1. Offline

    a_gray_prius Rare Non-Old-Blowhard Priuschat Member

    Member Since:
    Jun 13, 2008
    Posts:
    2,315
    Likes Received:
    376
    Location:
    Chicago, IL
    Your Vehicle Year:
    2008 Prius
    Model:
    N/A
    Nissan LEAF CARWINGS tells any RSS feed provider your current position, speed, direction, destination, etc. « Casey Halverson

    and

    Security Breach? Nissan Leaf Shares Your Location & Speed

    1 people like this.
  2. Offline

    hill High Fiber Member

    Member Since:
    Jun 23, 2005
    Posts:
    8,734
    Likes Received:
    1,169
    Location:
    South OC So Cal & the Flathead Valley, MT
    Your Vehicle Year:
    2004 Prius
    Model:
    IV
    I suppose that means if you're cheating on S.O. - you'll have to turn the RSS feed off. It's no big deal to simply turn it off. Imaging that ... the media creating drama where there is none.
    :p
    On a positive spin, one might set up an RSS feed for family purposes ... get togethers / find out where everyone is en route to a meet up, etc.
  3. Offline

    DarkStarPDX Junior Member

    Member Since:
    Apr 19, 2011
    Posts:
    26
    Likes Received:
    8
    Location:
    Hillsboro, Oregon, USA
    Your Vehicle Year:
    Other Non-Hybrid
    Model:
    N/A
    Fortunately there is no security problem. Every time you turn on the LEAF, a message is displayed asking if you consent to CARWINGS transmitting telemetry data over its service. You can choose "Yes" or "No." If you choose "No," when pulling up an RSS feed it will pop up the consent message again.

    I'm not sure where the problem is, but I think it's between the seat and steering wheel... :p
  4. Offline

    cwerdna Senior Member

    Member Since:
    Sep 4, 2005
    Posts:
    12,212
    Likes Received:
    1,884
    Location:
    SF Bay Area, CA
    Your Vehicle Year:
    2006 Prius
    Model:
    N/A
    I'm not sure if you're trying to be sarcastic, but I strongly disagree.

    Nissan ought to have UI along the lines of a checkbox for each RSS and text something like "send location". It should be off by default for each feed.

    Until this guy discovered it, this data was being silently leaked and potentially end up in web server logs all over the place. I used to run some web servers at work, so I've seen their log files.

    I haven't carefully read the CARWINGS message (since I don't own a Leaf), but this would almost akin to Safari on iPhone saying "Safari wishes to use your location. Yes/No", then you tapping Yes and then EVERY page you visit from that point on receiving your location as part of the GET that goes out.
  5. Offline

    rainnw New Member

    Member Since:
    Jun 21, 2011
    Posts:
    4
    Likes Received:
    1
    Location:
    seattle
    Your Vehicle Year:
    Other Non-Hybrid
    Model:
    N/A
    Whether you care or not, location disclosure is becoming a hot legal issue in the united states. One thing that apparently irks the government and general public is location disclosure without informing the user.

    I also do not call "I give permission to Nissan to have access to my location data" the same as "..oh, and also, some random guy named casey with a blog". Last time I checked, I was not a partner of Nissan or have any official association with them.

    The hole is plugged....and the fact they were so quick to act was obvious that this flaw wouldn't bode well with whatever legal implications. Otherwise, they would have left it.

Share This Page