you must not cause harm in the process: for instance no “happy slapping” videos)

There are differences between private photographs and commerical products.

Vlog/youtube would be considered to be potentially commerical .. so you would probably be responsible fore GDPR and likeness recording. (The onious is on you to blur)

Video selfie/photograph personal/non shared use - you're free do this

https://allaboutberlin.com/guides/photography-laws-germany

I am not a lawyer, nor is this legal advice.

Broadly speaking the line is: someone in the background, appearing briefly: fine.

Taking photos of specific people in public without their consent: not fine.

> Does this mean that if I'm filming a vlog at Brandenburg Gate (which inevitably includes video of other people in the background enjoying the area),

I don't know about the law in Germany but I think it is very impolite in any country. You should ask people's permission before putting them online. On Japanese TV they blur out faces of people passing by for example when filming an interview in the street.

As other have pointed out, the rules on photography vary from country to country within the bloc. However, the rules governing data protection and the processing of personal data (including photos) come from the GDPR, and very basically say that any processing of personal data requires a valid legal basis.

There is an exception for personal use - the household exemption - but as soon as you cross the line into commercial operations or certain activities such as publishing, creating databases, etc, you lose the benefit of that exception.

That doesn't mean you can't continue, just that you now need a legal basis and need to follow the rules (inform data subjects, allow the right to be forgotten, etc).

So in general, dashcams are fine (unless a local law prohibits them) as you have a legitimate interest in recording your driving in case of an accident. Creating a facial recognition or ANPR database with the same footage would be unlawful, however.

Why is A[LN]PR unlawful for private citizens to perform on their own footage? (e.g. using https://www.openalpr.com)
It's unlawful as it means you lose the household exemption, and so need a legal basis for the processing. You also need to inform others of the data collection in advance, the purpose for which the data is collected, and the contact details of the data controller.

Private ANPR-equipped vehicles are rare (and outright illegal in some EU states), but when you see them they'll have large decals with the above information on all sides.

Facial recognition is considered biometric data, which is special category data under the GDPR and forbidden to process except in very strict circumstances. Apart from law enforcement/government, it is more or less impossible to lawfully process biometric data with informed consent from the data subject. The household exemption does not apply.

The European perspective is broadly to have the "freedom from", whereas the American one is the "freedom to".

You've got the freedom to aquire an arsenal, I don't, but I prefer the freedom from other people gunning down my kids, which by extension limits the narrow personal freedoms of myself and others.

Likewise, the American perspective is to draw a hard line on "in public", the European one is more nuanced.

Yes, you can film your vlog without fear, but a random pedestrian in Berlin also has the freedom from being associated with your public vlog.

Therefore you have a responsibility to either get their permission to broadcast it, or to anonymize them.

A useful way to think about it is to shift your view from "can I do X?" to "will I bother anyone else by doing X?".

A useful way to think about it is to shift your view from "can I do X?" to "will I bother anyone else by doing X?".

I don't think that's particularly useful, because the answer to the second is trivially Yes, regardless of the value of X.

>the answer to the second is trivially Yes, regardless of the value of X

then don't do it?

Your response to "by that metric, essentially almost everything is disallowed" is "well yeah, just don't do it". I don't think that stance would sit well with most.
There are still many people bothered by the fact, that I as a men have long hair.

I am sorry to dissapoint you and those people, but for now I keep my hair.

You cannot please everyone and I think it is a path into madness to even try it. There are maaany things people feel bothered about …

Are you suggesting that someone could shut down all human activity on the European continent by declaring that everything bothers them?
There is a lot of leeway to be had between "will I bother anyone else by doing X" and "will anyone else be bothered by me doing X": it's active interference versus passive objection-taking. Socially aware people can learn the difference.
Fucking hell, here we go again: "Dash cams are much more tightly regulated in some parts of the EU than elsewhere."

It depends on the eu country of which there are several...including an ex-eu country.

How it comes accross: One of the things i hate about America is that in new york all the californian building restrictions and zoning are killing free speech.

With respect, the GDPR is a Regulation and this applies uniformly across the bloc. Enforcement varies, obviously.

TBH your comment comes off as very condescending and ill-informed.

(comment deleted)
GDPR is to be implemented independently in each country. There is room for interpretation, it's not a granitic ruleset from above
No, that's not correct.

When talking about the EU, there are two types of laws (well, three if you include treaties), Directives and Regulations.

Directives are common goals which much be transposed into law by each country and there is indeed differences in implementation. An example of a directive is Directive 2012/27/EU on energy efficiency. It set goals on energy efficiency (and minimum targets), but each country implemented it's own legislation to transpose the Directive into law, and those implementations varied wildly.

However, EU Regulations are a different kettle of fish. Regulations are EU legal acts which are immediately enforceable as national law in all EU states. GDPR is a Regulation and so applies uniformly across the bloc.

Regulations are designed to harmonise legislation across the entire bloc. Obviously there are differences in enforcement, but the ultimate arbiter is the CJEU and decisions are binding in all EU states.

In Germany, dash cams specifically are a bit of a gray area, but for example CCTV of any public areas is generally illegal.

https://europe.autonews.com/automakers/tesla-warns-its-camer...

I think EU countries are supposed to be using the same legal privacy framework, although the exact way the laws are phrased and interpreted might differ from country to country.

I believe in Spain, generally speaking, it is legal to record your interactions with someone when you are in public.

But I think many people are not aware that this is legal, including some police officers, because privacy laws are perceived to be quite strict.

Similarly, I think dashcams are actually legal, even though most police probably think they are not.

I think these recordings can even be used in court cases, and in fact in many cases it's probably the reason why they are legal, otherwise it would be hard to see a legitimate purpose that would override the privacy drawbacks.

However, there are restrictions. Indiscriminate recording (i.e. CCTV) of public areas is illegal, as in Germany. This is also true for the entrances of personal homes: you are only allowed to have CCTV outside if it's pointing directly at your door, not the street in general (and you must post a sign).

An obvious restriction is that I think you are not allowed to publish a recording without either anonymizing the people in them or getting their permission.

An interesting restriction that comes to mind is that a few years ago, there was a court case of a man who was caught filming children on a school playground while positioned outside the school, which at the time it was presumed to be for sexual purposes, I think because of the way he was doing the recording (big lenses, I think?) and because he didn't have a legitimate motive for doing that (like being the parent of one of the children, or filming a documentary, etc).

He was sentenced and received a large fine, but I think the legal reasoning was that children on a school playground are expected to have a legal right to privacy, even though it's a public school. So the judge considered it the legal equivalent of filming someone in their private home from outside.

I'm very happy for cases like these where common sense prevails over legal / ideological dogma (even though I'm also aware of the dangers it can pose when laws aren't interpreted to the letter).

> you are only allowed to have CCTV outside if it's pointing directly at your door, not the street in general (and you must post a sign).

I forgot to mention that I highly disagree with this restriction.

It's really, really bad for home and personal security: pointing the CCTV at your door does absolutely nothing when a robber / kidnapper enters your house while wearing a ski mask.

However, pointing the camera outside could much more easily record their identity in the days previous to the crime while they were staking the house (even if they only get caught after the crime), as obviously it's not very feasible to stake a house wearing a ski mask.

Or at least, it would deter them much more heavily and possibly prevent a not-insignificant proportion of kidnapping cases, since most of them seem to occur in people's own homes, which seems to be the easiest choice.

I am similarly an extremely big critic of self-defense laws in European countries, which basically leave you completely defenseless in your own home even if you or your family are being kidnapped, due to the huge asymmetric advantage that an attacker has over you.

Or at the very least, you risk going to jail for many years if anything goes wrong.

A vast majority of kidnappings are done by family members. It's a movie thing that a ski mask vigilante enters your home to kidnap you. I'm almost 100% positive there's virtually no risk of being kidnapped at home by ski-mask wearing criminals that staked your house previously.

Or, if you are in that specific, very small target group for e.g. ransom etc, you probably should've been investing in home security beyond a front door camera anyways.

> Or, if you are in that specific, very small target group for e.g. ransom etc,

I am, as are many thousands of other people, in different fields. Although some of my personal circumstances contribute to my risk being especially high, even within these fields.

> you probably should've been investing in home security beyond a front door camera anyways.

I have, to an extent that has been called unreasonable by multiple "normal" people, and these people are not even aware of 90% of the security measures I've taken, including the best ones. Fortunately, my closest family has always been highly supportive in this endeavor.

And these measures are not even half of the recommendations I've been given by security professionals who have scrutinized my life with a fine-toothed comb. Some of these recommendations I've chosen not to take due to not being too adapted to my personal circumstances and lifestyle, but others were amazingly good, far beyond what I expected.

That said, the camera issue, gun restrictions, and strict self-defense laws in Europe are huge limitations that all contribute to vastly decreased personal security for me and my family. And I've been advised by experts in this area, so it's not like I'm setting an unreasonably high standard. I'm also generally anti-guns, but alas, in some cases their benefits outweigh their disadvantages (otherwise police wouldn't carry them) and I think gun laws in Europe don't contemplate this type of situation very well.

It's also a fallacy to think that there is any single set of measures that will protect you. It's not like you can just hire a bodyguard and suddenly you are safe, in fact this can make things even worse in some circumstances.

Physical security can be as much about being careful, having plans in place, keeping a low profile and adding security layers / friction / risk / deterrents as other forms of security such as infosec. In fact, infosec is also a part of physical security nowadays, as well as other similar measures.

But of course, you can't just add every possible security measure, either due to cost or friction / unpleasantness. As an example, almost nobody would like to literally live in a bunker, if you know what I mean.

Also, don't forget to consider that even when you have great home security, it can be very, very easy to bypass it. Even very famous celebrities with great security teams have been kidnapped in modern times, although many of these cases are unknown to the general public. You'd probably be surprised! And that's only the cases that have been made public, most of them are probably not even made public.

Furthermore, your closest family members may not be able to be as vigilant as you, for many different reasons. And it's not even possible to be 100% vigilant all the time, it's extremely easy to get complacent over the years or make mistakes that decrease your security.

To add to all that, attackers have a huge asymmetric advantage during an attack, as they have the surprise element.

"gun restrictions, and strict self-defense laws in Europe are huge limitations that all contribute to vastly decreased personal security for me and my family"

Even in germany it is quite easy to legally own a gun. All you have to do is be a member of a Schützenverein ("shooting club") for some time.

What is indeed very hard, is get permission to carry a gun with you.

But your main point seems to have been about home security and having a gun in your home is very possible. Unless you live somewhere with tighter gun laws than germany?

(Also most abductions for ransom happen outside, easier to snatch someone from the road, than come into his home)

"To add to all that, attackers have a huge asymmetric advantage during an attack, as they have the surprise element."

But you can also surprise them with security, they were not aware of and after that initial attack advantage, time is on your side. (Emergency call and panic room).

"It's not like you can just hire a bodyguard and suddenly you are safe, in fact this can make things even worse in some circumstances."

Yeah, because a common bodyguard mainly creates visibility. And the best defense is to not let the attacker know you exist as a target. But there are security guards, that are not visible to the bystander.

And all in all I have to say, that you do sound quite paranoid. And I cannot think of too many professions, where that paranoia in europe is warranted and where you do not have professional security assigned to you, or where you do in fact get permission to carry a weapon. If the walls you build around you are too tight, you eventually just build your own prison.

> But your main point seems to have been about home security and having a gun in your home is very possible. Unless you live somewhere with tighter gun laws than germany?

No, you are completely right, I had forgotten about that possibility!

Indeed, my main worry with gun laws in Europe is about home security, where the advantages can outweigh the drawbacks if you have a high risk profile, not about carrying them in public which I think could lead to other problems.

The hunting guns are much better than nothing, that's for sure!

> (Also most abductions for ransom happen outside, easier to snatch someone from the road, than come into his home)

From my experience (i.e. the many cases I'm familiar with, not that I've been a victim), this is not true, although I'm also familiar with cases like you describe.

But perhaps I'm simply not familiar with the cases that you know about, or about general statistics. I'm more familiar about cases similar to my risk profile.

> But you can also surprise them with security, they were not aware of and after that initial attack advantage, time is on your side. (Emergency call and panic room).

There are scenarios of home invasion for kidnapping purposes that I'm familiar with, which have really happened in Europe not too long ago, and which are impossible to defend against without extreme measures or very significant lifestyle changes, even taking into account what you just mentioned (which I'm obviously familiar with) but I really don't feel comfortable sharing more information.

> Yeah, because a common bodyguard mainly creates visibility.

Indeed, but even ignoring that (and the cost which is usually not a problem in these circumstances) there can also be quite a few more drawbacks that you didn't mention, but again, I don't really want to get into it.

> And the best defense is to not let the attacker know you exist as a target.

Not always possible, but completely agreed in-so-far as you can achieve that as much as possible!

I consider this to be one of the most important goals, assuming you are not a famous person already.

But even then, over the years there have been literally dozens of people who have become familiar with the riskiest part of my situation due to things that are completely outside my control, like different types of legislation which actually force me to disclose the most critical parts of my personal information to dozens of strangers for different (although usually similar) reasons.

Several databases also contain this critical information.

These strangers I mentioned are unlikely to lead to problems themselves, but information can travel easily or be leaked, and it's still an increase in risk.

> And all in all I have to say, that you do sound quite paranoid.

Yes, I'm 100% aware of that :) Don't think I haven't been told this by many people who are not entirely familiar with my situation.

That said, all of the people who have been aware of the details of my situation have shared exactly the same worries as me, and this includes people who have motivation to tell me the harsh truth rather than simply humoring me.

But of course, I try to share all of my details with as few people as possible, for obvious reasons.

In these kind of high-risk stakes, I make sure to really seek honest feedback rather than confirming my biases, because I just want to get the most useful information to make the best decisions I can, accepting that I can be very ignorant about things which I knew almost nothing about (like physical/personal security). The professionals who have assessed my situation have been really clear about all the stupid, unrealistic worries that I had, as well as all the things that I should be really worried about. They have also provided me with a numerical estimate of my personal risk (hopefully much less biased than my perceptions), along with justifications.

Yeah, I know I may be unreasonably paranoid, but on the other hand, ar...

""Yeah, because a common bodyguard mainly creates visibility."

Indeed, but even ignoring that (and the cost which is usually not a problem in these circumstances) there can also be quite a few more drawbacks that you didn't mention, but again, I don't really want to get into it."

I actually worked a bit in security and so I can tell that some of the other disadvantages are, that most security guys are treated badly, get very lowly paid and their morals are low - so their motivation to potentially sell you out (or not wake up when you need them) is actually quite high. Some high profile companies might be different, but I know I would not trust a common security company with anything (And the company that I worked for had a good reputation and was involved with securing government buildings, but I was a bit shocked to look behind the facade, it all only works, because most criminals are unprofessional as well)

Otherwise you do sound reasonable that you take the appropriate steps, but like you said, it is all about the right balance and yes, you have to accept some risk in life.

But of course, now I am really curious about your risk profile. Seems to be quite an unusual one.. but I can understand, that you don't want to share details. Because unlike often cited here, Security through obscurity is a real thing.

edit: but I have to relativate about the security guys I worked with: some of them were quite bad, but probably none of them would have actually ignored when a child was in danger, or activly helped an attacker for money. They just didn't give a shit in general, so maybe would miss the alarm. And miss doing maintainance in alarm systems etc. And not follow safety protocols (in theory there were actually too many of them, but even the simple and useful ones got ignored)

CCTV's only purpose for home security is for possible intruder to see it and decide to not intrude. If they come in and you get them in vidi then what? Who will you show it to? Police? What are they going to do?
> CCTV's only purpose for home security is for possible intruder to see it and decide to not intrude. If they come in and you get them in vidi then what?

If your CCTV can only film inside your house, it will not be able to record the identity of a sophisticated attacker.

> If they come in and you get them in vidi then what? Who will you show it to? Police? What are they going to do?

If you are able to record their identity (this is much more likely if you can film outside your house, within an area they would use to stake it), then there are several advantages:

1. Even if you are kidnapped or your house is robbed, it is more likely that the attacker's identity will be recognized, either during this attack, before another attack or even after they are caught in another attack, which would help to increase their sentences.

The chance this will help stop the current attack is minor, although not impossible if law enforcement acts in an expertly fashion (huge "if", I know).

2. For the same reasons above, it is also a huge deterrent, as it greatly increases the risk of the attack (for the attackers, of course), so it also helps to prevent you from being attacked.

3. Furthermore, it shows that you have taken security measures and therefore will increase the chance that the attackers will choose an easier target rather than you.

Not to worry, chinese made cams broadcast everything for everyone on the internet to see. Nothing closed circuit about that!
In Austria there are illegal.
I don't think they're all that concerned about the law.
(comment deleted)
Which part? Lots of German cars use cameras to recognize cars for various safety and convenience features.
>Your car is filmed and recognized by other teslas. - coolspot

Is this true?

  - filmed: definitely
  - recorded: not sure (probably not long term)
  - recognized: unlikely
Recorded, yes. Tesla uses the fleet to collect video data for training their algorithms. This has been shared in multiple presentations from Tesla.
That's why I also rotate license plates and repaint my car twice a year.
I also change my facial hair style 4 times a year. Will start getting plastic surgery twice a year starting next year.
I just inked an adversarial CV tattoo onto my face, worked great until that image leaked into the training data.
Should have tattooed a QR code that auto downloads a malware that bricks A100s.
Against face recognition you could use CV dazzle makeup [1] to look less like a face. However I wouldn't recommend using that approach for your vehicle

1 https://dangerousminds.net/comments/foil_facebooks_facial_re...

I think that's actually quite common on new car models. The dazzle paint job makes it harder for the press to see the shape.

E.g.: https://www.bmw.com/en/automotive-life/prototype-cars.html

I don't want my car "harder to see" going at 100 miles down the highway.
Oh no, it's super easy to see, just harder to tell if it's a coupe or a sedan or whatever. New lines in the body panels get drowned out by the pattern, etc.
I always wondered if this still worked with a IR/UV camera too...?
I vaguely recall reading (probably in the book All Corvettes Are Red) that the C5 Corvette was driven around with Camaro body panels to fool the media.
I wonder how the face painting antics of Death Metal bands would hold up to face recognition software?
Sorry for being pedantic, but it's usually Black Metal bands that wear the face paint that you're thinking of :)
sounds like a slippery slope to voluntary hip surgery for gait correction
I always wondered if this could be beat by putting a pebble in your shoe or something.
It’s been a long time since I read it but I think that’s exactly how it was beat in Cory Doctorow’s novel Little Brother.
Not sure if it's changed now, but just wearing flip flops used to defeat gait recognition...
That's why I wear an rpi connected to four lcd's on my face that display randomly chosen beard tiles.

It's also why I started Our Lady of the Anonymity Pool where we gather for music and fellowship, and to recharge and distribute beard screens to our congregants and visitors.

Phillip K Dick imagined a "scramble suit" that did just that in a Scanner Darkly, continuously randomizing the users facial features.
This is currently possible in real time on consumer mobile hardware, looks neat
That's why my license plate is shaped like 3 different light bulbs, and is hidden in a grid of light bulb shaped objects.
Oh hey, I just did your license plate as a CAPTCHA!
you're joking, but there's a whole genre of "adversarial fashion"[0][1] dedicated to making clothing that spams these sort of public data recognition services. Hoodies with license plates, face masks with weird facial features, etc. Often optimized against actual neural networks too

[0] https://adversarialfashion.com/

[1] https://www.capable.design/

This is awesome, and thanks for posting this. I had no idea.
Gait detection renders any of this obsolute sadly.
Luckily my gait is not in an adtech company's database and sold to the government, like my face probably is.
How do you know?

ID phone Bluetooth on passing, or even facial rec, then it gets tied to gait, and it's forever tied.

Just keep your phone down in your third pant leg instead of using a rock.
And cost at scale renders gait detection detection and most face detection at scale useless. The sexy movie detection methods all suck.

Go with what works. Just id people via their phones with a dirtbox.

A third pant leg sown on one side with a rock on the bottom will (probably) throw off some algos.
And set off hella red flags for everything else (probably wouldn't be too much of a problem if you just say "it's to foil gait detection" when you get interrogated about your third leg. people tend to be cool with all kinds of weird shit as long as it's for a reason). Could maybe work if gait detection is the only adversary in your life for sure.
Put different insoles in your shoe every day
I wonder how effective that is considering storage costs are very cheap and an AI can easily filter out images that are either “car” or “not car”
This made me realize that recent openAI tech is able to cut through misleading or confusing images, even finding the potentially inferred humour or absurdity layered in the images. I wonder how we’ll find a way to trick that kind of technology as well.
This is really cool. Though the Capable Design site with its animations is a bit adversarial to me browsing it.
(comment deleted)
This is actually a common practice. Thieves will jack someone’s plates (prefer that they don’t notice) after stealing a car. It is pretty effective, since most people don’t realize their plates have been swapped until they have been pulled over for vehicle theft, so the cops aren’t even looking for the right plate for a few days, and by then they’ve already swapped again.

Better put an apple tag in your car just in case.

Yeah, how much do you trust Musk and company?
This is a plausible attack vector, parallel to the profiles Facebook, Linkedin et al maintain for people who don't have accounts.
fortunately I only own a bike...though maybe this makes me ineligible for some Illinois class action lawsuit...
That's why I cycle everywhere. With my phone switched off and stowed in a Faraday bag.
(comment deleted)
(comment deleted)
I drive a firetruck, so I'm invisible to Teslas.
That's why I only hang out in the metaverse and don't leave my home anymore. Umm, ...
(comment deleted)
That is why I ride a bicycle.
What kind of car do you have? Your car almost definitely shares its gps location to the manufacturer and downstream data brokers.
Lol, not my 2005 Toyota. It doesn't even have anti-lock brakes, much less a GPS phone-home system.
Hah, fair enough!
I have a Volvo, and it's not connected to any freaking thing, so if it's sends the location, that would be magic.
Semi related question I suppose. Do the Teslas simply use GPS for their location information? If so, couldn't one spoof the GPS using a hackRF or similar?
Targeted by the FCC seems worse than violating a Tesla clickwrap agreement.
Only an idiot would let their GPS spoofer onto the air. You unplug the antenna cables from the receiver and pipe the spoof signal in there.
I have no idea about Tesla specifically but normally you'd also you cell and wifi information (in their case probably also information from other teslas around) and additionally you have accelerometer and the whole "self-driving" computer to estimate where the car is and where it's going. It's also a known attack vector and likely covered because GPS signal is really weak so it's easy for somebody outside the car to try to make a mess.
Isn’t this a huge risk to AMD’s confidential compute offering. It’s a major security flaw.
I have reviewed the threat model carefully before. AMD never claims that their confidential compute offering is immune to attacks involving physical access. I assume what you mean by confidential compute is technology like AMD SEV SNP? Those are very different in that they allow you to run a trusted virtual machine on an untrusted hypervisor. This attack is completely different; it's akin to breaking Secure Boot on a PC.
Can you not turn off vehicle tracking?
Since a few weeks you get a classic consent screen for various categories of tracking. At least in Norway. You can turn everything off but I think some data is still sent to your phone through the Tesla servers. And I assume it’s not end 2 end encrypted.
Definitely sophisticated, but something console hackers have been doing for quite some time now including the boot flow. I'm wondering if a Tesla vehicle/computer is more sophisticated than say a PS5?
This is the same attack (and same people who developed) faulTPM[1] that was previously discussed[2]. This article is the same people demonstrating that attack against Tesla vehicles. The paper[1] and previous discussion[2] address the underlying problems with AMD's Secure Processor (AMD-SP) that is embedded in their CPU SoCs and previously and more commonly known as Platform Security Processor (AMD-PSP).

Unlike a web browser where W3C AntiFraudCG folk propose that websites would blacklist all impacted AMD-SP hardware and create massive amounts of e-waste[3], Tesla likely can't do much about this attack because Tesla (not users) would be responsible for a very expensive change of vehicle hardware.

If it's not an easy-to-execute attack like faulTPM, there are more complex (but becoming more mainstream and cheaper) IC reverse engineering methods like polishing the die down to take photos of each metal layer and regenerating VHDL, FIB editing an operational IC to bypass tamper detection methods, etc[4].

A security architect of the Xbox One presented a talk[5] a few years ago which provides some good background too. Largely the Xbox One has managed to avoid piracy because they made it economically not worth anyone's time to attack due to competitive pricing models versus high cost of attack. Similar to use of Denuvo for a month or two after release of a PC game, attackers aren't going to bother if their work amounts to nothing a month later.

Hacking a Tesla to enable additional features is worth a lot of money, so the economics are quite different. It's also different economics for printer cartridges, "pay to enable more features or performance" network equipment, etc. The cost of IC reverse engineering / FIB editing attacks (or other future attack methods) will keep reducing. IC tamper detection features will get more complex. Perhaps attackers will even get an advantage once they can readily reverse engineer 3nm ICs and defenders can't do much other than implementing ever more complex and obfuscated IC tamper detection features and VHDL logic (kind of like a Denuvo situation in hardware).

[1] https://arxiv.org/abs/2304.14717

[2] https://news.ycombinator.com/item?id=35787195

[3] https://github.com/antifraudcg/proposals/issues/19

[4] https://www.youtube.com/watch?v=6390Zqca3Mg

[5] https://www.youtube.com/watch?v=U7VwtOrwceo

[dead]
For now. They will plug the hole, just like Apple will stop any undocumented use of their GPU when it suits them. Why waste your time on these companies?
Possibly because it's their job, it's interesting, educational, maybe there's a monetary reward, maybe the reward was the journey all along. The article mentions it can't be fixed by software update.
> enable us to extract an otherwise vehicle-unique hardware-bound RSA key

not ed25519? I know very little about these encryption thingies. The Internet recommends ed25519 over rsa.

They haven't broken the encryption technique, they've bypassed it by extracting the key using weaknesses in the hardware-software. You have to redo the process for each physical device to extract the particular key in use in that device.
While the exploit that allows them to run arbitrary code is unfixable, that doesn't mean Tesla couldn't update the vehicle to make accessing these features more difficult. For example, simply not delivering chunks of FSD to unauthorized vehicles server-side.

I guess my point is: This will start an arms race. Eventually you'll need to pick between an on-network Tesla getting software updates from them, or an off-network Tesla with FSD and other things that unlocked can provide. Heated seats can likely be re-enabled electronically without software (i.e. splice in a switch).

Personally, purely from a utilitarian perspective, I wouldn't choose to use FSD that wasn't getting continuous updates because it may not include road changes, state law changes, and frankly still has a lot of room for safety/reliability improvement. Maybe "Enhanced Autopilot" ($6K) just for lane change.

PS - 9/10 of Tesla's recalls have been software updates. So you'd lose those with an off-network Tesla.

The arms race started the first time a Tesla shipped. They've had some serious security folks on the Tesla side since the early days.
Makes me wonder how Tesla's going to react to this. Can't imagine they're happy about this.
The real question is Tesla Supercharger capability. If you can't plug your car into that network, then you've lost a ton of value. But here's the thing. In order to disable supercharging, Tesla remotes into your vehicle to turn it off. It doesn't happen on the charger side, it happens on the vehicle. So if you have root on your Tesla, you can make sure you can always supercharge, which isn't mentioned anywhere else.
Here's a question for the lawyers out there: if you notify Tesla that they're no longer authorized to access YOUR car, and they remote into it anyways, would that come under Computer Fraud and Abuse?
IANAL. It seems like it should probably be covered anyway, without the notification. Assumed consent would cover updates and improvements. No-one is consenting to their car being crippled, surely.
It gets me wondering how well Teslas will function with zero connectivity w/ Tesla. I mean, if the company goes under or (more likely) they drop support for older models, do older cars get bricked and disabled like clients for a multiplayer game that's gone offline?
I doubt they'll completely brick (the car can reboot itself mid-drive while still having throttle/brakes/steering) but I could see most/all infotainment features ceasing to function.
You agreed to EULA.
So one can never revoke access or change the access terms to one's own car/computer? That just seems wrong. I'm pretty sure Tesla can and does change access terms to their servers and charging networks.
Wait a minute... heated seats are software locked on Teslas?

WTF guys?

I kinda get it. Rather than maintaining a supply of multiple parts which complicates your supply chain and install/repair procedures, Tesla is making cars nearly 100% identical physically and differentiating in software.
And getting the suckers who pay up to cover the cost for all vehicles having it.
Isn't that fully borne by the manufacturer? Suppose you're the manufacturer of a car that costs $30k to make and sells for $50k. You're posed with the question of whether to add a non-functional part that costs $5k. If you add the part and don't raise the price, then you're eating a $5k loss. If you add the part and raise the price by $5k, you don't eat the loss, but it also means you could have charged $55k for the car. No rational consumer is going to be like "I would have paid $50k for this car, but now that it contains $5k of non-functional component, I'm willing to pay $5k more for it now!".
Those suckers are getting a much better deal than if they had to pay the cost of an alternate production line and logistics flow.
so make them all cost the same then.....?
No. I don't need the rear heated seats.
(comment deleted)
The supply and install problem clearly isn't that hard, auto makers have been doing it for many decades at this point.

Plus, it seems backwards from a business standpoint. You always have the cost of installing the hardware, but now you only get a % of users who agree to pay for the additional cost? The only way to "fix" that is to artificially raise the price of the product so effectively everyone is paying, which means now you're double-dipping from the people who do want it.

It's just crap. If I buy a physical device (not renting) then I own it and should be able to use its full capabilities. The only thing that should cost more is anything that has ongoing cost to the manufacturer if I use it.

> The supply and install problem clearly isn't that hard, auto makers have been doing it for many decades at this point.

Are you referring to the legacy auto manufacturers that still can't make EVs profitably in 2023? Perhaps Ford with its negative 58.9% EBIT margin on their EV division [1]?

Of course you can "solve" a more complex supply-chain and multiple vehicle configurations. It just costs more money. And therefore reduces your profit margin. If you do too much problem-solving of this type, your margin might end up negative. Not every EV manufacturer can subsidize their EV business with a high-margin ICE business.

[1] https://media.ford.com/content/fordmedia/fna/us/en/news/2023...

Installing heated seats or these common add-on features has nothing to do with EVs vs ICEs. It's not specific to either, or harder/easier for either.
>The only way to "fix" that is to artificially raise the price of the product so effectively everyone is paying

You know what's better than "artificially raising the price of the product" so you can pay for the heated car seats or whatever? Raising the price of the product, and not installing the car seat in the first place and keeping the extra money for yourself. The idea that carmakers can pass the cost of software locked (ie. non-functional) parts to consumers makes zero sense.

From the perspective of the manufacturer, having fewer model variations and factory/assembly configurations may end up saving more money overall.

They may also believe that there is a large-enough group of people who would decide not to get heated seats installed at purchase time, but would later regret that and wish they had it. The manufacturer might make more on "install hardware unconditionally and charge a fee for zero work later" than "install hardware later on demand".

The true cost of things to the manufacturer often depends on more than just the cost of that item and the direct labor cost to install it.

But I absolutely agree that we should applaud people who get around these sorts of software lockouts. If the company is going to give you a piece of hardware, it should be fair game for you to figure out how to get the most use out of it.

As are the footwell lights, fog lights, and premium audio.

Heated front/rear seats have been standard equipment since 2020 I believe.

That's not true. The fog lights and premium audio both require hardware retrofits.
From what I understand the foglight is there but disabled from computer. The aftermarket lights bypass this lock completely by tapping into the main light cluster harness.
Premium audio isn't a software-disabled feature. You can buy a wiring harness on Amazon to enable the disabled, yet installed, speakers: https://amzn.to/3rVBrel
Before November of 2021, the cheapest Model 3 had heated front seats, and the rear heated seats could be unlocked for $300 (later reduced to $200).[1]

In November of 2021, they made heated seats standard. I think the only software unlocks available for current vehicles are acceleration boost, enhanced autopilot, and FSD.

1. https://www.tesla.com/support/upgrades#tesla-accordion-123-w...

Now comes the funny part, were tesla tries to make the platform trusted and locked down, and then people start to flash there own firmware and solder chip-mods, cause there is nothing GNUnder the sun.

Wouldn't be surprised if Tesla has a defeat-device buried somewhere that allows for remote permanent deactivation once parked in case of piracy

using the hardware you own should never be considered "piracy"
They can anyways remotely ssh into any parked Tesla nowadays
In other news: If you intercept the boot process of a system and open a root shell there, you can access the system.
I won't be buying any car with software locked features.
Game theory at play. Tesla and its customers are adversaries, vying for the same dollars. Tesla implementing these security measures directly translates to being able to charge more for services. Same as John Deere and many others. This is a minmax problem. How to pay the least to cause the other actor to pay the most. If the feature costs $15K and breaking security costs $15K then it is effective security. Obviously not the case here.
> Game theory at play. Tesla and its customers are adversaries, vying for the same dollars

Umm, I think this is more like "airlines vs passengers" when passengers read about "hidden city ticketing" in a travel blog, think it sounds cool yet haven't properly understand it, yet decide to go to town on it anyway.[0]

Since most providers are entirely at liberty to tell a customer they're no longer welcome, as a customer you have to be really really sure you want to own up to the provider as being an adversary, since you might end up needing another provider. For ever.

(Full disclosure: have been looking for, booking, and flying on less-than-entirely-legitimate airfares for a looong time. Have occasionally broken out in a cold sweat at an airport in some far-flung country on a dodgy itinerary when I think I've been rumbled...)

[0] https://www.insider.com/skiplagging-american-airlines-banned...

Fascinating article, didn't know skip lagging was a thing or that it is illegal. It definitely shouldn't be, just seems to be government protecting entrenched corporate interests at the cost of the populace. aka par for the course.
Skip lagging isn't illegal, iirc a recent court case reaffirmed that. Airlines don't like it though so they may cancel you.
So if you buy a Tesla and the T&Cs prohibit you from hacking it/modding it, then you decide to hack away at it anyway, what happens if Tesla were to brick the online features of your vehicle and/or completely cancel you as a customer?
In america the current legal standard is that you go and get fucked. You do not have a right to something you have purchased anymore as long as the seller puts enough magic fine print together.
I mean the whole point is that Telsa should not be able to brick the car you purchased because you changed something in your car. Why does a car come with conditions?

Granted I may not be in the demographic for a telsa, i wouldn't ever want my car connected to the internet.

> Fascinating article, didn't know skip lagging was a thing or that it is illegal

It's not illegal, but it is against the airline's T&Cs ... which you have to agree to when you purchase a ticket.

It seems the thought that Teslas are not cars, but rather tablets with wheels is accurate.
Because what could possibly go wrong hacking a hunk of metal that transports you at lethal speeds...
This line of reasoning is what is used to justify lock-in and anti-right to repair legislation. Following this reasoning you shouldn’t be allowed to change a flat tire on your car as it could be improperly tightened and fly off at speed.

Technical constraints to lock out owners/users only serve to enforce a manufacturer’s feudalistic rent seeking and revenue extraction policies.

In the overall scope of driving a personal automobile cellphone use or even adjusting the car entertainment system are far more common causes of accidents and death and yet these are not locked away via technical controls despite being very easy to accomplish.

Two things can be true at the same time: 1. It's a sketchy idea for the manufacturer to lock away features behind paywalls. 2. It's a really bad idea to monkey with the internals of a self-driving car.
As someone who made and drives a rat rod, it's basically the same situation? If the car fails due to my physical hacking, it's on me. Should be same for software.
I never said they shouldn't be able to do it; I said it's a bad idea to do it.

To put it in your terms: I'm happy for you to be allowed to drive a rat rod (hello, fellow old? I haven't heard that term in a looong time), but clearly a car with likely no crumple zones, air bags, antilock brakes, etc., etc. is less safe than a modern sedan.

Everyone accepts a certain risk simply by driving, and we all have relative risk tolerance. Point in case: I knew of a 20-year-old driver who owned a nice, safe vehicle but was too afraid to drive on an interstate highway because they were afraid. That's not a "hunk of metal" issue but a risk-comfort "issue," which really is relative.

Regardless, your point highlights the eternal fight between liberty and "safety and security." A society which tolerates little risk seeks to minimize liberty and maximize safety and security. A society which tolerates much risk seeks to maximize liberty and minimize safety and security.

To use cars as the prime example: why am I required to purchase a vehicle equipped with airbags [1]? They're expensive, bulky, decrease fuel economy, and may cause harm to a passenger if it improperly inflates. By owning a vehicle, I assume sole responsibility for the correct and proper operation of it as well as the physical well-being of any passengers. Frankly, I should be able to purchase a vehicle equipped without airbags to decrease the overall purchase price, thereby allowing me to use that money on other things.

The same argument doesn't apply to certain things like ABS, which I argue should be regulated because poor braking affects people both inside and outside the car. Airbags, on the other hand, only apply to people inside the car. By carrying any passenger in the vehicle, the owner assumes legal responsibility for their safe carriage.

[1] https://www.history.com/this-day-in-history/federal-legislat...

> why am I required to purchase a vehicle equipped with airbags?

The same reason that you can't sell food that's sweetened with lead. You can add lead to your own food if you want, just like you can drive a car without airbags.

Yes, keep lead out of food. The comparison is not accurate because the risk-reward profiles of lead-in-food and airbags-in-cars are misaligned. Food is consumed under all circumstances, whereas airbags are only employed during an emergency situation.

You're also right that I can drive a car without airbags, but the point is that you can't buy a new car without airbags.

I think it makes more sense if you frame it that the manufacturer is required to sell cars with airbags. We don't, as a society, want people to have to make a choice between safety and cost in that particular situation, so we mandate that the manufacturer can't even sell without them.

Beyond that, if we assume airbags, on average, decrease injuries and deaths, then society also has an interest in helping to ensure that. Heavily injured and dead people put more of a strain on our health care system, and the costs for that are not solely borne by the person who gets injured or dies.

Certainly there's room for disagreement on whether or not all that is worth the added per-individual cost, the regulatory cost, etc. But let's remember that there are many things that, on first glance, seem to only affect an individual, but actually ripple out and affect others as well.

That's very cool. Especially if this could compromise the desktop version of this tech as well. Extracting my own TPM keys could be useful if MS/GOOG decides to boil the frog even harder.