Monthly Archives: October 2024

Internet Archive hacked, data breach impacts 31 million users

Posted on by

Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.

News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.

JavaScript alert shown on Archive.org
JavaScript alert shown on Archive.org
Source: BleepingComputer

The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

The most recent timestamp on the stolen records is September 28th, 2024, likely when the database was stolen.

[…]

Update 10/10/24: Internet Archive founder Brewster Kahle shared an update on X last night, confirming the data breach and stating that the threat actor used a JavaScript library to show the alerts to visitors.

“What we know: DDOS attacked-fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords,” reads a first status update tweeted last night.

“What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”

A second update shared this morning states that DDoS attacks have resumed, taking archive.org and openlibrary.org offline again.

Source: Internet Archive hacked, data breach impacts 31 million users

Who the fuck hacks the internet archive?!

Scientists discover a secret to regulating our body clock, offering new approach to end jet lag, sleep quality

Posted on by

Scientists from Duke-NUS Medical School and the University of California, Santa Cruz, have discovered the secret to regulating our internal clock. They identified that this regulator sits right at the tail end of Casein Kinase 1 delta (CK1δ), a protein which acts as a pace setter for our internal biological clock or the natural 24-hour cycles that control sleep-wake patterns and other daily functions, known as circadian rhythm.

Published in the journal PNAS, their findings could pave the way for new approaches to treating disorders related to our body clock.

CK1δ regulates circadian rhythms by tagging other proteins involved in our biological clock to fine-tune the timing of these rhythms. In addition to modifying other proteins, CK1δ itself can be tagged, thereby altering its own ability to regulate the proteins involved in running the body’s internal clock.

[…]

“Our findings pinpoint to three specific sites on CK1δ’s tail where phosphate groups can attach, and these sites are crucial for controlling the protein’s activity. When these spots get tagged with a phosphate group, CK1δ becomes less active, which means it doesn’t influence our circadian rhythms as effectively. Using high-resolution analysis, we were able to pinpoint the exact sites involved — and that’s really exciting.”

[…]

We found that the δ1 tail interacts more extensively with the main part of the protein, leading to greater self-inhibition compared to δ2. This means that δ1 is more tightly regulated by its tail than δ2. When these sites are mutated or removed, δ1 becomes more active, which leads to changes in circadian rhythms. In contrast, δ2 does not have the same regulatory effect from its tail region.”

This discovery highlights how a small part of CK1δ can greatly influence its overall activity. This self-regulation is vital for keeping CK1δ activity balanced, which, in turn, helps regulate our circadian rhythms.

The study also addressed the wider implications of these findings. CK1δ plays a role in several important processes beyond circadian rhythms, including cell division, cancer development, and certain neurodegenerative diseases. By better understanding how CK1δ’s activity is regulated, scientists could open new avenues for treating not just circadian rhythm disorders but also a range of conditions.

[…]

“Regulating our internal clock goes beyond curing jet lag — it’s about improving sleep-quality, metabolism and overall health. This important discovery could potentially open new doors for treatments that could transform how we manage these essential aspects of our daily lives.”

The researchers plan to further investigate how real-world factors, such as diet and environmental changes, affect the tagging sites on CK1δ.

[…]

Story Source:

Materials provided by Duke-NUS Medical School. Note: Content may be edited for style and length.

Journal Reference:

  1. Rachel L. Harold, Nikhil K. Tulsian, Rajesh Narasimamurthy, Noelle Yaitanes, Maria G. Ayala Hernandez, Hsiau-Wei Lee, Priya Crosby, Sarvind M. Tripathi, David M. Virshup, Carrie L. Partch. Isoform-specific C-terminal phosphorylation drives autoinhibition of Casein kinase 1. Proceedings of the National Academy of Sciences, 2024; 121 (41) DOI: 10.1073/pnas.2415567121

Source: Scientists discover a secret to regulating our body clock, offering new approach to end jet lag | ScienceDaily

Supreme Court Snubs Martin Shkreli’s Last-Ditch Bid to Avoid $64 Million Fine over hiking unique life saving drug price from $13.50 to $750 a pill

Posted on by

Martin Shkreli has been fighting a $64.6 million fine he acquired in 2022 for blocking affordable alternatives to Daraprim, a lifesaving antiparasitic drug. Shockingly, it turns out nobody on the Supreme Court cares to hear about it.

No justices dissented on Monday when the court said it declined to hear an appeal by representatives of the former pharmaceutical executive. In a last-ditch effort, Shkreli’s lawyers asked the Supreme Court to resolve conflicting rulings after the 2nd U.S. Circuit Court of Appeals upheld the $64.6 million order and a lifetime ban to block Shkreli from working in the drug business. Only, the conflicting rulings didn’t even exist, New York Attorney General Letitia James argued in an August brief. The Supreme Court had nothing to add when it snubbed Shkreli.

The so-called “pharma bro” rose to infamy as the chief of Turing Pharmaceuticals — later called Vyera. In 2015, the startup bought exclusive rights to Daraprim and jacked up its price from $13.50 to $750 a pill. At the time, there were no generic alternatives to the toxoplasmosis medication, which is used to treat a rare condition that affects pregnant people, babies, and people with HIV and cancer.

Shkreli, also temporarily the owner of a secret Wu-Tang Clan album, was convicted of securities fraud and sentenced to seven years in prison in a 2017 case unrelated to Daraprim. In a comment to Gizmodo at the time, Shkreli said he planned to “make paper from inside” while serving time. Two years later, the former executive reportedly faced solitary confinement for trying to run a company with a contraband phone.

Shkreli got out of prison in 2022 and promptly announced a Web3-based drug discovery venture called Druglike. His other recent projects include launching a medical chatbot called Dr. Gupta and taking credit for a cryptocurrency named after former President Donald Trump.

Turing filed for bankruptcy and moved to sell the rights to Daraprim in 2023.

Source: Supreme Court Snubs Martin Shkreli’s Last-Ditch Bid to Avoid $64 Million Fine

Epic judge orders Google to let rivals set up app stores

Posted on by

A US court has ordered Google to refrain from a wide variety of business practices the web giant uses to bolster its Play Store, as a consequence of its December 2023 antitrust defeat against Epic Games.

In that case, Epic argued that Google’s Play Store rules and contractual agreements with developers and partners violated the federal Sherman Act and California’s Unfair Competition Law (UCL). And the jury agreed.

On Monday, US District Court judge James Donato issued a permanent injunction [PDF] that forbids Google from eight behaviors deemed unlawful as a result of the case.

“The jury found that Google’s conduct violated the antitrust laws and substantially harmed competition in the relevant markets, and directly injured Epic,” judge Donato wrote, explaining the injunction. “The jury rejected Google’s proffered procompetitive justifications for its conduct. Consequently, the Court concludes that Epic has prevailed on the UCL claim against Google under the unlawful and unfair prongs.”

Noting that Google had “fired a blunderbuss of comments and complaints that are underdeveloped and consequently unhelpful in deciding the issues,” judge Donato put an end to the extensive input afforded to both sides about the specifics of the injunction that follows from the verdict.

Google, in a blog post, unsurprisingly disagreed – it is appealing the verdict and will ask the courts to pause the injunction until its appeal is heard.

“These Epic-requested changes stem from a decision that is completely contrary to another court’s rejection of similar claims Epic made against Apple – even though, unlike iOS, Android is an open platform that has always allowed for choice and flexibility like multiple app stores and sideloading,” wrote Lee-Anne Mulholland, VP of regulatory affairs at Google.

Mulholland argues that the court-ordered changes would hinder Google’s – and the wider Android ecosystem’s – ability to compete with Apple’s ecosystem.

The injunction is set to take effect starting November 1, 2024, only in the US, for a period of three years. During this time:

  • Google may not share revenue generated by the Google Play Store with any person or entity that distributes Android apps, or has stated that it will launch or is considering launching an Android app distribution platform or store.
  • Google may not condition a payment, revenue share, or access to any Google product or service …
    • on an agreement by an app developer to launch an app first or exclusively in the Google Play Store;
    • on an agreement by an app developer not to launch on a third-party Android app distribution platform or store a version of an app that includes features not available in, or is otherwise different from, the version of the app offered on the Google Play Store;
    • on an agreement with an original equipment manufacturer (OEM) or carrier …
      • to preinstall the Google Play Store on any specific location on an Android device;
      • not to preinstall an Android app distribution platform or store other than the Google Play Store.
  • Google may not …
    • require the use of Google Play Billing in apps distributed on the Google Play Store, or prohibit the use of in-app payment methods other than Google Play Billing;
    • prohibit a developer from communicating with users about the availability of a payment method other than Google Play Billing;
    • require a developer to set a price based on whether Google Play Billing is used;
    • prohibit a developer from …
      • communicating with users about the availability or pricing of an app outside the Google Play Store;
      • providing a link to download the app outside the Google Play Store.
  • Google will permit third-party Android app stores to access the Google Play Store’s catalog of apps so that they may offer the Play Store apps to users. [Along with other distribution fairness requirements, Google has eight-months to implement this, at which point the three-year clock will begin for this provision.]
  • Google may not prohibit the distribution of third-party Android app distribution platforms or stores through the Google Play Store.

The injunction also gives Epic and Google a 30-day deadline to form a three-person Technical Committee, comprising one representative from each party and a mutually agreed upon third member, to resolve disputes over the implementation of the injunction’s provisions.

Epic Games did not immediately respond to a request for comment. ®

Source: Epic judge orders Google to let rivals set up app stores • The Register

23andMe is on the brink. What happens to all that genetic DNA data?

Posted on by

[…] The one-and-done nature of Wiles’ experience is indicative of a core business problem with the once high-flying biotech company that is now teetering on the brink of collapse. Wiles and many of 23andMe’s 15 million other customers never returned. They paid once for a saliva kit, then moved on.

Shares of 23andMe are now worth pennies. The company’s valuation has plummeted 99% from its $6 billion peak shortly after the company went public in 2021.

As 23andMe struggles for survival, customers like Wiles have one pressing question: What is the company’s plan for all the data it has collected since it was founded in 2006?

[…]

Andy Kill, a spokesperson for 23andMe, would not comment on what the company might do with its trove of genetic data beyond general pronouncements about its commitment to privacy.

[…]

When signing up for the service, about 80% of 23andMe’s customers have opted in to having their genetic data analyzed for medical research.

[…]

The company has an agreement with pharmaceutical giant GlaxoSmithKline, or GSK, that allows the drugmaker to tap the tech company’s customer data to develop new treatments for disease.

Anya Prince, a law professor at the University of Iowa’s College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist.

For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm.

[…]

According to the company, all of its genetic data is anonymized, meaning there is no way for GSK, or any other third party, to connect the sample to a real person. That, however, could make it nearly impossible for a customer to renege on their decision to allow researchers to access their DNA data.

“I couldn’t go to GSK and say, ‘Hey, my sample was given to you — I want that taken out — if it was anonymized, right? Because they’re not going to re-identify it just to pull it out of the database,” Prince said.

[…]

the patchwork of state laws governing DNA data makes the generic data of millions potentially vulnerable to being sold off, or even mined by law enforcement.

“Having to rely on a private company’s terms of service or bottom line to protect that kind of information is troubling — particularly given the level of interest we’ve seen from government actors in accessing such information during criminal investigations,” Eidelman said.

She points to how investigators used a genealogy website to identify the man known as the Golden State Killer, and how police homed in on an Idaho murder suspect by turning to similar databases of genetic profiles.

“This has happened without people’s knowledge, much less their express consent,” Eidelman said.

[…]

Last year, the company was hit with a major data breach that it said affected 6.9 million customer accounts, including about 14,000 who had their passwords stolen.

[…]

Some analysts predict that 23andMe could go out of business by next year, barring a bankruptcy proceeding that could potentially restructure the company.

[…]

Source: What happens to all of 23andMe’s genetic DNA data? : NPR

For more fun reading about about this clusterfuck of a company and why giving away DNA data is a spectacularly bad idea:

23andMe Thinks ‘Mining’ Your DNA Data Is Its Last Hope

23andMe tells victims it’s their fault that their data was breached. DNA data, it turns out, is extremely sensitive!

Bad genes: 23andMe leak highlights a possible future of genetic discrimination

23andMe frantically changed its terms of service to prevent 6.9m hacked customers from suing about losing their (and their entire family’s) DNA

23andMe hackers accessed DNA information on millions of customers using a feature that matches relatives

Drugmakers Are Set To Pay 23andMe Millions To Access Your DNA – which is also your families DNA

23andMe DNA site scraping incident leaked data on 1.3 million users

Cops are asking Ancestry.com and 23andMe for their customers’ DNA

Don’t use online DNA tests! If You Ever Used Promethease, Your DNA Data Might Be on MyHeritage – and so will your family’s

Twins get some ‘mystifying’ results when they put 5 DNA ancestry kits to the test

The Golden State Killer Suspect’s DNA Was in a Publicly Available Database, and Yours Might Be Too

What DNA Testing Companies’ Terrifying Privacy Policies Actually Mean

The Retail DNA Test

Dog DNA testing company identifies human as dog

Private equity wants to own your DNA – Blackstone buys Ancestry at $250,- per person

DHS Plan to Collect DNA From Migrant Detainees Will Begin Soon – because centralised databases with personally sensitive data in them are a great idea. Just ask the Jews how useful they were during WWII

Google’s AI enshittifies search summaries with ads

Posted on by

Google is rolling out ads in AI Overviews, which means you’ll now start seeing products in some of the search engine’s AI-generated summaries.

Let’s say you’re searching for ways to get a grass stain out of your pants. If you ask Google, its AI-generated response will offer some tips, along with suggestions for products to purchase that could help you remove the stain. […]

Google’s AI Overviews could contain relevant products.

 

Source: Google’s AI search summaries officially have ads – The Verge

License Plate Readers Are Creating a US-Wide Database of Cars – and political affiliation, planned parenthood and more

Posted on by

At 8:22 am on December 4 last year, a car traveling down a small residential road in Alabama used its license-plate-reading cameras to take photos of vehicles it passed. One image, which does not contain a vehicle or a license plate, shows a bright red “Trump” campaign sign placed in front of someone’s garage. In the background is a banner referencing Israel, a holly wreath, and a festive inflatable snowman.

Another image taken on a different day by a different vehicle shows a “Steelworkers for Harris-Walz” sign stuck in the lawn in front of someone’s home. A construction worker, with his face unblurred, is pictured near another Harris sign. Other photos show Trump and Biden (including “Fuck Biden”) bumper stickers on the back of trucks and cars across America.

[…]

These images were generated by AI-powered cameras mounted on cars and trucks, initially designed to capture license plates, but which are now photographing political lawn signs outside private homes, individuals wearing T-shirts with text, and vehicles displaying pro-abortion bumper stickers—all while recording the precise locations of these observations.

[…]

The detailed photographs all surfaced in search results produced by the systems of DRN Data, a license-plate-recognition (LPR) company owned by Motorola Solutions. The LPR system can be used by private investigators, repossession agents, and insurance companies; a related Motorola business, called Vigilant, gives cops access to the same LPR data.

[…]

those with access to the LPR system can search for common phrases or names, such as those of politicians, and be served with photographs where the search term is present, even if it is not displayed on license plates.

[…]

“I searched for the word ‘believe,’ and that is all lawn signs. There’s things just painted on planters on the side of the road, and then someone wearing a sweatshirt that says ‘Believe.’” Weist says. “I did a search for the word ‘lost,’ and it found the flyers that people put up for lost dogs and cats.”

Beyond highlighting the far-reaching nature of LPR technology, which has collected billions of images of license plates, the research also shows how people’s personal political views and their homes can be recorded into vast databases that can be queried.

[…]

Over more than a decade, DRN has amassed more than 15 billion “vehicle sightings” across the United States, and it claims in its marketing materials that it amasses more than 250 million sightings per month.

[…]

The system is partly fueled by DRN “affiliates” who install cameras in their vehicles, such as repossession trucks, and capture license plates as they drive around. Each vehicle can have up to four cameras attached to it, capturing images in all angles. These affiliates earn monthly bonuses and can also receive free cameras and search credits.

In 2022, Weist became a certified private investigator in New York State. In doing so, she unlocked the ability to access the vast array of surveillance software accessible to PIs. Weist could access DRN’s analytics system, DRNsights, as part of a package through investigations company IRBsearch. (After Weist published an op-ed detailing her work, IRBsearch conducted an audit of her account and discontinued it.

[…]

While not linked to license plate data, one law enforcement official in Ohio recently said people should “write down” the addresses of people who display yard signs supporting Vice President Kamala Harris, the 2024 Democratic presidential nominee, exemplifying how a searchable database of citizens’ political affiliations could be abused.

[…]

In 2022, WIRED revealed that hundreds of US Immigration and Customs Enforcement employees and contractors were investigated for abusing similar databases, including LPR systems. The alleged misconduct in both reports ranged from stalking and harassment to sharing information with criminals.

[…]

 

Source: License Plate Readers Are Creating a US-Wide Database of More Than Just Cars | WIRED

Insecure Robot Vacuums From Chinese Company Deebot Collect Photos and Audio to Train Their AI

Posted on by

Ecovacs robot vacuums, which have been found to suffer from critical cybersecurity flaws, are collecting photos, videos and voice recordings — taken inside customers’ houses — to train the company’s AI models.

The Chinese home robotics company, which sells a range of popular Deebot models in Australia, said its users are “willingly participating” in a product improvement program.

When users opt into this program through the Ecovacs smartphone app, they are not told what data will be collected, only that it will “help us strengthen the improvement of product functions and attached quality”. Users are instructed to click “above” to read the specifics, however there is no link available on that page.

Ecovacs’s privacy policy — available elsewhere in the app — allows for blanket collection of user data for research purposes, including:

– The 2D or 3D map of the user’s house generated by the device
– Voice recordings from the device’s microphone
— Photos or videos recorded by the device’s camera

“It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs…”

Source: Insecure Robot Vacuums From Chinese Company Deebot Collect Photos and Audio to Train Their AI

Microsoft bricks Windows MR / VR In Windows 11 24H2

Posted on by

Microsoft has removed Windows Mixed Reality from Windows 11.

With Windows 11 24H2, the latest major version of Microsoft’s PC operating system, you can no longer use a Windows MR headset in any way – not even on Steam.

This includes all the Windows MR headsets from Acer, Asus, Dell, HP, Lenovo, and Samsung, including HP’s Reverb G2, released in 2020.

Screenshot taken by UploadVR.

UploadVR tested Windows 11 24H2 with a Reverb G2 and found the above notice. Microsoft confirmed to UploadVR that this is an intentional removal when it originally announced the move back in December.

In August 3.49% of SteamVR users were using a Windows MR headset, which we estimate to be around 80,000 people. If they install Windows 11 24H2, their VR headset will effectively become a paperweight.

“Existing Windows Mixed Reality devices will continue to work with Steam through November 2026, if users remain on their current released version of Windows 11 (version 23H2) and do not upgrade to this year’s annual feature update for Windows 11 (version 24H2).”

The death of Windows MR headsets comes on the same week Microsoft revealed that HoloLens 2 production has ended, and that software support for the AR headset will end after 2027.

Despite the name, all Windows MR headsets were actually VR-only, and are compatible with most SteamVR content via Microsoft’s SteamVR driver.

The first Windows MR headsets arrived in late 2017 from Acer, Asus, Dell, HP, Lenovo, and Samsung, aiming to compete with the Oculus Rift and HTC Vive that had launched a year earlier. They were the first consumer VR products to deliver inside-out positional tracking, for both the headset and controllers.

[…]

In recent years Microsoft has shifted its XR focus to a software-based long term strategic partnership with Meta.

So far that partnership has brought Xbox Cloud Gaming and Office web apps to the Horizon OS of Quest headsets.

Soon, it will also bring automatic extension of Windows 11 laptops by just looking at them, including spawning entirely virtual extra monitors.

And earlier this year Microsoft announced Windows Volumetric Apps, a new API for extending 3D elements of PC applications being streamed to Meta Quest into 3D space.

[…]

Source: Windows MR Headsets No Longer Work In Windows 11 24H2

A real crying shame. So another reason people will hang on to their Windows 10 installations even more. Hopefully (but doubtfully) they will release the source code and allow people to chug on under their own steam. Bricking these headsets in under four years should be illegal.

Dutch oppose Hungary’s approach to EU child sexual abuse regulation – or total surveillance of every smart device

Posted on by

The Netherlands’ government and opposition are both against the latest version of the controversial EU regulation aimed at detecting online child sexual abuse material (CSAM), according to an official position and an open letter published on Tuesday (1 October).

The regulation, aimed at detecting online CSAM, has been criticised for potentially allowing the scanning of private messages on platforms such as WhatsApp or Gmail.

However, the latest compromise text, dated 9 September, limits detection to known material, among other changes. ‘Known’ material refers to content that has already been circulating and detected, in contrast to ‘new’ material that has not yet been identified.

The Hungarian presidency of the Council of the EU shared a partial general approach dated 24 September and seen by Euractiv, that mirrors the 9 September text but reduces the reevaluation period from five years to three for grooming and new CSAM.

Limiting detection to known material could hinder authorities’ ability to surveil massive amounts of communications, suggesting the change is likely an attempt to reconcile privacy concerns.

The Netherlands initially supported the proposal to limit detection to ‘known’ material but withdrew its support in early September, Euractiv reported.

On Tuesday (1 October), Amsterdam officially took a stance against the general approach, despite speculation last week suggesting the country might shift its position in favour of the regulation.

This is also despite the Dutch mostly maintaining that their primary concern lies with combating known CSAM – a focus that aligns with the scope of the latest proposal.

According to various statistics, the Netherlands hosts a significant amount of CSAM.

The Dutch had been considering supporting the proposal, or at least a “silent abstention” that might have weakened the blocking minority, signalling a shift since Friday (27 September), a source close to the matter told Euractiv.

While a change in the Netherlands’ stance could have affected the blocking minority in the EU Council, their current position now strengthens it.

If the draft law were to pass in the EU Council, the next stage would be interinstitutional negotiations, called trilogues, between the European Parliament, the Council of the EU, and the Commission to finalise the legislation.

Both the Dutch government and the opposition are against supporting the new partial general approach.

Opposition party GroenLinks-PvdA (Greens/EFA) published an open letter, also on Tuesday, backed by a coalition of national and EU-based private and non-profit organisations, urging the government to vote against the proposal.

According to the letter, the regulation will be discussed at the Justice and Home Affairs Council on 11 October, with positions coordinated among member states on 2 October.

Currently, an interim regulation allows companies to detect and report online CSAM voluntarily. Originally set to expire in 2024, this measure has been extended to 2026 to avoid a legislative gap, as the draft for a permanent law has yet to be agreed.

The Dutch Secret Service opposed the draft regulation because “introducing a scan application on every mobile phone” with infrastructure to manage the scans would be a complex and extensive system that would introduce risks to digital resilience, according to a decision note.

Source: Dutch oppose Hungary’s approach to EU child sexual abuse regulation – Euractiv

To find out more about how invasive the proposed scanning feature is, look through the articles here: https://www.linkielist.com/?s=csam

Mazda’s $10 Subscription For Remote Start Sparks Backlash After Killing Open Source Option

Posted on by

Mazda recently surprised customers by requiring them to sign up for a subscription in order to keep certain services. Now, notable right-to-repair advocate Louis Rossmann is calling out the brand. He points to several moves by Mazda as reasons for his anger toward them. However, it turns out that customers might still have a workaround.

Previously, the Japanese carmaker offered connected services, that included several features such as remote start, without the need for a subscription. At the time, the company informed customers that these services would eventually transition to a paid model.

More: Native Google Maps Won’t Work On New GM Cars Without $300 Subscription

It’s important to clarify that there are two very different types of remote start we’re talking about here. The first type is the one many people are familiar with where you use the key fob to start the vehicle. The second method involves using another device like a smartphone to start the car. In the latter, connected services do the heavy lifting.

Transition to paid services

What is wild is that Mazda used to offer the first option on the fob. Now, it only offers the second kind, where one starts the car via phone through its connected services for a $10 monthly subscription, which comes to $120 a year. Rossmann points out that one individual, Brandon Rorthweiler, developed a workaround in 2023 to enable remote start without Mazda’s subscription fees.

However, according to Ars Technica, Mazda filed a DMCA takedown notice to kill that open-source project. The company claimed it contained code that violated “[Mazda’s] copyright ownership” and used “certain Mazda information, including proprietary API information.” Additionally, Mazda argued that the project included code providing functionality identical to that found in its official apps available on the Apple App Store and Google Play Store.

That doesn’t mean an aftermarket remote starter kit won’t work though. In fact, with Mazda’s subscription model now in place, it’s not hard to imagine customers flocking to aftermarket solutions to avoid the extra fees. However, by not opting to pay for Mazda Connected Services, owners will also miss out on things like vehicle health reports, remote keyless entry, and vehicle status reports.

A growing trend

Bear in mind that this is just one case of an automaker trying to milk their customers with subscription-based features, which could net them millions in extra income. BMW, for example, installs adaptive suspension hardware in some vehicles but charges $27.50 per month (or $505 for a one-time purchase) to unlock the software that makes the suspension actually work.

And then there’s Ferrari’s plan to offer a battery subscription for extended warranty coverage on its hybrid models for a measly $7,500 per year!

[…]

sure, you might have paid a considerable amount of money to buy your car, and it might legally be yours, but that does not ensure that you really own all of the features it comes with, unless you’re prepared to pay extra.

Source: Mazda’s $10 Subscription For Remote Start Sparks Backlash After Killing Open Source Option | Carscoops