"where the user cannot directly access the data from the connected product or related service, the data holder must make the readily available data and necessary metadata accessible to the user without undue delay, in the same quality as available to the data holder, easily, securely, free of charge, in a structured, commonly used, machine-readable format, and continuously/in real time where relevant and technically feasible."
Indeed, this seems to be exactly the area where the Data Act could be used to regain access. Unfortunately it seems that it's not possible to directly sue (e.g.) Volkswagen to get access, unlike the GDPR where you have direct standing under article 79 [1].
There doesn't seem to be much written about enforcing the Data Act, so I looked at the regulation directly. Article 39 [2] seems to require to first lodge a complaint with the competent authority as designated by the member state of your residence. Then when that authority invariably fails to act – I have no idea which timeframe we're talking about here – you can "in accordance with national law, either have the right to an effective judicial remedy or access to review by an impartial body with the appropriate expertise". But then you are suing that authority, and not the company directly (edit: I was originally unsure about who to sue under article 39, but 39(3) does clarify that it is the authority).
I would very much like to be wrong about this. I can imagine Muñoz vs. Superior Fruiticola applies [3] ("it must be possible to enforce that obligation by means of civil proceedings"), but I'm not at all sure, and it's a much weaker route than the one which the GDPR explicitly describes.
Would anyone know or have better references on how to enforce the Data Act, preferably individually?
The hoops the EU goes through to be both a federal and also not a federal entity at the same time is crazy
Just let the EU enforce these laws like the US DOJ or FTC would. If I had to file a complaint with the Alabama FCC or the Mississippi Federal Reserve to get relief under federal regulations I would quite simply not bother
Hard pass. I think it’s fair, less corrupt, and more interesting that the Belgian DPA rules over Belgian privacy complaints.
We might argue they will produce better/worse results than another DPA. Okay. But the whole point of much EU policy is that the member states preside over stuff themselves. That seems better than a (more) centralised bureaucracy.
But the EU is incredibly bureaucratic. I'm not saying the US is perfectly functional, especially recently, but a lot of the processes involved here are incredibly Byzantine to accommodate enforcement not being at the top
Quite a few other manufacturers have done the same thing. I use a reverse engineered Polestar library to get charging status but I'm in the middle of building a CANBUS sniffer to do the same job because I don't trust they won't do the same thing as this.
I don't really understand it, it doesn't seem to offer a huge potential revenue stream and it pisses off the people who are most invested in your product.
They already add cryptographic authentication to some CAN messages, so you can't change them. It is only a matter of time until they add encryption.
This is mostly a corporate problem of risk aversion in my opinion. Some department
writes down a risk assessment with a list of miniscule risks, for example of some 3rd party app backend being hacked. Or just a headline "Tinkerer hacked his car to use with his home assistant" in the local press.
This list circulates, and since nobody in the middle management wants to be responsible for anything, and there is no officially approved positive use case, draconian countermeasures are drafted and constructed one by one.
> draconian countermeasures are drafted and constructed one by one.
Except when it’s about privacy or anything else we actually care about: then absolutely nothing is done because it would cost more than 0 to do anything.
I suspect the manufacturer probably cares less about what you do to your own car and hacking it, than they do about the potential for security compromise of their products on a broader scale, where they will then get blamed and sued for not having closed said loopholes. It is a no-win situation when it comes to fault assignment.
It actually happened with Toyota around 2010: they went into a settlement regarding an unintended acceleration issue because it was proven the code was terrible and a single bit-flip could cause the behaviour.
Bit of context to this, it was demonstrated that it was a hypothetical possibility, but the issue couldn't be demonstrated in lab conditions. Stuck floormats, pedals, and confused drivers remain the only actual explanations for the real events behind the lawsuits.
“ A mobile phone with 500 kilobytes of memory might only have one error every 28 years, but a router farm, such as those used by Internet providers, with 25 gigabytes of memory could have one every 17 hours.”
I wonder if current AI devices have protection against this…
It’s a fair assumption that most of these things are trickle-down effects of CMS/R155 and CRA combined with very high risk aversion on the company side. The less you expose, the lower the risk.
Right? I imagine there would be a non-trivial sales/marketing boost for the one/first company (in any segment) to fully embrace HA. IKEA is arguably a good example of this.
This is kind of an interesting contrast with BSH (Bosch and Siemens home appliances ), who are also German.
They appear to have seen making their Home Connect platform open as at least in part a matter of compliance with EU data transparency and portability laws.
BYD DMCAd my whole repo to connect to their cars... https://github.com/github/dmca/blob/master/2026/05/2026-05-2...
It's a shame these car makers are locking down their cars (which are brought for a premium!) and going on a crusade against open source.
Do we really need to embrace these companies' attempts to distance themselves from their toxic brands? The way I see it they're still Google and Faceboot.
This sure reads like a "you did nothing illegal but will attempt to make it look illegal" kind of thing. Like putting the key to a public space under the doormat, with a sign "key here" and then complaining you cannot use that key to access the already public space.
They alleging you have broken their encryption.. DMCA would be appropriate I would assume in this case.
OTOH, if there isn't a first party way to get an auth token or a way to connect your car with home assistant, I see that as a deficiency of service.
r/opensource_legalaid
let's reply and demand access to the data.
For better or worse, most devices don't have local interfaces. Some matter devices exist in the past year or two, but not all data/functions are available via matter. Older devices likely won't ever be updated to support matter.
Also lump in the fact that HA is a locally run/focused application, it isn't super compatible with a cloud based API/data delivery system without some additional development from the OEM end.
Last I did the math for an internal system.. in 24 hours HA traffic was ~20% of total, for less than 1% of users. That's wild. Mostly because each instance is pinging the API directly every X or less minutes.
If an executive here heard that math, they'd likely ask to block it as well. Right or wrong that's how people react.
They don’t. Majority of users don’t care, and some middle manager shmuck, working on MySkoda, can report how “we” prevented a huge security risk and funneled valuable ~~cattle~~ user data where it belongs.
By the way, regarding additional profit stream, to access VW data before you still needed WeConnect subscription (100€ a year), just that before you could use another app or automation to access the data. Now you MUST use exclusively WeConnect and partners to access same data even though you paying already for subscription.
Dieselgate should have been enough reason already IMO. And VW's response to it. Throwing some low level employees under the bus (transporter?) so that the big bosses could walk free
How is this a tangible income stream? I suspect that the amount of customers willing to pay for some weird API access or We Connect offering is rather limited. It would have to be bundled into some other solution, which again I'd guess have a limited customer base.
I have VW and I suppose We Connect, there's not a single thing that's worth paying for, not when you have CarPlay and Android Auto (or whatever that's called). If anything I'd prefer that they'd just drop the personalization they do with users. Our car will forever assume that my wife is driving, because that what the dealer configured and none of us care to mess around with it.
But yeah, people will buy the cars anyway, because all the automation is something that only an incredibly small segment has any interest in. It's just weird that those who actually care about connected cars are the only one VW is punishing with this move.
> I suspect that the amount of customers willing to pay for some weird API access or We Connect offering is rather limited
I tend to agree. But the counterpoint is Tesla. They charge for API access, and there are several businesses that exist to make that data available to customers. I don’t know how valuable it really is, but it’s working. My wife would pay Ford for the level of data she was getting from TeslaFi but instead she gives it to MileIQ. It’s not huge but that adds up.
That's my line of thinking with the "bundled into some other solution". It doesn't make a ton of sense for an individual to buy API access, but other companies could provide a service built in the API, and they are the ones paying VW.
Most executives make commercially disadvantageous decisions in exchange for more power.
It's practically a law of business: executives prioritize their power first and their company's profit margins second. This is one reason why outsourcing coding was so popular despite not saving money and being so commercially disastrous - execs were in the driving seat with that relationship much more than they were with us.
Despite what some people will tell you about how the home assistant consumer segment "doesn't matter" (it does) it really is more about the tangibility of control over data vs the intangibility of lost consumer goodwill.
Companies are not profit maximizing at all costs. The shareholders and the executives are not a singular body they have different and sometimes wildly divergent interests.
Yea, I don't really see the revenue potential here. They seem to be doing this purely to force developers to have a "formal relationship" with them, and to grief all other developers who don't.
Same mentality behind companies who insist users have an "account" to use their otherwise-unconnected products.
I haven't seen anyone put this dynamic in such a clear and succinct description - the fact is that a lot of people (especially corporate managers) just hate the loss of control and will go out of their way to ban people accessing their things "wrong" - even if it's counterproductive for their larger corporation or a goal.
Unfortunately I think they're right on #1. In the grand scheme of things the lost sales because of this change are a drop in the bucket. HA and similar tools are not that popular, very few people who have their mind set on buying a VW will change their minds because of this alone.
What's worse is that other manufacturers are starting to do the same thing. They all see unofficial integrations as lost revenue (less of your data to sell because you don't use their app), and higher costs because the usage still comes on their cloud spend bill.
I was talking to my gadget-passionate (but not techie) best friend when the company making our cars made it more difficult to authenticate using the HA integration. He looked at me like I switched to an alien language. "Who cares? Don't you use the app?".
Client Assertion is an OAuth feature, but that is not at all what is being discussed here, if anyone else was confused. It is only present in the HN title and is not mentioned on the page.
And this is why there should be very very unpleasant for manufacturer legislation about allowing access to hardware you buy.
This is a generic problem not limited to automotive industry, though they are a major offender. Locked down android auto, systems, buses, everything is proprietary and you are the whims of the manufacturers decisions
With the software supply chain running amok recently having anything connected feels like playing Russian roulette and I say this as somebody who is running home assistant for years. I’m particularly paranoid about connecting my ev (non-vw) to it now, feels like a serious footgun today, would’ve been convenient three months ago, true.
I've been doing smart home stuff for a long time. This is one of the reasons why I got off of Home Assistant.
It's a very cool and functional project but it is entirely dependent on companies keeping their APIs open, or, more commonly, companies not patching teh magic that makes reverse-engineered APIs possible.
Unfortunately, developments over the years have NOT gone in their favor. Tesla, Ring, MyQ, Ecobee and probably others have closed their APIs over the years. They've usually cited "security concerns" as the motivating factor for the API closures, which has some legitimacy, but IMO it's usually driven by fear of losing subscription revenue.
(Tesla charges a lot for official OAuth apps, though, to be fair, earlier hacks relied on a leaked OAuth app that they never got around to patching. Ecobee locked HomeKit and some other stuff behind their Security+ Subscription, which is a joke considering how anemic their security platform is. MyQ definitely did it to protect their $45/year subscription; jokes on them since RATGDO is infinitely better. Ring still works for some reason, but HomeKit Secure Video support is extremely dicey in part due to the fear of them turning their API off as well.)
For someone like me who primarily used HA for HomeKit integration, depending on it is a ticking timebob. When we moved into our new house, I focused on finding stuff that was natively compatible with HomeKit without workarounds. Our smart home works much better now because of it.
This seems like less of a reason to get off of Homeassistant and more a reason to stop buying closed source/cloud only products to connect to HomeAssistant.
That's a frying pan => fire situation. I started my home automation journey in the same way, and being HK-centric is pretty decent. HA with 100% local-control devices that _bridges_ to HK is what I'm looking at next.
Often, the HK-only devices are terrible wrt WiFi stability, and I need to pay more attention to how matter/thread is working lately.
I know some people complain about zigbee/zwave but they've been way better on average than HK over wifi.
Done buying new cars in general. It was always a sucker's game, and now a new car offers little besides various unwanted features and added restrictions, all in support of misguided regulations and other peoples' business models.
That's a matter of taste, really. Good-quality brands with historically-good parts support are what I stick with.
If you like traditional coupes/sedans, Toyota or Lexus are probably good bets. I just read about a guy who is making a career out of restoring and reselling a specific Lexus model, which I thought was pretty cool: https://www.roadandtrack.com/news/a71435133/wisconsin-dealer... That kind of effort is going to become more common over the next few years, IMO.
If you like sports cars, Porsche peaked in the early-to-mid 2010s in terms of both quality and features.
If you like SUVs, I would think Japanese legacy brands would still be a good way to go. The last car on earth will probably be somebody's Toyota pickup or Land Cruiser from c. 2010.
There needs to be a law that makes remote attestation - no matter who provides the root certificates, Google/Apple/GrapheneOS - illegal. There is only one use for this technology right now, and it is to prevent people from doing what they want to do with the devices they own, while also making interoperability cryptographically impossible. This is anti-competitive and should simply be illegal.
There is a real chance that in 5-10 years, there will be laptops and smartphones running open processors and operating systems with UX and and an OS comparable or better than the proprietary equivalent, but which are effectively useless to the average consumer because it is cryptographically impossible to use them for anything due to remote attestation proliferating more and more
It already is illegal in the EU under the EU Data act. The VW executives are just criminals who don't care about the law, because they can bend it like before.
> There is only one use for this technology right now, and it is to prevent people from doing what they want to do with the devices they own.
Well, that and making it possible to deploy devices you own in environments where they might be physically accessible to people you don't want extracting credentials from them. Or for ensuring people can only access sensitive company information on company issued devices rather than being able to casually make a copy of any data they have access to somewhere else. Or using a phone as a credit card payment terminal without the possibility of displaying one payment amount on screen and authorising for a different amount.
I'm quite firmly in favour of anything I own giving access to the data it's generating in an open format but screaming about how there's no legitimate use for attestation is quite simply nonsense.
> Or using a phone as a credit card payment terminal without the possibility of displaying one payment amount on screen and authorising for a different amount.
It only attests that the device booted normally (locked bootloader, factory firmware, etc.). Any kind of post-boot compromise (whether it's from malware or something user-initiated) goes completely undetected and does not impact attestation status.
Sure, it’s one element in a defense in depth. You ensure that post boot it’s not possible to manipulate what’s being loaded, and then you ensure that during boot the OS in the expected state for that to be true. It’s not a panacea but it is an important part of the process.
pretty much. correct me if I am wrong, but these T&C treated like "local" laws (in respect to interaction of client and business within their interaction) within most jurisdictions by courts.
so even if T&C does not make sense, usually courts are in favour of enforcing them.
unless some severe contradiction with constitution or alike, or serious harm to people or something, they would throw away T&C in cases. but AFAIK that is rare.
No: T&C cannot override the law, that is a national/EU law is still superior to anything that is written in the T&C. If there is a contrast between T&C and the law of course that T&C are just scratch paper.
Noone is claiming T&C overrides the law, but most laws (even here in EU) give a lot of leeway to contracts (which T&C is an example of) in cases where law doesn't establish any extra positive right.
And there's no law demanding you get access to a proprietary system (as of right now) that would override a T&C restriction.
Definitely not. you cant have T&C that are against the law, event if consumer has agreed to that. Like you cant sell your kidney even if you want to. Its illegal.
> T&C treated like "local" laws. so even if T&C does not make sense, usually courts are in favour of enforcing them. unless some severe contradiction with constitution or alike
It's not a "law", it's always under the law like any contract. And a court will not enforce illegal terms unless something very shady is afoot. The law always takes precedence, Even "lowly" laws, not just the constitution. In case of conflict the law wins so you can't have illegal provisions in the T&C even if you agree to them. They can give you extra rights but they can't take away the ones you have legally.
The principle is simple, the company isn't allowed to ask for illegal things. Your agreement is irrelevant because you are not entitled to legitimize an illegal demand.
The problem is you need to go to court if the company won't cooperate.
Newer devices support Remote Key Provisioning (RKP), so you still can't export keys but you can import them. (Physical attacks are still possible, just very difficult)
If the data is going through the air or a wire it can be sniffed, right? Is every message signed or encrypted like ssl/tls, or is this just some kind of extra header(s)?
Yes, it can be sniffed. It will at least use transport encryption, like TLS. For everything, yes. So you'll only get encrypted data you cannot read. You could attempt a Man-in-the-middle attack on this connection. Unless the app is badly made, this will not succeed.
And then, even if you could look inside, there's another type of asymmetric cryptography going on: the remote attestation itself. Again, if properly designed and possibly backed by a hardware security chip, it cannot be spoofed. This isn't something trivial like a shared secret in an HTTP header.
Okay, well that's a start. Could you help me understand where I went wrong? I'm not trying to be stupid here but just saying "wrong" is extremely unhelpful.
Garmin recently did something similar, resorting to tls fingerprinting to prevent unofficial logins to their api (via the popular garth library).
They lost a lifetime customer in me - i think i have spent close to 20k on garmin gear between my wife and myself, watches, gps devices for cars, boats, and hiking gear. If they refuse to give me access to my data, i will (a) lobby for laws to be passed to make this mandatory (b) absolutely never ever buy anything garmin until i see a reversal of this policy and an apology.
More broadly though, its yet another service that blocks API access. No doubt this is caused by proliferation of amateurs armed with agentic tools building nice, personalized frontends for themselves. Companies seem to absolutely hate it when people dont go through their shitty websites with dark patterns, misleading search results and analytics.
Huh, I completely missed that. I've been using python-garminconnect [0] for a few months without issues. I agree though that it's annoying, though not reason enough for me to switch away from Garmin yet.
Already minted tokens work, they broke the login process.
For now its just tls fingerprinting, not client attestation - so, I managed to implement a working solution. But I am sure they will tighten the screws still further.
The only annoyance is that Garmin requires 2FA if you enable the ECG feature on your smart watch/fitness tracker, but I have a small program that reads the 2FA codes from my Gmail inbox and supplies them to the scraper without too much trouble.
Have you looked at the feasibility of making your own CIQ app to push data from the watch to your alternate internet endpoint?
I have the impression there are permissions and APIs to access sensor history and activity records, but I haven't had a need to dig in and learn what restrictions there might be...
This entire thing is simply ridiculous, and infuriating! Just sell me a car, or TV, or washing machine, etc. Don't sell me a multi-layered safe with different combinations for each level.
We used to have them. Devices so simple anyone with a hammer could fix. Maybe not open source as we understand it today, but rather - trivially reverse engineerable, often with schematics included. Most complex would be rewiring the motor on a washing machine.
Did their job fine, but you can't sell them forever, so more complex devices were introduced. Nowadays motorcycles would probably be the closest equivalent, they're often very simple to work on.
That was even the norm for complex electronics for decades. But since it makes it easy to reverse engineer it, it's no longer being done due to fear of cheap clones (often inferior, and still doesn't stop anyone these days).
And have been convinced there is no alternative. And if you suggest investing in public transit or building mixed-use neighborhoods that don't require car access they'll pop their suburbanite heads.
It means that the request to the API contains cryptographic proof that is was generated by a legitimate, reviewed app running on a unmodified and non-rooted mobile device controlled by Apple or Google.
fwiw this is a correct definition of Remote Attestation, matching what is mentioned in the github thread, but Client Assertion is something mostly unrelated (an OAuth implementation detail)
I recently saw a group of automakers together during an event. The contrast between Chinese and Germans was bizare. The group of german automakers were older men in black suits all wearing badge with titles like Senior Executive Sales blablabla. Whereas the Chinese were all young people wearing causual clothing and much more engineering minded. No wonder why european auto makers are doing so badly. They forgot to please people. The only know how to please their untergang.
This could equally illustrate the difference between long established multi national companies with an overbearing corporate culture vs young upstart companies with a dynamic startup culture.
Yeah, this is just the difference between the "cash cow" and "question mark" companies on the BCG growth-share matrix. The Chinese companies will sooner or later turn into stodgy cash cows themselves.
I think you two are talking about the same thing. The overbearing corporate culture is the cause of valuing dress formality over performance and dynamicism.
Extreme over-regulation/regulatory capture. If you do anything worth doing in Germany and one of the established players doesn't like it, they find some reason to arrest you or raid your company and shut it down. As a result, people are afraid of doing things unless there's an explicit government-approved path to doing that exact thing. You can open a restaurant because there's a process for opening restaurants, but if you want to do something off the beaten path, its a bad idea.
It's not like the US has that many either. It's not the kind of winner-takes-all network effects industry that attracts venture capital outside of the Musk reality distortion field.
If you look at the greater NW European area there were (are still?) several startups, non got big enough to matter and they did not have infinite money to survive like some US based PE funded ones can. And even for Germany a quick "car startup germany" search will give you a few.
Access to capital, mostly. The US has always been willing to grant hefty amounts of taxpayer money to startups, something culturally foreign to Germany (startups are risky, Germans don't want taxpayer money to be spent on risky adventures that might bring losses) and the US also has dozens of billions of dollars a month in 401k pension savings making their way into the asset markets.
And China, well, it's a dictatorship with effectively unlimited foreign currency reserves. They can do whatever they want.
> The US has always been willing to grant hefty amounts of taxpayer money to startups
Care to elaborate? I was under impression that absolute majority of startups in US are fully funded by a (private) venture capital. There are (were?) some exceptions like tax reductions on "green" projects, but they were not restricted to startups/small companies in any way.
> I was under impression that absolute majority of startups in US are fully funded by a (private) venture capital.
Tesla got a shitload of government funding, including a 465 million dollar loan [1]. SpaceX was effectively funded by NASA in its early days. In total, the Muskverse alone got 38 billion dollars [2]. Bezos' Blue Origin got at least 1.5 billion dollars [3].
Sure, by number most startups are fully privately funded. But that doesn't mean the US government isn't willing to help things along, at least for those well connected. And on top of that come government research grants to universities who then spin off companies and keep the profits from the spinoffs.
>Tesla got a shitload of government funding, including a 465 million dollar loan
How much money, grants, tax-breaks, favorable loans and regulation, etc did the German, French, Italian car companies get from their local governments?
> But that doesn't mean the US government isn't willing to help things along, at least for those well connected.
As if Schroeder, Merkel, Scholz, etc didn't roll over backwards for their private industry political backers. The CEOs of VW, BMW and Daimler had those guys on speed dial.
Please, let's not pretend only the US government is helping its giants and the Europeans never.
> How much money, grants, tax-breaks, favorable loans and regulation, etc did the German, French, Italian car companies get from their local governments?
German auto makers were wealthier than the US auto makers. Germany's GDP is now third in the world. There is capital.
>Germans don't want taxpayer money to be spent on risky adventures
But they wanted it to be spent on Russian gas pipelines, foreign aid, anti nuclear activism, and in the pockets of politically connected multinationals like T-systems to build another "government digitalization project" while their internet speed lacks behind developing nations?
>that might bring losses
If they hate losses, why do they keep losing? Germany decline in past 15 years seems like its a self fulfilling prophecy. The more risk averse they are to avoid change or losses, the more they keep losing to economies who embraced change, disruption and risk.
> German auto makers were wealthier than the US auto makers. Germany's GDP is now third in the world. There is capital.
The problem is, that capital is stuck in the bank accounts of the uber rich.
> But they wanted it to be spent on Russian gas pipelines, foreign aid, anti nuclear activism, and in the pockets of politically connected multinationals like T-systems to build another "government digitalization project" while their internet speed lacks behind developing nations?
- Nordstream was privately funded, half by Gazprom, half by a consortium of privately owned large utilities
- Germany has drastically cut back on foreign aid funding, which in return killed off a lot of the goodwill Germany enjoyed in the Global South, we all know that China and Russia filled the gap. The numbers go up in theory but that's only due to funding for Ukraine.
- Anti-nuclear activism never got significant amounts of funding, instead dealing with the nuclear waste costs 1.4 billion euros a year, only 400 million euros are actually going towards the environment [1].
The only point you actually got somewhat correct is
> in the pockets of politically connected multinationals like T-systems to build another "government digitalization project" while their internet speed lacks behind developing nations?
The problem is, again, risk avoidance. Public tenders are written to prefer established players like SAP, T-Systems et al that can prove decades of experience in government projects. Partially that is due to incompetence, partially it is to shrink the bidder pool and avoid the risk of getting entire projects held up for years by lawsuits of bidders who lost.
The lack of internet speed doesn't come from a lack of public investment. Telekom has been privatized for decades. The problem here is regulatory incompetence.
> Germany decline in past 15 years seems like its a self fulfilling prophecy. The more risk averse they are to avoid change or losses, the more they keep losing to economies who embraced change, disruption and risk.
>- Germany has drastically cut back on foreign aid funding, which in return killed off a lot of the goodwill Germany enjoyed in the Global South, we all know that China and Russia filled the gap.
Germany now surpassed the US as the biggest foreign aid spender in the world, in absolute terms, not per capita
> Germany now surpassed the US as the biggest foreign aid spender in the world, in absolute terms, not per capita
A lot of the foreign aid budget is going to Ukraine [1], and the sum that goes to Ukraine isn't even including military aid.
Note, I have zero issue with aid going to Ukraine, and in fact it's still not enough - the issue I have is that a lot of other places simply fall through the gaps.
>Nordstream was privately funded, half by Gazprom, half by a consortium of privately owned large utilities
And do you also believe what Merkel said that "it's purely a commercial venture"?
Who chairs those "privately owned large utilities"?
What are the links between those people and "the establishment" that includes people like Merkel (earlier Shroeder - his work for Gazprom was also purely commercial venture of a private citizen, right?).
That establishment deciding its a great opportunity for Germany to be the Russian gas station of rest of Europe forced to use that gas as the only "green transition" hydrocarbon.
And not only was it a great commercial venture (that had in its profitability calculation getting rid of nuclear - including blocking countries like Poland from building it, squeezing out other countries that own pipelines again such as Poland/Ukraine/Hungary and so on and forced "transition" to gas for the EU - let's not kid ourselves, renewables will never be more than 50% of base load unless battery tech gets cheaper, so that "transition fuel" would last for 50+ years.
It also contained a humanitarian element of giving Putin huge amount of money therefore making sure the dictator will absolutely not use it to build armies to invade his neighbours (despite doing that already at the time in Georgia for example), but he will get used to that money so much he will spend it all and will not want to stop it coming therefore granting eternal peace in Europe.
Anyone who thought the public will swallow this must have been high... But the Germans did.
"nothing to see here" - right?
I for one am glad hopefully the German public realises what kind of state Russia is now, and what "doing business" with them leads to (it corrupts your own country) , but how long that knowledge remains, and why it took a full scale war in Europe to acquire it I don't know.
> And do you also believe what Merkel said that "it's purely a commercial venture"?
That's not the point here (and for what it's worth, Nord Stream should never have been started in the first place, and we should have cancelled it the day that "little green men" arrived in Ukraine).
My point was and is that Germany is traditionally very reluctant in handing out government funds and especially government-backed debt to private industry in general while the US has all but zero issues.
>Germany is traditionally very reluctant in handing out government funds and especially government-backed debt to private industry
Not true. Most of Germany's economic growth since 2022 has been due to massive government public spending, since private investments are down.
The problem is US finances startups who have to either scam private investors or actually innovate to survive, whereas german government funds only politically connected dinosaurs who don't innovate.
Are the Chinese particularly open API-wise here? Another user says BYD applied the DMCA to his repo that reverse-engineered their app (necessary because there's no other way). I think European auto-makers are probably doing poorly because a regime shift occurred in battery tech and EVs became much more useful and EVs are a manufacturing problem that advantages the guys who've been manufacturing electric motors and disadvantages the guys who manufacture cutting-edge gasoline engines.
I'm reminded of the fact that when I got a Roomba ten years ago the box said that the device was open and hackable. Searching online, the text looked like:
> This robot contains an electronic and software interface that allows you to control or modify, and remotely monitor its sensors. For software programmers interested in giving your iRobot new functionality we encourage you to do so.
My Dreame X40 Ultra does work flawlessly with Home Assistant but it carries no such text. In the end, I prefer the working to the text (so perhaps the Chinese companies are better), but things have changed over the intervening years.
/me scratches VAG cars from a possible new EV purchase.
I hate Elon as much as the next guy, but Tesla is still playing the API game way better than the rest of the pack (even with the "not so new" Tesla Fleet API change)
And, does the Volvo community have something like TeslaMate built upon the API? It's not sine qua non factor but it will move the scale a LOT in favor of a brand.
Probably not yet, so far all I've done as an owner was generate an API key and set it up in an integration in Home Assistant so I can track my state of charge over time. I'm sure more software will come!
But Volvo does not have cheap models with a reasonable range, unfortunately. I'm seeing right now on their Spain's website 40k EUR for a single motor EX30 with 337km WLTP which is ridiculous
Yeah this surprised me. 40k is for a vehicle ready to buy immediately from their website. At the same time they have an ongoing campaign for 29k for a financed EX30 + charger installation.
But I hate to deal with car dealerships, they are the worse kind of salespeople out there, trying to sell you what they need to sell rather what you need to buy. You need to go there with a very, very well informed opinion about it. But then they will play the discounts card...
You can still use the infotainment without signing into a Google Account. The only thing that's locked out is the Play Store and 3rd party apps (which you need the play store to download).
Can you use android auto? For the normal person your phone is a better place to get all that anyway. The few people driving as a full time job will find the cars built in stuff better but for most your phone had everything the rest of the time so you want to use that.
I ask because my GM doesn't despite having android automotive. I have to give GM a don't buy unless you drive as a job because of this, even though the car is nice otherwise.
Sad to see some people still believe raw capitalism works and that they can "vote with their wallet".. but they don't see that all car manufacturers can just agree to enshittify their products the same way and use their position to ensure you won't just "start your own car company". There's no real choice and those in power don't care.
Only regulation can help.. or a revolution in case the political system in your country is broken..
Anti-competitive practices that you describe ("all car manufacturers can just agree") is definitely not a capitalistic thing (market competition being an important part of capitalism), and indeed regulation can improve the bad outcomes.
I think revolutions are more successful when there is some new idea of what to replace the system with. Currently I did not see anything remotely interesting (ex: french revolution came with the new idea of equality before the law, which was not the case before), and I think is mostly due to low overall education - you can't improve a system if most of the people do not think about complex issues like laws, taxes, efficiency, etc. Everybody loves to point a finger at someone and blame them (immigrants, rich people, woke people, etc.) like that would "miraculously" solve any issue.
I don't think there's a consensus about that, as demonstrated by divided opinions on EU DMA and Apple vs Epic.
The anti-regulation arguments aren't framed as "market competition is bad", but rather "the market will sort itself out without intervention" and "let companies do whatever they want to avoid killing innovation".
> if you don't like that car/company, don't buy their product. buy competitors. that will show them much better.
I'm all for voting with my wallet, but it gets exhausting trying to be a few steps ahead. And then nothing guarantees that there won't be a rug pull once you bought the car.
> or petition to government to put pressure on them
Right. Not sure why you have to mention it, since everybody knows this works oh so well.
The problem is that all these T&Cs are just pages upon pages of legalese that not only nobody understands or even reads, but that also aren't exactly advertised before buying. "Buy our smart widget! It only works with its own app, and we'll only support it for a ridiculously short time! Please don't upgrade your phone, or it will stop working!"
Of course governments should do something about it, but even here in the EU, they don't seem too bothered. Hell, even people seem generally fine with it, judging by the number of crappy widgets they buy.
> if you don't like that car/company, don't buy their product. buy competitors. that will show them much better. (or petition to government to put pressure on them).
That maybe fine, but if something is allowed at the time I've bought the car, and then the manufacturer changes their policy such that the usage that I did is no longer allowed?
BTW, to me this is bullshit, first cars shouldn't be connected to the internet in the first place, in the case that they are, I would need to be in full control of what I can do with the API, not that I need to use special software to talk to my own car.
> something is allowed at the time I've bought the car,
good point. yet, I bet in their T&C it was covered. it was just not enforced. and usually they have claim like "if we fail to enforce any part of agreement does not constitue waiver.". so most likely it was expected all along, they were not technically adept to actualyl enforce this. now they can.
but, if your claim stands, I bet you can win case against them.
I mean, it was founded by the Nazi party, they single handedly destroyed diesels through the world's largest scam, what ethics can you really expect from them? I find it extremely funny when people boycott Teslas for being "Nazi" but won't boycott actual Volkswagens that was founded by the real Nazi party and to date - followed some of the most unethical practices in automative history :)
Just because the Nsdap party created something that doesn't mean you can automatically treat it is bad. That is prejudice. Something bad happening decades and decades after the party's dissolution is not going to be directly related. It is a reach to think unsupported third party apps breaking is related.
While I agree with you in principle, I don't think this is followed equally. Tesla's are still being vandalized to date, though. Selective outrage is a dangerous thing.
Well so the Nazis founded VW with confiscated union capital, and after the war control of the company was basically handed over to the union to make things right.
This is not an intelligent comment. the Nazi parry and modern-day Volkswagen have nothing in common, whereas Tesla is currently^ actively^ run by someone morally reprehensible to many.
If you had any actual understanding—:as opposed to just hearing this little factoid in passing and have been waiting for every opportunity to whip it out— you’d know that already.
It’s funny as a quip, but don’t for a a second act like it’s a legitimate point, which is exactly what you’re doing.
Stop pasting LLM replies through fake accounts. Dieselgate happened very recently (in this decade). Just research your stuff before you slap a prompt onto an LLM please.
"where the user cannot directly access the data from the connected product or related service, the data holder must make the readily available data and necessary metadata accessible to the user without undue delay, in the same quality as available to the data holder, easily, securely, free of charge, in a structured, commonly used, machine-readable format, and continuously/in real time where relevant and technically feasible."
There is even special EU guidance for vehicle data for it: https://digital-strategy.ec.europa.eu/en/library/guidance-ve...
reply