Breaking the Data Link with FordPass

Smindustries

Tremor Fiend
Joined
Sep 5, 2020
Messages
331
Reaction Points
1,074
Location
ATL-ish
Current Ride
'21 F350 Platinum Tremor
As some of you are aware, Ford has the ability to collect huge amounts of data from vehicles equipped with FordPass connectivity. Ford's authority to exercise this ability lies in the Terms of Service for FordPass app and the linking of a VIN to the account. Basically, linking a VIN to your account tells Ford that you are the authorized user of the vehicle, and you are authorizing Ford to collect all electronic data from the vehicle.

This is in bold type at the beginning of the FordPass Terms:

  • FordPass relies on data from you, your computer or mobile device, and from your vehicle -- such as vehicle location and driving data -- if your vehicle is equipped with connectivity features or technologies and associated to your FordPass account. This is so we can deliver to you great functionality and services, as well as communications tailored to your interests. We may share this information, including with our authorized dealers and affiliates, as described in the FordPass Privacy Policy, which you can read in Section 2 below.

The data collected is awfully intrusive:

  • Vehicle Location: Non-precise or precise location/GPS information, including current vehicle location, travel direction, speed, charging locations used (if applicable), and information about the environment where the vehicle is operated (such as weather, road segment data, trail and road surface conditions and geometry, traffic signs, and other surroundings, may be collected from the vehicle in connection with location-based functions of FordPass. Vehicle Location may also be derived from IP address.
  • Driving Data (may also be referred to as Driving Characteristics and Behavior): Information about how the vehicle is operated and used (such as speed, use of accelerator, brakes, steering, seat belts, etc.).
  • Vehicle Data (may also be referred to as Vehicle Information): Information about the vehicle, its components and parts, including their status and performance and diagnostics of vehicle systems (such as the VIN, hardware model and part numbers, odometer, tire pressure, fuel and fluid levels, battery and lock status, trouble codes, warning indicators, alerts, and SYNC diagnostics), vehicle charging information (if applicable), and other information about how the vehicle is performing.
  • Audio/Visual (may also be referred to as Connected Voice Data, Digital Assistant, or Ford Assistant): Voice commands and other utterances captured when the vehicle’s voice recognition system is in “active listen” state.

What they do with it isn't cool:

WE MAY send communications about products, services, offers, promotions, news, and more that are customized based on your personal information, including your location, speed, and driving characteristics.

What products, services, and offers could possibly be tied to your speed or driving characteristics? Oh, that's right. Automobile insurance. That's precisely the kind of backdoor information that insurers will pay handsomely for. In fact, the information is so valuable that Ford continues to pay for a data connection to our vehicles even if we don't. In exchange, they let us use their data connection for remote start and remote monitoring of the vehicle.

What happens when you delete the app? Nothing, really:

If your vehicle has connectivity technology (e.g. FordPass Connect or Lincoln Way modem or a Connectivity Device) and you connect your vehicle to your FordPass account, your vehicle will share Connected Vehicle Information (e.g. Vehicle Location and Driving Data) with Ford. Deleting or uninstalling FordPass from your device will not disable data sharing.

So, if customers think deleting the app stops the data flow, they're sorely mistaken. Downloading the app, creating an account, tying the VIN to the account, and accepting the Terms created a contract allowing Ford to scarf up data. Forever. It is still effective even after deleting the app.

There are ways to rescind permission and prevent Ford from collecting data:

To stop FordPass-related vehicle data transmission and access enabled by connecting your vehicle to FordPass, contact the customer relationship center; and consult your vehicle's Owner’s Manual (and follow the procedure to disable your connectivity device which may require performing a Master Reset to stop data transmission.

Ford's first course of action suggested is to reach out to them so they can twist the consumer's arm into keeping the link alive. How do they do that? Well, they threaten to delete your account, which takes away all those sweet FordPass points:

To cancel your FordPass Account, contact Customer Support at [email protected]. By cancelling your FordPass Account, you also will cancel your membership in FPR. All FPR membership benefits, including accrued Points (as defined below) will immediately be forfeited upon cancellation.

They're also going to tell you that everything related to data in the vehicle will stop working, including WiFi. That's what gave me pause. Then I discovered it's a lie.

Fortunately, there's another way to break the link without canceling your FordPass account and losing any accrued points:

Prior to selling or transferring ownership of the vehicle, complete an in-vehicle Master Reset or an in-App User Reset (available methods vary on equipment model) to return the vehicle to the default settings. If you forgot to perform a Master Reset or User Reset and no longer have possession of the vehicle, please remove the vehicle from the Garage with the FordPass App. Removing the vehicle from the Garage must be done for all associated accounts in order to remove the remote access.

When you delete the VIN from all FordPass accounts, there is no longer any end user permission from Ford to collect the data. When I did this, the data transfer icon on my center display stopped appearing, however my cellular data signal to the right of it remained. I still have a hotspot, AT&T still bills me separately, and Ford doesn't tell insurance companies I set my cruise in excess of the speed limit.

The trade-off is that I don't get to remote-start my truck from my phone, and have to use my key like a peasant. The upside is that I can use my FordPass points to buy JS7Z-15603-A, which is a 'Remote Start Ultra-Long-Range Extender' for $30.
 
Or you disconnect the telematics module under the passenger side dash.

If you think they don't have your data just because you opt out of an app, I have a beachfront condo in AZ to sell you. It will be listed as "anonymous", but there may well be indicators that can trace back to you.
 
Or you disconnect the telematics module under the passenger side dash.

If you think they don't have your data just because you opt out of an app, I have a beachfront condo in AZ to sell you. It will be listed as "anonymous", but there may well be indicators that can trace back to you.
Would you be so kind as to point out exactly where this plug is and how to identify it?
 
I don't so much have a problem with any of this, as many phone apps are already doing the same thing. But what concerns me more is related to repair and maintenance information related to these systems that may not be available to me as a consumer if I want to repair the vehicle.
 
Or you disconnect the telematics module under the passenger side dash.

If you think they don't have your data just because you opt out of an app, I have a beachfront condo in AZ to sell you. It will be listed as "anonymous", but there may well be indicators that can trace back to you.

That will kill the wifi.

You clearly misread or misunderstood what I wrote and cited if that's your takeaway. Or perhaps it's a fundamental misunderstanding of consumer law. The app is the authorization for them to collect the data. They don't have permission otherwise and open themselves up to massive class action suits if they collect data from private property without permission.

Would you be so kind as to point out exactly where this plug is and how to identify it?

Look for the fuse labeled "Embedded Modem."
 

Attachments

  • ModemFuse.jpg
    ModemFuse.jpg
    374.4 KB · Views: 465
Last edited:
I don't so much have a problem with any of this, as many phone apps are already doing the same thing. But what concerns me more is related to repair and maintenance information related to these systems that may not be available to me as a consumer if I want to repair the vehicle.

The good news is that these systems are totally unrelated to the operation of your vehicle. Ford is collecting data that was already being generated onboard. Onboard storage is limited and stale when Ford gets it, so now they offload data from the vehicle constantly and store it for as long as they see fit. That doesn't impact your ability to repair the vehicle.
 
That will kill the wifi.

You clearly misread or misunderstood what I wrote and cited if that's your takeaway. Or perhaps it's a fundamental misunderstanding of consumer law. The app is the authorization for them to collect the data. They don't have permission otherwise and open themselves up to massive class action suits if they collect data from private property without permission.



Look for the fuse labeled "Embedded Modem."
Fuse Panels:
Passenger footwell panel, fuse #8.
 
Unfortunately as mentioned, if you have a cell phone they (Apple, Google, and countless others) are already tracking you in more ways than we will ever truly know. It's a copout when I say that I don't care because I do, but it is the price that we as consumers pay for convenience. My brother couldn't figure out why after he searched for something on Amazon or similar that he started to get adds relevant to that search. Duh, I guess 50 plus years of smoking dope might have something to do with being that way.....

Remember the movie 1984 by George Orwell, guess what....
 
Unfortunately as mentioned, if you have a cell phone they (Apple, Google, and countless others) are already tracking you in more ways than we will ever truly know.

This is where we disagree. I have a cellular phone, and my behaviors are not tracked unless I specifically allow it to occur. Location Services are disabled on my phone. Non-native apps don’t have access to native apps. I do not blindly click through user agreements. I don’t use Google products on my phone. In fact, the most usage my phone gets is as a phone. Making and taking calls.

I take my privacy a little more seriously than some (and less than others), and have yet to find an app or electronic doodad with a function I can’t live without. Especially so if it means me becoming the product.
 
This is where we disagree. I have a cellular phone, and my behaviors are not tracked unless I specifically allow it to occur. Location Services are disabled on my phone. Non-native apps don’t have access to native apps. I do not blindly click through user agreements. I don’t use Google products on my phone. In fact, the most usage my phone gets is as a phone. Making and taking calls.

I take my privacy a little more seriously than some (and less than others), and have yet to find an app or electronic doodad with a function I can’t live without. Especially so if it means me becoming the product.
You are assuming they will act in good faith to their agreement.

I may be incorrect here, but most of us also have no way to verify they are doing so.

Just because a contract says something, does not make it so.

Nefarious actors will do nefarious acts.

If data security is a concern, you have to disrupt the vector physically or insert your own software controls lest you are still vunerable. Just my opinion on the matter.
 
I understand and I am not trying to open a can of worms or derail this thread. However, try as you might you can reduce your exposure to what is shared but the only true way to eliminate it is to not use anything that has those abilities which is a broad spectrum of products. In fact short of ditching virtually all electronic devices (including GPS) there is going to be some things that are tracked like it or not. Even the new Alexa, Echo, and many other products are now being built with an embedded chip that can be used to create a network that is not Wi-Fi based but can be harnessed together by the manufacturer of those devices whenever they would like to and harvest the data at will.

Which is why I mentioned the movie 1984.
 
You are assuming they will act in good faith to their agreement.

I may be incorrect here, but most of us also have no way to verify they are doing so.

Just because a contract says something, does not make it so.

Nefarious actors will do nefarious acts.

If data security is a concern, you have to disrupt the vector physically or insert your own software controls lest you are still vunerable. Just my opinion on the matter.

You believe I'm assuming in good faith, whereas you're assuming a multibillion-dollar international public company responsible to shareholders and governments alike is running a vast illegal and clandestine data-mining operation so top-secret that word of its existence has never made it out of Ford, the results of which they could sell because it was obtained illegally.

Wow. Conspiracy theory much?

I guess I am acting in good faith.
 
I kind of agree with the conspiracy theorists that if some rogue actor is specifically targeting you and your information it’s pretty difficult to maintain your privacy if you’re using any digital platform (especially things like this forum!)

However, to the more subtle issue the OP brought up of is your insurance provider able to buy data about how you drive: You can be 100% certain that if you’re Apple is the only one with that date than the answer is no.
 
Last edited:
I kind of agree with the conspiracy theorists that if some rogue actor is specifically targeting you and your information it’s pretty difficult to maintain your privacy if you’re using any digital platform (especially things like this forum!)

However, to the more subtle issue the OP brought up of is your insurance provider able to buy data about how you drive: You can be 100% certain that if you’re Apple is the only one with that date than the answer is no.

It's even more basic than that for a lot of people, and they might not realize that the data is being collected or that they can assign or revoke permission. If one grants Ford authorization to collect the information, the information can then become discoverable in litigation.

Maybe a woman in a divorce doesn't want her angry spouse to know where she lies her head at night. Maybe a married guy doesn't want a divorce, but also doesn't want his wife to know about his boyfriend. No matter, Ford will certainly respond to a civil subpoena for the information.
 
Last edited:
You believe I'm assuming in good faith, whereas you're assuming a multibillion-dollar international public company responsible to shareholders and governments alike is running a vast illegal and clandestine data-mining operation so top-secret that word of its existence has never made it out of Ford, the results of which they could sell because it was obtained illegally.

Wow. Conspiracy theory much?

I guess I am acting in good faith.
I'm not assuming anyting of the sort. All I am saying is the potential is there, and there is no recourse we as end users have past fully disabling the system. Not really a conspiracy... just considering the reality. If the capability is there, a legal document is not a huge deterrent, especially when a single lawsuit (which is arbitrated per the ToS) costs much less than the data is worth by orders of magnitude. That's a huge disparity, and would be very tempting to violate the ToS if the risk was worth the reward.

Also, for now, I'm using the App to see if I like/use it enough to keep it active. And, FWIW, I'm not concerned. If I were, I wouldn't have my google tracker android phone with me most of the time, but I fully expect that they are tracking me regardless of my opt-out of location tracking.

Yes, you are acting in good faith, and pulling your VIN is at least one step you can do to de-identify your data taken from the cell phone app. Just realize the mothership knows which VIN is your truck, and they are talking to it per agreements signed at purchase.
 
As some of you are aware, Ford has the ability to collect huge amounts of data from vehicles equipped with FordPass connectivity. Ford's authority to exercise this ability lies in the Terms of Service for FordPass app and the linking of a VIN to the account. Basically, linking a VIN to your account tells Ford that you are the authorized user of the vehicle, and you are authorizing Ford to collect all electronic data from the vehicle.

This is in bold type at the beginning of the FordPass Terms:



The data collected is awfully intrusive:



What they do with it isn't cool:



What products, services, and offers could possibly be tied to your speed or driving characteristics? Oh, that's right. Automobile insurance. That's precisely the kind of backdoor information that insurers will pay handsomely for. In fact, the information is so valuable that Ford continues to pay for a data connection to our vehicles even if we don't. In exchange, they let us use their data connection for remote start and remote monitoring of the vehicle.

What happens when you delete the app? Nothing, really:



So, if customers think deleting the app stops the data flow, they're sorely mistaken. Downloading the app, creating an account, tying the VIN to the account, and accepting the Terms created a contract allowing Ford to scarf up data. Forever. It is still effective even after deleting the app.

There are ways to rescind permission and prevent Ford from collecting data:



Ford's first course of action suggested is to reach out to them so they can twist the consumer's arm into keeping the link alive. How do they do that? Well, they threaten to delete your account, which takes away all those sweet FordPass points:



They're also going to tell you that everything related to data in the vehicle will stop working, including WiFi. That's what gave me pause. Then I discovered it's a lie.

Fortunately, there's another way to break the link without canceling your FordPass account and losing any accrued points:



When you delete the VIN from all FordPass accounts, there is no longer any end user permission from Ford to collect the data. When I did this, the data transfer icon on my center display stopped appearing, however my cellular data signal to the right of it remained. I still have a hotspot, AT&T still bills me separately, and Ford doesn't tell insurance companies I set my cruise in excess of the speed limit.

The trade-off is that I don't get to remote-start my truck from my phone, and have to use my key like a peasant. The upside is that I can use my FordPass points to buy JS7Z-15603-A, which is a 'Remote Start Ultra-Long-Range Extender' for $30.

To my understanding, there are only two ways to ensure the line to Ford has severed. You can perform a master reset of the vehicle, or you may remove the fordconnect modem.

Note my truck has been in purgatory for a couple months, I will have first hand data if and when it ever arrives.
 
I understand and I am not trying to open a can of worms or derail this thread. However, try as you might you can reduce your exposure to what is shared but the only true way to eliminate it is to not use anything that has those abilities which is a broad spectrum of products. In fact short of ditching virtually all electronic devices (including GPS) there is going to be some things that are tracked like it or not. Even the new Alexa, Echo, and many other products are now being built with an embedded chip that can be used to create a network that is not Wi-Fi based but can be harnessed together by the manufacturer of those devices whenever they would like to and harvest the data at will.

Which is why I mentioned the movie 1984.
The book is better.
 
Fuck Ford pass. Just don't sign up.
Ford Pass ("Bells and Whistles") is just a Carrot dangled in front of buyers to give up privacy... We Should All Be Concerned With OTA (Over The Air) And “Telematic” Capabilities On Our New Private Vehicles… Are You Willing To Sacrifice Privacy For Cool Conveniences? Please Look Into This….??
 
Back
Top