Volkswagen blocks Home Assistant by requiring client assertion
github.com284 points by Kwastie 9 hours ago
284 points by Kwastie 9 hours ago
Wasn't the EU Data Act (https://digital-strategy.ec.europa.eu/en/policies/data-act) put in place to exactly prevent these kind of scenarios (Article 4 and 5)?
"where the user cannot directly access the data from the connected product or related service, the data holder must make the readily available data and necessary metadata accessible to the user without undue delay, in the same quality as available to the data holder, easily, securely, free of charge, in a structured, commonly used, machine-readable format, and continuously/in real time where relevant and technically feasible."
There is even special EU guidance for vehicle data for it: https://digital-strategy.ec.europa.eu/en/library/guidance-ve...
Indeed, this seems to be exactly the area where the Data Act could be used to regain access. Unfortunately it seems that it's not possible to directly sue (e.g.) Volkswagen to get access, unlike the GDPR where you have direct standing under article 79 [1].
There doesn't seem to be much written about enforcing the Data Act, so I looked at the regulation directly. Article 39 [2] seems to require to first lodge a complaint with the competent authority as designated by the member state of your residence. Then when that authority invariably fails to act – I have no idea which timeframe we're talking about here – you can "in accordance with national law, either have the right to an effective judicial remedy or access to review by an impartial body with the appropriate expertise". It isn't clear to me if such a lawsuit would be directed at the authority or at the party violating the Data Act.
I would very much like to be wrong about this. I can imagine Muñoz vs. Superior Fruiticola applies [3] ("it must be possible to enforce that obligation by means of civil proceedings"), but I'm not at all sure, and it's a much weaker route than the one which the GDPR explicitly describes.
Would anyone know or have better references on how to enforce the Data Act, preferably individually?
[1] https://gdpr-info.eu/art-79-gdpr/
[2] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:...
[3] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELE...
Quite a few other manufacturers have done the same thing. I use a reverse engineered Polestar library to get charging status but I'm in the middle of building a CANBUS sniffer to do the same job because I don't trust they won't do the same thing as this.
I don't really understand it, it doesn't seem to offer a huge potential revenue stream and it pisses off the people who are most invested in your product.
They already add cryptographic authentication to some CAN messages, so you can't change them. It is only a matter of time until they add encryption.
This is mostly a corporate problem of risk aversion in my opinion. Some department writes down a risk assessment with a list of miniscule risks, for example of some 3rd party app backend being hacked. Or just a headline "Tinkerer hacked his car to use with his home assistant" in the local press. This list circulates, and since nobody in the middle management wants to be responsible for anything, and there is no officially approved positive use case, draconian countermeasures are drafted and constructed one by one.
> draconian countermeasures are drafted and constructed one by one.
Except when it’s about privacy or anything else we actually care about: then absolutely nothing is done because it would cost more than 0 to do anything.
On the contrary, lots are being done about it, they have to update their terms of service…
> Or just a headline "Tinkerer hacked his car to use with his home assistant" in the local press.
It's pretty sad that "User used their product in a novel way we didn't expect" is seen as a risk that must be mitigated.
I suspect the manufacturer probably cares less about what you do to your own car and hacking it, than they do about the potential for security compromise of their products on a broader scale, where they will then get blamed and sued for not having closed said loopholes. It is a no-win situation when it comes to fault assignment.
> It is only a matter of time until they add encryption.
I hope I won't be in one of those cars when the in-memory encryption key gets bit-flipped by the unfortunate cosmic ray.
Proving that autopilot killed that poor old granny because of cosmic rays would be an interesting case study.
It actually happened with Toyota around 2010: they went into a settlement regarding an unintended acceleration issue because it was proven the code was terrible and a single bit-flip could cause the behaviour.
https://en.wikipedia.org/wiki/2009%E2%80%932011_Toyota_vehic...
Bit of context to this, it was demonstrated that it was a hypothetical possibility, but the issue couldn't be demonstrated in lab conditions. Stuck floormats, pedals, and confused drivers remain the only actual explanations for the real events behind the lawsuits.
Very interesting read. Thank you for the link.
Another interesting case: a proven case of bit-flip that affected a voting machine in Belgium: https://www.independent.co.uk/news/science/subatomic-particl...
It’s a fair assumption that most of these things are trickle-down effects of CMS/R155 and CRA combined with very high risk aversion on the company side. The less you expose, the lower the risk.
Right? I imagine there would be a non-trivial sales/marketing boost for the one/first company (in any segment) to fully embrace HA. IKEA is arguably a good example of this.
This is kind of an interesting contrast with BSH (Bosch and Siemens home appliances ), who are also German.
They appear to have seen making their Home Connect platform open as at least in part a matter of compliance with EU data transparency and portability laws.
The ability to interface with your car is fundamentally at odds with the regulatory momentum that's going towards encrypted everything.
Take a look what the automotive risc-v people are working on or the requirements of the EU cyber resilience act.
John Deere started the trend with locking down the farm equipment they sell.
BYD DMCAd my whole repo to connect to their cars... https://github.com/github/dmca/blob/master/2026/05/2026-05-2... It's a shame these car makers are locking down their cars (which are brought for a premium!) and going on a crusade against open source.
You should email Louis Rossmann, he's been helping people in similar situations.
This sure reads like a "you did nothing illegal but will attempt to make it look illegal" kind of thing. Like putting the key to a public space under the doormat, with a sign "key here" and then complaining you cannot use that key to access the already public space.
They alleging you have broken their encryption.. DMCA would be appropriate I would assume in this case. OTOH, if there isn't a first party way to get an auth token or a way to connect your car with home assistant, I see that as a deficiency of service.
r/opensource_legalaid let's reply and demand access to the data.
This comment has really nice translation of corpo-speek to human language :
https://github.com/robinostlund/homeassistant-volkswagencarn...
Why are they shooting them selves in the feet? Is this really a tangible income stream? Is it really increasing security?
> Why are they shooting them selves in the feet?
They don’t. Majority of users don’t care, and some middle manager shmuck, working on MySkoda, can report how “we” prevented a huge security risk and funneled valuable ~~cattle~~ user data where it belongs.
By the way, regarding additional profit stream, to access VW data before you still needed WeConnect subscription (100€ a year), just that before you could use another app or automation to access the data. Now you MUST use exclusively WeConnect and partners to access same data even though you paying already for subscription.
And that is why I'll not be buying a vw ever again despite being a fan of the brand so far.
Pretty sure connect is free for like ten years.
Well, might be depending on model. I own eUp and it was free for first year.
> Why are they shooting them selves in the feet?
Because people will still buy their cars. The average Joe has very little regard for their privacy. We've been trained to be numb.
> Is this really a tangible income stream?
Yep.
> Is it really increasing security?
Nope.
How is this a tangible income stream? I suspect that the amount of customers willing to pay for some weird API access or We Connect offering is rather limited. It would have to be bundled into some other solution, which again I'd guess have a limited customer base.
I have VW and I suppose We Connect, there's not a single thing that's worth paying for, not when you have CarPlay and Android Auto (or whatever that's called). If anything I'd prefer that they'd just drop the personalization they do with users. Our car will forever assume that my wife is driving, because that what the dealer configured and none of us care to mess around with it.
But yeah, people will buy the cars anyway, because all the automation is something that only an incredibly small segment has any interest in. It's just weird that those who actually care about connected cars are the only one VW is punishing with this move.
> I suspect that the amount of customers willing to pay for some weird API access or We Connect offering is rather limited
I tend to agree. But the counterpoint is Tesla. They charge for API access, and there are several businesses that exist to make that data available to customers. I don’t know how valuable it really is, but it’s working. My wife would pay Ford for the level of data she was getting from TeslaFi but instead she gives it to MileIQ. It’s not huge but that adds up.
That's my line of thinking with the "bundled into some other solution". It doesn't make a ton of sense for an individual to buy API access, but other companies could provide a service built in the API, and they are the ones paying VW.
> Why are they shooting them selves in the feet?
1. They dont think anyone will stop buying their cars because of this
2. They want to make more money
3. (speculation) The drop in demand for their cars in china is leaving them fucked, they need revenue now
Unfortunately I think they're right on #1. In the grand scheme of things the lost sales because of this change are a drop in the bucket. HA and similar tools are not that popular, very few people who have their mind set on buying a VW will change their minds because of this alone.
What's worse is that other manufacturers are starting to do the same thing. They all see unofficial integrations as lost revenue (less of your data to sell because you don't use their app), and higher costs because the usage still comes on their cloud spend bill.
I was talking to my gadget-passionate (but not techie) best friend when the company making our cars made it more difficult to authenticate using the HA integration. He looked at me like I switched to an alien language. "Who cares? Don't you use the app?".
Most executives make commercially disadvantageous decisions in exchange for more power.
It's practically a law of business: executives prioritize their power first and their company's profit margins second. This is one reason why outsourcing coding was so popular despite not saving money and being so commercially disastrous - execs were in the driving seat with that relationship much more than they were with us.
Despite what some people will tell you about how the home assistant consumer segment "doesn't matter" (it does) it really is more about the tangibility of control over data vs the intangibility of lost consumer goodwill.
Companies are not profit maximizing at all costs. The shareholders and the executives are not a singular body they have different and sometimes wildly divergent interests.
Yea, I don't really see the revenue potential here. They seem to be doing this purely to force developers to have a "formal relationship" with them, and to grief all other developers who don't.
Same mentality behind companies who insist users have an "account" to use their otherwise-unconnected products.
I haven't seen anyone put this dynamic in such a clear and succinct description - the fact is that a lot of people (especially corporate managers) just hate the loss of control and will go out of their way to ban people accessing their things "wrong" - even if it's counterproductive for their larger corporation or a goal.
wow - I was looking at moving from Tesla to Skoda for our next EV. Last month it was interceptor missiles for Israel and now this.
Client Assertion is an OAuth feature, but that is not at all what is being discussed here, if anyone else was confused. It is only present in the HN title and is not mentioned on the page.
The apps now require the use of "Security Assertion" from the client.
In this case, it's by Play Protect on Android, and whatever they use on iOS.
seems like google is playing a part in this ? https://github.com/robinostlund/homeassistant-volkswagencarn...
With the software supply chain running amok recently having anything connected feels like playing Russian roulette and I say this as somebody who is running home assistant for years. I’m particularly paranoid about connecting my ev (non-vw) to it now, feels like a serious footgun today, would’ve been convenient three months ago, true.
Seems doubtful that this security will be very strong. It won't be hard to spoof an official client.
If they’ve done it using Secure Enclave it’s essentially physically impossible to spoof.
The github OP reports that browser-based login still works, so it'll likely be circumventable.
Wouldn’t any Volkswagen keys need to cross the network to get into the Secure Enclave? Or couldn’t you exploit the Volkswagen app itself?
Keys in the Secure Enclave never leave the device (or the SE for that matter) and cannot be extracted even physically.
Newer devices support Remote Key Provisioning (RKP), so you still can't export keys but you can import them. (Physical attacks are still possible, just very difficult)
If the data is going through the air or a wire it can be sniffed, right? Is every message signed or encrypted like ssl/tls, or is this just some kind of extra header(s)?
Ok it's clear my next car will not be a Sköda (or Volkswagen)
There needs to be a law that makes remote attestation - no matter who provides the root certificates, Google/Apple/GrapheneOS - illegal. There is only one use for this technology right now, and it is to prevent people from doing what they want to do with the devices they own, while also making interoperability cryptographically impossible. This is anti-competitive and should simply be illegal.
There is a real chance that in 5-10 years, there will be laptops and smartphones running open processors and operating systems with UX and and an OS comparable or better than the proprietary equivalent, but which are effectively useless to the average consumer because it is cryptographically impossible to use them for anything due to remote attestation proliferating more and more
It already is illegal in the EU under the EU Data act. The VW executives are just criminals who don't care about the law, because they can bend it like before.
what you really looking for is API-free services/products. so it works without cloud at all.
or products/companies that explicitly expose API access to their products.
> There is only one use for this technology right now, and it is to prevent people from doing what they want to do with the devices they own.
Well, that and making it possible to deploy devices you own in environments where they might be physically accessible to people you don't want extracting credentials from them. Or for ensuring people can only access sensitive company information on company issued devices rather than being able to casually make a copy of any data they have access to somewhere else. Or using a phone as a credit card payment terminal without the possibility of displaying one payment amount on screen and authorising for a different amount.
I'm quite firmly in favour of anything I own giving access to the data it's generating in an open format but screaming about how there's no legitimate use for attestation is quite simply nonsense.
> Or using a phone as a credit card payment terminal without the possibility of displaying one payment amount on screen and authorising for a different amount.
It only attests that the device booted normally (locked bootloader, factory firmware, etc.). Any kind of post-boot compromise (whether it's from malware or something user-initiated) goes completely undetected and does not impact attestation status.
Sure, it’s one element in a defense in depth. You ensure that post boot it’s not possible to manipulate what’s being loaded, and then you ensure that during boot the OS in the expected state for that to be true. It’s not a panacea but it is an important part of the process.
[flagged]
*Smuggly* Huh, don’t like it? Just vote with your wallet and buy a car with better TC. Or build your own?
Caught one in the wild!
I wonder if companies can T&C their way out of any problem.
pretty much. correct me if I am wrong, but these T&C treated like "local" laws (in respect to interaction of client and business within their interaction) within most jurisdictions by courts.
so even if T&C does not make sense, usually courts are in favour of enforcing them.
unless some severe contradiction with constitution or alike, or serious harm to people or something, they would throw away T&C in cases. but AFAIK that is rare.
No: T&C cannot override the law, that is a national/EU law is still superior to anything that is written in the T&C. If there is a contrast between T&C and the law of course that T&C are just scratch paper.
Noone is claiming T&C overrides the law, but most laws (even here in EU) give a lot of leeway to contracts (which T&C is an example of) in cases where law doesn't establish any extra positive right.
And there's no law demanding you get access to a proprietary system (as of right now) that would override a T&C restriction.
Definitely not. you cant have T&C that are against the law, event if consumer has agreed to that. Like you cant sell your kidney even if you want to. Its illegal.
> T&C treated like "local" laws. so even if T&C does not make sense, usually courts are in favour of enforcing them. unless some severe contradiction with constitution or alike
It's not a "law", it's always under the law like any contract. And a court will not enforce illegal terms unless something very shady is afoot. The law always takes precedence, Even "lowly" laws, not just the constitution. In case of conflict the law wins so you can't have illegal provisions in the T&C even if you agree to them. They can give you extra rights but they can't take away the ones you have legally.
The principle is simple, the company isn't allowed to ask for illegal things. Your agreement is irrelevant because you are not entitled to legitimize an illegal demand.
The problem is you need to go to court if the company won't cooperate.
That's how local laws work. The higher jurisdiction always takes precedence over the more local one.
I'm saying that T&Cs are not like any kind of law but like a contract and they are not treated like "local law" in court.
Laws work like that because there's a hierarchy in the legal system too but that's about it for commonality.
Garmin recently did something similar, resorting to tls fingerprinting to prevent unofficial logins to their api (via the popular garth library).
They lost a lifetime customer in me - i think i have spent close to 20k on garmin gear between my wife and myself, watches, gps devices for cars, boats, and hiking gear. If they refuse to give me access to my data, i will (a) lobby for laws to be passed to make this mandatory (b) absolutely never ever buy anything garmin until i see a reversal of this policy and an apology.
More broadly though, its yet another service that blocks API access. No doubt this is caused by proliferation of amateurs armed with agentic tools building nice, personalized frontends for themselves. Companies seem to absolutely hate it when people dont go through their shitty websites with dark patterns, misleading search results and analytics.
Huh, I completely missed that. I've been using python-garminconnect [0] for a few months without issues. I agree though that it's annoying, though not reason enough for me to switch away from Garmin yet.
[0]: https://github.com/cyberjunky/python-garminconnectAlready minted tokens work, they broke the login process.
For now its just tls fingerprinting, not client attestation - so, I managed to implement a working solution. But I am sure they will tighten the screws still further.
Same here. I've been scraping the data from my Garmin watch for years with very little problems (first with https://github.com/tcgoetz/GarminDB, then https://github.com/sealbro/dotnet.garmin.connect).
The only annoyance is that Garmin requires 2FA if you enable the ECG feature on your smart watch/fitness tracker, but I have a small program that reads the 2FA codes from my Gmail inbox and supplies them to the scraper without too much trouble.
Where's the 'Open Source Car'?
Where's the open source phone?
The open source washing machine?
We used to have them. Devices so simple anyone with a hammer could fix. Maybe not open source as we understand it today, but rather - trivially reverse engineerable, often with schematics included. Most complex would be rewiring the motor on a washing machine. Did their job fine, but you can't sell them forever, so more complex devices were introduced. Nowadays motorcycles would probably be the closest equivalent, they're often very simple to work on.
> often with schematics included
That was even the norm for complex electronics for decades. But since it makes it easy to reverse engineer it, it's no longer being done due to fear of cheap clones (often inferior, and still doesn't stop anyone these days).
> more complex devices were introduced
And people buys them because they don't care
And have been convinced there is no alternative. And if you suggest investing in public transit or building mixed-use neighborhoods that don't require car access they'll pop their suburbanite heads.
There are freely available plans for all of those things. They are just more primitive than what you have in mind.
I recently saw a group of automakers together during an event. The contrast between Chinese and Germans was bizare. The group of german automakers were older men in black suits all wearing badge with titles like Senior Executive Sales blablabla. Whereas the Chinese were all young people wearing causual clothing and much more engineering minded. No wonder why european auto makers are doing so badly. They forgot to please people. The only know how to please their untergang.
This could equally illustrate the difference between long established multi national companies with an overbearing corporate culture vs young upstart companies with a dynamic startup culture.
Yeah, this is just the difference between the "cash cow" and "question mark" companies on the BCG growth-share matrix. The Chinese companies will sooner or later turn into stodgy cash cows themselves.
Yea is there not a saying about when the suits and bean counters take over a company the culture dies?
I know it as "when the Elves leave Middle Earth" from an essay of the same name:
https://steveblank.com/2009/12/21/the-elves-leave-middle-ear...
I think you two are talking about the same thing. The overbearing corporate culture is the cause of valuing dress formality over performance and dynamicism.
The question is why doesn't Germany have any young upstart auto companies when the US and China do? The question being the rhetorical kind.
Extreme over-regulation/regulatory capture. If you do anything worth doing in Germany and one of the established players doesn't like it, they find some reason to arrest you or raid your company and shut it down. As a result, people are afraid of doing things unless there's an explicit government-approved path to doing that exact thing. You can open a restaurant because there's a process for opening restaurants, but if you want to do something off the beaten path, its a bad idea.
It's not like the US has that many either. It's not the kind of winner-takes-all network effects industry that attracts venture capital outside of the Musk reality distortion field.
>It's not like the US has that many either.
Math was never my strong point, but AFAIK the "not that many" of the US is still a greater number than the zero of Germany.
If you look at the greater NW European area there were (are still?) several startups, non got big enough to matter and they did not have infinite money to survive like some US based PE funded ones can. And even for Germany a quick "car startup germany" search will give you a few.
Access to capital, mostly. The US has always been willing to grant hefty amounts of taxpayer money to startups, something culturally foreign to Germany (startups are risky, Germans don't want taxpayer money to be spent on risky adventures that might bring losses) and the US also has dozens of billions of dollars a month in 401k pension savings making their way into the asset markets.
And China, well, it's a dictatorship with effectively unlimited foreign currency reserves. They can do whatever they want.
> The US has always been willing to grant hefty amounts of taxpayer money to startups
Care to elaborate? I was under impression that absolute majority of startups in US are fully funded by a (private) venture capital. There are (were?) some exceptions like tax reductions on "green" projects, but they were not restricted to startups/small companies in any way.
> I was under impression that absolute majority of startups in US are fully funded by a (private) venture capital.
Tesla got a shitload of government funding, including a 465 million dollar loan [1]. SpaceX was effectively funded by NASA in its early days. In total, the Muskverse alone got 38 billion dollars [2]. Bezos' Blue Origin got at least 1.5 billion dollars [3].
Sure, by number most startups are fully privately funded. But that doesn't mean the US government isn't willing to help things along, at least for those well connected. And on top of that come government research grants to universities who then spin off companies and keep the profits from the spinoffs.
[1] https://finance.yahoo.com/news/elon-musk-paid-off-teslas-193...
[2] https://www.congress.gov/119/meeting/house/117956/documents/...
[3] https://thehill.com/lobbying/5113500-bottom-line-bezos-blue-...
How does it compare to European states subsidizing ArianeGroup, in your opinion?
>Tesla got a shitload of government funding, including a 465 million dollar loan
How much money, grants, tax-breaks, favorable loans and regulation, etc did the German, French, Italian car companies get from their local governments?
> But that doesn't mean the US government isn't willing to help things along, at least for those well connected.
As if Schroeder, Merkel, Scholz, etc didn't roll over backwards for their private industry political backers. The CEOs of VW, BMW and Daimler had those guys on speed dial.
Please, let's not pretend only the US government is helping its giants and the Europeans never.
They didn't claim that Germany doesn't give money to companies. The claim was that Germany doesn't want to give money to start-ups.
>Access to capital, mostly.
German auto makers were wealthier than the US auto makers. Germany's GDP is now third in the world. There is capital.
>Germans don't want taxpayer money to be spent on risky adventures
But they wanted it to be spent on Russian gas pipelines, foreign aid, anti nuclear activism, and in the pockets of politically connected multinationals like T-systems to build another "government digitalization project" while their internet speed lacks behind developing nations?
>that might bring losses
If they hate losses, why do they keep losing? Germany decline in past 15 years seems like its a self fulfilling prophecy. The more risk averse they are to avoid change or losses, the more they keep losing to economies who embraced change, disruption and risk.
> German auto makers were wealthier than the US auto makers. Germany's GDP is now third in the world. There is capital.
The problem is, that capital is stuck in the bank accounts of the uber rich.
> But they wanted it to be spent on Russian gas pipelines, foreign aid, anti nuclear activism, and in the pockets of politically connected multinationals like T-systems to build another "government digitalization project" while their internet speed lacks behind developing nations?
- Nordstream was privately funded, half by Gazprom, half by a consortium of privately owned large utilities
- Germany has drastically cut back on foreign aid funding, which in return killed off a lot of the goodwill Germany enjoyed in the Global South, we all know that China and Russia filled the gap. The numbers go up in theory but that's only due to funding for Ukraine.
- Anti-nuclear activism never got significant amounts of funding, instead dealing with the nuclear waste costs 1.4 billion euros a year, only 400 million euros are actually going towards the environment [1].
The only point you actually got somewhat correct is
> in the pockets of politically connected multinationals like T-systems to build another "government digitalization project" while their internet speed lacks behind developing nations?
The problem is, again, risk avoidance. Public tenders are written to prefer established players like SAP, T-Systems et al that can prove decades of experience in government projects. Partially that is due to incompetence, partially it is to shrink the bidder pool and avoid the risk of getting entire projects held up for years by lawsuits of bidders who lost.
The lack of internet speed doesn't come from a lack of public investment. Telekom has been privatized for decades. The problem here is regulatory incompetence.
> Germany decline in past 15 years seems like its a self fulfilling prophecy. The more risk averse they are to avoid change or losses, the more they keep losing to economies who embraced change, disruption and risk.
Agreed. The b00mer brainrot runs heavy here.
>Nordstream was privately funded, half by Gazprom, half by a consortium of privately owned large utilities
And do you also believe what Merkel said that "it's purely a commercial venture"?
Who chairs those "privately owned large utilities"?
What are the links between those people and "the establishment" that includes people like Merkel (earlier Shroeder - his work for Gazprom was also purely commercial venture of a private citizen, right?).
That establishment deciding its a great opportunity for Germany to be the Russian gas station of rest of Europe forced to use that gas as the only "green transition" hydrocarbon.
And not only was it a great commercial venture (that had in its profitability calculation getting rid of nuclear - including blocking countries like Poland from building it, squeezing out other countries that own pipelines again such as Poland/Ukraine/Hungary and so on and forced "transition" to gas for the EU - let's not kid ourselves, renewables will never be more than 50% of base load unless battery tech gets cheaper, so that "transition fuel" would last for 50+ years.
It also contained a humanitarian element of giving Putin huge amount of money therefore making sure the dictator will absolutely not use it to build armies to invade his neighbours (despite doing that already at the time in Georgia for example), but he will get used to that money so much he will spend it all and will not want to stop it coming therefore granting eternal peace in Europe.
Anyone who thought the public will swallow this must have been high... But the Germans did.
"nothing to see here" - right?
I for one am glad hopefully the German public realises what kind of state Russia is now, and what "doing business" with them leads to (it corrupts your own country) , but how long that knowledge remains, and why it took a full scale war in Europe to acquire it I don't know.
>- Germany has drastically cut back on foreign aid funding, which in return killed off a lot of the goodwill Germany enjoyed in the Global South, we all know that China and Russia filled the gap.
Germany now surpassed the US as the biggest foreign aid spender in the world, in absolute terms, not per capita
> Germany now surpassed the US as the biggest foreign aid spender in the world, in absolute terms, not per capita
A lot of the foreign aid budget is going to Ukraine [1], and the sum that goes to Ukraine isn't even including military aid.
Note, I have zero issue with aid going to Ukraine, and in fact it's still not enough - the issue I have is that a lot of other places simply fall through the gaps.
[1] https://de.statista.com/infografik/25614/groesste-empfaenger...
What does client assertion mean here? I don't see any mention in the GitHub issue.
It means that the request to the API contains cryptographic proof that is was generated by a legitimate, reviewed app running on a unmodified and non-rooted mobile device controlled by Apple or Google.
fwiw this is a correct definition of Remote Attestation, matching what is mentioned in the github thread, but Client Assertion is something mostly unrelated (an OAuth implementation detail)
/me scratches VAG cars from a possible new EV purchase.
I hate Elon as much as the next guy, but Tesla is still playing the API game way better than the rest of the pack (even with the "not so new" Tesla Fleet API change)
Volvo is also doing pretty good with offering an official API
But Volvo does not have cheap models with a reasonable range, unfortunately. I'm seeing right now on their Spain's website 40k EUR for a single motor EX30 with 337km WLTP which is ridiculous
EX30 in Spain starts at 29K small battery version, and 36 the large battery version. The dealerships make a huge discounts to be honest.
I was dealing with this 6 weeks ago!
Yeah this surprised me. 40k is for a vehicle ready to buy immediately from their website. At the same time they have an ongoing campaign for 29k for a financed EX30 + charger installation.
But I hate to deal with car dealerships, they are the worse kind of salespeople out there, trying to sell you what they need to sell rather what you need to buy. You need to go there with a very, very well informed opinion about it. But then they will play the discounts card...
And, does the Volvo community have something like TeslaMate built upon the API? It's not sine qua non factor but it will move the scale a LOT in favor of a brand.
Volvo also has the fully mandatory requirement of a consumer Google Account to use the vehicle now due to how tightly integrated Google Automotive is.
You can still use the infotainment without signing into a Google Account. The only thing that's locked out is the Play Store and 3rd party apps (which you need the play store to download).
Even Google Maps is usable without an account.
Can you use android auto? For the normal person your phone is a better place to get all that anyway. The few people driving as a full time job will find the cars built in stuff better but for most your phone had everything the rest of the time so you want to use that.
Yes it also has android auto and carplay
I ask because my GM doesn't despite having android automotive. I have to give GM a don't buy unless you drive as a job because of this, even though the car is nice otherwise.
Fleet api kinda sucks, but esphome via ble is solid. Even managed to connect $10 macropad so kids in back can control music.
Sad to see some people still believe raw capitalism works and that they can "vote with their wallet".. but they don't see that all car manufacturers can just agree to enshittify their products the same way and use their position to ensure you won't just "start your own car company". There's no real choice and those in power don't care.
Only regulation can help.. or a revolution in case the political system in your country is broken..
Anti-competitive practices that you describe ("all car manufacturers can just agree") is definitely not a capitalistic thing (market competition being an important part of capitalism), and indeed regulation can improve the bad outcomes.
I think revolutions are more successful when there is some new idea of what to replace the system with. Currently I did not see anything remotely interesting (ex: french revolution came with the new idea of equality before the law, which was not the case before), and I think is mostly due to low overall education - you can't improve a system if most of the people do not think about complex issues like laws, taxes, efficiency, etc. Everybody loves to point a finger at someone and blame them (immigrants, rich people, woke people, etc.) like that would "miraculously" solve any issue.
I don't think there's a consensus about that, as demonstrated by divided opinions on EU DMA and Apple vs Epic.
The anti-regulation arguments aren't framed as "market competition is bad", but rather "the market will sort itself out without intervention" and "let companies do whatever they want to avoid killing innovation".
[flagged]
> if you don't like that car/company, don't buy their product. buy competitors. that will show them much better.
I'm all for voting with my wallet, but it gets exhausting trying to be a few steps ahead. And then nothing guarantees that there won't be a rug pull once you bought the car.
> or petition to government to put pressure on them
Right. Not sure why you have to mention it, since everybody knows this works oh so well.
The problem is that all these T&Cs are just pages upon pages of legalese that not only nobody understands or even reads, but that also aren't exactly advertised before buying. "Buy our smart widget! It only works with its own app, and we'll only support it for a ridiculously short time! Please don't upgrade your phone, or it will stop working!"
Of course governments should do something about it, but even here in the EU, they don't seem too bothered. Hell, even people seem generally fine with it, judging by the number of crappy widgets they buy.
> if you don't like that car/company, don't buy their product. buy competitors. that will show them much better. (or petition to government to put pressure on them).
That maybe fine, but if something is allowed at the time I've bought the car, and then the manufacturer changes their policy such that the usage that I did is no longer allowed?
BTW, to me this is bullshit, first cars shouldn't be connected to the internet in the first place, in the case that they are, I would need to be in full control of what I can do with the API, not that I need to use special software to talk to my own car.
> something is allowed at the time I've bought the car,
good point. yet, I bet in their T&C it was covered. it was just not enforced. and usually they have claim like "if we fail to enforce any part of agreement does not constitue waiver.". so most likely it was expected all along, they were not technically adept to actualyl enforce this. now they can.
but, if your claim stands, I bet you can win case against them.
> cars shouldn't be connected to the internet
yep, same with you on this one.
I mean, it was founded by the Nazi party, they single handedly destroyed diesels through the world's largest scam, what ethics can you really expect from them? I find it extremely funny when people boycott Teslas for being "Nazi" but won't boycott actual Volkswagens that was founded by the real Nazi party and to date - followed some of the most unethical practices in automative history :)
This is not an intelligent comment. the Nazi parry and modern-day Volkswagen have nothing in common, whereas Tesla is currently^ actively^ run by someone morally reprehensible to many.
If you had any actual understanding—:as opposed to just hearing this little factoid in passing and have been waiting for every opportunity to whip it out— you’d know that already. It’s funny as a quip, but don’t for a a second act like it’s a legitimate point, which is exactly what you’re doing.
Stop pasting LLM replies through fake accounts. Dieselgate happened very recently (in this decade). Just research your stuff before you slap a prompt onto an LLM please.
Just because the Nsdap party created something that doesn't mean you can automatically treat it is bad. That is prejudice. Something bad happening decades and decades after the party's dissolution is not going to be directly related. It is a reach to think unsupported third party apps breaking is related.
While I agree with you in principle, I don't think this is followed equally. Tesla's are still being vandalized to date, though. Selective outrage is a dangerous thing.
> While I agree with you in principle, I don't think this is followed equally. Tesla's are still being vandalized to date, though.
These two sentences seem to be completely unrelated.
Well so the Nazis founded VW with confiscated union capital, and after the war control of the company was basically handed over to the union to make things right.