Hacker News new | past | comments | ask | show | jobs | submit login
Insecure vehicles should be banned, not security tools like the Flipper Zero (saveflipper.ca)
1496 points by pabs3 9 months ago | hide | past | favorite | 878 comments



> Security tools like Flipper Zero are essentially programmable radios, known as Software Defined Radios (SDRs)

The Flipper Zero is not a SDR, it is less capable than that.

That's the ironic part, the Flipper Zero is a rather weak hacking tool.

It can open car doors, but it is so impractical that it is not much more than a party trick. You have to record the code by pressing the button on the keyfob out of range of the car and in range of the Flipper. You can then open the door to the car, once, and only if the owner didn't open it first. There is a more advanced and maybe practical attack called rolljam, but I don't think the Flipper is capable enough to do that.

The only thing is that the Flipper Zero is fun, cheap(ish), and popular, but real thieves already have better tools for their job.


At one time is was possible to open car doors with a coat hanger. Nobody suggested banning coat hangers. They fixed the doors.


This came in handy for me once when I locked myself out of a u-haul in what used to be a rough neighborhood in New York. I was standing there fishing with a coat hanger trying to figure it out when a gangster looking dude came up and was like "here, let me help you with that," and 3 seconds later had the door open.


Haha similar story. I used to deliver pizzas and worked with a pretty rough crowd. Once I locked my car while it was running and had a bunch of deliveries. One of the cooks unlocked it in about five seconds.


I have a similar story! Locked out of my car. Bikers park next to me.

"You locked out? Hang on a moment"

Goes into a Subway, comes back with a coat hanger.

Less than a minute later the car is unlocked.

"Wow you're pretty good at that"

"I literally just got out of prison today... for car theft."

Laughter all around


Who knew there were so many Good Samaritan car thieves out there, huh? I guess everyone enjoys a chance to show off their skill set a little!


There is (was?) a tool called a slim Jim that was basically a purpose-built coathanger for unlocking doors.

There was some talk of banning them in some areas, because people love treating symptoms rather than causes.

Nowadays the tow truck drivers have a little inflatable bag they slide into the top of the door and inflate so they can press the unlock button from the inside. Quite effective!


Intentions sometimes matter. There is a South African shotgun aspirationally named Street Sweeper, and it's famously classified as a Destructive Device in the US, which is two levels more strictly controlled category, AIUI, IANAL, than a manually operated Gatling gun.

FZ is intended to clone keys and bypass security, I suppose in significant part for users' lawful convenience, but is kind of intended to do what it should not.

Coat hangers aren't engineered with intent to be shoved into the weather seal on a door.


You can literally order lock picks on Amazon in Canada[1].

Which were absolutely engineered with Internet to be shoved into locks to open them without a key.

To be clear: purchasing ans owning lockpicks is perfectly legal in Canada [2].

I don't think your logic applies to why that legislation was introduced. They're treating Flipper as a lockpick, but legislate it differently nevertheless.

Cheap, misguided hype seems to be a more plausible explanation.

[1] https://www.amazon.ca/Professional-Accessories-Suitable-Hand...

[2] http://lockking.ca/can-i-buy-lock-picks-in-canada/


> FZ is intended to clone keys and bypass security

I'd say it's more of an educational/'hacker' toy than it is a useful security bypasser/key cloner.

Purpose built(and better aot their job) those things cost significantly less. The flipper zero is a toy that the Canadian government are about to misclasify.


I locked myself out of my car so often I ended up wedging a coat hanger under the rear bumper. You're right: car doors used to be trivial to yank open when you knew the trick. These days I'd love to create a little side project that sets the alarm off on my car any time a relay attack is detected. I'm sure Mark Rober or someone will end up doing it.


what would the alarm do other the annoy a few hundred people. It wouldn't save your car. car alarms should be banned imo. replace them with something that pings your phone maybe but the alarm does nothing


There are alarms with phone messsaging, tracking, remote start and disable. Also relay attacks are easy to prevent, just put your smart key inside a faraday bag or remove the battery.


Wouldn't it have been easier to put a second key under there?


Of course, but that takes time and money to get a new key made. And once you know the trick it’s trivial using a coat hanger.


sounds rather complicated. You would have to scan the entire spectrum (not the entire, but like certain bands) and detect if there is someone sending power on there.

But modern vehicles detect these relay attacks and drop your message when you are too far away (ToF Measurement), you could maybe instrument that. But then when you walk to your car on an open field, you may also trigger the alarm because your key is out of range for a short time.


Not a great analogy though, since a coat hanger’s primary use is not to break into cars.

Note: I’m not advocating banning the flipper zero anymore than I’d advocate banning lock picks. I just don’t think the analogy is apt.


And a Flipper Zeros main purpose isn't to break into cars either...


It’s really hard to determine the primary use of an item, especially for legal purposes.


The idea of banning the flipper is like banning legos because you can build lockpicks out of them — it’s just nonsensical politician logic.


I suspect, in part, that this article and people pushing for a ban wouldn't have even noticed the Flipper Zero if it didn't look like a toy. The case design looks like some advanced Tamagotchi and places in a more accessible part of the lowest-common-denominator mind. If it looked like a raw PCB and wires, or some rats nest jumble of little components, it wouldn't catch their attention as much. There is a lot to be said about how we package our hack tools, and the second you move into "magic box go brrrrr" territory, suddenly it gets real to those outside technical circles.


Actually, there may be something here. Politicians seem to be blathering on about "prepackaged" hacking tools, and similar terms. They obviously aren't going to ban ICs, or breadboards, so in their minds I think it's all about "Tools that are designed for non-hackers to use, in ways we don't like".

Right or wrong re: Flipper's uses, the "just take this and go" is part of it.

I do wonder, right now lockpick tools are banned, unless you are a locksmith. I wonder if one day, you'll be charged with "hacking tools", because you have some hobby project in your backpack.


What kind of lockpick can you build out of legos?


A very, very bad one that might only work with Lego locks.

Let me double down…

https://ideas.lego.com/projects/40434532-eaa1-4926-8621-3629...


That’s the joke


The Flipper Zero is not certainly the problem here, and it is not a proper SDR tool as said. But I believe it's technically interesting that the Flipper Zero uses the CC1101 inside the Flipper in a more powerful way. The chip can be configured to just report in a given pin the actual OOK/FSK state (logic high/low). The same can be done while transmitting. So the Flipper is not limited to the protocols/formats supported by the CC1101 during normal operations, but can do any protocol as long as it is within the frequency range and uses OOK or FSK modulation (or the FSK variants supported).


> but real thieves already have better tools for their job.

there you go, letting logic get in the way of a politician looking to score points


All this will do is increase sales volume. Given that flipper is 95% just a marketing play, I wouldn't be surprised if they're already on this


Sooo they have been stealing Infiniti's from my area recently with relative ease allegedly by using a Bluetooth obd2 reader connected to an android tablet running a pirated copy of some Nissan service tech software.

Nobody from any of the Infiniti groups is 100% certain how they are doing it, but the best theory out there is above.

Just the other night, a crew of dudes stole 3 Q50’s from my neighborhood with relative ease.

Here is the ring cam video my neighbor posted:

https://video.nest.com/clip/8ef4d060588d4c7289f87cccb00cb55a...


Well for one thing the OBD port shouldn’t be designed so that it has direct access to any useful CAN bus. It should go to a gateway that requires authentication to do anything except read OBD, and all of the IDs that you are allowed to send should be whitelisted.

The issue people are mentioning with the headlights is easily solved by just moving the starter CAN to its own CAN bus between the immobiliser and the ECU (physically isolating the headlights), which costs about $5 total and requires no crypto unless thief is willing to cut the car nearly completely in half.

(The problem with crypto is the $10 safety MCUs used all throughout cars are only like 20MHz and they can’t really do the 2000+ crypto ops/sec on top of their current workload. Also the tooling support for crypto ATM is really poor in the model based design tools that are used for this safety relevant SW)

BTW I personally don’t believe that anything that involves cutting into a vehicle is negligence of anyone. I mean, from my perspective, anyone can just pop the hood and drive the car with their own BYO ECU. It’s just a hunk of metal and once you start cutting it up you can make it do whatever you want.

I am an automotive systems engineer.


Yes, the simplest solution sometimes really is the right one. Cheaply isolate sensitive targets from easily accessible areas. Your $5 solution is enough to avert these issues, and makes the attack a lot more expensive. The job is to find a "lever" where you only have to put in a little effort (say $5 worth) but which causes the thief to have to put in a lot of effort (cutting the car in half). The better the "lever", the safer the design.


I agree fully with this, except for the fact that this then makes devices like the Comma (comma.ai) impossible. The hacker in me really wants to be able to send steering signals by plugging something into my car :)


If you own the car, why wouldn't you be able to attach something to both of the CAN busses from the interior?


How easy is it to find a CAN wire in a car?


In every car I owned so far the can bus was just behind a removable panel near the steering wheel.


The solution is not that complicated, just route the wiring harness on a location not easily accessible from the exterior of the vehicle. There’s nothing that can stop thieves just delay them enough to increase their risk to be discovered.


See all that time the thief spends near the drivers side headlight? The headlights are on the can bus, if you can tap a couple wires in there the cars is yours.


Genuine question - why do headlights need to be on the main CAN bus? Could they not be operated from somewhere closer to the ECU by wires that just carry power and maybe some very simple data lines?


A lot of headlights steer with the car, the can bus is a giant network without any authentication.


It cuts way down on the amount and expense of wiring, copper is expensive. It makes it easier to pocket some more profit.


just wait until wireless CAN comes around


I can see fiberoptics, but wireless just wouldn't be reliable. There are too many sources of noise in a car, plus rush hour traffic with dozens (hundreds?) of cars nearby broadcasting on similar frequencies.


I suspect fancier headlights can pivot based on incline and steering wheel angle.


It may be something as stupid as a wiring harness layout optimization. You can put the headlights controller at the headlights and only run a single set of CAN bus wires (which are probably in that area anyways), haven't played with CAN I assume they are fairly few and fairly thing gauge, through the firewall of the car.


CAN is a 2 wire serial bus using differential signaling. So a couple small wires and maybe some shielding.


It's not about the cost of wire, it's about the cost of software. This is the auto industry version of MCAS. I wish I was joking.


I'm very surprised to see that the ignition control is on the slow speed can bus...


What part of starting a car is fast compared to the canbus? Speed is relative


There are usually two can buses a car, a slow one and a fast one. The slow one controls the lights, infotaiment, climate, etc, while the fast one controls the ECU, driver assist, all related to driving.


If you have access to one you generally have access to both.


Infinite Infinity car hack, came with two, left with three Q50s.

They do crouch an awful lot near front wheel well. Reminds me of this Toyota hack where thieves plug into headlight canbus wiring thru wheel arch https://kentindell.github.io/2023/04/03/can-injection/


That's exactly what's happening. This is not a wireless attack, it's a physical access problem.


Hard to prevent theft of something parked on the street. Thieves can show up with a tow truck, hook the car, and drive away.


Don't hook the headlights up to the can bus or implement UAC... The headlights shouldn't have access to the alarm or ignition.


Obviously, we want owners to have full access to their car's CANBUS.

So the question is: how should the OBD-2 plug (or wiring) be protected?


All CANBUS packages that are useful to drive a car should be encrypted using a public/private key that is in the owner key. Decryption chips are cheap and fast.


Maintenance is a big key management problem though: if only the owner has it, there will be problems when people inevitably lose it. If there are shared keys for service departments or databases, thieves will get access to them.

Things like time-limited on-demand keys can limit those problems but now you can’t get your car serviced when Toyota’s servers go down and they need to commit to not breaking API compatibility for multiple decades.


GP said the key is in the car key. You already give the car key to a mechanic, I don't see how this would make maintenance any harder.


Think about what happens when people lose their keys, which will reliably happen.


In the old days, most or all car companies had the ability to look up the bitting code to cut a replacement key (the mechanical kind) from the car's VIN. There's no reason they can't do the same with an encryption key.

Of course they'd need to do a good job securing that database since inappropriate access to it would make stealing cars very easy.


There is a very good reason that isn't possible/analagous to traditional rekeying.

Mechanical keys are not secure. They can be reproduced with basic skills. That's why there used to be a giant key cutting industry where much of the business was car keys (Thanks, GM.)

The whole idea of CA PKI and all modern TPM architecture on devices is that they CAN'T be reproduced or replaced in context without massive effort that would make the intended use moot; IE replacing the TPM and associated on both the key and car. This would require some bureaucratic pointless process to prove your identity, and it would be very expensive and frustrating, and completely at the manufacturers will.

Further, if the car CPU could allow this, it would be >.0001 second before theives use the same exact tools that the manufacturers use. This is basically what's happening now with current NFC/Radio Keyfobs. Basic access to existing cpu through canbus makes NFC/Radio moot.


> If I left a million dollars out on my front porch, and someone stole it, that would not be my fault in any sort of way

Pretty much all of human history to this point says that this is a practical impossibility. If there is such a database/secret, it will get out.


Just make it so the key has to match cryptography with a device that is wedged deep within the vehicle in a hard to access way.

The dealer can spend the two hours necessary to replace the encryption module, but thieves would have to also spend that same two hours.


Most modern keys already have cryptographic rfid transponders which must be in place to turn off the Immobilizer system.

Unfortunately, Immo can be trivially disabled/bypassed/reprogrammed on many cars using the canbus or odb2 interface.

Also trivially editable in many ICUs is the mileage, airbag (crash) history, etc.

The main vector is that this data typically exists alongside performance parameters and user data like registered keys and fobs, so is accessible either by catching the ecu in bootup/program mode, by buffer overrun attacks, or often just by asking nicely.

This is basically doable by anyone who can to chip tuning or ECU remaps. It’s technical, but not that technical. Many ECUs require JTAG access inside the ECU housing or even desoldering the serial flash chip, but many do not.

I just bought a whole setup for this from AliExpress for about 100 dollars and it’s worked well for me so far, just a specialised JTAG adapter with some cables really.

Pretty sure if you wrote drivers for chip tuning software to use a buspirate it would work just as well if not better.


The manufacturer should maintain a root cert that can be used. If that root cert is compromised then they should have a way of rotating keys if the vehicle and physical keys are present. Breaches then constitute what amounts to a software recall, putting the onus on the manufacturer to report them or be held liable for thefts. The recall notice puts the liability on the driver to have their vehicle updated (for free) in a timely fashion.


To do that, we'd probably need to accept one of these as a consequence:

1. all cars must be internet connected so they can pull CRLs

2. dealers and locksmiths are no longer able to replace keys, you will have to ship the car back to the manufacturer if you lose your keys.

Because there's no secure way to hand out the root cert to the thousands of organizations authorized to replace keys today.


The situation doesn’t need to be as strict as #2: you could have a way for a registered service shop to get a per-device rekey by shifting some liability to them. Making it per device prevents bulk usage and an active communication with the manufacturer would mean the cops could ask the owners of a shady auto shop some questions when 80% of the stolen cars in the area are being rekeyed at a place the owners have never been to. I lost a car key once and the locksmith who showed up checked my drivers license against the title database because he could have been penalized for unlocking a vehicle without doing so - we could make the same model work electronically because while car thieves are anonymous, legitimate repair shops have a business presence and reputation to preserve. Even someone amoral isn’t going to look the other way for something which will cost them their primary revenue stream.


I don't think that the dealer equipment being used to steal cars today is coming from dealers where management is knowingly engaging in car theft. It is other people who are misusing those tools. There are many hundreds of thousands of people who work at dealerships, and many do not care about their employers reputation. Also, many dealerships are broken into.


Yes, which is why I suggested a combination of measures to change that. An active per-device transaction would make it clear when a dealer’s access is being misused, and if it affects their business viability it would turn out that they could do a better job of controlling access. Hundreds of thousands of people work at banks, too, and many of them do not care about their employers but thefts from customer accounts are rare because the companies are incentivized to set appropriate safeguards. There’s no reason why car repairs couldn’t be the same other than that it costs more than what they’ve been doing, and there aren’t strong enough incentives for them to take on those costs.


What would that look like in reality? Expecting dealerships to have the same physical security, procedures, and security vetting of a bank? There's already a shortage of workers in these roles, now we want the guys busting their knuckles on vehicle repairs to have a good credit score and good background check and perform elaborate opening and closing procedures with a buddy system? Storing tools in a vault?

I really don't see how any of this is merited or reasonable, especially when the vast majority of the cars being stolen in my neighborhood are either stolen with the keys or with a tow truck.


Require resets to be initiated and authorized by the F&I department, whose security and KYC processes should already be substantially similar to those of other institutions that regularly approve $50,000+ loans.


My prediction:

1. As a result, we'll see costs like losing the keys to a rental car go from a $250-500 fee to a $2500-5000 fee, due to the additional costs to process and the additional loss of use.

2. Criminal rings that steal high value cars will go from often using tow trucks, to exclusively using tow trucks.

3. The number of cars stolen via stolen keys will remain unchanged.

Yes, the key itself will be more secure, but I'm not really sure it will actually improve anything. More security is not better if the costs do not create real-world results.


Your second point is leaving out a lot: there’s no way adding a requirement that you have heavy equipment and a skilled operator isn’t going to reduce the number of thefts, and those trucks are in more limited supply and easier to track than a small tablet. They’re also way less stealthy so there’s a lot more time to get caught.

The third point may be true for classic theft but would not be true for the growing category of thefts caused by abusing wireless keys. If you can’t easily get a new key, the resell value for that car is going down dramatically.


Commercial tow trucks are not hard to get in many places, but it is also not required to tow a car. There are many consumer oriented solutions for towing a car. Tow dollies are about $40 to rent in my city. Or if you're a thief, trailers aren't hard to steal either.

> If you can’t easily get a new key, the resell value for that car is going down dramatically.

Most of the vehicles that are stolen for resale are high value and sent overseas to parts of the world where the labor cheap to do something like entirely rip out all of the security components. I don't really think that these criminals will stuff a G-wagon in a shipping container for $100,000 but they won't do it for $80k or $90k.


> Commercial tow trucks are not hard to get in many places, but it is also not required to tow a car. There are many consumer oriented solutions for towing a car. Tow dollies are about $40 to rent in my city. Or if you're a thief, trailers aren't hard to steal either.

Again, it’s possible but do you really think there isn’t even one thief who lacks easy access to a tow truck or will be caught firing up noisy equipment at 3am but not if they fumble around in their pocket while walking up to a car? Not a single teenager looking to joyride won’t give up if it’s harder than the Kia video they saw on Tik Tok?

Similarly, yes, people will still steal vehicles and ship them overseas but the more work they do the lower the resale market and value will be, and that will make it less tempting since you’d only be able to sell to people who are content never getting service from the manufacturer. Even if we assume that there are countries with skilled technicians and effectively no law enforcement, only something like 10-15% of stolen vehicles are shipped according to U.S. officials so even if you wrote those off entirely you would have plenty of room to improve by reducing the majority of thefts which never leave the country.


There's different categories of criminal here who are willing and able to do different things to different types of cars.

> Again, it’s possible but do you really think there isn’t even one thief who lacks easy access to a tow truck or will be caught firing up noisy equipment at 3am but not if they fumble around in their pocket while walking up to a car?

Canbus attacks, OBDII reprogrammers, and similar are typically pretty intrusive, they require cutting into fender liners, removing lamps, busting a window, or otherwise gaining physical access to the bus. They also require specialized tooling and expertise that are harder to get than the tools which physically move vehicles.

The one that might be an exception, and some savvy street criminal might be able to get their hands on is a tool to do is a relay attack, which is usually good enough to steal belongings from a car, but generally not capable of stealing the car.

> Not a single teenager looking to joyride won’t give up if it’s harder than the Kia video they saw on Tik Tok?

Definitely not. Vehicles with immobilizers are essentially never stolen by joyriders unless they have also stolen the keys.

> Even if we assume that there are countries with skilled technicians and effectively no law enforcement, only something like 10-15% of stolen vehicles are shipped according to U.S. officials

Yes, and almost all of the other ones either just lack immobilizers, or the thief also stole the keys.

e.g https://archive.is/kxXn3


Simply requiring the dealers to take seriously ownership validation and track which workers used the reset system (no shared logins, etc.) would do most of it.


The same problem exist for car keys.

The answer is, when a person "inevitably lose[s] it", they need to pay to get their electronics refit.


The result of that may be that losing a key is financially devastating enough that it totals many vehicles. And/or if the odometer and other local storage is affected, that may cause permanent title issues for the car.

The number of people who lose their keys vastly dwarfs the number of people who are having their car stolen with a flipper zero.


Perhaps, or perhaps not.

It has to be hard enough it can't be done in the street (without getting attention), but maybe it could be easy enough to do in a garage.

But even if it is expensive, the result would be that either people with take more care, or they'll lose their car.

Maybe it's not a bad thing that people who can't manage a key are less likely to be on the roads - or that its more likely they lose access to their car then it ends up in the hands of criminals. A car can be a dangerous thing, even an inexpensive one.


Yes, but this wouldn't prevent dangerous street criminals from stealing cars. Many of them steal the keys with the car. They go down to the gas station, and wait for an old lady with a nice car to pull up to the pump, and when she hops out they hop in.

The criminals doing more skilled attacks typically aren't joyriding or using it to commit other crimes, they typically doing it for financial gain: they want the car, its contents, or its parts.

Ultimately the overlap between the violent street criminals and those skilled at attacking digital security systems is not much.

> But even if it is expensive, the result would be that either people with take more care, or they'll lose their car.

The entire reason keys were explicitly designed with the functionality to program new ones is because that's not considered by most to be an acceptable solution.


That kind of expands the scope of this conversations to mugging/carjacking, which also comes with a higher penalty, and probably higher priority to the police.

And, it involves interacting with someone, who presumably can call the police afterwards, and activate any lojack / immobilisation device before it can be removed. Presumably the appeal of stealing a parked car it may be a while before it has been discovered and reported stolen.

Also, doing such a thing in a gas-station where there are likely cameras and even other people / attendants make it seem pretty risky to me. Are these dudes just hanging around the pumps in masks? What country is this?

> not considered by most to be an acceptable solution

Things change, but also, it's as much up to the government and/or insurance corps what's acceptable.


The only reasonable way to evaluate risk is as a whole. Real world attackers pick whichever realm is easiest to exploit, they aren't going to waste their time doing something difficult when there are easier ways to accomplish their goal.

> who presumably can call the police afterwards, and activate any lojack / immobilisation device before it can be removed.

Yes, people who carjack usually aren't looking for a nice daily driver to hang on to for the next 3 years. Usually they want to joyride, or use the car for some other crime, in the immediate term.

> Also, doing such a thing in a gas-station where there are likely cameras and even other people / attendants make it seem pretty risky to me. Are these dudes just hanging around the pumps in masks?

Stealing a car, and being in possession of a stolen car, is pretty risky already. I think someone who does this type of crime is probably not very risk averse. Wearing masks is a pretty common way to thwart cameras when committing a crime in many places, I don't think this potential security issue is specific to certain countries. I think what you might be hinting at is that fewer people want to do carjackings in different places, but the same applies to canbus exploits. Nor do I think anyone really needs to "hang out" to find a car at a gas station. Many have cars filling up at them regularly throughout business hours.

> Presumably the appeal of stealing a parked car it may be a while before it has been discovered and reported stolen.

Yes, and while there are some instances of this happening electronically, I don't think closing those avenues will change anything, because towing cars is neither difficult nor suspicious in many places. Again, security is only as good as the weakest link. Nearly all criminals cut locks, even ones are very easily picked.


> people who carjack usually..

No idea, but my point stand on how they achieve this in the first place..

> towing cars is neither difficult nor suspicious in many places

because it's not a recognised method of theft. Also, buying a registered tow truck to commit a car theft doesn't sound easy to me.


Buying a tow truck is no different than buying a truck just about anywhere. Or one can simply buy a regular truck and bolt on a towing attachment to make their own tow truck.

e.g. https://liftandtow.com/

One can also purchase, rent, or steal a trailer and attach it to a vehicle. There are several types of trailer which can haul a car, which are all widely available to the public.


0 people are getting their car stolen with a flipper zero.


A traditional car key can be trivially duplicated at any hardware store. That's the difference. You can make as many spares as you want for a couple bucks a pop. No dependencies. No network.


Do any cars have "traditional keys" anymore? My 15 year old Corolla has an embedded RFID tag in the key, and can only be duplicated at a Toyota dealership.


Assume that for anything new enough to have keyless entry, the answer is no.

The big switchover was in '96 when OBDII/CAN bus became mandatory. At that point it became pretty cheap to do things electronically, often cheaper than mechanically, so lots of things started switching over around then.


Not fully true. Just as it's not true with non-car keys. Some blanks are heavily protected. Now these days with the dissemination of cheap cnc mills, maybe thats a bit more trivial, but you are paying a lot more for a cnc mill than you pay for a old key grinder.

Same issue we have now with ghost guns honestly. CNC mills are powerful tools, with the right software you can essentially just place the properly sized chunk of metal in the box and hit go.


That's why I said traditional key. They're just metal with a few parts cut to a specific profile. It's once you start mucking around with immobilizers and other encrypted things that need the factory tools... Those can cost tens of thousands, and usually require continuous internet access back to the home office.


Why can't electronic keys be duplicated / backed-up?


Because they only have the public key. You need the private key which NO ONE gets, not even the dealer. They send the required info in (which includes the serial / "key") for the new key to the home office. You can't just copy the key, even electronically, as it will have a different hard-wired "seed".


This is like the initiative to get people to wear body armor to cut down on muggings.


How is it?


My Ducati bike had immobilizers that would prevent the bike being started without the key or the per-bike code card. When it was stolen, the thieves tried all manner of things to start it, including drilling through the ignition keyhole. I managed to get it all fixed and the bike still ran. Without the immobilizer, someone else would be riding my bike.

That's no different from this proposal. You just give them the keys, or the key card (or red key) if you've lost the keys.


Some of the tools used to steal cars are the legitimate tools used to repair cars. Key programmers aren't cheap, but at under $5k for decent ones, they aren't crazy expensive either. It pays for itself in one job.

You could make these tools more difficult to obtain, but that won't stop the crime.

Immobilizers and requiring a PIN to start the car are cheap, effective ways of preventing car theft without negatively impacting our ability to repair vehicles. It would behoove government agencies to include a list of anti-theft techniques on the window sticker and it would behoove insurance companies to be very upfront with the anti-theft features they think vehicles need.


Right now many of the components of your iphone are paired to the phone through signing. It's a huge fucking pain in the ass, and it makes the whole 'right to repair' a huge can of worms.


I work in CA/PKI, particularly IOT device registration/security via TPM keys.

I cannot imagine a scenario after years working with our own infra and clients where a car manufacturer would restrict access to the vehicle with a private key decryption on the FOB tpm, (that can't be exported or copied.)

Lost/broke fob? 4000 pound paperweight, to no ones benefit. Insurance nightmare that would also be violating right to repair in many states (which is a different issue) .

There SHOULD be a standard like every person has some device or process that is also a CA, who can then generate and dictate what keypairs can access a device, car etc. But we are very very very far away form that.


It's an enormous amount of implementation effort aimed at tampering which, to some approximation, never happens. And as another poster has said elsewhere, partitioning the communications would be cheap.

That they are using the OEM software indicates that there is some authentication going on with the ECU to start the engine anyway. I bet they didn't truly plan for key rotation.


Allow me to offer a different opinion. There is little sense in applying logical security when physical security is lacking. CANBUS should not be accessible by taking apart headlights. Communication buses must be protected from physical access, i.e., trip the alarm system or disable the car upon unauthorized access. There can be no logical security without physical security.


It would be very hard to make CANBUS inaccessible from headlights, since that what controls it. However, the headlight shouldn't be able to tell the rest of the system that the key is in the car.


Logical compartmentalization like you suggest is a fine approach, but even better is to not allow physical access. Unless the car is in maintenance mode at the shop, the chassis should be sealed tight. Maybe the manufacturer decided to favor headlight maintainability over theft prevention, or was simply oblivious.


From what I've been seeing with Toyota and their ECU Security Key, it hasn't been cracked yet but it's close to being cracked and extracted from a running car and the private key extracted (so things that look at CAN bus messages can work again, like comma.ai)


CANbus protocol makes this hard. Payloads are limited to 64 bits, to start with. But the payload for each message could be encrypted, even though secure key exchange would be difficult.

Even so, it would be possible, I think.


It's so hard that (almost) every European manufacturer figured it out.

There is also FlexRay. There is nothing interesting you can do with CANbus on new mercs. Even unencrypted CANbus messages go through gateways that (could) prevent headlights from reporting key presence.

There is a reason that some cars don't have reasonable attack vectors (excluding parachuting the driver out of the car) and some can be started with a screwdriver (or slight more involved way with CANbus). It's not complexity, it's cost.


Absolutely. Margins on cars are surprisingly thin at the manufacturer level.


The people in the Infiniti groups were recommending this obd2 lock haha

https://www.amazon.com/Tune-Saver-OBDII-OBD2-Lock/dp/B0BRF5D...


seems like a sophisticated theft ring would have access to the keys for the most common guards like this, reminds me of the TSA key debacle[1]

[1]: https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys


The TSA locks have widely circulated master keys because that's a basic requirement of the system–every airport has to have some to be able to open bags. I don't know anything about these OBD port locks, but I don't see any reason they'd have a master key, other than laziness on the part of the manufacturer.

Additionally, I'd imagine that such a tiny fraction of a percentage of cars have these kinds of locks that it'd barely be worth it for thieves to figure out how to bypass them, at least until there's more widespread adoption.


> I don't know anything about these OBD port locks, but I don't see any reason they'd have a master key

Look at it in the picture and the review pictures. They're all 'keyed' alike. It's just a single offset pin. Also one review says it just holds on with friction and can be pulled off with force.


Put the powertrain lockout system on a signed and physically protected network segment. Let the headlights, mirrors, etc live on a less secure segment.

This will impose higher costs when replacing these systems, because it will require key management of some kind. Either central cert management (with 20 year expiry?) or local key management. So only impose this on a tiny subnet for the starter/immobilizer.


Sadly, this involves costs, so it'll never happen.

Good take, though.


Perhaps the OBD port should only work when the car is validly unlocked and the engine immobilizer accepts a key? Maybe it could stay unlocked thereafter while a device is connected?

Android (adb) and iOS (iTunes backup) have solved this issue years ago.


When I installed a remote starter on my old Jeep, I had to also install a CAN interface that would command a door unlock followed by a door lock command.

That was enough to tell the ECM that it was okay to start the car by simulating the key switch closure for “run” and a temporary closure for “start”. Prior to adding the CAN interface, jumping “start” would set off the alarm.


You don't protect the wiring, you protect the start protocol. Similar to asking "Can we protect the internet by protecting the ethernet cables?"

Put a public key on the engine controller, have it challenge the key with a random start number, have the key respond with the signature of that number, engine starts.

You can do that challenge over the can bus.


Start by not allowing thieves connect thru wheel well https://kentindell.github.io/2023/04/03/can-injection/


Instead of technical/computational solutions, maybe there's a low tech cage/shell that can be put around it so anyone can't just plug in?


The CAN+ and CAN- wires run around the car in, well, a bus and tapping into them anywhere is enough to inject CAN messages onto the bus.

It makes it less plug-n-play than the OBD2 connector, but thieves will still be able to do it.


Seems like the CANBUS is deactivated when the car is turned off on Volkswagen. Guess that is one way to fix it?


You can't unlock the car with the bus dead. CAN is not like switched Ethernet, it's a bus topology network like LAN over coax cables. They can be split or bridged, that's probably what they do.


On some cars, hitting the door lock/unlock is enough to wake the CANBus.


As I understand it, CANBUS is a message network among relatively low-power devices. There are two ways of doing this:

  + Some credential exchange between devices to establish a web of trust
  + Devices are locked similar to Apple parts


place the port in the lockable cabin of the vehicle instead of behind a headlight.


It was easy enough to do with https://www.uprev.com/.

We had a specialist shop in the same area. You can disable Security+ with uprev.

Hell we would even use it to remove engines from nissans to make them run in whatever we put them in without the ignition. I can make the start signal just come from a momentary push button.


Locksmiths can make new key fobs for nearly any car with access to the OBD2 port and the right software (though I don’t know if it requires a connection to the manufacturer)


I don't know if I have a clip of it still but that was nowhere near as fast as my neighbor's range rover being stolen during pandemic, broad daylight, four hoodies walk into our car park (flats) and walk out of camera view, 30 seconds later they're driving the range rover past the camera view and presumably rammed the gate we have (since it was broken).

Both car manufacturers and police are useless and it's fucking inexcusable, imo.


Damn. That's a wild video (wish there was a fast forward though). Curious how they did it. Is this a CAN bus back?


The answer is simple, we need to ban android tablets. /s


Fix the cars.

A brand new $60,000 car shouldn’t be so simple to swipe.

They probably spent less time stealing my neighbors car than he did waiting on the credit check to buy the car lol… it’s crazy these days with cars.


Cars are computers now.

What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.

No level of technology will stop this.

But cutting off the profit motive by making it very hard to export cars will have a massive impact on these crimes, and for old and new cars.


> What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.

It’s not the 2000s any more. Even national security agencies have trouble with phone decryption, and that suggests a path forward for cars using a tamper-resistant secure element since car thieves won’t spend more money attacking something than they can resell it for. Cars need service regularly you can have a way to replace a damaged SE which is more restricted so a legitimate owner can regain control of their stolen property - if you required, say, a government photo ID check for the owner on the title to reset the encryption keys, car thieves are highly unlikely to spend time getting high-quality fake ID since the odds of getting caught would go up dramatically, and you could deter shady auto shops by requiring them to submit proof of their ID verification for that service.


They get exported overseas and any technology lock or security device gets ripped out and replaced.

This isn’t about extracting encrypted data, but bypassing systems to start a car.


Yes, because the current design is lax. Now think about what happens if the engine computer won’t start with a bad signature or the entertainment system won’t work. How would that affect the overseas market?


The part that requires a signature will be taken out and replaced. Infotainment systems will get gutted and replaced with aftermarket ones.


Again, all of those lower the value to the thieves. If they need to create a custom engine controller, they’re going to need to pay a lot more than the $0 they currently spend. If they need to replace the entertainment system, the cost of doing so will cut into their margin.

Don’t make the mistake of thinking that a system needs to be perfect to be worthwhile.


I think you're in a desktop computer "whole product is one computer" moddel. A car is a set of computers, almost nothing in a car is central to itself.

There's probably a body controller ECU that ties into engine ECU and driver's key systems. So theives would just generate and flash a new key/cert, that'll be certainly possible.

Infotainment? That's almost literally an aftermarket parts. American reviewers tend to see it as integral part of a car or even a central computer, surely it's important in terms of product experience but architecturally it's more like a printer over Ethernet than a laptop integrated display.


> There's probably a body controller ECU that ties into engine ECU and driver's key systems. So theives would just generate and flash a new key/cert, that'll be certainly possible.

This sounds like the old desktop mentality you mentioned. You can’t just reflash things to bypass a secure boot process – the entire point is to prevent things like that! You’d design the driver’s key to pair with the various onboard systems and those systems to do a challenge-response cycle during the boot process so someone can’t easily drive away without the key or resell those parts, with both sides using a private key which never leaves that component. Yes, that kind of design can still be attacked but the goal here is to make it more expensive than it’s worth: needing a flatbed to take it somewhere for a rogue EE to work on it, for example, just isn’t going to make sense except for the most expensive luxury vehicles.

This brings me to:

> Infotainment? That's almost literally an aftermarket parts.

Yes, and those cost money. The entire point is that you don’t need to make it perfect, just expensive. If someone has to replace the display and speakers, that means they’re making less profit on the sale and making it more obvious that the vehicle was stolen which increases risk and reduces the number of buyers, especially for the most valuable vehicles.


> This sounds like the old desktop mentality you mentioned. You can’t just reflash things to bypass a secure boot process – the entire point is to prevent things like that!

The actual real problem I failed to explain is manufacturers don't want to deal with networked authentication, broken physical keys, or day-to-day repair shop operations, so they keep most of the processes offline and send out re-pairing tools that leaks. Very few cars require breaking chain of trust to swap out parts which makes "If they need to create a custom engine controller, ..." part unrealistic as of now. It takes few more years before Apple starts delivering cars.


> No level of technology will stop this.

Tell that to the FDA.

I work in medical devices. It's no longer sufficient to throw up your hands and assume "well, they have their hands on the device, we can't stop them from doing anything." The new cybersecurity guidance anticipates an attacker having physical access to your Device and you are expected to understand and mitigate any impact that can have.

Cars shouldn't be any different.


I'd bite that bullet.

The FDA should be less strict with their cybersecurity stuff. The amount of lives lost to the increased cost of care is not worth the increase in cybersecurity.

If medical devices have just enough security to stop people who don't have physical access to the device, just enough to make attacks at scale unfeasible, then that should be good enough IMO.


> What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.

Can you hack and own my fully patched Pixel phone? Or my GF's iPhone? Sure, sophisticated state-sponsored actors can sometimes do it by burning several million dollars worth of 0days in the process, but some two-digit IQ riff-raffs? Probably not so much.

EDIT: just to be clear - by "two-digit IQ riff-raff" I meant OP's neighborhood car thieves, not you :)


Phone thieves will watch over peoples shoulders for them to input a passcode, which isn't that dissimilar to a lot of the replay/signal extension attacks.

A lot of damage can be done and things successfully owned without needing to hack or exploit the device (car/phone).


> Phone thieves will watch over peoples shoulders for them to input a passcode, which isn't that dissimilar to a lot of the replay/signal extension attacks.

You have any reference regarding how prevalent that is? Everyone I know switched to biometrics a decade ago.


This is done by organized crime with engineers on staff. Sure it’s drug addicts stealing cars but the people shipping them are smart and have access to capital.


I agree, but that brings us back to my original question: why can't same smart organized crime people unlock my smartphone then? Because Apple/Google give a damn about security and car manufacturers do not.


Also: When your phone or computer is hacked, most people think "Wow, the device is flawed." But when your car gets stolen, most people think "Wow, we should stop those criminals." Apple/Google are incentivized to give a damn about security because incidents reflects poorly on their products. We need to start making thefts via security exploits reflect poorly on the car manufacturers and their products.


Economic incentives.

People will buy a $150,000 SUV for 50k and they can still make money. Phones have less incentive and Apple is going to be better at bricking the phones than carmakers will.


Apple and Google don't sell insecure cheap phones, but lots of other manufacturers do.

I suppose organized crime doesn't systematically take advantage of that because cheap phones are cheap, and the people who own them are poor. You don't get that much benefit from pwning them.

Alternatively, maybe organized crime does take advantage of them but we haven't heard about it. They could have a giant botnet of them for all we know.


a couple of years ago it wasn’t uncommon for victims of phone theft in the UK to end up flooded with iCloud phishing messages to try gain access to their iCloud account and unblock the device so it wasn’t totally worthless for resale.

I still see a lot of iCloud phishing messages, but also understand that Apple has made this vector harder.


> No level of technology will stop this.

Why does no one steal Teslas?


Think about where these cars end up, it’s not near a service centre.


> What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.

You are damn good then :)

One can protect against such that's by using well placed cryptography.


> No level of technology will stop this.

Except for you know, the technology of a physical car keys and an immobilizer. There's a reason it's the keyless entry start/stop button cars that are being targeted by thieves, it's simply so much easier.

The frustrating thing is that new cars are being produced that _only_ offer keyless entry, and so eventually the choice is taken away or you have to drive a very old car.


The level of technology that stops this is cars not being computers.

Every piece of tech has tradeoffs, and for cars this one is just not worth it.


What are you proposing? That we go back to being able to turn the ignition switch with a screwdriver?


Or make grand theft auto an offense that is actually prosecuted. Make hard penalties for violating another citizens by stealing their property. Start with 5 year minimums off the bat and every offense afterwards adds another 5 years. You'll see car theft plummet.


"Kill all humans!" ~ Bender B. Rodriguez

Headline the next day: "Crime rate on Earth now at an all-time low of zero percent!"


How do you calculate this value of zero percent? Divide all the crime cases of the previous day by the number of humans? And who wrote the headline?


> How do you calculate this value of zero percent?

This gets messy for obvious topological/continuity reasons, but a shocking number of applications are both correct and simple to reason about if you choose to define 0/0 == 0 (kind of like how if you choose to universally define sum(empty_set) == 0 and product(empty_set) == 1 then tons of higher-level formulae just work and don't have to special-case a base case).

In context, there's no good reason to pick that definition of 0/0 per se (other than my prior that 0/0 == 0 probably simplifies some downstream math), but it's kind of nice to see that if crime is at 0% then there is also zero crime.

> And who wrote the headline?

Now we're asking the real questions ;)


"Kill all humans except for one" would be a way to resolve this (at least for 1-80 years).


> "And who wrote the headline?"

Probably a "NewsBot" of some sort?


Given what's going on in Canada maybe they should just ban OBD tools all together with the flipper. /s


I will never, ever keep a car I care about outside anywhere near the city.

I know everyone doesn't have the funds for that, but I'm sorry, we all know how rampant car thefts have gotten since before those 3 Q50s in this video were even purchased. I live in the busiest neighborhood in downtown Denver with which has rampant property theft, cats cut out etc non-stop.

I own 2 vehicles and neither of them are ever parked outside if I can help it. It means I have to pay pretty much twice for rent because now I need a 1-2 car private garage, which means I'm probably now in a condo or townhouse so every expense just gets higher and higher.

But you're in the bracket of living downtown with a brand new Q50. So I don't care what your excuse is, buying a luxury/attention-getter car and parking it outside in cities with rampant car thefts is just absolutely stupid.

Especially the people who buy the $80k luxu-box with the $5k 22" wheel add-on that gets ripped out of their mid-rise apartment parking garage a day later.

I've had a car stolen and insurance does NOT treat you well when it happens and I never, ever want to deal with having a car stolen again no matter how much gaap/etc. I have.


> I know everyone doesn't have the funds for that

Its actually a fair bit cheaper to buy a $25k car than a $250k car.


Shhh! Don't tell anyone.


Some of the issue here is that it’s actually a pretty nice area here in Baltimore, but our police force is currently understaffed and overworked.

One big issue here regarding policing is that our city elected officials can’t tell the city police force what to do.

You see, when the civil war broke out, the state took control of the police force so that the mayor couldn’t lead a confederate coup.

Flash forward to today, and those powers still have never been returned to the city. The mayor and city council set the police budget, but the chief of police takes direction from a state run board.

So there is a big disconnect between citizens voicing concerns to city council members, and those members only ability is to “talk to the major”.

When the cats away, the mice will play off with some stolen cars.


If you haven't traveled/lived in many major cities since covid, they are all the exact same now. None of the police are working. I'm in Denver now, previously Austin in 2019, Dallas 2020, Denver 2020+, and Denver banned qualified immunity so the police work even less. Seattle just did the same thing + IIRC king county is doing that "police cant lie on stand" or whatever law. I lived on 2nd and congress in Austin for 12 years until 2016 and the entire downtown has turned to absolute trash.

I'm sure its the same in Chicago, LA, Portland, Tampa, etc and I don't even need to ask.


This sounds like a serious symptom of something being deeply fucked with policing in America.

Qualified immunity doesn’t exist in other first world countries with effective policing, in fact, the police in America have a lot of latitude to do all kinds of insane shitfuckery that doesn’t fly elsewhere.


It would be trivial to hard wire a kill switch to your fuel pump and have it hidden somewhere so no matter what thief’s can’t drive off with your car. Much cheaper and more secure as cars can be stolen from parking garages.


Put a kill switch in it they tow it. Put a Club in it they tow it and cut off the steering wheel. Put GPS on it they throw it in a faraday cage paintshop/train. Put a Dronemobile system in it the Police just won't investigate/track it down.

Really just have to not keep property outside anymore. I used to do the "It's not a big deal, i have full coverage" but had a car stolen and they (insurance) treat you like absolute trash when it happens.

So no more outside for my cars as much as I can


Lock it in your garage and now they break into your house and hold a gun to your head….ya maybe they tow it but not likely as they want to do this discreetly but at the end of the day of course if they were determined they could take anything. My point is a kill switch would stop 99% of theft.


> had a car stolen and they (insurance) treat you like absolute trash when it happens.

You've said this twice, but what does it mean? I have had my car stolen twice and the insurance company didn't give me any trouble at all and just paid out.


stupid on stupid.

- it's incredibly stupid to ban the flipper zero because it's factually not even part of the problem

- but it's equally stupid to "ban insecure vehicles". if kia makes a cheap car with crappy locks either don't buy it (because maybe insurance) or add and aftermarket immobilizer or a steering wheel lock. if it was really negligent of kia to "save a couple bucks", then it's equally negligent on you for not spending a couple bucks.

- i also cringe at the idea that we throw the word negligent around when talking about failing to prevent other peoples crimes. i'm not negligent for not doing enough to prevent the crimes of some other asshole. nor is kia. meanwhile, there's sibling threads here that point out that the us is far to hard on the criminals. so wait - kia and me and other law abiding entities are "negligent", but the asshole who stole the car deserves compasion, etc.?

- it's stupid-on-stupid-on-stupid to sit here discussing the problem of car thefts, caused by lack of enforcement of the existing laws against it, and the proposed solutions is making more things illegal (and arguing about which things).


Nobody knows a vehicle is insecure when they buy it. It's simpler, more cost efficient, and more valuable to society just to require cars to have basic security features. Your idea of market correction doesn't work in this case, because it's never advertised as having shitty security, and the average (or even informed) consumer will have no idea this is a problem until after they've bought the car.


I never understand this arguement. I hear it in the form "we should just regulate cars to be safer", why dont you just buy a safer car? "What do you take me for? I got a mustang GT, the last thing that car is worried about is safety". Interesting, you bought a car because its fast, not paying any consideration to whether it could safely get you from point A to B, and this is what you rely on to get you to work?

Its not social darwinism, the lack of critical thinking skills among the general population is alarming. Americans have apparently been coddled to the point that they arent worried about basic needs; if you go to buy a car you should have some simple considerations, is this car safe? What are the typical maintenance costs? Is it common for this car to be stolen?

Things like, housing, transportation, education, those are really central aspects of peoples lives. Its all well and good that you want to draw symbols on paper and make all these things safe, but it appears to have come at a pretty serious cost. That cost, is the inability for the US population to use critical thinking.


> I never understand this arguement. I hear it in the form "we should just regulate cars to be safer", why dont you just buy a safer car?

I don't understand your argument. Do you expect every potential car buyer regardless of tech literacy to go to a dealership with an SDR setup on-hand, asking if they could test-out the key fobs, capture some signals, try to figure them out and look for common vulnerabilities on the new models? Do you expect the seller to explain the technical details of the key fobs at a depth you can be sure there's no vulnerabilities?

Determining that the key fobs were implemented securely is not something the buyer or even the seller will be able to determine. I would imagine a regulator has the ability to inspect them as they're being designed/built.

> if you go to buy a car you should have some simple considerations [...] Is it common for this car to be stolen?

By the time vulnerabilities are found and people start stealing them, there should already be plenty sold and roaming the streets.


Or, google.


We should regulate cars to be safer because I don't get to decide which car (or, more likely, truck) the moron who puts me/my family in the hospital (or the grave) was driving. Given the trends in traffic and pedestrian deaths in the US, our regulators are grossly negligent in this regard.


Sure, in the context of broad safety you have a point. Of course, you are more likely to die in places where police are responsible for your protection. The safest places people inhabit are their home, their work, places with private security measures.

The negligence you speak of, how widespread would you say it is? Would you say the EPA dropped the ball preventing the east Palestine Ohio train derailment? Would you say that having some hard cutoff for how many chemical train cars until the train is reclassified? I imagine you would agree, that the chemical company sending 59 (oh w/e) train cars instead of 60 so that they are under easier rules, is kind of bullshit.

If the company is following the rules then they can largely get away with it when things go wrong; if that company had actual liability for whats in the train cars, then they would have insurance. That insurance would be prorated on the safety profile of the train, and it would fix the hazzard or pay the claimants their due. These regulations only exist to cement decrepit companies monopoly over you.

I have no faith that "negligence" in the public sector will improve. The roads, the enforcement of driving conduct, that will not improve. The safety, security, and reliability of cars will improve, because there is still competition from self aware drivers.


> The safest places people inhabit are their home, their work, places with private security measures.

Weird takeaway. Those aren't primarily places with security measures, they're places where trusted people outweigh untrusted ones.


Those are places where you only call the cops ('public security') because the situation has seriously degenerated. Their security measures are the ones you are already familiar with; locks and keys, the understanding that you need specific permission to be present, some sort of fridge policy etc.


You make a good point. The government should not impose rules about what companies do and also the government should hold companies liable for what they do, which is a different thing from having rules


Yes, im not saying you shouldnt be able to sue. Im saying the government shouldnt set a magic bar that if companies hurdle they are without fault.


Exactly. If an insurance company writes rules for a company to follow, it is a good thing. If the government writes those same rules it is a bad thing as the goal is not to reduce the number of thefts but rather make whole the people that get their car stolen and have the money to sue


I don't have much faith that our regulators are going to get their shit together either, but that doesn't mean I can't hold them responsible for the consequences of their negligence. As for the theory that the invisible hand of the market will drive better outcomes in traffic safety, that is obviously not happening in aggregate. It may even be having the opposite effect, given the unchecked proliferation of pickup trucks and large SUVs that are known to be more dangerous to pedestrians and the drivers of other vehicles.

I'm not super familiar with the East Palestine derailment, but based on what I do know about it I think your 59/60 train cars example is sort of disingenuous. American freight rail operators are well known for skimping on safety in multiple dimensions; issues like obsolete brake technology, stretched-thin crews, insufficient maintenance, and excessively long/heavy trains have all been discussed to death before and after that accident. The problem isn't some off-by-one miscalibration, but rather that our regulators (and I'm including lawmakers under that umbrella, especially since they're usually the ones taking the bribes AFAIK) are simply not willing to demand that these industries put public safety over profits in areas where there are well-understood systemic safety problems. AIUI, efforts to improve rail safety during the 2010s and earlier have been largely stillborn, sabotaged by rail company lobbying.

Just to illustrate what I'm talking about via another example: if the MCAS system that killed 346 passengers on two 737 Max aircraft within the span of a few months had been an honest design flaw rather than a hack devised to juice sales by dodging retraining requirements, cheaply and shoddily implemented ignoring the misgivings of Boeing personnel and rubber-stamped by the FAA, then it would have been a simple tragedy. As it actually happened, it's an atrocity—a failure on multiple levels by many people who ought to have known better, holes in the Swiss cheese all lining up, 346 lives sacrificed on the altar of avarice. That's where the invisible hand gets you when you let it take the wheel, but I suppose next you'll tell me that those people ought to have done their own safety audits of the aircraft that got them killed.


Depending on the make and model of a car, you might save money because insurance companies have determined those cars to be safer. If you have a lowjack, your location, your history, there are a lot of factors that go into insurance costs. Insurance companies adjust insurance prices based on risk. Why would you assume private insurance wouldnt also price their policies based on how safe a train is, what the risk is that it crashes, etc.?

Its about who is signing off on whats safe. The government has proven that thry are at best incompetent, they do not have the incentive. A private company has to maintain their reputation through quality of service, they dont have the seemingly endless faith of people because they are "government".


> Why would you assume private insurance wouldnt also price their policies based on how safe a train is, what the risk is that it crashes, etc.?

I don't assume this and I don't think I have even slightly implied that I do. It's obviously, trivially, verifiably false.

Your mistake is in assuming that cost is the primary motivating factor for consumers^[1], and that corporations and their stakeholders won't favor paying higher insurance costs (and fines, etc.) today over paying even more toward safety improvements that won't break even wrt. insurance costs for many years. As I mentioned above, the observable state of the real world explicitly disproves the claim that market forces will drive positive trends in safety outcomes.

^[1] Look how many huge, expensive pickup trucks are on the road in America today. Look at the monthly payments their owners are enduring to satisfy their vanity; look at their spotless paintjobs, empty beds (except perhaps the token equally spotless toolbox), and mud-free fenders.


Doing a security analysis of a car is a complex task that most laymen cannot do, so the argument for laws and compliance among specialists is quite reasonable.

Put it another way: if it's all market based, your choices in buying just get 2x more complex. Is this car easily unlocked? Do the brakes often fail? Can it resist a collision?

Or even another thought: since most people don't think about security, companies will flood the market with insecure cars. Want a secure car? That would be niche and cost you double.


You shouldn't have to consider if the car's locks work, because working locks should be a baseline in cars produced in a first world country. It's that simple and easy. You aren't nearly as smart as you think you are and having basic standards of how corporations should operate isn't coddling.


Then by the standards set by government, I guess the united states isnt a first world country.


if people cared, they would know

i think this issue is overblown and is being used as a smokescreen for the rash of vehicle thefts caused, not by bad kia security, but large-scale organized crime.


Should other physical objects also be subject to this same regulation? What about bitcoins? Your proposed response is unsuccessful as policy reasoning.


My proposed response has been making cars safer and more reliable for years. I don't care if it applies to bitcoin or not, we're talking about cars. Next!


The ability to leave your car in a public space while shopping is a major part of their utility. Cars are therefore common, left in the open, and valuable, but not particularly portable without being turned on.

Jewelry, TV’s, bitcoin wallets etc aren’t just left in the open. Your house, front lawn etc is valuable and accessible but not generally mobile.


Yes, and they generally are. In almost all states, sellers have to ensure that the things they sell are "fit for purpose". It's reasonable for us to ensure that they meet the basic requirements of being whatever they are - and for cars, part of their basic purpose is to sit in insecure areas and ensure only authorized users can operate them.


In the age of information ignorance is no longer an option, Before I buy a car, most often the second largest purchase a person will make in their life next to housing. I do i TON of research, I look at insurance rates, I look at Theft Rates for that model, I look on Car Complaints and other Database for common failure items for that model, I have it inspected by a independent mechanic having them pay extra attention to the common failure items. etc

If you just roll in and let the salesman take you for a ride then you deserve the outcome.


Yes anyone who doesn’t have the knowledge/time/motivation/cynicism to prevent themselves getting taken advantage of is basically asking for it, nay “deserves” it.

/sarcasm


Yeah, and if you did not read T&S and now going to become a part of human centipede, that’s on you. I mean, how hard can it be to read a 22 page legalese, before going through a sign up flow, that was heavily optimized to increase conversion?


anyone who thinks there is anybody in the universe other than themselves that is going to take responsibility for their safety, security, happiness, etc. absolutely "deserves" what they get.


Nobody can or should be expected to know about every the safety and security aspects of every single minute detail in their lives.


i didn't say they did! i said they need to take responsibility for their own safety/security or suffer the consequences. whether they should be expected to... is totally irrelevant. i'm not stating a preference, i'm stating a fundamental law of nature.

and not knowing even that simple fact is what makes it "deservedly" so.


Regulation can remove those consequences for any chosen safety/security feature by making every choice have it. Fundamental law of nature? You're deluding yourself.

(And if you say you mean outside of regulation, that people need to be responsible in general for other aspects of life, then your argument is no longer connected to the original comment you replied to.)


regulation is part of the universe. to expect that it protects you exactly when you'd want it to, but does not inhibit you want you'd not want it to is stupid. trying to offload your responsibility onto some "them" is not a fix.

i'm definitely not deluding myself. that is life. you need to have both the freedom and the inclination to take care of yourself, if you don't have both you'll suffer.


I do not need the freedom to buy a defective lock.

Mandating basic safety and security features is not always going to protect me, but it will mostly protect me. It's not stupid to want that tradeoff. I don't care if you define "fix" as 100% so therefore it's not a fix. I want the 95%. I want defense in depth, regulation on top of personal investigation.


you are right. you do NOT need the freedom to buy a defective lock.

you need the right to decide for yourself if the lock is defective or not.

if you give that away, you will instantly be given the "freedom" to buy a lock that is defective-by-design. perhaps the lock designer's brother is a friend of the govt. perhaps the govt. agency does not want bad publicity, whatever.

the point is "defense-in-depth" (cliche) or not, you are ultimately responsible for you. there can be no other way.


> you are right. you do NOT need the freedom to buy a defective lock.

> you need the right to decide for yourself if the lock is defective or not.

This sounds like you agree with me. This kind of regulation sets a minimum, not a maximum.

We don't need freedom to buy very bad locks. We do need freedom to buy the best lock we want to buy.

But the rest of your post implies that regulation will change both minimum and maximum and mandate a specific lock. I disagree with that premise.

> (cliche)

Are you trying to imply something there?

> you are ultimately responsible for you. there can be no other way.

I am "ultimately" responsible, but product makers should have responsibilities too. If I fail at something, I should not be 0% safe. The baseline should be pretty high before I apply my own efforts.


Should we allow cars without seatbelt? Everyone knows cars with seatbelts are safer. If consumers don’t like it, they can just choose to buy the ones with seatbelts.


Do you look up the software security measures implemented by the keyfob too? That information would be very difficult for a layperson to find and make sense of.

This may be the "age of information", but information is only useful as your ability to find, understand, and evaluate it.


Lets see, oooo tiktok, heres the kia challenge. Or maybe google "are kias secure". Whatever format you can understand, you will be presented several sources that explain the situation quite clearly.


And if you googled that three and a half years ago when you were actually buying the car?

I bet you had to know exactly what to look for, and "problems with kias" wouldn't get the average person there.


Isn't there an aftermarket solution you can buy that would make the kia you bought three years ago more secure?

Sure, it sucks that you have to unexpectedly spend money on it, but when you bought a cheap car you knew you were taking the risk of having to deal with unknown unknowns.


If you googled kias at any time ever you would have seen they are absolutely riddled with issues. People on HN seem to think buying a car is like designing a CPU or investing in a portfolio of stocks, you could try doing some research.


Car thefts are extremely dangerous for everyone on or near the road. It's obviously better to just not allow car manufacturers to neglect basic security practices. There's also entire categories of issues you don't have to research anymore because they've been optimized out of every modern car. Soon cars being hacked with toys will be added to that list for you. Notably, "airbag explosion rate" wasn't on that research project of yours.


It's obviously better to just kill anyone that steals a car. I doubt anyone would try to steal a car after a few examples have been made.


> In the age of information ignorance is no longer an option

The age of information was great.

In the age of misinformation, knowledge outside your specialty is no longer cheap enough to reliably obtain.


What world do you live in? The statistics are pretty clear and accessible. Are you so obsessed with something you cant attend to your own basic needs?


so in what age was ignorance a good option?


> if kia makes a cheap car with crappy locks either don't buy it

Immobilizers were a standard feature on cars for decades. If you went to buy a car, no one was putting immobilizer on the list of features, and they certainly wouldn't let you try breaking the ignition lock on a test drive.

If they had advertised that their vehicles were insecure, then sure, it's on the buyer, but they didn't.


How about Jaguar Land Rover making expensive cars with allegedly crappy locks? https://www.mirror.co.uk/news/uk-news/range-rover-owners-str...


it'd be bad to advertise that they have in immobilizer or anti-theft when providing either nothing or a badly broken implementation (like you often see in IOT).

it's not negligence to simply not provide a feature they didn't promise to provide and weren't required to (in the US). it is simply not their responsibility in any way to ensure your car's safety from theft. if you assumed it was and that they provided a feature you wanted because everybody else usually does, then the negligent party would be you for not RTFM. except that's wrong here too.

nobody is negligent here. you do not have a social responsibility to have an immobilizer on your car to prevent it from being stolen. and neither does the manufacturer. having it locked is plenty to legally make it "breaking-and-entering". and even if you leave the keys in the car and the engine running, it's still grand theft and your insurance will indeed pay out, which they would not do if they could claim negligence. the criminals are 100% at fault here. and bad things can happen without someone being negligent.

arguing about anything beyond that is just a fight about how good that anti-theft system has to be. are you negligent if you don't have an armed guard on your car?


The problem with Kia cars not having immobilizers is wholly american. It is illegal to sell a car in Canada without an immobilizer.


funny thing is the part where this article is about a canadian car theft epidemic...


Tik-Tok-inspired Kia thefts weren't a problem in Canada because they've required immobilizers since 2007, something Kia skimped on for the US market.


Speaking as an outsider: How are Kias sales going these days? How's their reputation as a result of this?

Imo for removing security for the US market they deserve to be properly thrashed and dragged through the mud, regardless of the fact that they are offering upgrades from free if I read the following correctly.

https://www.nhtsa.gov/press-releases/hyundai-kia-campaign-pr...

It's not exactly an over the air "recall", and I understand a huge number are still out there unprotected.


Same thing in Australia since 2001.

Most cars in are stolen here using key thefts or wireless relay.


[flagged]


The manufacturer is not the victim here, the buyer is. If I pay a contractor to install a new door and lock on my apartment and it turns out they did a terrible job which made it trivial for a thief to break in, the contractor should be liable.

Crime exists, this is the world we live in. Failing to implement even the most basic security measure, which is considered industry standard, in a high-value product that is known to be very attractive to thieves and then selling that product to consumers with no warning that "unlike most other cars on the market, which have many layers of security features, this car can be stolen using a cheap toy" makes the inevitable thefts absolutely Kia's fault.

It's not like people are saying the thieves did nothing wrong, both sides are at fault: the thieves stole people's cars to enrich themselves and Kia secretly omitted a basic security feature which in turn enabled thousands of fully predictable and preventable thefts from their customers, again, to enrich themselves.


But people ARE saying the thieves are not at fault.. “it’s just kids”, “we don’t want to put them in jail because that would ruin their future”, “they can’t pay a fine anyway so there is no point in going after them”


"We shouldn't put dumb kids into cages and forever brand them as criminals for making one bad decision" is a far cry from "they are not at fault for what they did".

Also, insert the usual point about how many people are forced into crime by poverty and the complete lack of a social safety net in the US here.


No one is saying that, there are multiple contributors to the problem here, sure the thieves own the bulk of it, but manufacturers could fix the issue or offer a solution like a cheap install of an immobilizer.


In my left leaning workplace in my left leaning state, most colleagues do not want to assign the thieves any blame or have them face any consequences. These colleagues only want to blame and penalize the manufacturers.

I think the manufacturer should fix things so they are more in line with other manufacturers. But I also want to see some repercussions for the thieves.


Can the downvoters explain why they disagree with: "I think the manufacturer should fix things so they are more in line with other manufacturers. But I also want to see some repercussions for the thieves."


That's obviously not the sentence people are disagreeing with.

There is no way your colleagues want the thieves to not face any consequences. It's a completely different thing to not trust the justice system to give an appropriate consequence.


My colleagues never call out the thieves or call for consequences. They skirt that issue and focus their rhetoric on the big, bad companies or blame the victim (eg should have locked his bike, should have taken valuables out of the car, etc)


> Failing to implement even the most basic security measure, which is considered industry standard, in a high-value product that is known to be very attractive to thieves and then selling that product to consumers with no warning that "unlike most other cars on the market, which have many layers of security features, this car can be stolen using a cheap toy" makes the inevitable thefts absolutely Kia's fault.

I don't think this logic works. If you buy a classic vehicle, they don't have these kinds of things either. People make replicas that likewise don't. And there is no clear line here. Basically any car can be stolen by, if nothing else, replacing the car's computer with one that accepts the thief's key.

Meanwhile a car is a large purchase where people can reasonably be expected to do some research. If you're about to buy a car you should read some reviews, and the reviewers should tell you if their security is bad. Then you know and can make your decision. People who learn of this may want to buy a different car, or take some other countermeasures if they buy this one.

Kia doesn't have any kind of a monopoly in this market. There are many other carmakers. Maybe you don't care that their security is bad because you always park your car in a garage. Maybe you like the discount you got because other buyers wanted a car with better security. Why does it have to be illegal, instead of letting the market sort it out in the presence of actual competition?


> If you buy a classic vehicle, they don't have these kinds of things either

Not a good analogy, because buying a classic vehicle automatically waives a bunch of safety and other features that are not only expected in modern day, they are straight up legally required.

A car manufacturer cannot remake a classic vehicle from the 80s and release it in the US in 2024. Or, probably, EU too, I cannot speak for that due to my unfamiliarity with vehicle laws there, but afaik they are more strict than the US. It would be just illegal to sell that car. Thin pillars that won’t pass any modern safety tests, no backup camera (which makes it illegal to sell as a new car in the US), not enoug crumple zones, etc.


Those are explicit regulatory requirements and not just "well a lot of cars have this and I didn't bother to check" as in this case.

And if you were going to do that in this case, the thing to require is the ability for third parties to fix the manufacturer's software mistakes. Otherwise the carmaker goes out of business, as happens from time to time when they don't make a decent product, and then you can't go to them to fix something like this when it subsequently comes out even though their cars will be on the road for many more years.

Whereas if anybody could patch the code in their own car, you wouldn't have this situation where Kia ignores the issue, because third parties would have done it already, the same whether they're incompetent as bankrupt.


The standard dodge in the US is to sell “kit cars” which require the buyer to do a bunch of paperwork to get a VIN. I don’t think they can be sold ready-to-drive but I think there are dodges there too (owner tightens last bolt style). The details vary by state.

Looking for details, I found that there have also been recent changes to ease requirements for small-batch (< 325/year) turn-key replica manufacturers.


> Kia doesn't have any kind of a monopoly in this market

No need for a monopoly, just bad incentives. All manufacturers could just decide that it's better to save more money and omit basic security features across the entire industry, making it impossible to buy a new car with certain standards. What are people going to do, not drive any cars? That's why it's near impossible to find a printer that's not garbage.


> What are people going to do, not drive any cars?

They're going to buy a car and then pay someone to install an aftermarket immobilizer.

> That's why it's near impossible to find a printer that's not garbage.

Brother laser printers are widely regarded as decent. You're also legally permitted to buy cheap garbage for low prices. It will be cheap garbage, so maybe don't buy it.


This all assumes the "perfect information, even playing field" theory that capitalists love to use but is completely unrealistic.

Reviews rarely talk about things like this, this information is not explicitly given to reviewers or customers and neither can be expected to find out on their own (i.e. by trying to hack the car themselves), the car manufacturer spends insane amounts of money advertising to the buyer using every psychological trick in the book, the buyer is often under time pressure, the savings from cost-cutting are rarely passed down to the consumer...

Buying things in the current market landscape is a battle, not an optimization problem.


> this information is not explicitly given to reviewers or customers and neither can be expected to find out on their own (i.e. by trying to hack the car themselves)

Reviewers don't get the information by penetration testing the car themselves. They get the information because their profession is reviewing cars, so when they hear of this through their high contact surface area with industry news, they add it to their review on their website.

> the car manufacturer spends insane amounts of money advertising to the buyer using every psychological trick in the book

Because cars are big ticket items where a single incremental sale can justify a lot of ad spend, not because buyers are incapable of reading a review.

> the buyer is often under time pressure

The buyer is rarely under time pressure. Most people don't wait until their car breaks down to replace it, and even if they did and desperately need to have a car, then they would rent or lease one in the interim while shopping for another one. This is often even covered by insurance. Almost nobody is in the position of having to buy a car immediately without time to do any research, and the percentage of people who are isn't enough to significantly affect which cars or features succeed in the market.

> the savings from cost-cutting are rarely passed down to the consumer

That would imply that all new cars sell for the same price. Clearly they don't, because customers distinguish between them and are willing to pay different amounts.

> Buying things in the current market landscape is a battle, not an optimization problem.

So what you propose is that we reduce the information available to the buyer by requiring cost cutting to be underhanded rather than overt because overt cost cutting is prohibited, or that it not occur and instead prices go up even if you didn't need that feature and then poor people go broke because everything is more expensive.


Just use "passw0rd" everywhere. It's the fault of a hacker who steals your account, not your fault. Every single time.

Especially that no security is absolute. Effort matters.


You are conflating "what's right" and "how the world actually works".

Trust me. I have similar issues, to a clinical level, in fact.

Does this sound familiar?

https://en.wikipedia.org/wiki/Obsessive%E2%80%93compulsive_p...


Nominally, you are correct, but if we can collectively make decisions that decrease the risk of theft, is it not immoral bot to take action?


> If I left a million dollars out on my front porch, and someone stole it, that would not be my fault in any sort of way

It's possible for multiple people to share the blame for something. You _are_ the victim. The person who stole it _is_ the bad guy / criminal. But you _both_ share the blame, because you did something to put yourself at risk when you had better options.

If I'm out late at night, wearing expensive jewelry and have 2 ways home; one longer but down a well lit road, the other shorter but through a dark alley in a crime ridden neighborhood; and I chose the dark alley and got mugged... I would be the victim AND be partially to blame for making a stupid choice.

Making choices that put yourself at risk by ignoring the realities of the world, when you don't need to, mean you share the blame.


[flagged]


I'm saying that it's possible to both be the victim and to have made a stupid choice that made you winding up as the victim more likely.

And, clearly, that it's possible for you to be unable to understand such subtleties.


And I'm pointing out that responsibility and blame are not the same things and that conflating the terms leads to positions that are hard to defend. A person may be responsible for their own actions but not to blame for someone else's.


> responsible for their own actions but not to blame for someone else's.

You're changing the target of the actions mid sentence. Said person is responsible for their own actions _and_ to blame for their own actions. They are not responsible for someone else's actions nor to blame for someone else's actions.

If a person knowingly takes actions that put them at greater risk, then they are to blame for putting themselves at greater risk.


Correct, two people: the victim and the criminal. Going back to your example, a victim who gets mugged after choosing to walk down a dark alley is still the victim. They do not share responsibility or fault for the crime. They share responsibility for being in the same place at the same time. The victim making a choice that puts them in the wrong place at the wrong time is not at fault for that crime. I believe you are using the word blame in a broad sense that encompasses both the criminal action and the poor choice. But by using the word in the two senses and then equating them, you end up equating the actions, intentionally or not.


A strongly held opinion here seems to be that clothes manufacturers are to blame.


apparently, only on dark alleys at night.


Exactly! The people holding these views are unable to see their hypocrisy.


Why aren’t you downvoters blaming the perpetrators that are STEALING cars?!??


> i'm not negligent for not doing enough to prevent the crimes of some other asshole.

If you entire job is selling locks and they don’t prevent crime, then it’s not negligent, it’s fraudulent.

You want to be in the clear? Sell a car without a lock, see how many people buy that.

> if kia makes a cheap car with crappy locks either don't buy it

And if Boeing makes a cheap, unsafe plane, don’t fly on it

I would be happy to run this experiment if lying to a customer about safety/properties of your product led to capital punishment. But currently companies will simply defraud you by lying about their product, and suffer no consequence


> If you entire job is selling locks and they don’t prevent crime

Does MasterLock making famously easy to pick / rake locks count? I'm sure they reduce crime compared to no lock but they are not as secure as the customer expects.

https://www.art-of-lockpicking.com/how-to-pick-a-master-lock...


> And if Boeing makes a cheap, unsafe plane, don’t fly on it

yes. exactly. if boeing ever makes a cheap plane, i would definitely avoid it.

you are comparing a company that cheated on legally mandated safety requirements with a company that didn't put a non-legally required car immobilizer on a lot of their new cars. and then didn't lie about it.

> But currently companies will simply defraud you

but kia didn't do this


> if boeing ever makes a cheap plane, i would definitely avoid it

You wouldn’t even know that airline is putting you on such a plane


the point is that boeing might make a good plane or it might make a dangerous plane, but it will never make a cheap plane.


The problem occurs when a vendor makes claims that are false or fails to disclose known issues. I don't think either insecure cars or security tools should be banned. However, I think disclosures should absolutely be made.


Nobody is mentioning about how this is a social problem with the US that needs fixing, for example I often times forget to lock my car's doors in the Eastern European capital where I'm living and yet I've never had anyone "steal" stuff from it.

But I get it, it's easier to think about applying technological or even legal solutions instead of thinking about how to fix a societal problem.


Yup, and you get downvoted for even trying to discuss it. Need the Overton window to shift slightly so it can be discussed on HN. It is a societal problem and I hope for our future we can fix it.


The last point is a hard one when the perpetrator is a 11 year old kid who watched a TikTok video online on how to steal a Kia/Hyundai.


Punish the kid’s parents.. (oh wait, there might be a problem here)


not hard at all. where is CPS? obviously someone isn't giving an 11 year-old appropriate supervision at all if they are driving, let alone stealing a car. there absolutely should be consequences for both the parents and the child in this situation. i'm not saying one mistake, send the kid to prison, take away parental rights. but it should be severe enough to matter, including several thousand dollars restitution.


Thanks for your contribution to the total destruction of outside roaming and play for children.

It is perfectly fine to let an 11 year old walk a couple blocks unsupervised. And if they steal a car at that point, it is not a supervision problem.


dude, i am 100% all for free-range-children.

but, somehow, i manage to ensure that none of them are stealing cars at 11

"it is not a supervision problem"

hmm. maybe i should have said "parenting issue"...

look, i am blessed to have had good kids. but i have had friends with struggles. if i had a kid that somehow stole a car (at 11) and i had to pay for repairs and meet with CPS and deal with courts and fines and maybe even juve and a lost year of school, we'd get through it.


Indeed, it is dumb to ban anything.

A tool is a tool, it doesn't make the product weak, it already was.

Also it is silly to ban insecure cars, that's quite the slippery slope. If the cars are too easy to steal insurance will increase accordingly and that will provide incentives to fix that without banning anything.


Hrmm I wonder what would happen if I made a bank that used an unencrypted website for online banking lol.

The problem with your solution here where the insurance company raises rates... yea they already did that with regards to Kia/Hyundai cars and Kia Boyz thefts. The problem is, well, put it this way...

The last time you bought a car, did you check that the car had immobilizer software/hardware present on it? They don't really advertise that stuff anymore. About the only way you'd know on some brands is a nondescript red dot that shows up for a moment when you start the ignition.

Really, I'd bet a lot of people only found out their car didn't have an immobilizer feature until their insurance company dropped them or jacked their rates up... and that's a problem. See, you can buy a car NOW, and everyone thinks it's a good safe car.. until it turns out it wasn't.


> If the cars are too easy to steal insurance will increase accordingly

that's exactly right. i was somewhat surprised that insurance was outright dropping people instead of simply increasing rates. and by the way, you can get a discount if you add x/y/z security alarm/immobilizer. the public outcry already has forced the issue with kia anyhow.


Let's say a hardware exploit for iPhones becomes obvious and is spread through social media. Something absurd like "attaching a shorted iphone cable".

Are you going to be the first to buy an add-on lock or immobilizer? And everyone should also have to purchase an add-on?


I'd expect Apple to refund the cost of the phone and mail a box to send the faulty device in for recycling.

Making a defective product should not be free.


>And everyone should also have to purchase an add-on?

Yes!

-Apple


When the iPhone 4 came out and antennagate happened, they gave everyone a plastic case for free.


They gave everyone a plastic case for free, after the world went nuts over just how stupid that issue was.

Let's not paint Apple with an altruistic brush.


Of course they’re not altruistic, it was a damage limitation PR exercise.

The point was that the didn’t, as you suggested they would, charge people on this occasion.


They cost people a lot of time and grief over a goddamn boutique phone, that they were warned would have antenna issues, by the guy that was...Apple's most senior antenna expert, Rubén Caballero, and he was ignored.

When physics caught up the Apple marketing, it took months for Apple to roll out a cheap bumper guard and acted like they were doing everyone a favor.

They never reimbursed people who bought a case to mitigate the issue. They did reimburse those that did have to purchase a rubber bumper.

While you are technically correct, that's about it. The whole thing was a shitshow and Apple acted like the users were the problem until enough of the world mocked them into providing a work-around for a problem that they should have addressed before it was even sold.


I thought that they teached people to hold it right



It's called a recall, it happens all the time. Ask elon, lol.


> if it was really negligent of kia to "save a couple bucks", then it's equally negligent on you for not spending a couple bucks.

if kids didn't want lead in their apple sauce they'd start their own testing labs.


Good thing the government has those testing labs and prevented that from ever happening.


>- i also cringe at the idea that we throw the word negligent around when talking about failing to prevent other peoples crimes. i'm not negligent for not doing enough to prevent the crimes of some other asshole. nor is kia. meanwhile, there's sibling threads here that point out that the us is far to hard on the criminals. so wait - kia and me and other law abiding entities are "negligent", but the asshole who stole the car deserves compasion, etc.?

It's pretty simple: if some car manufacturers have much higher rates of theft and are easier to steal than others, they are negligent. If by catching up to industry-standard anti-theft practices, their cars become harder to steal, not doing so is negligent.


Do you believe that consumer protections should not exist?


yes, almost.

for example, if a company made a car alarm called "SUPER EXTRA SECURE ELITE++ V5" and told me it had a "guaranteed thief proof" immobilizer. but then we find that a viral Tik Tok video shows how to with a hairpin and spit we can completely disable it and in 5 seconds and take the car for a drive and access the owners credit card info. and then also the car often bursts into flames while parked and turned off. and we of course find out that this was no "oops" and the corporations involved full-well knew about these issues and hid them to get a bonus. well, that'd certainly be a job for consumer protection laws.

but this is a case of "you got what you paid for". there's a place in the market for crank-up windows and basic plain cars without keyfobs and fancy alarms. that isn't wrong, and it definitely isn't "negligence" just because other carmakers pick different places in the market. and the fact that criminals do bad things doesn't change that.

and, thank you very much, i don't need consumer protection against that kind of thing. let's start with the lying and cheating corps and work our way up to collusion and price fixing. then let's get onto repair...


Fobs are very cheap. There is no reason to want cars without them.


none of your business what i want, honestly

whether or not it makes sense to you


Did I imply what you want is my business?

Though your other comments make it sound like you don't want a car without an immobilizer, in which case it feels like you're manufacturing something to disagree with rather than making a real argument against what I said.


> Did I imply what you want is my business?

yes. if that's not true, i retract.

what i want is:

- it's not an act of "negligence" when neither the owner nor the manufacturer choose to not include an extra security feature, even one that a majority of other cars have.

- it's nobody's business what "people ought to want". so that means an arguments based on "nobody should..." or "no rational person..." and "there's nor reason that..." and so on are invalid.


> - it's not an act of "negligence" when neither the owner nor the manufacturer choose to not include an extra security feature, even one that a majority of other cars have.

I don't think this gets to count as "extra".

> - it's nobody's business what "people ought to want". so that means an arguments based on "nobody should..." or "no rational person..." and so on are invalid.

I'm making a general claim about value, nothing personal. Because of that, I don't think it should matter whether wanting it is "nobody's business".

But in particular, I'm saying there's no benefit to avoiding an electronic key. We can remove the word "want" entirely. The downsides are large and the implementation cost is a rounding error. This differs from power windows and "fancy alarms".


Ignoring the strawman of an assailant deserving compassion or not, that’s a self serving and narrow definition of negligence. Any mechanism to protect from misuse has to weighed against the magnitude harm of the event occurring and the possibility of misuse. I would not expect my asset manager to have weak authentication systems to access my portfolio but don’t expect any at all from a free online game. I expect both of these to consider the threats and make reasonable choices. And they would be negligent if they did not do this exercise. Whether is an active threat or a passive act of god.


Sure "don't ban anything", if your car crashes and kills you, "should have read Consumers' Reports". Those botulism eggs? Keep an eye things, damn it. /s

This ill-informed attitude goes over well here unfortunately.

And security may not be quite as pressing safety but poor security cost society besides costing the individual. When poor workers can't get to work 'cause stolen car, their bosses also suffer, when stolen cars are used in further you also get a social cost. etc.


You provide no structural basis or reasoning for these cynical assertions, nor for the implied responses. Seems to be founded on a philosophical foundation of individuals requiring safety from “elsewhere,” and assuming that “elsewhere” actually provides it.


Security flaws are not born equal. I think there is supposed to be a clear distinction between flaws inherent in technology -- since you only know what you know nobody should be expected to develop impenetrable digital fortresses since that doesn't exist and would actually be harmful for the consumer -- and those flaws born out of neglect. The latter should be specified and treated accordingly, because it isn't a valid excuse that technology can't be 100% secure that the industry should accept poor standards.

Also, Flipper Zero can be made DIY, so I don't know if I get it, but the law will be DOA, and actually work against the democatization and awareness of such flaws by the public.


> Security flaws are not born equal.

Absolutely. And let's bring risk into this.

Security risks are not born equal.

Serious security thinkers evaluate according to factors of likelihood, impact, mitigation cost etc.

A car is a dangerous weapon, especially in the hands of a group of giddy kids, maybe drunk or way too high to drive. The likelihood of someone getting seriously injured or killed by joyriding is high. It's really high. And there's no mitigation to a dead child. The penalty? A very firm "please don't do that again!"

But then a kid like Aaron Swartz downloads some files and gets nine felony counts totalling 50 years in jail and a $1 million fine.

A justice system with these values has no concept of risk and proportionality and is beneath contempt.


> especially in the hands of a group of giddy kids

Also the scenario where it's being used as a disposable battering-ram to smash into a store. (As you might expect, those are the stolen cars with lesser potential resale value.)


Europe expects you to. Otherwise you will be fined 15,000,000 euros. Thank you cyber resilience act.


Your point are generally good.

I should say I drive a twenty year old car with an immobilizer chip and basic logic sounding the alarm when someone breaks a window to open a door. As far as I can tell, that makes it very secure. So it seems like the onus in the car manufacturers to create a vehicle at least as secure as this simple system.


Yes that is supposed to be the baseline, but the mentality of go fast, break things is just too seductive for the industry to pass on, apparently.


> Also, Flipper Zero can be made DIY

What's the actual wording, is it a ban on the FZ specifically? Could anyone sell a "Zipper Flero" clone?


Guns can be made DIY, but laws still mitigate.


There is a big difference in putting together deadly artifacts and electronic devices you can fabricate using off-the-shelf chips and open protocols. Not saying you can't discuss regulating them, but to me they are in a different set of categories. Weapons are by default dangerous, their sole purpose being to cause physical harm, while a flipper zero can be used for instructional purposes and research.

As much as I hate the concept, it would be ridiculous for me to propose regulating Alexa because a kid can cause financial harm to the parents using it, but a weapon can't be in any imaginable circumstance reachable by anyone untrained.


> but a weapon can't be in any imaginable circumstance reachable by anyone untrained.

I agree with your main point that the FZ is easily reproduced. I think you miss the mark with this one. Firearms are easily made at home with simple tools and off-the-shelf materials. For example, the United States has a rich tradition of home-made firearms. To provide a concrete example, a shotgun can be made with a length of steel plumbing pipe, electrical tape, a nail, and a cap. Yes, it's that simple.


Well that is not my main point in the comment you responded to


If I understand now, your argument is that flipper zero is not a social danger, while firearms are, am I correct?


If by social danger you mean I would be really impressed if you managed to throw a flipper zero into someone and kill him, then yes that is the gist. It's a matter of degree.


ok - well I agree with you. You had a good comment, and I appreciate it :)


cheers! I also liked to be put to test in whatever argument I find myself in. Hope it was as interesting for you as it was for me.


>while a flipper zero can be used for instructional purposes and research.

Only in the same way a weapon can be used for instructional purposes and research. Someone buying an off the shelf product and using it in the way it was intended isn't doing research except in the loosest sense of the word. E.g. "Does the radio transmission open this garage door? Does it open this garage door? Does it open this garage door?" v "Does this rock swung hard cave in this skull? Does it cave in this skull? Does it cave in this skull?"


Genuinely curious, outside of sports, can you name other functions for guns that don't involve killing things?


Driving nails, launching flares, deterring physical violence


One of the authors here. Someone just told me we were on the HackerNews front page, made me happy we just went with a static website on GitHub pages.

I will go through the comments later, but for now, if you are Canadian, please get in touch with your MPs.

I am working with some media as well for additional coverage in the next week, but if you know Canadian journalists that might be interested in this, please get in touch with them, educate them directly if you want or send them to me (my LinkedIn is in the signatures, the first two names in bold = authors).

Thanks for helping this story reach more people.


If the environment can be presumed to contain at least one wolf, then building houses out of straw and sticks is considered negligent and lazy pigs deserve to get eaten.

Responsible pigs who build from brick, sacrificing some profit in the name of security, are celebrated for their sound judgment and foresight.

A fairy tale has been telling us this for at least 200 years and probably much longer, history is unclear on how far back it goes.

It's amazing seeing this thread take the side of the negligent lazy pig. "But my thousand-dependency framework is mostly made of straw!", they say. "My boss won't give me time to even use sticks, much less brick!", they say. "It has to be this way!", they say.


The argument for the Flipper Zero is that it's an independent building inspector.

People are being sold houses where the builder says they're made of brick, and if not for this product, the pigs might live in a house believing it's brick until a wolf blows it down and reveals a thin layer of stucco over straw.

The home sellers are saying "but wolves and building inspectors alike can use this tool to blow down houses!" (porcine building inspector use rather crude inspection methods). But it would be irrelevant if the houses were made of brick and not straw.


It's not about lazy people versus diligent people, though. The companies are blaming the wolves, and arguing that they don't need to fix the issues since only the wolves threaten us (right now). That is a bad security model, and with or without Flipper Zero it will fail.


At this point, banning security tools a violation of the second amendment.

Microsoft suffers breach after breach after acquisition after acquisition. I verbally note them to my wife to remember, "This is not normal." and even she said, "Why do the numbers keep getting worse and worse." and I told her, "The database keeps getting larger and larger ever since they were only slapped on the wrist for not letting me boot straight to firefox since childhood."

If you took away my ability to understand why the world around me is failing, we'd fall into further disrepair than we already are and we're not really allowed to repair anything, now are we?


Again this is not the US. This involves Canada, there is no second amendment.


I'm struggling to connect how the banning of security tools would be a violation of the (US) second amendment.

A violation of the first, fourth, and ninth? I can see that. A propensity to violate the fifth? I can see that. But I can't see a strong connection to the second.


A way of looking at the second amendment is as a reduction in imbalanced power structures. Its purpose, depending on how you read it, but as practiced in the US, is to put the citizenry on more level footing with the government so the government doesn't get too excited with their power.

Security bypasses/tools/exploits in that context are useful for leveling the playing field in a conflict, for instance we know the NSA is hoarding them for militaristic purposes. So if we call them cyber weapons rather than security tools it starts to make sense that, per that reasoning, citizens should have access to them too.


There was a point in the US where encryption was barred from export based on arms export laws. Lots a pretty famous open source stories from such. So it's not far fetched at all for the most part.

Though this is in US law, not Canada as related to the news story.


> There was a point in the US where encryption was barred from export based on arms export laws.

Are there any US court cases that suggested treating encryption as something covered by the Second Amendment? It would be more strange than putting malware under the Second Amendment. I can appreciate the gotcha of "if the US government defines encryption as arms then the second amendment applies" to disincentivize such a definition, but the government could simply call encryption something other than "arms" and thus avoid the Second Amendment.

I think the general consensus in the US is that encryption falls firmly under the First Amendment. It's not as if the First and Second Amendments are necessarily mutually exclusive with respect to any given tool, but I think case law is such that the Second Amendment doesn't apply to encryption.


Someone once stole my grandfather's car with a screwdriver. The ignition switch was broken off (probably with a hammer), and the starter could be actuated with the screwdriver. I don't remember how long he drove it that way.

Banning the tech is a bandaid to deeper problems. It's also great advertising that these tools are effective.


Seems like most everyone here is ignoring that the flipper is not even an effective tool for car theft. It's capabilities have been exaggerated by staged videos.

You would have to get access to the original fob. Activate it near the flipper but out of range of the car. At which point...yes. You get one chance to unlock the original car which you lose if the original fob is used before you get there. Oh and then you gotta start it?

I don't know man. I feel like real car thieves use better tools


Obviously, this is the answer. Make the manufacturers simply recall their cars and fix this easy exploit.

However it won't happen because politicians are in the pocket of big industry, and also banning a flipper zero makes them look good with almost no political capital expended (a quick win).


I don't agree with the logic of their argumentation. It reads a little bit like this:

"Lock-picking tools are based on metal stick technology. If you ban possession of lock-picking tools, you will hamper the entire economy of tools based on metal sticks: everything from screwdrivers to knives to scissors. Instead, you should ban all entrance doors that are not of bank vault pedigree."

(Which is not to say that I agree with criminalizing the activities of genuine security researchers, while giving a free pass to bad security. I'm only remarking on the form of argumentation in the article.)


I agree with their logic and would generally agree with its conclusion when applied to other technology, including lock picking tools. As an aside, criminals rarely use those; burglars are more likely to use a crowbar or hammer.

Lock picking tools are not banned in most jurisdictions. In some cases, carrying them in public combined with some other evidence of intent to commit burglary could be a crime, but that's also true of a crowbar, hammer, rock, or anything else that could be used to gain entry.


Or, enforce existing laws against theft ...

"Ban insecure vehicles" is chasing the technology of locks; there's always another circumvention.


This is true in absolute terms but over simplified because it glosses over the differences in scale. We require cars to have seatbelts because even though people still die in crashes, it’s a statistically certainty that many fewer die when seatbelts are used.

Setting minimum standards is a critical function of governments in maintaining healthy markets because it prevents cheating from being cost effective. If you make a safety feature optional, you will have some fraction of people say that they don’t need it and then cost society money when it turns out they were wrong. In the case of poor locks, even if much of the cost is paid by the owners’ insurance there’s still a lot of expense from the extra police and court costs, and stolen cars are often used to support other crimes.


Thank you. Reading through these comments I was surprised at how illogical so many of these comments are. People talking about towing cars or picking locks acting as if it's not obvious what the distinction is here.

Yeah people, nothing can have perfect security. That's a given anyway. I think the point is that if you can steal it with a $250 device SDR device, the car's level of security is the issue not the device and that should be acknowledged by their government before they ban something that will do nothing except put these things in the hands of only the bigger crime groups. These things likely wouldn't be hard to manufacture by hand if these criminals wanted to get a hold of them.


> Thank you. Reading through these comments I was surprised at how illogical so many of these comments are.

Many commenters on HN lean libertarian, thus some will go through great lengths and mental gymnastics to avoid the conclusion that government regulation is (part of) the answer.


> We require cars to have seatbelts

Seatbelts are not adversarial. A better seatbelt does not encourage other drivers to crash their cars into you even harder or anything like that, it's people versus nature.

Security systems are in a permanent arms race, people versus people. You could have a more expensive lock that requires a more expensive device to defeat, but this makes your car more expensive to make, so it has a higher price, so it becomes a more valuable target, and so on.


The problem is that I think these hands free remote start locks are more expensive than actual real physical locks which are immune to the types of attacks so that argument just actually doesnt work at all.


My bad, I was thinking in terms of the expensive remote start lock vs an even more expensive and safer remote start lock.

But if the fancy insecure lock is more expensive, the problem should fix itself eventually, right? Consumers will switch back to the cheaper system of their own accord.

It sucks for the people who bought the insecure cars without knowing, but banning insecure cars is not going to help them retroactively in any way.


Where I live the used car market is hot. It is hard to find a car made before 2012 because for the most part they are as reliable and fuel efficient as modern cars, are cheaper to repair, and cheaper to insure.

I dont think they are so desirable just because they are more secure but they dont have remote start options so they are at least in part more secure than modern remote start cars. The problem I am getting at is that there are no secure modern car options. None.


> there are no secure modern car options

I don't think there can be such a thing as a secure remote start option. The only way they can make it more secure than traditional keys is if they also make it less convenient to use than traditional keys, and then there is no point because the traditional keys will be easier and cheaper.

What happened is that consumers did not know that the remote keys were unsafe, and now they know.

What I don't understand is why insecure cars should be banned by law. Now that everyone knows about the issue, surely everyone will switch to a more secure system of their own accord.


>even if much of the cost is paid by the owners’ insurance

Insurers aren't usually charities. Those costs are still borne by the insured.


Yes. That’s why I listed it first as a separate category – it’s easy to see a stolen car as a loss of, say, $20-30k for the private insurance company and owner but there’s also going to be a cost for the time the police spend investigating, the city might spend disposing of a wrecked vehicle, the courts spend processing a car thief, etc. and potentially other significant costs if, say, a Kia challenge teenager hits another person or the vehicle is used to rob a house or business. While we can’t prevent it in absolute terms, there is still a significant social benefit to reducing car theft rates.


Companies that put out egregiously vulnerable vehicles should be held liable, though.



Insurance companies should reflect unlock vulnerability of a car model in its premiums. That still leaves the problem that few people look at insurance premium when choosing what car to buy. What would help is a widely used certification system kept up-to-date by certification authorities in cooperation with insurance companies, similarly to what we have in place for a car model's fuel consumption.


Crashes are such an outsized component of insurance coverage compared to theft that this would not be a substantial motivation for manufacturers.


From this month a year ago - State Farm declares 105 Kia, Hyundai models ‘ineligible’ for new insurance in Louisiana - https://www.nola.com/news/crime_police/kia-hyundai-models-in... ( https://news.ycombinator.com/item?id=34642224 40 points | Feb 3, 2023 | 90 comments )

Which then - Dealers still sell Hyundais and Kias vulnerable to theft, but insurance is hard to get https://www.npr.org/2023/05/04/1173048646/hyundai-kia-car-th...

And in October - Wheels Of Steal: Some Kias, Hyundais Easy To Hotwire; Owners Sue Carmakers, Get $200 Million https://www.forbes.com/advisor/car-insurance/kia-hyundai-ant...

The Challenges of Insuring a Kia or Hyundai in 2024 - https://www.marketwatch.com/guides/insurance-services/insuri...

---

I suspect that this has lead to Kia and Hyundai taking note of insurance rates and changing things.


> That still leaves the problem that few people look at insurance premium when choosing what car to buy.

It doesn't help that premium calculations are nonlinear and trade secrets. In the real world, it would take a computer and a large database to fuzzily estimate the impact of a particular car purchase on your personal premiums forecasted over the next few years with an error margin any less than a few hundred dollars per year (unless your life is particularly stable and well aligned to some major stereotype you can use to get a closer estimate).

If each insurer just published a table of the incremental impact of a given model of car (or better yet, how linear contributions for theft vs crash-rate vs death-rate-on-crash vs ...) then that'd be easy enough to use during purchasing. If you own a 90s civic in Oakland vs Redwood City though you're much more likely for the defective security measures to be used, and the insurers use a proxy for that information in their calculations, so in practice you have to get a personalized quote for every single car you might be interested in purchasing. Moreover, if you buy the car in a low-car-crime locale and move you can still be surprised by the massive rate hike [0]. And so on; modeling arbitrary risk is complicated, which is (part of) why professionals get paid the big bucks to do it. If there are other workable solutions, I'd prefer most of those to requiring the general public to have to do non-trivial math and statistics for every car purchase, especially above and beyond what they already have to do when estimating the total lifetime costs due to fuel economy or whatever.

[0] My personal solution was just to sell the car in that low-car-crime locale where it had a market value and buy a new vehicle in my destination, but then you're trading premiums for transaction costs, which isn't easy to model if you don't know how often you'll move in 5yrs either (hindsight, definitely worth it by a wide margin).


This penalizes unaware pre-existing car owners. Not only they got a crappy car, they now have to pay more for it - all because the vendor was sloppy. Doesn’t seem fair to me.

The responsible party should be the automaker that built or installed the security system, not the person who was sold a lie.


Or, you know, the people _stealing_ cars. I feel like this is bizarro world where what was previously accepted as adequate deterrence is now penalized because actual criminals have fewer and fewer incentives to follow established normal behaviors. “Maybe your face shouldn’t have been so punchable” is not a reasonable position to take, imho.

Flipper, lock picks, bolt cutters, etc. are all reasonable tools. So is the expectation that using them to commit a crime should result in penalty for the individual committing a crime using those tools, not the target of the crime they are committing.


Kia and Hyundai saved like $20/car by skimping on a part that all the other major manufacturers include by default, leading to cars that were insecure by design. That's negligent.

Punishing people for taking advantage of that vulnerability is certainly warranted, but it's also closing the barn door after the horse has already bolted.


What harm did Kia cause its customer? How are those locks adequate in say, South Korea, where there are 1:20,000 car thefts per capita yearly vs 1:350 in the US.

The locks are not the problem. Stealing cars is the problem.


> What harm did Kia cause its customer?

They sold a negligently defective product.

> How are those locks adequate in say, South Korea...

They aren't. If I write code with a SQL injection in it, it's bad code even if no one winds up attacking it.


I do agree that these crimes should hold stiff penalties like at least 5 years in prison, no possibility of parole, including 1st offense. Liberal city DAs have been shirking their responsibility for at least the past 15 years. It's usually a pretty small percentage of the population executing these types of crimes. No more revolving doors. If I owned a kia I'd add an after market shutoff. They're not that expensive, rather than crying over how awful my world is living in a first world nation with a brand new vehicle with a security fault.


One of these problems is far easier to solve than the other.


In the context of this article (Canada focused), do the relevant Hyundais and Kias have the same security problem?

https://www.ctvnews.ca/autos/kia-and-hyundai-vehicles-in-can...


I agree with the article; that regulating car manufacturers who make insecure cars is the correct approach. This specific case illustrates the effectiveness of the approach.


I read this view as: it’s fine to steal a car without an immobilizer. That’s an insane take (and why we can’t have nice things).

Meanwhile other modern countries (albeit with much stricter law enforcement and a more unified value system) can operate with 0.1% of the equivalent crime and that’s not what we aspire to. Instead we want to blame the manufacturer who must have certainly enticed antisocial, destructive behavior. What an awful and poisonous worldview.


It's worth noting that Hyundai and Kia actually ship different anti-theft technology in some of these other modern countries, because regulations in those other modern countries require it. The fact that the US doesn't require it (this article is about Canada, but other subthreads are talking about those manufacturers specifically).

It seems entirely reasonable to take the article's point of view which is "don't ban FlipperZero just because it can be used to facilitate car theft [among 1000 other uses], but rather regulate cars so that they become harder to steal".

Further, I realize you didn't put a ton of thought into the specific 0.1% figure, but I seriously doubt that other modern countries are 1000x better on equivalent crime measures than either the US or Canada.

Even New Zealand, with quite strict gun laws, has a firearm death rate that is a little over 1/12th that of the US's: https://worldpopulationreview.com/country-rankings/gun-death...


> I read this view as: it’s fine to steal a car without an immobilizer.

No. Car manufacturers should still take reasonable steps to prevent it.

To make an analogy, people should not steal from banks... but it would still be negligent to leave the bank unlocked at night.


(I agree with the article as well.)


It's very "both/and".

Kia needs to fix their fuckup AND organized gangs need to be investigated and broken up.


In a bunch of scenarios (mining, military, boats, planes) the vehicles explicitly don't have locks or ignition keys, you press a button and it starts up, you're good to go - should the manufacturer be liable if one gets stolen?


No; each of those scenarios involves external access controls that are standard for those industries. (Fences, guards, controlled access.) It's nothing like the Kia/Hyundai scenario, where such vulnerabilities stemmed from not doing the industry standard thing (immobilizers).


Isn't police the external control? It is just that governments have failed to provide enough of these controls... So maybe they should be punished collectively for it?


> Isn't police the external control? It is just that governments have failed to provide enough of these controls...

I can only speak about US law, but there has been repeated case law that the police do not have a duty to protect any person in particular (except possibly when people are in their custody which isn't really relevant here).

The function of the police isn't to stop criminals in the act - given their response times that's largely impossible anyhow (well, outside of traffic violations). They largely deter crime by catching criminals after the fact.

The examples given like military facilities have secure fences, 24 hour guards, etc. They are actually secure facilities. As opposed to someone's driveway.


If you remove enough of the criminals from the population, you end up preventing crime in the long run. When it comes to car theft in particular, police also set up bait cars and then arrest the people who try and steal them. Well, at least that’s what they do in cities that still bother enforcing property crimes.


Even a surveillance state like China has crime - it’s not possible to deploy a police officer to every block and most people would find that objectionable for other reasons. Very few threats can be solved by a single countermeasure because the enemies are also intelligent and motivated.


US military vehicles might have a cable that locks to the steering wheel. So if you try to drive it, you can't steer well. But if not setup properly, it can be steered just fine.


US military vehicles are protected by the "people with guns who will shoot you" industry standard.


> US military vehicles are protected by the "people with guns who will shoot you" industry standard.

Unless you are an MP, that stuff stays in the armory cage. And if you are headed to the range, ammunition is delivered separately to the range and systems are stringently checked for ammo before returning, afterwards they will do a lockdown inspection of the barracks and everyone's personal vehicles.


Is there a rash of theft amongst those? Law is as much about being pragmatic as anything else.


As long as they are regulatory compliant, there should absolutely not be any liability. If regulations are not updated fast enough maybe people responsible for that should be removed from office or punished.


> As long as they are regulatory compliant, there should absolutely not be any liability.

No; willfull negligence is something that should engender liability.


We'll end up banning windows at this rate, they're an egregious vulnerability in cars and buildings alike. American cities, soft on crime, can't stop thieves from breaking windows so maybe they'll go after car manufacturers and construction firms instead. Going after companies instead of criminals is more aligned with their left-wing sensibilities, I think that's what this is really about.


Seems reasonable. Doors, windows, walls, roofs and sub-basements should be such that you cannot simply pass through them. After all it is now quite trivial to break through. And surely this is failure that builders should be responsible for.


Exactly! Those greedy builder corporations should only offer windows that have bars built into them so that homes can't get broken into. They save money by not incorporating the bars in the windows by default.


I genuinely cannot tell if this (specifically the last line) is satirical or not.


That's not what egregious means.


yeah it kinda is


No. Windows balance a variety of competing needs - security, ventilation, egress during emergencies, mental health, lighting, etc. It would be, perhaps, egregiously negligent for a maximum security prison architect to install large plate glass windows in their cells, but having windows isn't automatically egregious. A car without windows (or with unbreakable ones) is a deathtrap in an accident; omitting them would be egregiously dangerous.

The same isn't true for, say, Kia/Hyundai's decision not to include immobilizers:

https://www.ctvnews.ca/autos/kia-and-hyundai-vehicles-in-can...

> CNN reported that only 26 per cent of Hyundai and Kia models from 2015 to 2019 were equipped with electronic immobilizers in the U.S., compared with 96 per cent of all other vehicles in those years, making the Hyundai and Kia models roughly twice as likely to be stolen.

Those stats make it pretty clear that immobilization was already the industry standard. Skipping them was like knowingly writing open SQL injection holes in a web application.


Egregious is subjective. You think it's egregious for cars to have locks which can be circumvented by thieves. Maybe I think it's egregious that construction firms don't install iron bars on all ground floor windows.


https://www.ctvnews.ca/autos/kia-and-hyundai-vehicles-in-can...

> CNN reported that only 26 per cent of Hyundai and Kia models from 2015 to 2019 were equipped with electronic immobilizers in the U.S., compared with 96 per cent of all other vehicles in those years, making the Hyundai and Kia models roughly twice as likely to be stolen.

If 96% of buildings in a neighborhood have iron bars over the ground floor windows, and you build a development in which only 26% of them do, yes... that's probably negligent, unless there are other factors to explain the discrepancy.

If theives start disproportionately breaking into your development's properties, your tenants can probably be a bit miffed about your lack of security measures.


dude, he was being facetious on purpose and used the term as a synonym to "shocking" to make the point that having windows are not really an egregious vulnerability. that's silly. the problem is criminals, not windows.


You can always smash the window, but that can draw negative attention.


since there's "always another circumvention" we shouldn't even bother right?

the "there are always bugs" refrain is horribly corrosive - it doesn't absolve the victim in any sense.


I think the point is not that we don't regulate locks, but that we don't ban lockpicks.


how are major car manufacturers so far behind in security?

and why can't they go back to the old solutions that didn't have these problems? its just such a stupid thing to watch

IF these fancy keys that let you start your car without inserting anything cause your car to become extremely vulnerable THEN maybe its a bad idea, jesus christ


Because whenever it's even vaguely cold outside, my neighbor likes to be able to start and idle her giant truck in her driveway without leaving her house (for 40 minutes before she drives a mile to work).


Remote start is not to blame here. A manufacturer installed remote start system will shut the car off if a door opens. And the car should also shut off automatically after 5 to 10 minutes.

Unfortunately, after market remote starter does not offer this capability, so with the new trend of monthly charges, if you like certain brands like Toyota, and you want that type of secure remote start, you have to pay $20 per month or more for the life of the car.


2021 Honda here, OEM remote start system does not shut off the car if a door opens.


Interesting. I have had a Subaru, Lexus, and Volvo over the past 15 years or so that all shut off if a door is opened after remote starting. I assumed it’s a no brainer anti theft mechanism (but one that can only be implemented by manufacturers).


Car ownership is way too cheap and accessible in North America for the amount of damage they cause.


This. Owning cars should be something that corporations and the rich and hobbyists do. If you dont want your car broken into maybe dont leave it lying around unattended in public?


I wouldn't go that far, but we should certainly stop subsidizing them so heavily that we forget there are any other options, or that humans were capable of happy, prosperous lives for millennia before they existed.


Yeah maybe I shouldnt put both those statements together when really I think they are seperate opinions. I dont think society should be so car heavy. I also dont think its realistic for people to leave something lying around in public and expect it not to get broken into or stolen. Would you leave a backpack lying around on the public street in a big city and expect it to not get stolen/broken into?


Because the old solutions had other problems that made them less secure.


Security via obscurity is your friend when it comes to vehicle security. There are dozens and dozens of no-start conditions for a vehicle. Just pick two and deal with the minor inconvenience.


Indeed, hidden switch on a circuit somewhere and away you don’t go!


Banning flipper zero because of car theft is like banning a hammer or screwdriver because is was used to break an all glass window.. going by the same logic, they should ban the USB-A port cables too since it’s what was used to steal most Hyundai/KIA cars, typical Canadian government policies, pretend you fix an issue instead of going to the root causes.


You might have a point if hammers or screwdrivers had no other purpose other than stealing cars, but they do, so you don't


> You might have a point if hammers or screwdrivers had no other purpose other than stealing cars

And so is flipper zero.. have another analogy, flipper zero is like Swiss army pocket knife, you can use it open your package box and also kill someone, zipper can be used as a toy -literally- or an IR remote, and can also steal a car, except I don’t think it can steal a car in the first place, it’s too weak, you need an advance SDR/ special antenna, zipper can’t even defeat garage remotes with a rotating keys unless you have an access to the garage unit.


Swiss Army Knife does not provide any functionality that can't be provided by any other basic household object - neither can a hammer. The function of a hammer does not extend past 'hit thing' or 'pull nail', Obviously this kind of function can't be controlled in its application as people can swing their arms however they feel which makes any sort of restriction on hammers redundant given their utility.

Flipper Zero on the other hand is a toy with no/little actual utility that enables users to perform illegal/dangerous tasks like steal cars, that would not otherwise be possible except via less accessible/illegal means.

Do you understand now?


Ok, you are making several assumptions here, so let me address them one by one:

> Swiss Army Knife does not provide any functionality that can't be provided by any other basic household object

That is true, but you don’t go around carrying all these individual tools in your pocket, do you? That’s the whole point of it, portability. The same goes for the flipper zero, you have a bunch of useful tools that you can buy off the shelf yourself, but they are not convenient to carry with you all the time.

> Flipper Zero on the other hand is a toy with no/little actual utility

Who says that? Anything can be a useful utility in the right time and in the right hands for a specific purpose. Maybe one tool is useless to you, while useful to another.

Some people might use it to store hundreds of keyfobs, so instead of carrying all the hardware for each, they can use one device instead. Others might use it to control their home devices, either the IR remotes, or other smart devices, and instead of having 15 remotes (I personally do), they can use one device. Some other person might use it to monitor their TPMS in the tires, others to monitor a serial GPIO port, and so on. All these are not only legal, but you can perform all the individual tasks with a “collection” of tools, like reading the serial GPIO, you can buy a dongle for $10, IR remote? You can use some android devices, etc. However, with flipper zero, it’s all-in-one.

> that enables users to perform illegal/dangerous tasks

Just like any other tool out there, any tool can be repurposed to do illegal tasks, either the tools I mentioned or any other ones, including your smartphone, you can load a custom OS (say Kali linux) and perform illegal tasks, do you ban smartphones? Do you ban Kali linux? No, but if someone is found guilty of performing these tasks, you prosecute them. The same goes for anything, your car, can be used for everyday tasks, or even illegal stuff.

> like steal cars that would not otherwise be possible except via less accessible/illegal means.

Flipper zero can’t steal a car, it’s too damn weak for that job. If you are too concerned about that, will you ban ALL SDR in the market too? Because if someone has a bad intention, and you banned flipper zero, they will go and buy BladeRF SDR for example (that’s very accessible and legal to buy), far more superior than flipper and proceed to commit whatever they want. How’s that flipper zero ban working to prevent the crime? Not at all.


"Who says that? Anything can be a useful utility in the right time and in the right hands for a specific purpose. Maybe one tool is useless to you, while useful to another. Some people might use it to store hundreds of keyfobs, so instead of carrying all the hardware for each, they can use one device instead. Others might use it to control their home devices, either the IR remotes, or other smart devices, and instead of having 15 remotes (I personally do), they can use one device. Some other person might use it to monitor their TPMS in the tires, others to monitor a serial GPIO port, and so on. All these are not only legal, but you can perform all the individual tasks with a “collection” of tools, like reading the serial GPIO, you can buy a dongle for $10, IR remote? You can use some android devices, etc. However, with flipper zero, it’s all-in-one."

Sure, you can make that point, but No Reasonable Person would accept it, which is where I draw the line.


So does the Flipper.. so what are you trying to say?


The function of a hammer does not extend past 'hit thing' or 'pull nail', Obviously this kind of function can't be controlled in its application as people can swing their arms however they feel which makes any sort of restriction on hammers redundant given their utility.

Flipper Zero on the other hand is a toy with no/little actual utility that enables users to perform illegal/dangerous tasks like steal cars, that would not otherwise be possible except via less accessible/illegal means.

Do you understand now?


There are cars where the security is trivial to bypass. Create a list of those make/models. 1) Raise insurance premium on those models. 2) Force dealers that every time they sell such a car, they must get a signature from the buyer on a piece of paper that says "I recognize that the security of this car is borderline non existent and I will be paying a lot more in insurance because my car is trivial to steal".

Grandfather in people who already have such make models or give some time to manufacturers to improve security.


You know there is a manufacturer who doesn’t offer insurance to their own cars. I don’t think it has stoped people from buying

https://youtu.be/RCR-5-rf3MM?si=0vFozL7NKMC14NB2

00:29


Lol.

I don't think that'd even be an issue. A manufacturer wouldn't be allowed to offer insurance directly to customers in Canada. At least in BC there are mandatory insurance through ICBC.

So if the intent of the government is to increase security, make those cars less appealing by making them more expensive.


My car has keyless entry but does not have the push button to start. You still need to put in the physical key and turn the ignition. My car has been broken into but without damage. They rummaged through stuff and took some random things but we keep nothing of value in the car. I'm not sure how they broke in but I've seen videos[1] online on how a tow service can get your car door open using an air-wedge. Maybe they did that, maybe they used something that repeated the key fob signal, not sure. But I'm glad that my car still needs a physical key. I'm not looking forward to the day when I need to get a new car and all that is available is keyless start. I'd happily go back to needing a key for everything, even the doors.

1. https://www.youtube.com/watch?v=nEMzTDiXC6A


There is very little distinction between your physical key and a pushbutton. When you turn the key, it's just pushing a button internally that does the same as a button you'd hit with your finger. Few cars these days have any kind of direct connection between the ignition key and the starter.


Maybe I'm misunderstanding how the push button works because I've never owned a car that had one, but I thought the whole thing was that the key fob just needs to be near the car in order for the button to actually do anything. And these car thieves are repeating signals from key fobs that are inside the owners' homes. At least with a physical key, it needs to be present and inserted into the ignition to start the car, you can't use any technology to help there. Of course there are other ways to steal a car, but it at least deters these modern techniques.


I agree that Flipper shouldn't be banned in Canada, but I think the headline won't help them make their case. For many reasons, it's easier for people to support banning a device they don't personally care about than it is to call for millions of cars on the road to be made illegal, or for instituting new regulations on an industry with entrenched lobbyists. If the option you are presenting is to ban the Flipper (easy, painless) or turn the auto industry on its head (hard, painful) guess what they're going to do? The option you want to present is between going through a lot of work to ban a device that is ultimately harmless, and not doing any extra work and letting it go.


You mean like how fentanyl is a banned substance so nobody sell- oh wait...


All cars are insecure but what the government should be doing is forcing auto makers to allow customers to install their own security add-ons.

Car manufacturers are now locking down the OBDC ports because people were using them to add functionality to the car that they want you to pay for, like 3rd party adaptive cruise control. But this also prevents you from adding your own security.

They also fail to encrypt security systems but block you from replacing them with encrypted versions.

They claim they do it “for safety”, and while there is some merit to that, they are drawing the line way to far in the “we make money at the expense of your security and customizability” direction.


There's a conflict of interest on the part of car manufacturers, if insurance just pays out and they get to do another sale, they're happy that your car got stolen.

Also, I agree with the main point of the article, but it shouldn't be so easy for any 16yo Tom, Dick or Harry to buy a gadget and start stealing cars. If it's so easy to make with off the shelf parts, then let the 'security experts' create their own.

Consumers need to be educated about keeping their keys away from doors/in a faraday cage.


If insurance pays out often enough that this might actually work as a sales tactic, they don't get another sale, everyone goes to another manufacturer because insurance is so expensive.

Also most car dealers make more profit from ongoing maintenance and servicing than selling you a new car.


I have a younger brother that recently bought a Kia as his first car. It's been broken into 3 times in less than a of ownership year.

Kia sent him a cheep "Club style" steering wheel lock... -- From my perspective, getting stuck with this lemon will significantly compromise his quality of life and finances for years to come.

Where are our consumer protections? Kia should be on the hook for fixing the problem or buying back the vehicle at cost.


It's been broken into three times or it's been stolen three times? Because any car is easily broken into. Just smash a window.

South Korea's car theft rate is 5.3 per 100,000 per year. In the US it's 282. Canada is 217. Fewer cars had immobilizers a decade ago but theft rates were lower then. The main reason why car theft is higher is because of car thieves.


Unfortunately, the only consumer protection for this is in the form of brand reputation. Even before this incident, I would've never bought a Kia (or a Hyundai).


Indeed, the flipper-zero ban is obviously ridiculous, especially in light of the complete lack of even a hope of a ban on certain other tools that are often used for much more serious crimes; personal crimes rather than property crimes.


Personally I think FOBs for cars are simply not worth it. The key with the remote for starting, locking and unlocking is ideal. Ford's with the on door key pad is pretty good too imo. Probably hackable tho. Down with fobs!


It seems like the most straightforward path here is to ban auto thefts all together.


I think you're being a little bigoted. Auto theft is an important part of some cultures and it's important for us to be more inclusive of them.


Like San Francisco


Yeah! If we make it illegal, then people will stop breaking the laws. That is how it works, right?


Maybe we could try enforcing those laws with no mercy given to the "wayward teens who don't know any better" (they do.)


We tried that sort of approach; it's pretty widely considered a mistake.

https://en.wikipedia.org/wiki/Violent_Crime_Control_and_Law_...


I agree that 7 years ago it was widely considered a mistake, but I think we are currently reaching by a new consensus based on the opinions I have been seeing more commonly in the last 3 years.

We are in a conservative moment in the US right now.


This story is about Canada, though…


The VCCA is a US law, ask the above poster why they wanted this one.


It was a reply to the thread generally, which devolved into a US-centric response to a Canadian OP.


Couple years in prison would mean that they cannot soon reoffend. Seems like reasonable solution to me.


Do you know what the recurrence rate is for U.S. prisons? It's around 44%. 44% of people released from prison, within a year, go on to commit another crime severe enough to end them up back in prison


That doesn't seem overly surprising. Just as the people who acted in 2010 in a fashion that did not land them in prison probably acted in a way in 2015 that also did not land them in prison, it's not shocking that people who acted in 2010 in a way that landed the in prison might also act in 2015 in a way that lands them in prison.

I don't think that being in prison from 2011 to 2014 caused them to act that way in 2015.

We're not going to randomly assign (mostly) law-abiding citizens to prison to measure whether prison adds propensity to [what would be re-]offend, but there probably is something that is different about the never-imprisoned vs previously-imprisoned population that informs future likelihood to be imprisoned.


> I don't think that being in prison from 2011 to 2014 caused them to act that way in 2015.

You would be surprised. There's no concrete evidence pointing to this, but some suspects, when asked, will say that they did it because they have nothing left to lose.


What's the recurrence rate for people who commit a crime but aren't locked up?

> another crime severe enough to end them up back in

Then ramp up the penalty for repeat offences.


This logic depends on law-breakers being fully rational agents.

Yes, there are some, at least some of the time, but very few.


If they're not rational, they can go to jail? Isn't that the idea of jails: take people out of the system if they refuse to act by the rules of the system at other people's detriment.


Think there is not a clear ‘idea of jails’.

To me, the length of sentences in the US suggest that a primary purpose is deterrence, not merely keeping dangerous people off the street.


That is one of 4 reasons for jails. The other 3 are:

- Rehabilitation

- Retribution

- Deterrence


Why even ban them? In this context "insecure" seems to mean "vulnerable to theft". If somebody wants to buy something that's easy to steal, that's their issue.

If people inadvertently buy easy to steal vehicles that's an issue, and maybe there should be labeling, or or a testing initiative, or maybe it's just a temporary blip that will work itself out as independent parties pick up testing.

If it's known which vehicles are prone to theft the market should work everything else out. Insurance can price it in, and buyers can factor it in to their purchasing decisions.


Why don't cars have security ratings just like they have safety ratings? Surely publicizing failing scores across the board would encourage them thi improve so they can advertise as being better than the rest.


Banning either is silly. Locks on things in the physical world can only be a deterrent because physical objects are subject to much easier brute force attacks than a problem in the digital world is. If you forced automakers to make their digital keys more secure, it wouldn't improve security, because you could still winch the whole car on to a rental trailer in 30 seconds.

The Kia Boys notwithstanding, basically all cars that are stolen these days are either stolen with the keys, or towed.


Replay and CANbus attacks are easy enough that I don't think that's the case.

https://m.youtube.com/watch?v=vIrqKRIUCiE

https://m.youtube.com/watch?v=E3lkT9Fa1lA


Those are way harder than this:

https://www.youtube.com/watch?v=Hgs3LCp1F3I

And in major metro areas of the US, crime rings targeting newer cars for export, have just started using tow trucks.


I admired the Flipper Zero, but it's not something I have skills to exploit. Canada banning them ensured my order. It was in the mail on the day that I saw an article about the USA considering a ban. It's on my desk. I have no use for it. But I damn sure made sure I'd get one before I couldn't.

What a lousy reason to buy something. It makes me feel shitty about the world.


Can you actually use a FlipperZero to steal a car though? There's aftermarket firmwares which unlocks additional capabilities, but as far as I'm aware, there hasn't been a break in car fob encryption that would actually let you use a FlipperZero to steal a car without having the key in the first place, at which point you could just use the key.


Here is my favorite YouTube lawyer Ian Runkle a Canadian firearms and criminal defence lawyer discussing the flipper zero. This guy is very enjoyable to watch in all his videos highly recommended. https://m.youtube.com/watch?v=djqKqr-qh8c


I've always disliked keyfobs. They felt like an insecure replacement for keys, especially after so much effort went into tumblers and other security measures designed to prevent hot-wiring. It's extremely difficult if not impossible to hot-wire a modern car. And yet we throw all of that innovation away for what, convenience?


Ultra Wideband (UWB) is the solution for keyless entry and regulators should make it a requirement that new cars use it if they want to support keyless entry.

Tesla just rolled out an OTA update to support UWB. It uses Time-of-Flight (ToF) Measurement to calculate distance which is much more secure than simply using signal strength.



We don't necessarily need yet another pile of laws and regulations here. If consumers want secure vehicles they should prioritize buying vehicles that don't offer internet icon necked features.

Its crazy that most consumers prioritize convenience and novelty above all else then turn around and demand even more government authority to protect them from features that aren't needed in the first place.

I 100% agree with the author's argument that banning security research is a bad idea, but no matter how much research is done we can never guarantee consumers that their vehicle can't be taken over. If you can unlock and start your car from your phone there is always a possibility of attack. Period.


In Richard Feynman's book, "Surely You're Joking Mr. Feynman!" he tells the story of his exploits in safe cracking. And the eventual "solution" that the bosses come up with... not to make their safes safer, but to ban Feynman.


They should ban spark plugs too while they are at it:

https://youtube.com/shorts/4M2DmJaoxRk?si=r1K1llFxCtK_KA1j


Yeah, let 99% of honest people suffer to prevent the potential risk from the actions of 1%. Why bother with educating and raising people, why rethink the work of the police and the state. Let's just ban.


If anything they should promote the commercialization of these type of devices so the cars and other tech products get safer. They are just trying to hide the real issue.


Yeah the response of banning flipper zero is absurd, and would be like banning usb connectors in response to Kia’s terrible ignition flaw.


I want to own an insecure vehicle that is also so cheap/old/damaged, that it’s not worth stealing. Should I be allowed to do that?


Thank God I have an account so I can say this:

This is the most funny thing I've read in a while. Thanks for writing it man -- wiping tears.


Is this not the same argument with gun control?


And same counter-argument: those who are more likely to abuse tools are less likely to care about the legal status of said tool (they will illegally import or DIY the tools).


Banning Flipper in an effort to prevent car theft is like banning blank keys in an effort to prevent burglaries.


Hypothetical: Should I be allowed to sell a magical device that unlocks any phone, car, safe, computer, etc?


Insecure software should be banned (aka, all software)

But I agree that Flipper Zero has no reason to be banned


Honestly, think a major problem with this is that Canada has not managed to resolve their organized crime issues.

I don’t know why the US federal apparatus has been so much more effective at disrupting organized crime, but Canadian groups fencing a lot of these stolen cars.


The port in question is in Montreal which is in the province of Quebec. The province of Quebec is a political minefield with special status that most politicians don't want to deal with.


Or maybe we don’t ban anything?


Stop computerizing vehicles. Computerized vehicles are so bad in so many ways.


ITT: Security through obscurity is easy. Actual security is hard.


Politicians are always going to do what’s easy, not what’s hard.


It's a problem of insufficient scientific divulgation.


There is a real danger of "victim blaming" here. A similar thing occurred recently for the South Korean car makers Kia and Hyundai, which experienced soaring car thefts in the US due to relatively low car security standards and the high US crime rate. Some US American journalists, politicians [0] and judges [1] blamed the car makers for the steeply rising car thefts.

However, these manufacturers come from a country where there are much fewer car thefts than in the US and where these cars didn't cause a comparable theft problem. The people blaming Kia and Hyundai would have been well-advised to identify at least as a major part of the problem the US-specific crime rate, not just the South Korean car manufacturers which weren't sufficiently adapted to to this crime.

It's kind of similar to a young naive woman from South Korea doing her vacation in the US, and walking home at night, alone through a dark park in a shady neighborhood. A thing she could expect to safely do in South Korea. But in the US, the worst thing happens. Who is to blame? The women may bear some part of the responsibility by wrongly assuming the US is as safe as South Korea. But I think it's clear the main fault lies with the US criminals, not the victim.

People easily get used to things like that and don't notice it. Until they travel to a country where very different things are normal, and get a culture shock.

[0] https://www.cbsnews.com/amp/news/hyundai-kia-stolen-car-thef...

[1] https://www.reuters.com/business/autos-transportation/hyunda...


This could be solved easily by insurance companies


All I am reading is, big corporation should be held responsible but not maladjusted individuals whomst purchased a $50 hacking tool online. Seems like BOTH is the solution here.


A manufacturers recall would be useful.


I feel like, if cars will significantly improve security, ultimately we the customers will pay the price for it in terms of more expensive cars. But then again I agree that this should be addressed.

It's like someone points out a problem, and then you stick your head in the sand and wait for things go away - or just let others deal with your issues. It's simply not the right approach.


Soros funded district attorneys should be banned for refusing to enforce laws.


It is funny since there are devices other than Flipper Zero which are designed specifically for stealing cars with key-less systems AKA "SOS opening" and they come in GameBoy-like enclose. Keywords - "SOS Autokeys Bulgaria".


correct, someone says something right for once. also vehicle theft will happen no matter what since they have physical access to your vehicle. scammy, scummy, corporate pitches like "you just press this button and it opens for you" with zero research on how to implement that securely (even thought it was known in the 70s), which just make the hacker be able to press a button and open it, are not anyone's problem aside from the clout chasing consumer "who doesn't have time" to research any "sophisticated tech" he buys, and the corporation. consumers should know by now that "smart tech" = a teenager can hack it.


for me the issue us flipper team itself, not a device. they are ruzzianz, buying this device directly or indirectly supports criminal regime


Let's suppose that hypothetically the Flipper Zero could be banned...

OK, so then what about the (Texas Instruments) TI CC1101 rf (Radio Frequency) Transceiver chip/IC that powers it?

Is whoever is going to ban the Flipper Zero also going to ban the TI CC1101 rf transceiver chip?

Because if they don't -- then many other clones of the Flipper Zero can and probably will exist in the future...

OK, but let's take things a step further...

Let's suppose that whoever is trying to ban the Flipper Zero -- is able to ban the Flipper Zero AND the TI CC1101 rf transceiver chip that powers it!

OK. So what about all of the other rf transceiver chips that exist?

Is whoever is going to ban the Flipper Zero -- going to also ban ALL other transciever rf chips?

But let's take things a step further...

Let's suppose that whoever wants to ban the Flipper Zero -- also is able to successfully ban ALL transciever rf chips! (Highly unlikely, since many are used in highly popular consumer products including but not limited to Routers, Smart TVs and Cell Phones!)

But let's suppose they could pull that one off...

OK, so now the next question is (to the party or parties that wish to ban the Flipper Zero!), if you can successfully ban all of the rf transciever chips, then can you ban all non-IC based radio circuits?

You know, like analog electronic radio circuits, capacitors, coils, antennas, stuff like that?

Can you ban all of it at the same time?

?

But let's even go a step further... let's suppose whoever wants to ban the Flipper Zero -- bans it, and also successfully bans all rf transciever IC's, and all analog radio circuits, and all previously analog electronic parts for making a radio circuit...

OK, so final question (to whomever would wish to ban the Flipper Zero!):

Can you ban all of the electrons, which flow through wires, which could be used in creating radio circuits?

To accomplish this, you'd need to ban all batteries, all power lines, and all generators! (Highly unlikely, because power in is various forms creates transactions which in turn create taxes which in turn fuel local, regional, state and country governments!)

So -- good luck with all of that!

I myself would never use a Flipper Zero for unlawful purposes (if I possesed one), and I would never drive a car which could be rf hacked by a Flipper Zero or other rf device on the other side of things.

In other words, both sides of the argument are stupid.

A person could probably kill someone else with a pillow, a roll of paper towels, or some other incredibly soft object, "never before did we think that it could be used as a murder weapon" item (George Carlin: "You could probably kill a guy with the Sunday New York times by beating him to death with it if you were so inclined")-- but we don't pass laws banning those items because of an isolated case of misuse!

Heck, now that I think about it, someone could probably kill someone else with a single roll of the softest toilet paper -- if they really put their mind to it!

But we don't pass laws banning ultra-soft Charmin(tm), now do we? ("A gang of 12 or 13 year old youths used it to murder their parents -- so it must be banned!" :-) )

?

Point is, there are some really stupid arguments being advanced here...


always first blame the flawed security.

sure, also blame attackers. never blame the attacker's tools.

this is a place where "victim-blaming" is exactly the right thing to do. we can be supportive, even empathetic, of victims, who may have attempted to be secure, but failed due to bad tools, third parties, etc.


Philosophy warning:

I don't know if there is a term for it, or if a philosopher/etc. has written about this phenomenon, but: a noticeable trend to me is what I'll call "the replacement of ethical expectations with specific, written down laws."

Rather than expecting a human being to behave in certain ways intrinsically (i.e., normative ethics) we tend to assume they will behave in the worst way possible, and then pass laws to supposedly prevent that behavior from manifesting.

This scenario is a great example of this phenomenon. Instead of discussing how car theft is fundamentally an unethical behavior, the discussion is about preventing some thing from being sold or existing, whether that be insecure vehicles or Flipper Zeroes. It's designing the playground so that kids can't get hurt, not teaching them how to play responsibly.

My theory is that this is a consequence of relativism and the general cultural exhaustion Western society seems to have with enforcing any sort of religious or ethical norms.

I really don't like the way this is going, because the end result is a world where limitations are hardwired into the environment, while at the same time you have zero ethical expectations of your fellow humans. It's very Hunger Games / Battle Royale, at a less hostile level.

Edit: just to clarify a point here. I'm not saying that there was no theft in the past, or that having ethical expectations instead of laws will somehow reduce all theft. I'm commenting more on the fact that the "new method" results in a different kind of world than the previous one (see the paragraph before this one.) It's a subtle point, but hopefully one I communicated well enough.


You just described the “rule of law” and this is the basis for how modern governments are formed and function

A constitution is written and codifies the process for making ratifying and enforcing laws. That then is the common standard for some subset of behaviors as defined by the constitution which defines who it does and does not apply to. Different constitutions outline different processes but the structure of the “Rule of Law” is the same.

This is in contrast to other structures like pure monarchies (unlike constitutional monarchies) which have a “divine” process for defining the structure of the governed land.

What you seem to want is for civil law to be subordinated in favor of common law, but that simply kicks the can and doesn’t actuall solve the problem.

What’s actually happening right now is that society at large is questioning the foundational assumptions of society. To Wit this is a perfect example of effectively questioning the foundational function of governance in the post World War II world while also not being aware of it apparently.


That's an interesting thought, but I would say instead that I'm in favor of culture being the "first line of defense" and not the law. In other words, I can leave my door unlocked because I am a part of a culture where that sort of thing doesn't happen. Not because there is a law written down somewhere. This has functionally been my experience in a number of spaces, including private workspaces (i.e., you don't expect your co-workers to steal your stuff), Japan, Poland, and a few other countries, and many others.

If that's a definition of "common law" then sure, but it seems like a different thing to me.


The reason the rule of law exists at the scale it does is precisely because what you describe, has not shown to create functional long term societies that are resilient to exogenous threats.

The rule of law is literally humanity’s best attempt so far to explicitly codify human desires into a common set of descriptions.

This is why the UN exists and the LON before it etc…


> has not shown to create functional long term societies that are resilient to exogenous threats.

I don't think I agree with this. If anything, it seems more like the reverse: societies have been less-and-less willing to enforce assimilation and a certain set of society-wide cultural behaviors, and therefore they "fall back" to the rule of law as described by you.


As a melting pot, the US takes in a lot of folks from countries that are not doing very well... so in a way, if we keep importing folks from cultures that failed without trying to integrate them to our culture, and instead celebrate their original culture, eventually our amalgam culture will fail just like theirs did.

Its why we have signs that say to "sit, not stand on toilets". You dont think we would need to write it down, but if you import hundreds of thousands of toilet standers, "the norm" goes out the window.


The melting pot is a way of integrating people into our country. It has been criticized as being too homogenizing; and now I think (for the better) most people see it as a nice lumpy stew. We shouldn’t ask people to give up all their traditions or change completely to become American, it is a give and take communication process that we both benefit from.

WRT toilets, I think it has been shown that squatting actually reduces the strain when using the toilet; I think those signs reflect the fact that we are integrating new toilet information. They are part of the natural back-and-forth pushing process. Hopefully we’ll converge on a toilet that is lower to the ground but doesn’t have accessibility issues.


> WRT toilets, I think it has been shown that squatting actually reduces the strain when using the toilet; I think those signs reflect the fact that we are integrating new toilet information. They are part of the natural back-and-forth pushing process. Hopefully we’ll converge on a toilet that is lower to the ground but doesn’t have accessibility issues.

Squatting toilets are fine, maybe they are even better. But the signs are about people squatting with their feet on the toilet bowl on a sitting toilet. That is dangerous (the bowl can easily break from the pressure of your feet) and dirty (you are very likely to leave the area around dirty, and there are typically no ways to clean the outside of the bowl in typical western bathrooms).


What I wanted to highlight is that this confusion, people coming to the toilet with different assumptions and misusing it as a result, is part of the process of improving by integrating additional information. Sure, they are being misused, but the way they are being misused gives us a chance to reflect on how they could be better.

If we want to be obnoxiously neutral, haha, we could just say there’s a mismatch between the design and the user expectations. Maybe we could look at retrofitting some of these toilets with a retractable foot platform, or something along those lines, instead of a sign.


If American culture "fails," I'm gonna blame xenophobes like you who are incapable of adjusting to a dynamic world, not the "toilet standers."


This comment is utterly inappropriate for HN - there's nothing xenophobic about the GP comment, you're just using that phrase incorrectly to emotionally manipulate other readers.


Your terms are acceptable.


Erm, how exactly do you think we’re going to educate people on the “normal” way of using a toilet, if it’s not educational signs above toilets?

Do you imagine some kind of toilet license? Where people have to take toilet train and demonstrate their competence in front of an examiner?

Or perhaps at every border, non-citizens are given mandatory toilet training.

Or perhaps you’re gonna follow everyone into to the toilet and tell them how to use it correctly.

Your issue is with people not learning your native culture, but your evidence for people not learning is educational material that teaches people your culture. So it does rather seem your problem is that your specific culture isn’t the world wide norm.


Bad example. I believe squat toilets are actually better for you (less strain to use) so really there is a case to be made we (those who do not use them) should follow those who do.


This was not about squat toilets, but about people who squat on sit-down toilets, which is dangerous and dirty.


I'd like to note that the United States is in fact extremely good at assimilating immigrant groups and has done so successfully numerous times.

Honestly, I see little evidence it is doing any worse at assimilation than in, say, the early 1900s.


you know that the melting pot analogy is meant to say that we integrate immigrant cultures into "our" culture by both changing the immigrant culture and the dominant culture. The contents of the pot as a whole are less changed than the individual components are.

I think you may be thinking of the Candaian conception of a cultural mosaic.


Go on, tell us more.


> This is why the UN exists

To split hairs - the UN does not exist to be a world police (Its charter is explicitly built to ensure that it fails at that task).

It exists to be a forum for countries to talk to eachother. But its a purely voluntary engagement.


I don't think your evidence supports your argument at all. Pick any consistently governed region, even one with regime changes. Compared to the UN, which is unable to affect some of the worst genocides in recorded history. As well as the League of Nations, an institution notable for accomplishing nothing. Nothing is immune to external threats but institutions that avoid them by doing nothing on critical issues are not the most inspiring examples.

The rule of law is our best attempt at codifying Individual freedoms, outside and above the power of the state. Definitely a noble goal, but leads to the observations made by the parent comment.


> This is why the UN exists and the LON before it

Um, you do realize that the League of Nations was a failure? And that the UN, although at least it still exists (unlike the LON, which only lasted a decade or so), has not accomplished anything meaningful in terms of enforcing actual norms of behavior?


Are you kidding? UN has had tremendous impact in the world.


> UN has had tremendous impact in the world

Perhaps, but if so, I think its impact is, at the very least, net negative, not net positive.


Heartily disagree. Having an avenue where nations can be shamed for their crimes against humanity as well as a central org that both announces common human rights and monitors for them is immensely useful on any normative ethics yardstick, whether utilitarian, essentialist, effective altruism, and so forth.


> Having an avenue where nations can be shamed for their crimes against humanity

Many nations have continued to commit crimes against humanity since the UN was founded, without any shaming at all. Some of them have had their leaders praised and given awards and invited to be keynote speakers at conferences at the same time that their crimes against humanity were in full swing (for example, Robert Mugabe). And two of the most egregious such nations, Russia and China, have permanent seats on the UN Security Council.

It is true that the UN has shamed some nations for crimes against humanity (the Milosevic regime in Serbia, for example). But that just makes the lack of shaming in so many other cases worse, especially when the cases that are ignored are at least as egregious as the cases that are shamed.


> the UN [...] has not accomplished anything meaningful in terms of enforcing actual norms of behavior

That's because the UN isn't an actor in its own right, it is merely a forum through which countries can co-operate if they want to.


Dude. I was just listening to my taxi driver tell me about how the UN helped him escape from war at 14 and got him to this country (Norway) where he’s been able to have a decent life. I’m not sure you know what you’re talking about.


> accomplished anything meaningful in terms of enforcing actual norms of behavior?

Point being that the norm in question would be "not having the war".


Hasn't humanity been having at least one war since ... forever? I think the norm is war and what isn't normal are bullets and bombs that do far more collateral damage than "normal."


I agree, but I don't see how that's relevant to the idea that the UN has changed the culture of the world to end war.


I don't think anyone here said that?


The UN Charter does.


Speak softly and carry a big stick.


That's a wild statement to make about UN's unproductiveness in the history of its existence. I'd like some evidence please.


> I'd like some evidence please.

Um, the state of the world today? Read the preamble of the UN charter and ask yourself how well the UN has actually done at moving the world in the direction of those things.


The fair point of comparison would be to contrast it with what the world would be like without it.

And neither I, nor you can make such a contrast fairly. It immediately goes hard into speculative-fiction territory, and such an exercise would educate us about our own biases, more than we'd learn about the UN.


I think what may be missing from the discussion at this point are distinctions between law and equity and different kinds of judgement in statutory versus common law.

The ideal in jurisprudence is that we _always_ have equity - the ability to interpret the law and apply it in each specific cases.

The "opposite" is statutory law. Like you get a speeding ticket regardless of any mitigating situation.

So you were rushing to the hospital in time for your pregnant wife to give birth before your dying father breathes his last.... Cry me a river. $200 fine! Next case.

Mechanical justice is cheap and rough. Statutory law fits perfectly with our capitalist society, efficient, inflexible, uniform, quick and cheap. Judges and juries are expensive.

Others mentioned the Chinese concept of Li (loi?) and the "spirit of the law", which are casualties in a technocratic society.


> Statutory law fits perfectly with our capitalist society, efficient, inflexible, uniform, quick and cheap. Judges and juries are expensive.

This seems a bit of a false equivalence. Capitalist societies are the ones that are based on liberalism and think individuals are important - important enough to make companies and agreements between each other. They quite often are the ones that also think individuals are deserving of justice in and of themselves, not based on what group someone has put them in.


Are you not confusing democratic societies with capitalist ones?

I mean, there's some overlap, but if we're talking about clumsy equivalences... :)

And to be honest I see ever less intersection between actual current "late stage" capitalism and the "rule of Law". Those I know in the legal profession complain we are in state of "lawfare", a state in which most of the common principles of justice have broken down in favour of "justice for the rich" (I realise many Americans take that to be perfectly normal)

How about I use the expression "greed driven societies" instead?


> Are you not confusing democratic societies with capitalist ones?

Well, they both are rooted in the idea that individuals are important, which is a relatively new idea, all things considered.

> How about I use the expression "greed driven societies" instead?

You can do, except I think it's not helpful, as you're joining the ranks of the people who misuse the word "society" to mean "how I happen to think about the stuff I don't like in the world".


> I think it's not helpful, as you're joining the ranks of the people who misuse the word "society" to mean "how I happen to think about the stuff I don't like in the world".

Helpful to who?

I see it differently. I think it helps us all to aspire to clear values. Karl Popper thought "there is no society". Lady Thatcher thought we merely misused the word society, not as you say - to universalise social facts - but to forget our "duty" (Thatcher's words) to ourselves and our neighbours (my emph). Thatcher sincerely saw business as a social good, as do I. Using the word society in that way is avoidant. You seem to think that's what I am doing?

Social facts exist, at least in Durkheim's view as behaviours and attitudes. They definitely include greed and selfishness as psychologically measurable traits. You may not think much of sociology and psychology, but to a lot of people they are solid sciences.

Moral judgements are also social facts. And for us Christians (as a moral framework), greed is more than a neutral, observable fact. It is an ugly weakness.

The hoarding of power and wealth by a tiny minority to assuage their insecurity , while returning nowt but "disruption" to the world is objectionable. Being parasitic upon the rest of the population is a harm.

So I've no problem declaring, greed, vanity, megalomania as "stuff I don't like in the world". Others may or may not agree with me. As an individual, you may disagree. But as an individualist you must concede my equal right to call out greed and selfishness as harmful to the rest of us - even without a "Logical basis". Further, you must do so without criticism.... unless you deny the existence of social facts, or yourself find greed attractive and virtuous?


> I see it differently. I think it helps us all to aspire to clear values.

But which "us"? That's my point. You aren't talking to all of society (assuming "us" was all of society), so you using it like that doesn't even theoretically do this.

> Social facts exist, at least in Durkheim's view as behaviours and attitudes.

This isn't the same as "society". My point is that the definition of "society" changes dramatically based on where you live and what you consume. It's like a giant straw man.

> So I've no problem declaring, greed, vanity, megalomania as "stuff I don't like in the world". Others may or may not agree with me. As an individual, you may disagree. But as an individualist you must concede my equal right to call out greed and selfishness as harmful to the rest of us - even without a "Logical basis". Further, you must do so without criticism.... unless you deny the existence of social facts, or yourself find greed attractive and virtuous?

It's hard to make sense through the purple prose, but maybe I can pick something out. You're not calling out greed; you're calling an entire society greedy. That's the problem. All the rest of what you said here doesn't seem relevant.


I said our society is driven by greed. And it's led by greed. That's a failure of leadership.


> I said our society is driven by greed.

I agree you said that. I disagree that it's true. If I go to my kid's football kickabout, run mostly by volunteer parents, or I attend a local street party, or go for a pub quiz night, or any of many societal endeavours, I don't see greed.


Sounds like you’re not American. We’re describing the US as the extreme anarcho-capitalist wasteland it is


> the extreme anarcho-capitalist wasteland it is

As of 2019, the US had 50 million immigrants[0] living there, either 1st or 2nd generation. Far more than any other country. Are those immigrants really all just idiots for moving there?

If you think the US is a wasteland, it sounds like you're American.

[0] https://www.un.org/en/development/desa/population/migration/...


But you DO have a second line of defense even in your culture because that sort of thing DOES happen even in your culture only perhaps less often.

With respect to the Flipper Zero, I don't understand how culture solves this particular problem. I'm not sure I'd want to be in a culture that solved this particular problem a priori. I think I'd prefer to be in an imperfect Rule Of Law society that adapted albeit imperfectly to new problems as they appeared.


You are describing anarchy.

No leader, or force required. People just acting according to their consciences.


And now we come to the unfortunate fact that there is no equivalent in English for the distinction between Recht and Gesetz, or droit and loi, both being subsumed under the term law. The former is an immanent thing, a "shared search after justice". The latter is temporal, it is written down and itemised in Strafgesetzbuche and Codes Civiles, and is very appealing to HNers because we can read "common standard for some subset of behavior" and think "I can put this into a computer". But that Law is not The Law. And The Law is not even Society. It's something we yearn for or desire, and our confidence in society varies with our confidence that our neighbours are also yearning for it with us. The rule of law is a feeling, man.


English common law is largely not codified but the result of practices and precedent, and is still part of the legal system in most English-speaking countries, as opposed to continental-style civil codes that you mention which are more explicit. I do think that distinction exists in the English-speaking world.


Isn't this explained in the phrase "the spirit of the law" vs. "the letter of the law", or is there more to the concept.


I think "spirit of the law" can be interpreted as how the (written) law was trying to get at The Law. But even that spirit is not The Law. Here's an example - modern Germany defines itself as a Rechtsstaat. On the face of it this is a "State of the rule of law". But this fails to capture what distinguishes it from a hypothetical Gesetzstaat, so Wikipedia also tries on "state of justice and integrity" and "constitutional state" to get the distinction across. And the absence of Recht - a Nichtrechtsstaat - is one "based on the arbitrary use of power".

The historical context is that of trying to define what in a state should set it apart from both the 3rd Reich and the DDR.

https://en.wikipedia.org/wiki/Rechtsstaat


I suspect many Germans have varying personal interpretations (not being German). However, StackOverflow has a question/answer [1] where the most general answer is "right or freedom as in Recht auf freie Meinungsäußerung being 'freedom of speech'".

Otherwise, tends to represent "the encompassing scope of all laws" vs "the interactions of a single law."

The "the spirit of the law" tends to be more like: "what did we believe the law was supposed to do vs what does it actually result in if you're a rules lawyer."

Games have a lot of that with little oversight, legal laws tend to get publicly challenged. We made a rule where all the miniatures have to stand in squares, except now all anybody does is abuse the facing and distance rules.

[1] https://german.stackexchange.com/questions/30384/what-s-the-...


Perhaps what you are trying to express as "shared search after justice" could be thought of as a "Social Contract"; a non-codified agreement of how society (should) co-exists, in context of said Society.


I have to object that the rule of law isn't about the extent of laws and enforcement but rather about making whatever enforce exists systematic, fair and so-forth.

The concept of rule of law never implied the replacement of custom with bureaucracy - although that often happens. It implied the replacement of the venal authority of kings and nobles with codified principles. Especially, as the parent points out, customary honesty isn't based on any enforcement system.


I think what he actually described is why the rule of law is not a replacement for a good ethical framework that is shared culturally.

I didn't read his post as advocating for no laws or replacing the legal framework. I read it as advocating for rebuilding a shared ethical framework for the culture.


> You just described the “rule of law”

What the article is describing is not the rule of law.

The rule of law would be: make theft a crime, and enforce that. Not: criminalize the use of security research tools to show which vehicles are more susceptible to theft.

> What you seem to want is for civil law to be subordinated in favor of common law

I think what the GP poster wants is to have the law limited to criminalizing things that are actual crimes, like theft, not things that are inconvenient to the rich and powerful.


Please list all of the “actual crimes”


I don't remember the terms but there's a category of crimes that are "crimes because that's what the written law says"(i.e. driving without a license) and "crimes that morally abhorrent and actual harm to someone"(i.e. murder, theft)

"Actual crimes" would be category 2.

Building or owning a flipper zero would be in category 1. (As would laws that ban things like owning/carrying lockpicks without being a licensed locksmith)


malum prohibitum, malum in se


The problem with rule of law is that it's like a very sloppy program that relies heavily on global variables. Whether it's the constitution or any of the million codes they all have implicit assumptions or vague language that requires a certain cultural or ethical baseline to interpret properly. Just the 2nd amendment is already a plenty popular example.


law:

prompt engineering before it was cool


"What you seem to want is for civil law to be subordinated in favor of common law,"

I must have missed that. I do not see them making that point.

"To Wit this is a perfect example of effectively questioning the foundational function of governance in the post World War II world while also not being aware of it apparently."

I don't know that I would call this a perfect example. This is extremely narrow and doesn't dive into many aspects of the relationship. I'd say it's more focused on individuals giving up freedoms on the notion that those freedoms don't benefit them personally, but could pose some harm to them if others are allowed to exercise them, without realizing that the same thoughts can be used against them in the future. More a tyranny of the majority than role of government discussion, even if somewhat related.


I'd say OP actually talked about two different things. The abstract description in the first paragraph is the rule of law (which I agree happened a long time ago, and is a good thing for a democratic society), but the concrete gripe in the later paragraphs is a different thing.

Rather, it's something like the difference between laws applying to individuals who may violate normative behavior ("it's illegal to steal"), or whether laws (in this context aka "regulations") apply continuously to above board businesses, with the goal of a priori preventing individual violations of normative behavior ("it's illegal to make a car that can be easily stolen").


‘Rule of law’ is the concept that no one is above the law, as opposed to having a specific ruler that can do as they please. It doesn’t really have anything to do with the comment you’re replying to, which would be the same idea if it were decreed by an untouchable supreme leader.


This has literally nothing to do with rule of law.

Rule of law simply means that the laws of the land are respected and enforced (no matter what law it is). Ie codified rules are followed.

This has nothing to do with how the rules are written or what they are.


I... don't think what they described is "rule of law" in any way.


> Instead of discussing how car theft is fundamentally an unethical behavior, the discussion is about preventing some thing from being sold or existing, whether that be insecure vehicles or Flipper Zeroes.

There are already laws against theft. They apply to vehicles, secure and insecure alike.

A law mandating a minimum level of security, as GP suggests, seems to me to fit the suggestion, that auto manufacturers have a minimum standard to ethically sell a vehicle which buyers would, presumably, expect to have locking mechanisms suitable to prevent theft.


And Canada already did this with immobilizes. We also used to do bait cars.

Both these things helped a ton, until the new wave of weak car security

Iirc the Kai stealing spree didn’t hit Canada as hard because of said immobilizer law too


I like the idea in theory, but I'm not sure if it's practical. There's no such thing as a secure system, there are only systems with no known security issues -- a vehicle that has no known security issues one day, is one discovery away from being completely open the next day. So, it would be hard to legislate the security of a system.

The solution might be to incentivize a quick resolution. For example, if a security issue is found with a vehicle, there could be laws that govern how quickly a fix needs to be available, how it's made available, and how far back it goes in model years. I would suggest that the severity of the issue (life threatening | theft | inconvenience) and the number of vehicles affected, should dictate how much time they have to resolve it.


> There's no such thing as a secure system

Nobody's demanding that auto manufacturers build a secure system, we are just expecting them to meet an incredibly low bar of security.

The manufacturers in question, unlike their peers, have failed to clear it.


I agree with you, I'm just not sure how you'd wright the law that makes them clear the low bar when that bar might need to move up before the bill even becomes a law. That's why I would prioritize some kind of "security update bill" instead of trying to legislate the low bar that needs to be crossed.


> There's no such thing as a secure system

This is tautologically true. However, the car manufacturers haven't even tried.

They had the same default password for every car. Then they had wireless systems that were vulnerable to replay. Then they had wireless systems that were vulnerable to relay. etc.

The wireless systems on cars need two things: encryption and time of flight detection. The problem is that adds a couple dollars of cost per car and will lock out users some amount of time inversely proportional to the development cost (which the car manufacturers will shirk on so the system will suck). So, no manufacturer will do it short of being forced by legislation.

From an engineering point of view, the main limitation is the battery in the keyfob. If you interrogate the keyfob too often, it will drain the battery and consumers will complain.


> There's no such thing as a secure system

I mean, in modern vehicles you can pretty much get there, but you might have to give up some features. For example, walk up unlock. You need to push a button somewhere to make unlock secure.

The way you get there is through FIDO. Have the engine controller ask the hardware key to confirm who it is through a handshake. Don't start/enable the engine if that handshake fails.

With that in place, the route to theft involves removing/replacing the engine controller which can be a major pain to do fast.

Cars with bad security systems generally involve pulling the steering column off and touching the right two wires together to start then engine.

That said, preventing theft of the contents of a car is impossible. Windows break easy and it's stupid easy to push the unlock button. That can't change.


We aren’t very serious about enforcing our laws, especially when kids are involved. We had police catch 12 and 13 year olds (Kia Boyz) this weekend in a car with guns, and they are out already. They will get some restorative justice, but no real correction in behavior and I’m sure they will do it again.

Our real problem is just the pendulum swinging too far towards assuming people want to be good and they just need some compassion.


> We aren’t very serious about enforcing our laws, especially when kids are involved.

In the US we lock more of our citizens behind bars than any other nation on Earth. Conviction for even a minor offense can make it extremely difficult to get employment or housing. People rarely get a clean slate after serving their time and even an arrest record without a conviction can haunt you. Nearly all other developed countries have abolished capitol punishment. We haven't gone a single year since 1981 without an execution.

The pendulum has already swung too far towards punishment and law enforcement, to the point that abuses by police and our mass incarceration problem are a total embarrassment for a country that tries to call itself "the land of the free" with a straight face.

There's little doubt that many of the people arrested in the US would do better with some compassion than they would with harsher punishment. This is especially true for literal children. One example where compassion is the better option would be treating addiction instead of punishing drug addicts. That would save billions in tax dollars, reduce crime, and help the addict to recover their lives and remove several barriers that could prevent them from getting work and being productive members of society. If we'd done that decades ago instead of feeding US citizens to the prison industrial complex we'd be so much better off as a nation today.

There's a risk for over-correcting, but there's also a massive amount of space between "do nothing" and our usual method today which amounts to "torture then never forgive" or "torture then kill" so there's plenty of opportunity to find some improvements.


I fully agree with you regarding situations where people get put into the system. Our justice system in practice, if not philosophy is very much based on punishment rather than rehabilitation. In my personal opinion this is medieval and really needs to change.

However, what GP I suspect is seeing and what many others have seen as well, is a recognition that the system is broken, and thus a reluctance on a part of authorities to move forward with prosecutions for certain people. The goal of not institutionalizing them and setting them up for a difficult future is noble and laudable, however, I worry that this will ultimately be counterproductive. It is going to cause a swing much like what we are seeing, where people conclude that we are not tough enough on crime and thus we need to get more extreme, more punishing, and more authoritarian, which is the exact wrong way in my opinion.

I would much rather we focus on fixing a monstrously broken and outdated system, rather than trying to work around it. That also makes for much more equality and Justice, because then you don't have to hope that you are one of the lucky ones for whom The system looks the other way.

It doesn't have to be a massive revolution either. We can iterate towards it in a progressive manner, starting by removing absurdities like mandatory minimums, victimless crimes or crimes for whom the victim is some nebulous "society", and other things like that.


> The goal of not institutionalizing them and setting them up for a difficult future is noble and laudable, however, I worry that this will ultimately be counterproductive. It is going to cause a swing much like what we are seeing, where people conclude that we are not tough enough on crime and thus we need to get more extreme, more punishing, and more authoritarian, which is the exact wrong way in my opinion.

I totally agree. I also worry that people will continue to push for more extreme forms of punishment. It's gross that we accept how prisoners and ex-cons are treated as it is. I think there are still a lot of people who would already prefer if our legal system was even more cruel, but even if most of us want reform all we can really do is vote for the people willing to do it. Our strongest point of leverage here is jury nullification, but I wonder how popular that would actually be with jurors and since most cases never reach trial we're denied the opportunity to use nullification to prevent defendants from being subjected to excessive, inhumane, and unjust punishments anyway.


To reiterate what you just wrote in the second paragraph: Punishment ruins lives, so people vote against ruining each other's lives, so a group of people (who are but you did not refer to as fascists) who are disappointed with the amount of lives not being ruined will increase the level of punishment even further to maintain or exceed life-ruining equilibrium?

It may be true or false, that I don't know, but the blame for it should lie squarely on the people who seek to increase life-ruining instead of the people who seek to decrease it.


> the blame for it should lie squarely on the people who seek to increase life-ruining instead of the people who seek to decrease it.

I don't disagree, but assigning blame won't get us anywhere. In fact I think it actively works against us because:

1. It just further causes divisions. If people feel like they're being blamed, they will get defensive which usually also includes a double down and a shift to amygdala-based reasoning rather than PFC-based reasoning.

2. It shifts the conversation to a debate about "whose fault" or "who is to blame" rather than "is the system ethical, efficiacious, and what can we do about it?" That debate will then take all the energy, and even if it got resolved it's all wasted because simply assigning blame doesn't do anything toward solving the problem.


Then don't punish. Reform, correct, fix. A lot of people will still see that as punishment (like they would see army bootcamp as punishment), but then we would just start disagreeing.


I'm not sure I understand what you're saying. It can be difficult to sync on terminology and philosophy though because in theory for most people the justice system is supposed to be about rehabilitation. The idea that you should serve your time and return to society is almost universally agreed saving the most extreme cases. Yet our system doesn't achieve that because a lot of the structures are based on "punishment" and "deterrence." Simply raising awareness and following the trail of logic is usually enough to find a lot of common ground. But it being a systemic problem, there isn't really anything an individual can do (that isn't IMHO counterproductive, see earlier thread about the unintended consequences of well-meaning DAs and LEOs letting people go to avoid the pitfalls of the system). It's a tremendously challening problem.


> It's a tremendously challenging problem.

It's also one many other countries don't have, so we have plenty of examples to benefit from. I'd say a few "easy" patches would be things like: treating people with mental health issues, treating addicts, housing homeless people, clearing most people's records when they've severed their time/making it illegal for most employers to ask about past arrests/convictions, providing better assistance to people post-release and lessening or delaying some of the additional burdens we put on them (fines, fees, inflexible meetings/appointments), etc.

The biggest challenge will be convincing the fearful and the revenge/punishment fetishists that more and harsher punishment isn't the solution and that they aren't being endangered by making the needed changes.


The US isn't very uniform. Mississippi locks way more people up than Washington state. Both states are pretty ineffective in keeping crime down.

https://www.prisonpolicy.org/global/2021.html?gad_source=1&g...

Washington is put at around Thailand, Mississippi locks more than twice as many people per capita up (and isn't very comparable to a country).


Well that's depressing. Thailand is not a country we should strive to emulate. They have their own mass incarceration problem (they rank 8th in the world), state executions, their own "war on drugs", lots of violent killings involving guns, high levels of corruption, forced disappearances, torture, extrajudicial killings, and a horrible track record for human rights. Thailand is a mess and it's tragic that so much of the US can't do any better when it comes to locking citizens behind bars.


It isn't, but many places in the US are not as bad as it seems if we count the USA as a whole. Mississippi (and Louisiana and most of the south up to and including Texas and Florida) is just really bad.


this is an absolutely insane position to take in 2024. all around we have junkies in the streets, squatters, shoplifters, car thieves, burglars operating with impunity. you are replying to a post about 12-13 year-olds stealing cars and carrying guns, ffs. this should involve at least several years in jail. maybe a 2nd chance at 18.

the pendulum has definitely swung too far, but the direction it's swinging is not what you think. the last decade has been an wonderful experiment in reversing some of the "tough-on-crime" laws. the results of which have basically completely disproven the idea that sentencing, bail, etc. reforms would ever have a net benefit.

mass-incarceration is not a "problem" to be solved - it's a symptom, a result. the problem is an increasingly lawless society. measuring how many people are incarcerated is meaningless without comparing it with how much crime is happening.

compassion, i agree with. but what's needed is to put effort into better sorting in the justice system. some people, for example juveniles, deserve and will be well served by compassion. others will simply take massive advantage of it. the later need to be locked up, not for rehabilitation, but to prevent crime. a great way to differentiate it is repeat offenders. there's basically no excuse for this. 2nd chances? maybe. 3rd, 4th, etc... no way.


None of these things are new. Junkies aren’t new, organized criminal groups aren’t new, car thefts aren’t new.

There has been a pandemic uptick, but the broader trend is way, way less common than in your parents lifetime.

The thing about policies that are redistributive and the media is that generally the people writing the stories will be closest to those who have been hurt, not helped. I am sure there are plenty of people (criminals, yes) who have been helped by bail reform.


> all around we have junkies in the streets, squatters, shoplifters, car thieves, burglars operating with impunity.

This is the insane take. Maybe that's your personal bubble talking, but there are millions of people who go about their daily lives without seeing a single junkie in the street. America has always had "bad" neighborhoods filled with junkies/squatters/shoplifters/car thieves/burglars but they have not and do not operate with impunity. You can easily find examples of all of those things resulting in someone being arrested/convicted/shot by police.

Record numbers of Americans can't afford rent. Household debit is at all time highs as well. There are also historic numbers of Deaths of Despair. Is it any wonder that drug use, homelessness, squatting, and crimes like shoplifting/theft are rising? It doesn't excuse the behavior, but it does explain much of it. Give Americans zero help for mental illness, don't act surprised when you get a bunch of crazy people around you. Punish addicts instead of helping them? Enjoy your junkies I guess! Allow massive numbers of people to live in desperation and you can't act shocked when they act out of desperation.

"Tough-on-crime" laws will not fix those issues because they do nothing but making the underlying causes even worse. "Tough-on-crime" laws are exactly what have been failing us, and why people have started looking for alternatives.

> you are replying to a post about 12-13 year-olds stealing cars and carrying guns, ffs. this should involve at least several years in jail. maybe a 2nd chance at 18.

A 12 year does not benefit from a prison sentence. Do you honestly think that's going to keep them from committing crimes later on in life? We should expect children to do stupid things. Their undeveloped brains are wired for risk taking, and failing to see/consider the consequences of their actions. (https://www.aacap.org/AACAP/Families_and_Youth/Facts_for_Fam...). That doesn't mean they are incapable of making good choices, but it does make it much more likely (and natural) for them to fail to make good choices from time to time. Not all acts of teenage impulsivity will lead to stealing cars, but those 12-13 year olds mentioned would be far from the first kids to do it. Perhaps you could argue that it's the parents who should be punished for not raising their child properly or for failing to keep them away from guns, but I'm skeptical that it would prevent other families from having the same problems. Children need to be allowed to grow and learn from their mistakes. There need to be consequences for when they screw up, but is sending a child off to get tortured and raped for years the best solution you can come up with?

> mass-incarceration is not a "problem" to be solved

Hard disagree. There is plenty of research into the problems it causes and enables to continue. It's hugely wasteful and expensive. Not only do tough on crime laws and mass incarceration fail to prevent crime (see https://www.psychologytoday.com/us/blog/crime-and-punishment...), it actually makes things worse! It rips families apart. It hurts communities. It hurts the economy, It hurts the people who are abused in prisons. It prevents people from being contributing members of society. No good comes from mass incarceration.

It's also not about how much crime there is. Look at this: https://static.prisonpolicy.org/images/NATO_US_2021.webp

Do you honestly think America has so much more crime than the rest of the planet? It's not as if our incarceration problem only got that bad recently either. It's been insane for a very very very long time.

"how much crime is happening" isn't really the issue anyway. It's "what crimes are committed, should they be crimes in the first place, and do we need people behind bars because of them".

A massive percentage of the people who are locked up have never even been convicted of a crime (https://static.prisonpolicy.org/images/pie2023.webp) and many who have been are there for non-violent and drug related offenses, often with no victim at all!

> others will simply take massive advantage of it. the later need to be locked up, not for rehabilitation, but to prevent crime.

Everyone should be free to take advantage of compassion, but compassion doesn't mean that people can just get away with whatever they want either. I agree, that prison is no way to rehabilitate someone. That said, a night or two in jail can be a nice "time out"/wake up call. There will always be some people who need to be kept locked up to protect the rest of society. It should be a last resort though and those people shouldn't be subjected to torture or substandard conditions. They should be allowed to live a safe, healthy, good life - just one kept apart from the rest of the us and without their freedom.

> a great way to differentiate it is repeat offenders. there's basically no excuse for this.

You can't imagine why someone who gets out of jail, is suddenly saddled with massive debt, fees, and fines from the experience, but whose record means they cannot get a job or an apartment might turn to crime again? Why someone who has spent years being beaten, raped, tortured behind bars might come out of prison with problems that lead them to drugs and the problems that causes? Why people who are locked up for mental illness and released without treatment or the means to get treatment might reoffend?

Again, it doesn't justify the crimes, but it does help to explain them. If we don't give people who get out of prison a chance to get their life back together what else do we expect? Our current system makes it extremely unlikely for someone to have a normal decent life once they are out of prison. Especially if that person had very little money/support, or had mental illness or an addiction, or very little education (maybe they were only 12-13) when they went in. The vast majority of the people who enter the justice system have a mental illness/impairment, an addiction, or both. That has to be dealt with or it's just going to cause more issues. Many leave prison with mental problems due to the trauma of their experiences. That has to be dealt with.

This isn't an unsolvable problem. Other countries do so much better than we do, so we can draw from their examples. Suggesting that we should ignore all those examples and be even more draconian and oppressive is a very weird take.


this is quite the post.

- if you can drive to work, school, shopping, etc. and not see some junkie panhandling, or a squatter in an RV dumping sewage on the street or needles or trash or human shit, then great for you. you live in a entitled bubble. if you can park your car on a public street without a good chance that it's windows be broken or it's cat be thieved, then good for you. the reality speaks otherwise to most of the rest of us.

> Record numbers of Americans can't afford rent.

true

> Is it any wonder that drug use, homelessness, squatting, and crimes like shoplifting/theft are rising?

nope

> Punish addicts instead of helping them?

you can't help them unless you can force treatment. you can't force them into treatment if they are "free". i'm not saying that this is how it is now except in a few places, but the obvious solution is to enforce, strongly the laws and then allow them to choose treatment as a diversion, with the proviso that failing means back to square one. in my book doing anything more lenient is not "helping", it's actually a death sentence.

> A 12 year does not benefit from a prison sentence. Do you honestly think that's going to keep them from committing crimes later on in life?

no and no. a stint in juvee is what the damn kid needs. sadly if you're stealing cars and carrying guns at 12-13, you're a piece of shit and probably beyond help.

> Hard disagree. There is plenty of research...

bullshit. you didn't respond to what i actually wrote: "it's a symptom, a result". this whole thread is about a string of car thefts so obvious that it makes global news. you can't plausibly argue that there's not enough incarceration or that crime is at a multi-generational low.

at the end of the day here the deal: if i (wisely) forfeit the responsibility of my own protection to the state, i really expect that it simply holds it's end of the bargain. which means: if i catch someone stealing from me that the state somehow does something to make sure that doesn't happen again. i really don't care if it's cheaper or not to re-rehabilitate vs. incarcerate. i certainly don't give 2 shits about his broken family, etc. if the best thing for society as a whole is for diversion and therapy, etc., i don't oppose it. but he better the f*ck not do it again to me or someone else. if that fails, then screw it, it's not better than anarchy.


I don't think there's anything more guaranteed to turn a 12 or 13 year old into a lifelong criminal than what I think you're implying by "real correction in behaviour"; aka a multi-year prison sentence.


If someone is stealing cars at 12 or 13 years old, they're already well on their way down the path towards irredeemability. Society has to do something or they will turn into a lifelong criminal. A multi-year prison sentence is probably not going to help them, but counseling, a better home and school environment, food in the belly, and so on might. You have to do something besides "catch and release" which has been the default in the USA for some time.


USA crime is still very low compared to pretty much the entire 20th century, it seems early to proclaim certain approaches as a failure.

FWIW, catalytic converter theft was recently a big problem in the US and the classic approach of getting the FBI involved, identifying the high-level fencers and arresting, was incredibly effective and cat thefts have plummeted.

I suspect disrupting the organized crime in Canada would work similarly well at reducing car theft.


Agreed, it really is a paperwork issue. Just have transport and shipping companies require proof of ownership prior to accepting the car, and these thefts will evaporate overnight. Without a channel to market, it eliminates the incentive for thieves to steal your car in the first place.

It's not a tech problem, rather a legislative one. Too bad it won't fly because the current govt. has made it a habit of treating every issue as a wedge issue.


I think part of the problem is also that as criminal trade becomes lucrative & there are more crackdowns in other potential venues, more and more capital is being spent to basically build up these ports in Canada as criminal strongholds.

There is likely significant political shielding for the operation of these criminal groups in many Canadian ports.


It's only the case if people don't deny that the crimes exist, and Canada might suffer a bit from that lack of recognition.

In France as well, if you mention that there is criminality, people will frown upon you.

"No it's 100% safe country, it is a feeling of being unsafe".


It really depends where you live in France. You have a big fence left in the west, a 'casse' near bordeaux, but you won't really find anything from violent crime (copper, stolen cars, phones and bikes at most, and most of the activity is genuine).

It's also a good way to know if organized crime is present in your area. If water distribution and/or trash collection is privatized to a 'local' company, you probably have some :)

The rest of the west, even Nantes and Rennes are really chill.

The issue in France is the resurgence of organized crime since 2004-2006. The tough on small crime policy jailed small magrebi caïds (basically local slumlords and drug dealers). Some local caïds gangs were strong enough to endure the storm and to emerge as stronger gangs, but organized crime from southern France (Grenoble, Marseille), and new gangs used that time to carve parts of Lyon and Paris. New crime families emerged around 2012, and around 2015 (I was living in Paris at that time) it could have turned really bad. Rumors of missile launchers, ak47 and other nice stuff in every shop. Things calmed down for no reason (I think the travellers families and magrebi gangs decided to share territory after the terror attacks and Sentinel), nothing really exploded, I left Paris.

To me, the only true violence left in 2023-2024 is around Marseille, near Monaco (Russian mafia left a big hole recently), in camargue (because of the new travellers families). Maybe it'll start again in Paris and Lyon, hopefully not.


I am someone you would label a ‘crime denier’ because I feel the problem is definitely smaller than in the past and it is generally overstated in the media. That is precisely why I think we should focus on organized crime and the driving clearing houses rather than individual street-level criminals.


I used to be like that, then I started seeing things happening myself. The first time you see Kia Boyz smashing windows and grabbing purses in a grocery store parking lot at noon on a Sunday is an eye opener (Do they want to get caught? this is pretty blatant, maybe they know we don't have many police these days). I always thought our crime problem was limited to porch piracy and street parked cars getting their windows bashed in at night (you know, typical drug addict crime), but nope, we have another problem.


I hear what you're saying, I live in SF. My opinions are evolving on the subject. There is a lot of not profit-driven vandalism and violence that I witness here and disrupting fencers will obviously do nothing for that.

But for car theft & other profit-driven commodity thefts, I do think targeting the markets can often be very effective.


I don't know. Many of these kids...they are from war torn communities (legal immigrants, refugees). They might be working through huge trauma, and they don't seem very organized at all (steal a car to...steal another car and/or knock over a gas station...then abandon the car on the street somewhere). There really isn't a market to target, the cars are almost always found after a few days, just trashed and damaged. They are just used for other crimes mostly.

The drug addicts are much more organized in comparison (steal legos at Target, fence at some place for fentanyl).


In the US* but in Canada (subject of this article) many are shipped off - ie. 10% are never recovered in US, 40%+ never recovered in Canada.


Yep. I don't know anything about car theft outside of where I live (Seattle), so its not even generalizable to the rest of the states, and I'm commenting specifically on Kia Boyz car thefts...I'm sure Seattle has actual car thieves who are stealing cars to sell them off and not just cause general very visible chaos. Although statistics show most stolen cars are recovered here in Seattle:

https://www.seattle.gov/police/crime-prevention/vehicle-thef....

86%.

> The vast majority of auto thefts are committed by criminals looking for temporary transportation. Thus, most vehicles are recovered within a few weeks to a month and with relatively little damage. Very few vehicles are stolen for parts.

Nearby Vancouver, at least, tracks Seattle:

https://www.ufv.ca/media/assets/ccjr/reports-and-publication...

> It should be noted, however, that British Columbia also had the highest rate of recoveries of stolen cars (91 per cent) compared to the national average (73 per cent) (Fleming, Brantingham, & Brantingham, 1994).

That data might be outdated though.


The premise that catalytic converter thefts have plummeted in the last few years is incorrect. In fact, recent data indicates that vehicle-related thefts, including catalytic converter thefts, have surged. According to a report by the National Insurance Crime Bureau (NICB), the nation experienced more than 64,000 catalytic converter thefts in 2022, with California and Texas leading the country in these incidents[3]. This represents a significant increase from 16,660 claims in 2020 to 64,701 in 2022, indicating a rising trend in catalytic converter thefts[3].

Furthermore, overall vehicle thefts have also increased. The FBI's annual crime report showed that there were 721,852 car thefts across the country in 2022, up from 601,453 incidents in 2021 and 420,952 reported in 2020[2]. This surge in car thefts has been attributed to various factors, including economic downturns, supply chain issues, and the high demand for cars and parts[4]. Additionally, a viral TikTok challenge encouraging the theft of Kia and Hyundai vehicles for joyrides, known as performance crime, has contributed to the uptick in car thefts[2].

Therefore, the data clearly indicates that catalytic converter thefts, as well as overall vehicle thefts, have not plummeted but have significantly increased in the last few years.

Citations: [1] https://www.iii.org/fact-statistic/facts-statistics-auto-the... [2] https://nypost.com/2023/10/18/car-theft-soared-20-last-year-... [3] https://www.nicb.org/news/news-releases/catalytic-converter-... [4] https://www.deepsentinel.com/blogs/car-theft-statistics/ [5] https://www.forbes.com/sites/jimgorzelany/2023/11/06/report-... [6] https://www.statista.com/statistics/191216/reported-motor-ve... [7] https://www.cbsnews.com/news/car-thefts-are-on-the-rise-why-... [8] https://stateline.org/2024/02/09/car-thefts-and-carjackings-...


My comment was confusing so let me address what you are saying:

1. This is a very recent thing I am discussing, the fencers were only arrested in the beginning of 2023 and the thefts have fallen in 2023, specifically second half. This should be available in more fine-grained crime stats or simply by looking at like google trends of catalytic converter replacement searches.

2. Crime is much lower than in the 20th century, but I agree there has been a post-pandemic upshift.

e: found some news articles https://www.sfgate.com/bayarea/article/california-catalytic-...

this trend is after they busted a billion dollar auto parts company for being heavily involved in fencing these parts, seized 500 million dollars, and other anti-fencing provisions were made


> this trend is after they busted a billion dollar auto parts company for being heavily involved in fencing these parts

Do you mean DG Auto Parts (https://en.wikipedia.org/wiki/2020–2022_catalytic_converter_...) or is there another auto parts chain I should avoid.


Ah yes, that's the one. Misremembered the apprehension date slightly. There have been subsequent arrests in the Bay Area of people who were part of the supply chain for this group.


No, you're looking at old data. Cat thefts in 2023 halved compared to 2022.

https://www.nbcnews.com/data-graphics/catalytic-converter-th...


Do you know about the endemic of illiteracy in the US right now? More likely than not that child can't even read above a 2nd grade level.

We could have real rehabilitation centers focused on educating the kids, treating them like human beings with respect, and show them how to live life well.

Or we could put them in kid-jail and be put at a higher risk for all sorts of violence and abuse just to punish them.

As long as people hold the opinion that a 12 year old is "well on their way down the path towards irredeemability", we won't ever move past revenge based for-profit prisons and the crime problem will continue to get worse as these illiterate and stunted children are released back out into society.


Even better, we could focus on educating them properly the first time!


What teachers are saying is that socio-economics prevent any type of education from happening in many cases, i.e. there are many, many children who are going to struggle mightily unless the totality of their life systemically improves. Could teachers improve? Probably. Are teachers the underlying problem? I used to think so, but in dealing with our own school board/system it's very clear this is not the case.


That's easy. We just need to halve class sizes, fire half of the administration, double the pay for teachers in the worst districts, and raise the floor of the child social safety net to the point that even having complete fuckups for parents won't ruin your life.


For profit prisons are the minority of all prisons.


> counseling, a better home and school environment, food in the belly, and so on might.

This seems right for preventing criminals from forming out of otherwise-blank-slate children, but what do you do with these kids? There's no magic wand that turns their home & school life right.

On the other hand, there are plenty of kids who had a perfectly fine and financed upbringing who turned into criminals and terrors, they just tend toward white-collar crime.

This brings us full circle to the original comment that religion used to serve a useful purpose for society that's been largely lost -- a set of ethics & morals, and if those don't take real well there's always the all-seeing entity watching you at all times. In modern times the all-seeing eye of God has been replaced by surveillance cameras, but what is the base of morals replaced by?


The first thing is that there are no universal sets of morals. Ethics is a totally different beast but it’s something I’m not sure a young kid can wrap their heads around. But following “the rules” is something you can teach a kid and works until they are old enough to know when to break the rules.

One thing we stressed to our son is: if you break the rules/laws, you will eventually get caught. So make sure whatever you are doing is worth the consequences.

There’s no need for some magical god to punish people, just the fact that, eventually, someone will figure out what you did (or more likely, they’ll tell on themselves). It’s worked so far…


> The first thing is that there are no universal sets of morals.

That's a belief presented as fact. I'm not super excited about getting into a philosophical debate, but just something to consider:

"The rules: help your family, help your group, return favours, be brave, defer to superiors, divide resources fairly, and respect others’ property, were found in a survey of 60 cultures from all around the world." -- https://www.ox.ac.uk/news/2019-02-11-seven-moral-rules-found...


It’s a fact because I think we can agree there is at least one person on this planet who has counter-morals to any morals you present, for example. As long as one person on this planet has a difference of opinion on what morals they abide by, there can be no universal morals. That IS a fact, not an opinion.


Your unstated assumption is that universal agreement is required for universal morals to exist


I’d love to hear an argument showing that a universal moral doesn’t need to be applied universally and still be considered universal.


>a set of ethics & morals, and if those don't take real well there's always the all-seeing entity watching you at all times.

Do you think we didn't have crime when the church was in charge?


Is that really what you think I said? How about making a point with less snark to it that I could respond to?


if someone is 12 or 13, they're far more receptive to change than a CEO whose spent their life stealing wages.

one gets constantly brought up while the other is celebrated.


> if someone is 12 or 13, they're far more receptive to change than a CEO whose spent their life stealing wages.

Yes! Which makes our lack of action even more tragic.


when we consider wage theft as a significant driver of poverty, punishment for the 13 year old is more useless than anything.


So you would condemn the 13 year old to a (likely short) life of hardship because wage theft is a more important problem?


mmm


> I don't think there's anything more guaranteed to turn a 12 or 13 year old into a lifelong criminal than what I think you're implying by "real correction in behaviour"; aka a multi-year prison sentence.

Society had better correct that problem quickly or those two 12/13 year old kids are going to have ruined their lives by the time they turn 18. Something drastic has to be done, a slap on the wrist and sending them back to their parents isn't sufficient. Right now we fail on both sides of the pendulum, maybe its time to rethink things.

I do think Europe does deal better with this. Even in France, they have a fairly aggressive/intolerant police force, but a real correction focus once arrests/convictions have occurred.


The problem cannot be corrected by locking them in a room until they're 25, then releasing them.


The problem also cannot be corrected by letting them run wild until they are 18, and then locking them in a room until they are 50, and then releasing them.


Criminality is congenital. Social interventions will not fix the kid. Neither for that matter will prison, but at least it will protect the rest of us from his increasingly violent depredations.


> Criminality is congenital.

This is a categorically disproven view. Thankfully, it's no longer widely held, but unfortunately not before it was used to justify millions of cruel acts from eugenics to genocide.


> Our real problem is just the pendulum swinging too far towards assuming people want to be good and they just need some compassion.

There's an entire field of study covering how ineffective punitive justice is. Unless the perpetrator at hand is literally an irredeemable monster, locking them away in a box until they're later released with even more stigmas, even further behind the curve, and without the ability to earn a living does nothing except push them right back to the anti-social behavior that put them on the radar of the justice system in the first place.

All evidence on the subject points to the same thing: the best predictor of who will be a criminal and who won't is their zip code, because of things like under-served communities and generational poverty. When you give people no options to make a living in a pro-social way, they will do it in an anti-social one.

Does that mean every person in the justice system just needs a firm pat on the back and to be released? Fuck no. But if you long term want to actually reduce crime, the evidence is in: you do that by improving home lives and giving communities the resources they need to grow, not by locking people up.


To be honest, there's also entire fields of study of how God makes everything in the world happen, so I doubt I'm much convinced by how many fields of studies there are. People have been able to bullshit each other over obvious things for eons. The existence of such fields means nothing.


God doesn't have many peer reviewed studies. This is a non-sequitur. You don't get to hand wave away reality that you don't like


Cellular functions of spermatogonial stem cells in relation to JAK/STAT signaling pathway was peer-reviewed so that isn't convincing either.


Just to help not spread misinformation, the 12 year old was released as he was a passenger and police believe he was forced by the driver (his brother) into the car.

The 13 year old driver was not released and will remain in jail until his trial.


people as organizations are a larger problem that people as cultural products.


Sounds like they had some rich parents to bail them out. I highly doubt they had court in less than a week.


Every car on the market now has a flaw where I can put a air wedge on your door and a coat hanger on the lock button.


Given those two tools, can you steal the car, or does that require a lot more effort for some models?


This seems really bizarre to me and kind of dismisses the entire premise of this subthread.

So we have a particular activity - theft - which we as a society have deemed to be inappropriate and codified the punishment of such behavior into law. The law doesn't prevent such behavior, it merely lays out the punishment if one is caught and convicted which can be seen as a deterrent. However, vehicle theft still happens which leads us to this entire topic.

The suggestion is to impose requirements via law onto companies who make vehicles to prevent this theft; although interestingly enough no legal requirements for the manufacturer of the tool used in the commission of these crimes. The companies complying with such regulations will pass on the cost to the consumer just like the mandated safety features such as back-up cameras and so forth. So in essence we would be punishing all consumers by increasing the cost of a vehicle to prevent an unrelated third party from committing an already illegal act. Of course what is secure changes over time, so what is secure today may not be tomorrow for a variety of reasons. I'm not sure how that fits into the equation.

Keep in mind this is just one aspect of a vehicle out of many. We already have loads of regulations around vehicles from safety features to emission standards. When you say that a buyer presumably expects a lock to be resistant to this sort of attack you are adding to a very long list of things the buyer may or may not actually care enough about to spend their money on it. When do we admit that many, many different groups have convinced legislators to regulate what vehicles the public is allowed to have rather than pretending we are speaking for the consumer?

Please note that I am not saying all laws and regulations are bad, far from it. I do believe that there are no solutions in law, merely trade-offs which I alluded to above. My point here is to question if another law will actually fix the issue and if the knock-on effects are worth it. As a society we tend to pass laws that stay on the books long after we learn how damaging and counter-productive they actually are; e.g. the war on drugs. We also have an uncountable number of laws and regulations on the books; we literally don't know how many there are. So saying the only solution is more laws seems a bit like saying everything is a nail because all I have is a hammer.

You also brought up ethics in relation to manufacturers. I have to ask though, why do they have an ethical responsibility to prevent a bad actor from using a tool to steal their product from their own consumers? I'm having a really, really hard time agreeing with such an ethical responsibility. How much ethical responsibility can we really put onto manufacturers to prevent crime?


I get where you're going with this. At the same time, I am reminded of the Kia Boyz incidents - where the immobilizer was pretty much expected on every new car, and Kia had decided to maximize profits on their low end models by just omitting that feature.

It would be like if you built a new house and decided not to install smoke alarms. (Except, of course, this is regulated.)

And yea, regulations right? Why should we regulate stuff like that anyway? :P


false advertising and fraud are already banned. car theft is banned. cars below a certain price are effectively banned by regulations. poorly lit parking lots are almost certainly partially banned. soon, leaving one's car in a dark parking lot will be banned.


I disagree. If just expecting good outcomes worked, why would we have any laws at all?

Before we had laws on child labor, we had children working and falling into heavy machinery. Before we had laws on food quality, you had to guess which milk provider was going to give you the least amount of formaldehyde poison. Before we had laws enforcing civil rights, over half the adult population in the US was disenfranchised. Was Western society exhausted at enforcing religious/ethical norms back then or is it just a recent thing?

Using the "social contract" theory for why governments and countries exist, you could say that we don't need laws until we do. Once an undocumented part of the social contract (e.g. ethical or religious norm) is no longer sufficient to maintain the integrity of the contract, it must be written down and enforced via government as a last measure. I do expect my car manufacturer to sell me a car which is relatively secure. If they are failing to meet that expectation from society, then it falls to that last measure to enforce compliance with that norm. Laws are also often used to add clarify where there is ambiguity. Different cultures and religions have different norms. If those norms conflict (does the gender of my partner matter in a marriage?), it falls to law to clarify.

It's a fair debate about how much guardrails should we put in. There's likely value in allow kids to hurt themselves as long as they aren't at risk of being permanently maimed or dying. It's a fair debate to discuss the root causes of criminal behavior, be it the issues with modern religion or systemic issues which prevent people from successfully participating in mainstream society and the economic opportunity therein. However, there is no value in allowing easily stolen vehicles (a good which has been regulated for almost a century) to be sold, where they can then be used to enable other crimes.


Governments are formed by single cultures with a shared value set, and a set of ethics that they believe in. Your statement that laws aren't needed until they are is accurate.

As those shared values are lost, the ethics built upon them erode, more laws are constructed. However, there comes a point where this system of check and balance can no longer function properly, and eventually, the system either becomes too unwieldy to function, or else the system is destroyed due to rebellion or anarchy.

Why? Because law is an attempt to encode ethics based on shared values. No culture which does not share values can long endure when attempting to solve the problem through increasingly complex rules with no underlying theme.


That may be a slight oversimplification? I think there's whole fields dedicated to these questions, like https://en.wikipedia.org/wiki/Philosophy_of_law?wprov=sfla1 or the overarching https://en.wikipedia.org/wiki/Ethics?wprov=sfla1, with overlaps into sociology and anthropology.

Not all societies are so law-heavy, especially the ones that are more shame-driven: https://en.wikipedia.org/wiki/Guilt%E2%80%93shame%E2%80%93fe.... As a random example, Japan during the pandemic had a really high mask wearing rate despite it not being a legal requirement; there was just a strong social expectation for it.

That's not to say that their approach was better or worse than the West's, just that different societies will naturally evolve different means to regulate group behavior.

Families, villages, cities, states, nations, cults, religions, companies, departments, teams... every community has their own framework for defining and moderating acceptable behavior, and sometimes they can be more important than the national laws, or may be just one variable in a complex algorithm of behavior.

It just depends.


Yes I think the shame and guilt discussion is probably relevant here. Although Japan has a shame culture, and the West supposedly has a guilt-based one, I'm not convinced that guilt is all that widespread anymore.


I think that specific subquestion is an interesting one for sure (whether guilt has been replaced by strong authority, like it's not wrong unless you're caught and punished).

I'd love to see how it trends with factors like responsiveness in the political system (Canada vs the USA vs Russia or whatever), wealth inequality and social mobility (both between and within classes), softer things like expectations of "honor", etc.


The idea that guilt has been replaced by a strong authority sounds like a more precise framing of what I'm talking about, definitely.


Religious norms and laws were the same for much of history. You could get stoned for adultery for a good while... The decoupling of the two is a pretty recent phenomenon.

For a while after, religious and secular norms still provided a fairly rigid template for how you're supposed to behave, but we dismantled a lot of that too. For good reasons, just with a lot of unforeseen consequences.

I don't think the phenomenon you're describing is a matter of replacing the old system with something completely different. The laws we're passing are a consequence of belief systems too. One of the beliefs is that businesses are inherently greedy / immoral / destructive. Another is that individuals are. For people who see the world that way, these beliefs are unfalsifiable, just like the belief in an adultery-hating god.


> For good reasons

I wouldn't be so sure...

> just with a lot of unforeseen consequences.

Exactly, a classical case of Chesterton's fence.

> The laws we're passing are a consequence of belief systems too.

Some of them are (and you're making a very good point here!), but some of them may be just pragmatic.

> For people who see the world that way, these beliefs are unfalsifiable

Again, very true.

> just like the belief in an adultery-hating god.

As a Catholic, I think I can tell you that it might be more nuanced. I believe that ethical norms are not some arbitrary rules, but are a bit like the part of a manual for some device that says under what conditions the device works properly and under what conditions it may break, only for humans. As in "if you commit adultery, you will end up unhappy; you have been warned". (Cf. 1 Corinthians 12, 6 – https://bible.usccb.org/bible/1corinthians/6#54006012) Although IANTP ("I am not the pope";-)), of course, and neither am I a theologian, so take this with a grain of salt.


> As a Catholic, I think I can tell you that it might be more nuanced. I believe that ethical norms are not some arbitrary rules, but are a bit like the part of a manual for some device that says under what conditions the device works properly and under what conditions it may break, only for humans. As in "if you commit adultery, you will end up unhappy; you have been warned".

Forewords: I was raised in a Catholic family, in a Catholic environment and I was a practicing Catholic up to almost 18yo. Then, I changed my mind through reading and experiencing the world as a young adult, and now I 'm probably biased the other way round (just like smoke quitters). No offenses intended, don't feel attacked.

I really struggle to understand how nowadays we are still somehow blind to the fact that religions were always basically a way to pass ethical behaviors to the population, playing the "almighty divine being" card.

Just like you would tell a child that Santa Claus is bringing their gifts and he and his assistants are watching you all the time, and know if you are good or naughty, and bring presents accordingly. Our society has - or should have - grown up by now, and we should be able to teach a shared ethical background without the need to use the God device. There is no need for a God that will give you his love Heaven or Hell to treat someone that is just like you, the same way you would like to be treated.


Not everyone is as smart as someone that thinks of the golden rule "on their own", therefor religious ethics has its place.

Also, we grew up in a society that already had this in place, essentially you could have grown up on this planet instead: https://memory-alpha.fandom.com/wiki/Battle_Lines_(episode), and you would probably grab a gun, shoot someone because they had something you wanted rather than thinking of the golden rule at all.


You could make a similar argument about capitalism. We _should_ have grown past it by now, but we haven't, and every time we try to invent a replacement system we end up making things worse.

You can see the ethical decay unfolding in real-time as societies turn replaced the old, rigorously tested system of religion with shiny new secular ethics.


> You can see the ethical decay unfolding...

The Nordic countries are all among the least religious countries in the world, yet they seem to have some of the most ethical societies on the planet if you consider human rights, democracy and low violence to be the result of an ethical society.

The most religious countries in the world are all at the very bottom of rankings taking into consideration any of those factors.


I think your example is not a good one. Nordic countries have the concept of Jante law. If you can verbalize such a concept and also recognize that it exists in your society, by definition it makes your society more intolerant than a culture that has no such concept (such as the USA).

In fact, I would argue the open-ness and tolerance of nordic culture is specifically exploitative of the cultural expectation that you do not raise concern or object and are expected to be in agreeance with everyone else that "this here is a tolerant society". It's a valid theory that the fastest culture to adopt any philosophy will be the one that has the population with the greatest number of people who don't disagree.


I think a case could be made (although I'm struggling to do so myself) that the growth of mercantilism, and then capitalism, could be understood as direct challenges to Abrahamic-religion-based ethics, especially as capitalism directly discourages altruism.

I think this is a thesis I need to do some work on to either reject it or let it mature, but I think this is an interesting starting place. It is worth noting that the early Christians frequently practiced collectivism and rejected the concept of individual property rights, although that was ~2000 years ago, the faith has evolved sine then.

All of this to say, I do not believe its that secular ethics per se are the cause of the decay, but rather that the religions of the world have not made a compelling enough case to sway people away from rejecting altruism in the name of personal enrichment. The situation is made considerably worse by the fact that a fair number of the global religions see the spoils of personal enrichment as evidence of righteousness, and altruism as at least adjacent to sin.


[flagged]


> the same people who threw away roughly two thousand of years of the most successful philosophy have doomed themselves to a demographic death spiral

I don't think this is true. Falling birth rate is positively correlated with key markers of quality of life (especially infant survival rate, education, overall lifespan, and productivity) irrespective of dominant religion or religiosity in general.

edit: changed "infant mortality" to "infant survival" so as to not contradict "positively correlated"


Sorry, that doesn't explain the massive fertility gap between atheists and theists or the fact that atheists are nowhere remotely near replacement rate


Just to understand here: you're claiming that since atheists have fewer children, they'll eventually be out-bred by the religious?

Atheism is, in general, a consequence of, not a cause of, all the things that also result in lower birth rates. Birth rates in the US started to fall a lot earlier than religiosity did.


LOL none of that remotely explains the massive fertility gap between atheists and theists.

You can talk about the general population until you're blue in the face. That doesn't change statistical facts.


I'm saying that atheism and lower birth rates are caused by increases in overall quality of life.

I'm not addressing whether or not atheists in fact have fewer children. That seems self-evident. I'm saying that you're misidentifying cause and effect here.

I will say that its a little weird to suggest that atheism will die out simply because atheists will have fewer children. Atheism is not, in general, spread via proselytizing or family or community education (religious apathy, certainly, is spread that way but not motivated self-identification as an atheist), so much as what you might call "anti-religious experiences": experiences that set a person to seriously questioning then rejecting the concept of god(s). For good or ill, modern scientific knowledge has made religious experiences (that is, powerful emotional experiences that so defy explanation that a person feels compelled to accept them as the work of god(s)) much rarer.


So you're saying that atheists have a vastly higher quality of life and that explains the fertilty gap? This is just a bare assertion, and absurd considering all data about well-being and having children.

Atheism won't die out, but atheists largely will. The atheists of the future will have had religious parents. In this way, atheism is a persistent freerider, gluing itself to the coattails of belief.


If you're not going to respond to my posts in good faith, then don't respond.

From the fucking top: PEOPLE are experiencing greater quality of life than ever before. This has led to several things, including lower birth rate and lower religiosity.

Straw man that.


LOL none of that remotely explains the massive fertility gap between atheists and theists.

You can talk about the general population until you're blue in the face. That doesn't change statistical facts.


You're telling on yourself a bit here. Why should I think highly of the religious when they are as petty as you?


There are a lot of cultures around the world that hate adultery, not just Christians. Some of them had a double standard there (men could have sex with other anyone but women could only have sex with their husband), but many historical cultures had concepts of adultery.


This is related to high-trust and low-trust societies.

In a high-trust society, norms prevail and in general you can expect a certain level of treatment from everyone: your government, your employer, your neighbor, and the person next to you on the train.

In a low-trust society there is no guarantee of norms being universal, so you rely on physical security, contracts, lawyers, and law enforcement to enforce standards of behavior.

Low-trust societies are very taxing. Every transaction is an opportunity to be scammed. Every unlocked door is an opportunity to be robbed. It forces everyone to be highly defensive about everything.

The US has always been somewhere in the middle, compared to high-trust countries like Japan, and low trust countries like South Africa -- but it definitely has regressed to lower-trust. And part of that regression means that more norms have to be encoded as actual laws to maintain order.


I'd argue that it went higher trust? If you look back at labor law history, for example... or read a book like the grapes of wrath....

There are interesting localized extremes. Like you can find small family farms that have 'self service shops' on a shed next to the road they're on. They rely totally on the honor system and afaik theft is minimal enough that they don't worry about it. Then you have places where you can park a car and someone will immediately break into it to steal 50 cents out of the cupholder lol.


> Rather than expecting a human being to behave in certain ways intrinsically (i.e., normative ethics) we tend to assume they will behave in the worst way possible, and then pass laws to supposedly prevent that behavior from manifesting.

I would disagree and have the inverse position.

If you look at the laws regarding removing Supreme Court Justices, senators and other representatives trading, removing misbehaving countries from the EU and Nato, etc. I would say that overall they are mostly optimistic in the sense that they aren't prepared for such worst case scenarios.


So, laws for the rich assume good faith. Laws for the poor and middle-class - e.g. "go to jail if you have a flipper zero" - do not.


> Rather than expecting a human being to behave in certain ways intrinsically (i.e., normative ethics) we tend to assume they will behave in the worst way possible, and then pass laws to supposedly prevent that behavior from manifesting.

This is a necessary consequence of civilization. If you have a city of 8 million people, then you have 80,000 people in the bottom percentile of behavior by normative ethics. If some behavior is so outre that only 1 in a million people would do it, then there are 300 people in the US about to do it.


Sure, but it seems like enforce these ethical behaviors and punish the bottom 1% that goes against them is just as much of a solution as redesign society and the environment so that everyone can't act like that 1%.


You seem to suggest that parents and schools are not teaching ethical behavior.

Do you think this is happening at a large scale?

I know some leftists (I'm liberal) who don't seem to care about minor theft or crime because it seems like peanuts next to the civilization-wrecking greed and pollution and wealth transfer underway by the owners of capital.

But I don't think that is a majority thought. I personally think the criminal justice system has decided they either won't do their jobs, or that they are so understaffed that they can't do their job of investigating and punishing crime.

Again, my take is that most people of all political stripes want crime to be punished.


I don't really get the impression that teachers are expected to instill strong moral values, more just teach the subject and then leave.

With parents, my feeling is not so much that society expects them to instill strong ethical values in their children, but rather something more pragmatic, Machiavellian, "making it in life," and so forth.


Great - and how is that different from the law again?


Because the law is only punishing people that break the rules, not teaching them what ethical behavior is in the first place. It’s fundamentally a reactive process.

In other words, you want people that don’t steal cars because they feel bad about it. You don’t want them to not steal cars because they’re afraid of the law.


Why do you believe this isn't happening? Things like the golden rule and other normative ethical ideas are literally being taught in schools today, from kindergarten all the way up through required college classes.

The vast majority of people don't do bad things explicitly because they think it would be "bad". The vast majority of human behavior IS normative ethics right now! Next time you go to the grocery store, pay attention to what percentage of carts make it back to the cart corral vs are just left in parking lot, despite zero legal framework or forcing behavior to make it happen.

The human brain however has no difficulty squaring such "good and bad" concepts with doing bad things though. Everyone believes they are the hero of their own story, and the brain is willing to lie to itself to reinforce that belief.


Sorry - you edited your comment substantially, the process you initially described was identical to the law.


>because they feel bad about it.

You do realize that some portion of the population can't feel bad about it right?

Needless to say, I pray to whatever deities that you do not work in computer security. You would be laughed out of existence by saying "Just tell the world to be nice" rather than say, not write SQL injections.

How about "Tell all the viruses to be nice and not infect cells".


People don't want their cars stolen. Punishing the thieves doesn't undo their actions.


The largest metro area on the planet, Tokyo, 34 million people, is also the one of the safest with the extremely low crime. Seoul, and Singapore are both around 10 million and are also safe with low crime.


Japanese criminal procedure is … interesting from what I can tell. There is a very high conviction rate, suspiciously so.

Singapore is questionably democratic, utilises corporal punishment and is described by some as a police state. I think it’s fair to say that while a strong sense of community ethics may be present in Singapore, it’s certainly not the only thing holding people in line.

Seoul I know little about.


I've heard the claim the stats are not comparable.

USA, each suspect is registered, then suspect gets acquitted. Stats show 100 suspects, 50 acquitted = 50% convicted. Japan there is no suspect registered unless they're already sure it will stick. In other words they've already done the investigation. So 50 suspects = 100% convicted because the 50 that there wasn't enough evidence for were never even registered as suspects.

> Only about 8% of cases are actually prosecuted, and this low prosecution rate is the reason for Japan's high conviction rate.

https://en.wikipedia.org/wiki/Criminal_justice_system_of_Jap...

If true this makes sense some cultural sense. Japan is super privacy conscious. It's Japan that got google maps to remove people's faces from street view. It's also illegal to take pictures of people in public. Being labeled a suspect would mark someone unjustly if it turns out are not likely guilty. No actual idea of that plays into the difference. Just thinking out loud.


It's also illegal to possess a gun in Tokyo, not just illegal to shoot somebody.


1. Go look up how relevant guns are to overall crime rates in the US.

2. Go look up what happened to the last prime minister of Japan.


The context is talking about whether we should regulate the environment or just normative ethics; Tokyo has a lot of laws regulating the environment.


I don't know if you're pretending to be unaware or genuinely ignorant, but no. Japanese society places extreme emphasis on teaching children to behave respectfully in society and these values are taught from early childhood to adulthood. If you want to attribute their low crime rate to gun control you'll have to bring something halfway convincing to the table.


I've learned not to trust those sorts of statistics. It's like the "<ethical group A> commits way less crime than <ethical group b>" argument you see on reddit sometimes by the ACKSHUALLY crowd. The problem with those statistics is they only count the people who were CAUGHT (and convicted and punished) breaking said laws.

People break laws and get away with it all the time - probably the majority of the time. My friend, when was the last time you saw a $100,000 Mercedes on the side of the road with 3 cop cars behind it, the driver sitting on the curb, and a K-9 sniffing the inside of the car? Yet I can count plenty of times I've seen such a car run red lights, roll stop signs, and flagrantly disobey posted speed limits. (Especially when a BMW badge is involved lol)


I think it's partially a size/scale problem. If 1000 people have access to flipper zeroes, the probability of an unethical actor might be low, and normative ethics may be enough. But if 1 million people have access to flipper zeroes, the probability of at least 1 bad actor is high, and laws/enforcement/deterrents must be enacted, even if the baseline ethical rate is still high.


And the crux of the argument is whether you believe the law will prevent the bad actor from acquiring one or not. Or if the law will only prevent the other 999 law abiding ones. Personally, my take/view on it is that (deeply) unethical people are going to break the laws regardless of what society says or encodes. This probably is a commentary on the failures of policing to enact what we've encoded in law. Part of it being a problem that many laws are overstated (eg It's illegal to own a flipper zero vs It's illegal to use a flipper zero on someone else's car without permission) ...


The problem isn't the million people with flippers, the problem is the million+ people profiting in an industry that produces defective products like cars that are trivial to steal.

People sign contracts to buy very expensive automobiles because they reasonably believe that they are safe and secure to own and operate.

If car manufacturers are selling a product that they know to be unsafe and they're not telling prospective buyers that and that's fraud.


> Instead of discussing how car theft is fundamentally an unethical behavior

What's to discuss? Is there any ambiguity about whether stealing cars is unethical? What are you bringing to that conversation that moves us forward?


I am pointing out that the response to this problem isn’t, “Hey, there is a cultural problem with society finding this acceptable” and is instead “how can we re-engineer things to prevent this?”


I don't think society finds stealing cars acceptable. That's why stealing illegal, that's why they're trying to outlaw a device that makes stealing cars easier, and why this article is trying to make it illegal to have easy-to-steal cars.

Outliers stealing cars is not a demonstration that some part of society finds that ethetical.


Society largely finds marijuana use acceptable, and yet it remains a federal crime. When someone cuts me in line at the store, I don't see that as ethical or acceptable, but we don't have laws against it. So your argument that unacceptable == illegal isn't set in stone.

We may have laws for things that we don't bother to enforce as a society. It's easy to see the possibility that society just views car theft as a normal occurrence ("insurance will cover it"), or perhaps too burdensome to enforce, and therefore society just accepts some amount of it without blinking an eye.


> It's easy to see the possibility that society just views car theft as a normal occurrence ("insurance will cover it"), or perhaps too burdensome to enforce

Does society believe it's acceptable behavior though? I haven't seen any evidence to support the theory that we do. After all, if we did, we'd be out there stealing cars.


I heavily doubt you can “fix the culture” in a short period of time, especially when it’s causing problems right here and right now. And frankly speaking, I don’t think society finds it acceptable, it’s just not that easy to prevent it unless you start putting draconian measures and hardcore surveillance with enforcement. and even that isn’t really that easy especially in huge countries like US and Canada.


Are you asking yourself the correct questions?

For example, what unethical behaviors do you take part in that are not illegal? And if you do, why have not stopped doing them even without a law?


I don't think that society finds this acceptable so much as predictable. There's a big difference, especially when you're eeking out the last fractional bits towards a higher quality of life.

Even if 99 out of 100 people will behave ethically around a car with the keys literally sitting on the windshield (and I suspect the ratio is actually much higher), if 1 out of 100 causes you to have a loss of tens of thousands of dollars, you're going to want better protections than "that was unacceptable".

Our political system is currently demonstrating this - in theory, public servants should be altruistically motivated, making informed and wise decisions about how to govern for the good of the people, and elections should select for these individuals. Unfortunately, this system is highly vulnerable to narcissistic, wealthy, greedy, power-hungry famous sociopaths willing to lie and compromise their ethics. We should not be surprised or disappointed when out of a nation of 300 million people, a few of those people emerge to take those positions.

The sensible response is not to throw up our hands and moralize about corruption in politics, it's to design the system so that this perfectly predictable outcome doesn't keep happening.

Also, while the courts are not entirely fair and free of bias, trying to enforce cultural norms about not stealing by public shaming is not likely to be any more fair. I'd rather take my chances with a lawyer, prosecutor, and jury than to have the rumor mill spread falsehoods about an immoral act I may or may not have committed.


there is a lot of ambiguity about it in places like san francisco. better to lock up the deoderant than lock up a human being, the logic goes


> My theory is that this is a consequence of relativism and the general cultural exhaustion Western society seems to have with enforcing any sort of religious or ethical norms.

Because prior to this period of decay in the west, we don’t have a rich history of theft and violence going back as long as there has even been civilisation?

These “ethical expectations” have always been weak, and always been ignored to a greater or lesser extent. There’s never been a golden age that was crime-less due to societal ethics and you won’t find such a thing outside of the west either.


It also seems like a straightforward resource coordination problem.

If a city has 10 car thieves and all cars are relatively hard to steal, the city can manage the police resources to investigate the crimes. If a city has 10 car thieves and half of all cars are very simple to steal, the city needs to devote a lot more police resources to investigate the crimes.

Of course the worst fear is the number of car thieves has gone up. This is probably true in some specific cities. But even if it hasn't, other people owning an easy to steal car hurts everyone since it drains resources.


I think you have a great point, but I still subtly disagree. One thing free market dynamics have not established is proper responsibilities for failing to build stuff to specification.

Tools are simply tools, and tools like Flipper Zero are fundamentally usable in legal scenarios.

Other tools like cars come with locks that advertise providing some level of security: if cars fail to meet that, it is manufacturers' responsibility for the theft (nobody would claim that if a truck came by and simply towed the car away).

Now, neither the buyers have effective means to choose secure products themselves (it requires deep knowledge or possibly open protocola and source code for cars), nor do the manufacturers worry enough about it. When markwt does not make things happen, you make it happen with legislation.


You need both. You need the majority of people to do the right thing, and the law to deal with the minority.

The problem is that you do need to take precautions against the minority for some things - especially high reward (e.g. car theft) or high harm (assaults) in public spaces.

I think there is a another problem here. How can car companies sell insecure vehicles? Why do people buy cars from companies with a track record or bad security, why do they buy cars with high risk systems (e.g. keyless entry), and why are those selling insecure cars not being made to compensate their customers? The problem should be fixed by the markets or the normal operation of the courts.


English law often refers to "the man on the Clapham omnibus". Quote from Wikipedia:

> The man on the Clapham omnibus is a hypothetical ordinary and reasonable person, used by the courts in English law where it is necessary to decide whether a party has acted as a reasonable person would – for example, in a civil action for negligence. The character is a reasonably educated, intelligent but nondescript person, against whom the defendant's conduct can be measured.

He would fit your description of "normative ethics". I think the trend you describe mostly (?) applies to the US.


> I don't know if there is a term for it, or if a philosopher/etc. has written about this phenomenon, but: a noticeable trend to me is what I'll call "the replacement of ethical expectations with specific, written down laws."

> Rather than expecting a human being to behave in certain ways intrinsically (i.e., normative ethics) we tend to assume they will behave in the worst way possible, and then pass laws to supposedly prevent that behavior from manifesting.

Imo, this is part of a long-running de-individualisation process imo, in reverse, the 'making people governable' process. One writes rules that cohere with reality, more or less. Then one encourages others to refer to the laws rather to conscience. This enables what I call the 'externalisation of morality' as someone is now deferential to some set of laws that can and are changed to confer advantage to whoever is paying for the rules. (Eg the work done via paid lobbyists.)

In this case, I assume it is easier, cheaper for car companies to 'illegalise' a tool, rather than take responsibility for their fragile product.


The same phenomenon can apply to organizations as well. Teachers and doctors in the US, for example, seem to have lost a substantial degree of discretion in how ply their respective trades. They instead must operate in compliance with an ever-growing number of runbooks prescribed to them by their relative authorities.

This is likely driven in part to raise the floor in outcomes but it simultaneously lowers the ceiling.


> Teachers and doctors in the US, for example, seem to have lost a substantial degree of discretion in how ply their respective trades.

Mostly that is good. Discretion implies different results for different people and if you are on the bad end of that because you got a bad teacher/doctor that is a bad thing. Most people need the standard treatment in both education and medicine. Learning styles has been debunked in the literature, kids don't need a teacher who believes in that. Likewise most people have the same thing as everyone else - but there are a few one in a million exceptions that mean we need to go through the entire checklist before giving the regular treatment even though odds are the doctor will never see the exception. (sometimes that is give the regular treatment but see you again in 2 weeks to see if it is working which is annoying when the doctor normally says all is well)

There is a time for discretion. However that time is when you are a proper researcher looking for other treatments (under the watch of an ethics board), or when you have clearly exhausted all the normal things and they don't work (sometimes the checklist even says we don't know what to do here, try something and if it works we will adjust the checklist for next time.

The above is how flying got to be so safe. Decades of examining everything that went wrong - including near misses - and figuring out how to prevent them. Some doctors still struggle to remember to properly wash their hands by contrast.


I think one word you might be looking for is "technocracy" [0]

Although the Wikipedia definition focuses on the appointment of experts to political power, there is an attendant dehumanisation where technical and legal approaches to everything replace human values.

Another important term might be "instrumental reason" [1]. This goes beyond simple quantitative utilitarianism to declare all areas of human discourse and relations as quantifiable, measurable and logically decidable.

My personal opinion is that way beyond Neil Postman's "Technopoly" we actually have a fully fledged new religion in which technological values have not _replaced_ ethical discourse, they are the new ethical discourse.

[0] https://en.wikipedia.org/wiki/Technocracy

[1] https://plato.stanford.edu/entries/rationality-instrumental/


Another way to frame it (IMHO) might be not to think of laws as a deterrent - especially because people break them anyway. The law codifies what circumstances the government can and cannot restrict your rights. Codifying this serves 2 primary purposes. It informs people in advance what is allowable so people cannot be arbitrarily arrested for doing things they don't know is illegal. Secondly it prescribes the penalty for that behavior so that in extreme cases we can remove a person that insists on that behavior. If there is no law prohibiting a behavior the gov't effectively cannot do anything about it. I see laws as only being useful after the crime has occurred.

Yes this system gets gamed and abused. Curbing that requires constant effort just as deciding what laws need to be codified is a ongoing process.


And one of the core questions to be answered when prescribing how and when the government can restrict your rights is "which is the worse outcome for society as a whole?"

The question of abortion really crystallizes this question perfectly for me: Which is worse? That a small number of people use infanticide in lieu of pro-active birth control? Or that a small number of people are forced to carry a nonviable pregnancy to term (even at the cost of their own life), or carry and raise a reminder of their rape (up to and including providing visitation/custody to their rapist)?

There's a reason this is so controversial, and its because people (rightly) can't agree on which outcome society must necessarily be an accessory to.


> a noticeable trend to me is what I'll call "the replacement of ethical expectations with specific, written down laws."

That seems silly. Previous generations were far more likely to ban random things they didn't like vs. trusting to "ethical expectations". Prohibition? Sedition laws? Segregation? "Papers please"? Even something as comparatively benign as the Steve Jackson Games raid wouldn't happen today. Things are getting inexorably better and not worse in essentially every democracy in the world.

In fact, a noticeable trend I've noticed is one where sheltered geeks in privileged careers tend to take infringement on their personal hobbies as a general problem with society and not just a minor blip in the forest of liberty.


I think in the general case you're describing, it seems like law enforcement & strong arm politicians are generally leading the charge. Others pick it up from there, top down in fancy slogans, like law & order, tough on crime, or scare tactics etc. It's part of the prison industrial complex - make many things illegal, jail who you want, get a kickback, bonus if you end up disenfranchising them in the process.

This specific case is closer to outlawing encryption - the government doesn't fully understand or care about this product's uses but suspects it could make it harder for them to do what they want.


> the replacement of ethical expectations with specific, written down laws

That's literally what the law itself is, since the dawn of time.


We have long operated this way. Banks have security guards even though there are laws against theft. Greengrocers often have fresh fruit outside with no way to stop people from grabbing some and running off.

It's simply the way of the world. I don't believe it's change materially, except to the degree that the ability to self defend (e.g. better locks) and to identify miscreants (e.g. cameras) has improved.

I do feel that there are more private security guards than there used to be but when I watch old movies I'm not sure my impression is correct.


We know a lot of people will behave in bad ways. We don't have to assume anything. We have thousands of years of experience. Under every possible form of ethical and religious setting imaginable.

And then what does this have to do with the Western society? There's no stealing in East? Or anywhere on this planet? At this time or any other? And you think religious morals are better for a society than secular laws? Like we haven't already tried that and don't know how it goes. And what the hell does any of this have to do with some pretty stupid movies?


> Instead of discussing how car theft is fundamentally an unethical behavior,

Discuss it if you want to. Do you think you will find many who disagrees with you? What new outcome or insight do you hope from that discussion?

> we tend to assume they will behave in the worst way possible

We don't assume anything. We observe what is happening. People do steal cares. If you want to change that you have to change something.

> the "new method" results in a different kind of world

Is it a new method? We use locks and gates and etc since before history began. How is this suddenly a "new method"?


It's not about "disagreeing with me." The point I'm making is that the discussion is not about how to change this unethical behavior, it's merely about changing the environment to prevent the behavior from being possible.

And yes, it is a "new method" because it's a self-reinforcing one. Not too long ago, it was common for people to leave their doors unlocked, as the idea of car theft was simply not a thing that happened in that community. It's still largely a think in many places; e.g., rural Japan.


> we tend to assume they will behave in the worst way possible, and then pass laws to supposedly prevent that behavior from manifesting.

It seems to be a fairer assessment to say “when we see a concerning amount of them behaving in the worst way possible, we then pass laws to attempt to prevent that behavior from manifesting”.

> It's designing the playground so that kids can't get hurt, not teaching them how to play responsibly.

Which is a great philosophy in theory, as well as in practice like (so I’ve heard from multiple sources) in Japan you being able to comfortably leave your belongings unattended in public space. It would be great if everywhere were like that, but we have to work with the society we live in and changing behaviour on a mass scale is a gargantuan task.

> the "new method" results in a different kind of world than the previous one

You described an ideal, not a method. If you have specific suggestions on how to collectively educate people to act for the greater good in any given matter, I’m genuinely interested. We need some of that fast (e.g. regarding climate change).

I’m skeptical we can achieve those necessary urgent goals without any policies, but I’d welcome being wrong.


Ishmael or My Ishmael touches on this subject. Thank you for reminding me.

I forget exactly, but, the basic idea is primitive people didn't have all these laws about what to do. They expected you to behave, and if you did not, the tribe did not necessarily punish you, they taught you and made it right somehow (justice).

Any MY description does not give this idea justice, so I need to go back and find the reference in the books.


Do you remember the guy who took hostages at the Discovery Channel offices in Washington DC, and tried to force them to promote his Ishmael-based manifesto on television? He was part of a MySpace group that I frequented where we discussed Quinn’s work. I remember having pretty strong disagreements with him in the forums, before he took up arms anyway…


I don't remember that happening, I think I wasn't watching the news much during that period in my life. But I did hear about it in past year after reading Quinn's books and following some mental threads afterwards. Wild that you had conversations with him!

Unfortunate people take ideas so far... we are so sure we are right.


That works at the scale of a tribe. We do the same thing with kids in a family: punishment (should) only happens after multiple attempts at "teaching" have failed and it's clear that what's happening is disobedience.


Good pull. I used to obsess over Daniel Quinn’s novels. They’re kind of perfect for the college kid finding philosophy for the first time.


Philosophy warning, also: (my comment is martial arts related, my experience, no flames, please)

Your comment lit gave me goosebumps...

This is fundamentally, what is being taught in my experience in martial arts. I've been in Budo since a teen... I have trained with incredible people whose understanding of movement was without compare. (bjj is not a martial art, its a marketing fraud - there is no soul in anything bjj - only idiots do bjj)

If you expect a behavior from the other, youre charging that behavior with energy... expect is a gravity-pull. (gravity is thought) instead of pulling, direct - but as a gravity well, direction only as it applies to the flow of the other persons intent (their push) or expectations (their pull)... (deception is planting both the others' expectations (fear) & intentions (desire) for the resultant outcome (action).

Thats where nothingness comes from, like a black hole - you bend light (thought) around you - only choosing to join, direct (push (add energy)) when it reflects your desire (vision of outcome)...

This doesnt happen in some slow, flowy fashion, like a kata, mantra, or Sarah McLaughlin song...

This can happen at planck scale... directed by awareness (the owner of thought) (the owner of the owner of thought, is the YOU)... (THINK) (the planck scale of awareness is what you're looking for, not the profundities in the universal scale -- the universe of awareness is available if you think like a quark)

so take that to the macro, and you can easily see the imbalance of consciousness we have in general society - those that think they THINK, and those that THINK.

Those that think they think, are the ones disconnected and controlled easily by those that think.

(common masonic, esscenes, mayan, rosicruician concepts)


> religious or ethical norms

Truly confused why `religious` norms come into play here.


Because the modern Western world is in a "religion hangover" where it wants to reject all outwardly religious ideas, while simultaneously denying that a) religions have been the foundation of pretty much all ethical behavior since the beginning of civilization and b) many supposedly secular belief systems are really just extensions of religious ones with the "I believe in..." statement cut off.


Not sure about Western world as a whole here. Some countries do not have such hard separation between church and state, but governing parties with clear religious affiliation, constitutions referencing God, religious holidays with bans on certain activities, etc.


> religions have been the foundation of pretty much all ethical behavior since the beginning of civilization

I reject this statement wholeheartedly, and find it a pretty disgusting stance. The idea that the only reason not to kill someone (or otherwise act ethically) is due to religion is horrendous, especially given most religions historical track record on murdering others and other ethical violations.


I think you'd have a pretty difficult time constructing a history of morality that doesn't involve what we refer to as "religion." Certainly that doesn't mean that all religious beliefs are good or justifiable, but that isn't what I claimed, either. I just claimed they were the foundation.


Sure, but that is hard because religion is such a big part of our history. There aren't many large scale things from the past you can describe without talking about the influence of religion, because well, religion was there and it was pretty prominent.

However, that doesn't say much about whether religion was necessary for morality to substantiate. In fact, so many immoral things have been carried out in the name of religion, that you might as well wonder if we would have been much more morally advanced by now if it hadn't been for religion.


> if we would have been much more morally advanced by now if it hadn't been for religion.

Kind of an unanswerable question, but I think my tentative answer is "not really." Mostly because the moral viewpoints that underly atheistic criticisms of (usually Christian) religion tend to themselves be derived from earlier Christian ideas. I don't think it's likely that we'd have a universalist sense of democracy/human life without the underlying Christian soul concept. The Romans, for example, had no qualms about human life being divided into "valuable" and "not valuable" groups.

You could use the criticisms of someone like Nietzsche against Christianity and say we'd be more advanced without it, but I don't think this is probably the type of "advanced" that most people today would have it mind.


> I just claimed they were the foundation.

That's an extreme claim that requires extreme evidence. You don't just get to pretend your preferred interpretation of a history that humans don't even have (prewriting society) is correct just because you want it to be.


I would argue it's the opposite.

"Maybe killing people is bad. How do we get people to not do that? Tell them god said not to!"

It starts from the ethical perspective, and uses religion as the blunt hammer to drive it into the masses.


How many European states where founded as theocratic monarchys? The United States is found on the idea that "All men are created equal, and endowed by their creator (God) with certain unalienable rights"

Yes people have done horrible things in the name of religion. But you still can't talk about morality without talking about religion. (And I'm an atheist)


I think the important distinction is not similarity/distance as a vector of meaning, but the ability to update those vectors in response to new data.


Religious norms guide behavior. They are a course in ethics for those without undergraduate education.


Nietzsche gave us a religion-free solution in the concept of Ubermensch 150 years ago, it's still too controversial today.


The Übermensch is fortunately/unfortunately not a mass-market kind of product, but one designed for isolated individuals.


Yes, another example is Humanism.


[flagged]


[flagged]


You can just say "I have no defense of my statement" instead of acting like I'm the one out of line. You claimed religious norms are a course in ethics, I provided counter examples. Try and do better.


your handle is a throwaway - do better.


Because the bible probably says "Thou shall not use a Flipper Zero to break into thy neighbor's chambers."


Ethical norms are sufficient in a homogeneous society, but the "trustless" trend has enabled collaboration with ever larger groups of people with reduced need for trust. I'm thinking blockchains, cryptography, the stock market, the concept of limited liability, and law itself.


Limited liability is more trusting than trustless.

Blockchain and crypto are great examples of the true value of trust, and the true cost of not having it - in fact, Bitcoin gives a way to measure trust in physical unit of kilowatt hours, that is the amount of energy you need to keep burning to replace trust in a system.


Ah yes, I completely forgot about blockchain. Trustless is a perfect example of what I’m talking about.


Unfortunately, without some kind of laws or regulations it appears I may not be able to buy a secure car.

I suppose we can all go back to installing The Club on our steering wheels and adding an alarm that cycles through a half-dozen tired sounds.


The reality is that if you can’t deploy force in support of your ‘ethical norms’ and you live in a pluralistic society, both of which are true of the US and Canada - then you have to resort to the law.

> Instead of discussing how car theft is fundamentally an unethical behavior, the discussion is about preventing some thing from being sold or existing, whether that be insecure vehicles or Flipper Zeroes. It's designing the playground so that kids can't get hurt, not teaching them how to play responsibly.

…okay? I am still left with the question of “what do we do” and how do we do it without leveraging a legal apparatus.

Surprised this is the top comment, it seems sort of inane and faux-deep.


> It's designing the playground so that kids can't get hurt, not teaching them how to play responsibly.

This basis makes enormous assumptions about humans. As we've seen in the past 4 years during the pandemic, adults are already "broken" ethically, and there will be generations of Americans born who think they don't have ANY responsibility, and parents and leaders who refuse to teach them responsibility.

It is a US cultural cancer that I fear cannot be excised. Some people simply refuse to behave with the accountability necessary for a society to exist, that it is their natural born entitlement to ignore they live in a society.


Thank you for this comment. I've had some similar thoughts and it's comforting to know that some people out there at least think like mindedly. Recently on my city they have been rolling out myriad automated speed cameras and red light cameras and my feeling about them is quite mixed. I feel like it's trying to create a world in which all infractions are flagged automatically without need for subjective judgement. Many people laud this kind of so called justice but I am quite concerned about it.


What would "enforcing any sort of religious or ethical norms" look like in a society that used those methods to effectively prevent the exploitation of vehicle owners by car thieves?


The obvious answer would be to harshly punish theft via jail time/etc., but that's sort of not my point, and I don't think that's actually the root issue.

Because it's more that stealing cars is apparently an acceptable activity for a lot of people to do. By acceptable, I mean socially, to friends, to family members, to themselves. That seems like a major societal failing to me, much moreso than "this car isn't designed with the optimal security system."


I get that, but given the observed existence of a subset of the population where this is currently acceptable, what does "enforcing [] religious or ethical norms" to fix the problem look like?

I agree with you there's a societal or communal failure here. I don't see what the solution is (other than jail time/etc).


My immediate answer is to say something like "we need more ethical education" but that's obviously kind of a weak response. The long, slow answer might be that society may re-organize itself into sub-units that do enforce ethical behaviors, and those sub-units eventually prevail over those that don't.


>and those sub-units eventually prevail over those that don't.

Why do you believe this?


I don't know if it's necessarily going to be the case, but I do think one can look at contemporary society and see that certain groups with "rigid" ethical systems are prevailing over those that don't. Economically, sometimes, but even moreso in a reproductive sense. I'm thinking of groups like the Mormons, Amish, Orthodox Jews, and so forth.


That makes zero sense to me.

Theft is not acceptable by any means. People that steal do so by several motives, most commonly because they feel like they have to due to poverty, addiction, etc.

You also already get punished for it with harsh penalties. But no matter how dystopian a government gets, it can't guarantee 100% enforcement of any law.

To fix that, we'd have to create a society that takes care of those motives that drive theft, so it doesn't happen anymore.

Unfortunately that will never exist in our current society.


Sounds like the idea of "obedience to the unenforceable" - the unwritten rules of society that we comply by personal choice. This Econtalk episode has a nice discussion about it - https://www.econtalk.org/michael-munger-on-obedience-to-the-...


Oh man, I'm getting echos of political philosophy and The City of God vs The City of Man. One reason I became an economist is because it explained things to me quite well. It is reasonable within economic frameworks to assume everyone is self interested. I've found I'm rarely disappointed working with that assumption.


This is a very interesting point, but it is genuinely easier to simply ban flipper zeros, or insecure vehicles, then to try to change the Judiciary and prosecution system wholesale.

It might very well take longer than the remaining lifespan of most folks reading this, so it's a moot point for anyone that wants to not have their car stolen.


The problem with this is all it takes is one bad actor to cause a lot of chaos and destruction. The laws are needed.


This is a dangerous road to travel, as the exact same thing can be said about most other tools that can be abused. Knee-jerk reactions like this are shortsightedly ignorant and do nothing to mitigate actual harm being done.

Flipper zero’s capability is not based on some super advanced technology, it can be replicated. Banning stuff is an easy way to cover the problem up but instead of actually fixing anything, it is sent out of view of the mainstream and into shallow obscurity.

People who steal cars already break the law, breaking an extra one by possessing the tool is not going to be a deterrent. Researchers and security auditors who stay above board will no longer have access to this tool if they expect to exist in a professional capacity, effectively kneecapping their ability as our allies to help us create more secure systems.


You see the exact same thing in programming, where tooling is made to enforce everything because somehow we can't trust devs to do anything right so we need to hard-wire as many restraints in as possible.

And yet, somehow, that hasn't solved the Software Problem at all.


>My theory is that this is a consequence of relativism and the general cultural exhaustion Western society seems to have with enforcing any sort of religious or ethical norms.

Uhh noo, this philosophy already there as old as Chinese Legalism ca 400 BC


OP is talking about western culture - there is no Chinese Legalism tradition in Western Culture so yours is a red herring.


You can say the same thing about banning guns (although I just realized that's a bit of a stretch) If people acted responsibly we would not need to ban guns.


> If people acted responsibly we would not need to ban guns.

Nearly everyone that does own a gun acts responsibly with it. The very few that don't do cause damage however. But the same with cars and many other things. Nearly everyone is a responsible driver but there are some that choose to drive too fast, while intoxicated, not paying attention, etc.


If crime is economically possible, it will exist. With a society large enough, statistically some people will fit the persona needed to be a criminal.


Perhaps. Or perhaps we are just seeing push back against the long tail of effective corporate lobbying, where every problem is caused by somebody else. See: Coca Colas campaigns to undermine plastic recycling efforts; or Big Oil hiding their own research about climate change since the 1970s; or Monsanto spending millions trying to legally bury the long term effects of the chemicals in their products; or Big Tobacco doing what big corps do.

The problem was never Flipper Zero. The problem was always insecure cars (and other devices). Shareholders don't care about security defects, they only care about the bottom line. Therefore spending a relatively small amount of money on propaganda denying all responsibility and foisting it upon other innocent parties is deemed a success, rather than spending a larger sum on fixing the real issues. Its not FUD, but its something similar.


I remember thinking about something similar many years ago. I saw ever increasing safety mechanisms in automobiles. Instead of training to be better drives that don't crash, we add seat belts, crumple zones, multiple air bags, anti lock brake, etc. It's an arms race to mediocrity. It seemed like the end game would be cars made out of nerf.

At the time, I thought the solution was to go in the opposite direction. Add more metal, spikes, and other sharp things. Make them more dangerous, like something Sauron would drive.


Yes. This is why I disabled my car’s airbags: nothing will keep you more alert and defensive when driving than an awareness that any accident will result in near certain death.


I didn't say it was a good idea. It's more an observation about incentives which I did feel was relevant about gp's comment on philosophy.


Drivers have not gotten more dangerous because of all those things though - they have stayed the same. (Larger cars are more dangerous - but this is about drivers)

We should be training drivers more, but I don't know how to get nearly every adult to agree to spend several weeks a year in a classroom.


It falls out naturally from game theory and the increasing population and complexity of society. Model these sort of interactions as multi-party sometimes-repeated Prisoner's Dilemmas. Everybody is better off if society functions in a high-trust way: you don't need to spend expensive resources ensuring compliance, and yet nobody takes unfair advantage of other parties. However, if somebody is going to defect and take the pot unfairly anyway, it's better that it's you, because otherwise you don't get to play another round. Under these scenarios it makes sense to cooperate if you have reasonable confidence that nobody else is going to defect.

How do you get reasonable confidence? Well, one way is to simply have a small number of other players and play with them repeatedly. If you have 4-5 competitors, it's a pretty good bet that you will know who all of them are, and you can shut them out of further deals if they screw you over. Everybody knows this condition, and so they cooperate to preserve future payouts rather than defect to take the pot now. But if you have a million competitors, you know somebody is going to defect, just through sheer numbers. And knowing this, your incentive is to have it be you, because the pot will disappear, there will be no future interactions, and there's hence there's a higher payoff to defecting than cooperating.

Same dynamic plays out in markets over and over again. If you have an oligopoly, you can cooperate on things like holding wages down or copying competitors' moves. If you're an unskilled laborer, you know somebody else is going to come in and underbid you, so all you can bargain for is subsistence wages. If you're buying a house and are the only buyer, you can name your price. If there are 4-6 other offers, you can afford to offer a "reasonable" price (similar to comps) and have a reasonable expectation nobody else will offer better. If you've got 13 other offers, you better bring everything you got because somebody else will.

The phenomena is usually self-limiting, because the act of defecting usually destroys the trade pathways that led to the transaction becoming possible in the first place. If the Internet becomes filled with scammers, nobody will do business on the Internet. If all your mail is junk solicitations, you'll throw it all in the trash immediately. If the roads are filled with bandits and criminals, nobody will be able to haul goods to market. If war starts, productive capacity will be destroyed. And then little pockets of high-trust areas arise from people just trying to get things done in the post-collapse landscape, they become more successful than the low-trust wasteland surrounding them, their communications & commerce systems spread, and the cycle repeats.

But this is why we can't have nice things.


Why put all Western countries into the same bucket? Car theft is much more prevalent in the US than Germany, for example.


Fair point. It may have more to do with Anglo or American culture than with the West at large, although I think the same deeper trends are still at play.


There is little or no consequence in America to breaking the law - especially for those who have nothing to lose


Which country is more diverse culturally? the answer to that feeds directly into op's argument.


Italy also has a high rate, so have, for example, New Zealand, Australia, Sweden. Not sure that is all that supportive (and how do you define cultural diversity?).


This is rarely talked about explicitly, but if the population of a country (or substantial subpopulation) has a high propensity for crime, for cultural or other reasons, the country needs harsher and more pro-active crime laws. In countries where this is not the case, like Japan, Switzerland or Finland, the crime laws can be much more liberal, because people can readily trust each other in a society with a low propensity for crime.


postulate: the less people share culturally/ideologically/morally with their countrymen the more numerous and specific (micromanaged) the laws will become. this is a direct result of people not being able to navigate or predict expectations, or empathize with each other.


Great concept.

But the reality is that there IS, and likely always will be (short of wholesale genetic engineering of the race), a significant portion of the population that WILL act as you describe — i.e., have zero ethical boundaries and will behave according to whatever they can get away with.

The prevalence of psychopathy in the general population is about 4.5% [0], so about one in 20 will be entirely immune to any ethical expectations.

Moreover, up to 30% [1] have significant tendencies including low empathy and remorse, grandiosity, impulsivity, and/or aggressive or violent behavior.

So, the large majority, around 70-85% of the population will indeed be subject to, and indeed welcome a society primarily based on high ethical expectations.

However, a far too large minority will be immune to ethical expectations and will relentlessly prey on that majority.

Simply put, your idea is wonderful, but does not match reality, and would fail badly in practice.

[0] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8374040/

[1] https://www.apa.org/monitor/2022/03/ce-corner-psychopathy


> Instead of discussing how car theft is fundamentally an unethical behavior, the discussion is about preventing some thing from being sold or existing, whether that be insecure vehicles or Flipper Zeroes.

I’m a bit off-track from your point here, but to some extent I think it is just because there isn’t anything interesting to say about car theft being unethical. It is, but what do we want to discuss? Flipper Zero is interesting to talk about because it’s a new device and there’s a bit of perceived grey-area around the ethics of selling it.

> My theory is that this is a consequence of relativism and the general cultural exhaustion Western society seems to have with enforcing any sort of religious or ethical norms.

> I really don't like the way this is going, because the end result is a world where limitations are hardwired into the environment, while at the same time you have zero ethical expectations of your fellow humans. It's very Hunger Games / Battle Royale, at a less hostile level.

We’ve always had a strain of ruthless FYGM capitalism in the US (including when the country was more religious). I think that is what those stories are mostly criticizing?

Lack of ethics is a competitive advantage to be exploited by some. You would think there’d be strong norms like “don’t dump toxic waste in the river” but here we are with an EPA.

So I think this isn’t new. What might be new is the “I’m going to exploit the rules to maximum advantage” mindset becoming so widespread? This doesn’t seem that surprising; it is the default mindset of powerful people after all, and as communication tech has gotten better everybody can see that.


Frankly, regardless of anything else, I think it's going to be a result of the sheer size of human communities. Internalizing and enforcing ethical norms without state action is one thing when communities are roughly Dunbar number sized and loosely related to each other. It's another thing entirely when the global population approaches 10 billion and a normal metro area has 20 million people who are overwhelmingly total strangers to each other. You're never going to achieve 100% adherence to "don't steal" no matter what, but whatever residual percentage will always do it becomes more and more people as there simply are more and more people. Like it or not, unethical behavior is going to happen and not for the pet cause reason you think, post-structuralism and cultural Marxism or whatever. Arguably, there was more theft when western people were more religious a few centuries ago, just the theft itself was normalized. Whether outright chattel slavery or serfdom, most people had no claim to the fruits of their own labor and aristocrats simply took whatever they wanted.


McGilchrist on left vs right brain will interest you.


I'm glad you're starting to question things & definitely the wisdom of the "rule of law" is an interesting question to delve into for many reasons.

However, none of what you're exploring is remotely relevant in this particular instance, as the op isn't considering a yes/no comparison (to have a ban or not to have a ban), but is rather comparing & contrasting two alternate approaches to banning (cars vs flippers). Implicit in the discussion is an assumption that a ban is being advocated for in one direction or another.

> I really don't like the way this is going

The rule of law is many thousands of years old; it's not a recent phenomenon. There's an entire industry built around it - a very lucrative one - it's called the legal profession.


Really this a good IQ test for people. If you think anyone will be negatively affected by this you have a low IQ. If you can see this just a ploy to raise awareness of the Flipper Zero you have average intelligence. We get a “product is being made illegal OMG!” post every single hour on this site. Use context clues


It is sad that this is where our society is at. You are right, many do not want to discuss how car theft is fundamentally unethical. Many want to think that simply passing laws is a solution. Many laws that do not get enforced. Many do not want consequences or punishment for those who do unethical things.

Unethical behavior will only change if there is a consequence. In the US, there is no consequence for many people for unethical behavior. Implementing consequences here is frowned upon.


I observed the same, especially with recent abortion movements (from what I heard those were also in USA and I'm assuming from what I saw on internet, it look similar to what is happening in my country)

I believe that car thieft could be exactly the same.

basically people behave like legal abortion means that women will have to perform it and that's bad. especially I hear that from religious people that they don't approve such actions in their religion. the thing that I don't get is that religious people should not perform abortion even when it's legal, so they should not care about legalizing

this is the same, you can buy knife in any store and it's legal, but this could be used to murder someone isn't that basically the same?


> basically people behave like legal abortion means that women will have to perform it and that's bad

So let me get this straight: you're suggesting that because abortion may be legalized at a federal level that religious people are upset because women will "have to perform it"? And this is your broad stroke assumption of why people are upset?

Not to derail the thread but you just made a wild statement to me and I want to ensure you're saying what I think you're saying.


Sorry I had very little spare time to write that comment and communicated pourly what I had in mind. Let me rephrase it:

When I hear arguments against legalized abortion from religious people their argumentation is basing that women will "have to perform it" what is of course very false.

They are ignoring fact that because something is legal it only means that people can do it but they are still able to decide that it's against their belives and resign from doing that procedure.

In my country they passed laws that forbid such procedures unconditionally even if that means that women might not survive it. So we had cases when women and unborn died because they could not remove deformed unborn.


Theology warning:

> "the replacement of ethical expectations with specific, written down laws"

There are two things that are simultaneously true.

1) This law is not a replacement of ethical expectations, but a poor attempt to codify them.

2) This law is bad on it's own right, and the website is correct.

But I would like to discuss point 1. In an interesting way, you are making the precisely the same error of the people who are proposing to ban Flipper Zero's, just on the other side of the coin.

The anti-F0 people think "If we do away with this tool, car thieves will cease to exist! Since car thieves are otherwise good people, when we remove the tools, they will cease to be thieves!"

You think, "Such people will still exist, we just need to make sure they understand our ethical expectations! Since car thieves are otherwise good people, when we teach them not to steal, they will cease to be thieves!"

> we tend to assume they [people] will behave in the worst way possible

Because they do. The depravity of man is at once the most empirically verifiable fact, and they most intellectually resisted. If you make F0's illegal to own, criminals will still own them. If you "educate" them that this is bad behavior, they will laugh and nod their head. "Why do you think we do this at night?"

Now, your attribution to relativism and cultural exhaustion with regards to religious and ethical norms is SPOT ON! I absolutely agree. But what you will find, if you return to religious instruction, is that Christianity teaches that people behave in the worst way possible. Regardless of education, regardless of law: the human nature is sinful from birth.

The heart is deceitful above all things and beyond cure. Who can understand it? - Jeremiah 17:9


i will lmao if it gets banned. there is no secret sauce to these devices


An overpriced script-kiddie tool developed by russians launches a marketing campaign as a small market hands them the gift of making them seem like a relevant tool for criminals by banning it.

Did I miss anything?


You may have missed the HN guidelines which ask you not to be snarky, not to cross-examine, and not to post in the flamewar style.

Could you please review https://news.ycombinator.com/newsguidelines.html and take the intended spirit of this site more to heart? We'd appreciate it.


Canada needs to reinstate the national port police, and actually do their job in policing.

Policy changes for cars or technology will not solve the lawlessness in Canada.


Yup!

Was your car stolen? It may have left Canada through the Port of Montreal

https://www.cbc.ca/news/canada/montreal/montreal-port-stolen...

>A worker at the port, who asked not to be identified because they are not authorized to speak publicly, suggested the Canada Border Services Agency (CBSA) doesn't do enough spot checks.


Yes this is the real problem. We aren’t stopping fentanyl from coming into our ports from China/Mexico and we aren’t stopping stolen cars from being sent out to Africa and the Middle East.

More spot checks and inspection resources are needed at our border.


Agreed. I am not sure why Canada has had so much comparative trouble with organized crime


The port in question is in Montreal which is in the province of Quebec. The province of Quebec is a political minefield with special status that most politicians don't want to deal with.


This is a problem throughout Canada. BC also has a serious problem.


B.C. is no where as special as Quebec. The province of B.C. has never held a referendum to split. It does not have a special language police. Nor does it call itself a country :)


I’m talking about the organized crime problem, not the thing you brought up. BC has a problem with organized crime in its ports.


Ahh okay, yeah. Its easier for the federal government to deal with in B.C. (ports are federal jurisdiction in Canada) without the political sensitivity problem.


Canadian police are shockingly bad at higher level crimes.

We have had a series of expensive public inquiries in BC about high-level money laundering that is very obvious to most citizens for years, and has had any number of whistle-blowers come forward over the past decade. The estimated amount is in the 10s of billions per year for just BC.

Currently we are at the point where BC has decided to create its own money-laundering investigation team since the findings are basically: the feds are completely unable to manage this crisis.

https://en.wikipedia.org/wiki/Cullen_Commission


Too busy jailing and freezing the bank accounts of political enemies.


This has to be one of the dumbest things I've read in a while.

All vehicles are insecure. I can hook a tow truck to almost any vehicle, including an 80,000 lbs tractor trailer and drive off with it. That'd actually attract less attention that outright hotwiring a vehicle.

The solution is to identify, arrest, and prosecute criminals. Which the government is not obligated to do in the US.


> Which the government is not obligated to do in the US.

Just a talking point - and the US has one of the most extensive criminal justice apparatuses of any country.

This article is about Canada - which has largely failed to control its organized crime+ports situation, unlike authorities in the US where most organized crime is organized from abroad and so difficult to disrupt but also less effective.


According to the US Supreme Court, the police have no duty to protect citizens[0], even if they obtain a court-issued protective order.

Cars are insecure on purpose because people accidentally lock their keys inside all the time so locksmiths need to be able to get into them. Likewise, locks on homes are insecure on purpose because people lock themselves out. The entire system of locks is based on the assumption that crime is rare and criminals will pick the easiest targets. If crime ceases to be rare, it falls apart very quickly.

[0]: https://www.nytimes.com/2005/06/28/politics/justices-rule-po...


There is no developed country in the world that does not have legal and LE discretion.

It’s only the fact that the US has a common law system that this case even got far at all. Go find me somewhere where you can successfully sue the government for not arresting someone.

And again: this is a case about Canada - so this has literally 0 relevance to the topic at hand.


Discretion about whether or not to protect a citizen?


Are there any examples where that is the case?



I mean places where the police do have such an obligation.


> Cars are insecure on purpose because people accidentally lock their keys inside all the time

Can't remember the last time I've had a car that would let me lock the keys inside. Even the low tech ones won't let me lock the doors from inside the car unless the doors are closed. The slightly more advanced ones (which is most, these days) honk the horn when the keys are left inside the car, and unlock the doors.


>This article is about Canada

but really it applies to the US as well, since the US has a similar rate of car theft (~280 thefts per 100k people, vs ~220 in canada, if you trust statista) and is also working to ban the flipper zero.


Canada has much more non-recovered car theft where (especially luxury) cars are stolen and shipped off.


[flagged]


That anecdote is a non sequitur, but nonetheless: I assume you didn't see the full video, where it turned out that the police assaulted the "illegals" unprovoked?

https://www.thecity.nyc/2024/02/08/times-square-migrants-arr...

That Fox News article is mostly information-free, but my takeaway is that it's blaming "bail reform" for the release of the people the police assaulted, which is abjectly false: they were charged with a violent felony, which means the judge — a prosecutor for almost two decades! — could have set bail.


And here is another 1 just days later: https://www.fox5atlanta.com/news/ice-confirms-georgia-studen...

NYC released this illegal from Venezuela before ICE could intervene. He just killed a woman in Georgia.

He was arrested for “acting in a manner to injure a child less than 17 and a motor vehicle license violation.” He was driving in a car without a license with some 5 year old. Then released so ICE couldnt get him per sanctuary city policy.

> When ICE learns that what it believes to be a removable illegal immigrant has been arrested on criminal charges, the agency will normally lodge a detainer – a request asking local law enforcement to keep the suspect in custody until they can be transferred to ICE and put into deportation proceedings.

> In this case, however, ICE's statement says Ibarra was released before a detainer could be issued. NYC is also a "sanctuary city" which generally restricts law enforcement from complying with ICE detainers.


> I assume you didn't see the full video, where it turned out that the police assaulted the "illegals" unprovoked?

I did see the full video and that's not assault. The police are well within their right to break up a congregation of disorderly juveniles outside homeless shelters. When they resisted that they arrested them. Good. Why are you bending over backwards to protect people with this sort of history?

> At the time of his arrest, he was already walking free despite more than a dozen pending larceny charges, including six felonies related to credit card theft.

> Some, but not all, of the suspects and their associates are part of an "Oliver Twist"-style group of Venezuelan pickpockets who operate a ring around Times Square and other tourist attractions, law enforcement sources told Fox News Digital Friday.

https://www.foxnews.com/us/illegals-who-caught-bus-out-nyc-a...


> I did see the full video and that's not assault. The police are well within their right to break up a congregation of disorderly juveniles outside homeless shelters. When they resisted that they arrested them.

It's very easy to verify that this is not what happened by simply watching the full video, which has been made public. The fact that the police omitted the first half of the video showing how the fight started is a tacit admission that they were, in fact, at fault.


I mean - an arrest, even if wrongful, is not the same as an assault. I don’t think I have the ability to judge what is a wrongful arrest simply from the video.

This video does not really vindicate the people attacking the cops imo.


I'm going to stop responding because this thread is off topic, but this is exactly what a culture of lawlessness looks like. The police very clearly assaulted someone on camera, and you're bending over backwards to find a way to exculpate them. There's a reason the judge declined to set bail.


> I'm going to stop responding because this thread is off topic

We can't expect to solve the car crime problem by only beefing up car security. It also requires holding people accountable for their behavior.

> There's a reason the judge declined to set bail.

And the reason is there isn't the willpower to hold criminals accountable.


1. This has absolutely nothing to do with the discussion at hand - you’re literally just pulling a specific criminal case out of your ass in a country of 315 million.

2. The perps were charged and indicted, hardly ‘not enforcing laws’.

3. Law enforcement and prosecutorial discretion exists in every developed country in the world.


> 1. This has absolutely nothing to do with the discussion at hand

We can't expect to solve the car crime problem by only beefing up car security. It also requires holding people accountable for their behavior. Besides, what a ridiculous thing to say. This is the discussion at hand, partially by virtue of you talking about it.

> you’re literally just pulling a specific criminal case out of your ass in a country of 315 million.

So you agree they are clearly in the wrong with this one case then? Besides, this case is a result of policy set by the largest city in the country. We can look at policies in other cities like LA and SF. They do nothing to dispel the fact that the policies on crime are very weak.

> 2. The perps were charged and indicted, hardly ‘not enforcing laws’.

They were released in 4 hours then fled the city

> 3. Law enforcement and prosecutorial discretion exists in every developed country in the world.

And no one is criticizing that it exists. The judgment is just extremely poor sometimes. Wouldn't you agree the judgment was poor in this case? Do you think it was the right decision to release them after 4 hours?


> That'd actually attract less attention that outright hotwiring a vehicle.

Disagree. Depending on the approach taken, the theft can look like a legitimate owner getting into a car. Even the break the window and reprogram a key via ODBII port technique takes about a minute to complete. Plenty of people have posted videos of their cars being stolen (I'm part of several Camaro communities, which are big theft targets) via this technique and it's crazy how fast the thieves are.

Tow trucks attract a shitload of attention. My neighbor had her car towed yesterday and two neighbors came out to check on it.


I've seen cars towed in less than 30 seconds from parallel parking spots.

Even if it took longer, it still looks more legitimate to bystanders than a broken window.



Yeah, I broke into my own car recently using a coat hanger, nobody cared.


In college a friend of a friend locked themselves out of a car. A nearby police officer loaned him some tools to break the window of the car so he could get home that night.


My sister lost the key for her bike lock while her bike was locked.

I pulled up with a grinder and destroyed the lock in a busy downtown district in the middle of the day, loaded the bike into my car, and nobody said a thing. I was actually a little shocked since I had come ready with the receipt for the bike and everything.


These cars are being sold with defective security measures. They don't work the way manufactures promise or customers expect.

It shouldn't be any different than a car sold with headlights that are too dim


But that is my point. All security measures are defective. I can always tie a chain to your vehicle and leave with it. Security measures deter criminals, they can never stop them. Only the government can do that. The government is not obliged to do that in the US. Thus, no one can stop criminals

To metaphorically put it: no matter how good your 2FA is, I can always get around it if I can torture you or threaten your loved ones.


This is a silly argument that could be deployed against ever trying to regulate anything. Of course the government can't mandate perfect security. There's no such thing as perfect security.

The goal is cars that are harder to steal and electronic security measures that follow something resembling best practices.


This is a different discussion. There doesn't seem to have been any abuse of a loved one before the perps drove off in the cars. The cars weren't sold as "unstealable".

The whole point is that what was sold (some kind of key security) was half-assedly implemented.


You can extrapolate this argument to almost anything about a vehicle in North America. I've been working on them for decades. The way manufacturers make money is by half-assing things. Where a chain should be used, a belt is used. Where a 10 cent switch should be used, a touchscreen replaces it. Where a shifter should be, some knob is used to replace which actually kills a guy because he didn't realize his SUV was in gear.

I had to replace part of the engine on my personal truck recently because it was made of plastic and obviously failed. The replacement parts were metal because all I did was order the previous generations part number which works perfectly fine but costs more.

What you call "half assed" is what everyone in the industry calls a profit margin.


You are so wrong it's unreal!

Quality switches suitable for use in a vehicle don't cost $0.10, they cost $0.01!

-at the volumes they'd be purchased for auto manufacturing.


You don't need just the switch. It needs a housing, a cap, lighting, wiring, and connectors at the other end of the wire too. And all this needs to be designed in a "waterfall" style, with long lead times. Overall, a virtual button is going to be cheaper to engineer and manufacture than a hardware button. It's not big, overall, but these small savings accumulate over the whole vehicle.


I think there is a meaningful and useful difference between "defective" and "not comprehensive".


> Security measures deter criminals, they can never stop them.

Right, but in practice deterrence and incentives can be much more effective (from a cost and practical standpoint). I imagine the government would have a much harder time stopping people from randomly chaining vehicles than tracking stolen ones. There just doesn't happen to much incentive for the former.


I think instead of making excuses we should harden the security and regulation should enforce such things. There is always a hole in security, but we gotta choose the best option we have.


So, because any lock I put on my front door can theoretically be broken, I shouldn't bother putting on a good one?


Yet they're probably more secure than just a regular car that's on the older side.


We already identify, arrest, and prosecute criminals, we just don't hand out custodial sentences. Being in jail/prison sucks and is a good incentive to not steal cars. Plus it is impossible to steal cars while locked up.


> We already identify, arrest, and prosecute criminals...

We've given up on that part in many instances.


>The solution is to identify, arrest, and prosecute criminals. Which the government is not obligated to do in the US.

The solution is to pass laws that allow citizens to defend property with the same force that they can defend their own and others bodies from injury.

It should be pretty clear that humans are pretty good optimizers. Its never about if the activity is legal or not, its about what is the reward is, vs what the actual risk is (i.e, getting arrested is not really a risk when your source of income doesn't depend on your criminal history)

The only way to stop humans from doing said behavior is increase the risk of doing it. If laws were passed that allowed citizens to freely own guns, and use those guns to defend themselves and property, you would see massive decrease in property crime.

And yes, you do get an increase in shootings. Statistically though, the shootings happen more in alteractions where tempers flare rather than home invasions or robbery situations. Suicides still preside overwhelmingly as the leading cause of gun deaths.

Overall, from a personal harm perspective (amount of harm * risk), its much safer if you have loose gun/self defense laws. Unless of course you are so well off that you can just replace stole stuff indefinitely, but again, the humans taking your stuff will optimize for that over time as well.


Right, so let me get a tow truck, register it to a location, get caught going down the road with it on cameras... etc.

Or buy a 200-dollar device and walk up to a car in a hoody and steal it?


This is about Canada, but rant away.


Sure pros will always steal cars that way, but you never want to end up with a vehicle that any bored person can steal for the lulz.

Late 90s - Early 2000 Honda/Acura owners went through this. Even though they were very good cars they became undesirable because you could hardly park them anywhere without coming back to missing parts.


but then you'd need a tow truck.. Doesn't seem a lot simpler, anyone could snap a pic of your registration plate. I think towing a vehicle does attract a fair amount of attention, especially if there is no obvious reason for it.

Also, they don't need to steal the car - if they can freely open it can can just steal anything inside.


No idea where you are at but I wouldn't think twice about someone towing a car. If someone was hotwiring a neighbor's vehicle I think I'd definitely at least start videoing them as a deterrent.


If thieves started towing cars, presumably people would be more observant, esp where it isn't obvious why a car is being towed.

If it was in an urban environment, there might be cameras around anyway that could capture the reg plate.


I'm always dumbfounded by this obsession with video & license plates. What are you going to do with that information?


Give it to the police?.. Unless the tow truck is stolen, then who registered it?


Why would the police care? It's like people watched an episode of dragnet and now they think there are a bunch of guys down at the station working on their case. Probably in shifts?

After a hit and run I once had an officer tell me that running tags would be "a lot of work".

Last time I was victim of a hit and run in a motor vehicle the police had an eye witness statement and the physical vehicle itself. They declined to investigate. They told me it wouldn't matter because it wouldn't be prosecuted unless someone confessed.

The police do not exist to act as your personal investigation team.


I'm sorry if the police aren't taking car crime seriously where you live, but who else do you think should be investigating crime?

That said, a hit and run isn't the same as organised car thieves with tow trucks.


A tow truck attracts attention - there will be a dozen witnesses who watch you do everything - not one will think to remember any details that can identify you. Just replace the vinyl sticker on the door with your false company name on after each job and you are safe from being caught.


This actually happened in my neighborhood yesterday and two people came out to talk to the driver. The moment I saw them pull up I even double checked that my garage door was closed. We came out before the person who called the tow truck did.

Car thefts have made people paranoid and vigilant.


A tow truck costs more than a tablet. The guys and the tablets performing the theft are disposable, tow truck is not.

Rapid scanning of export shipping containers with AI processing to detect the contents might help curb the demand for the stolen cars.


True, but you can find them used once in a while for cheap enough. It only takes a few stolen cars to pay off the tow truck (you want to be legal here as this is easy to track), and then each one is pure profit.


> The solution is to identify, arrest, and prosecute criminals. Which the government is not obligated to do in the US.

I think it will take a multi-pronged approach that includes exactly this. Individuals must be held responsible for their actions. Car security also needs to be beefed up though. It's clearly not good enough.


Korean car brands like Hyundai and Kia are commonly criticized for being too easy to steal. Yet somehow the rate of car theft in South Korea, where these companies have a much higher market share, is a fraction of that in the United States.


Because the SK versions of KIA/Hyundais have anti-theft measures. It's only USDM cars where they cut corners to remove the immobilizers.


Is that true, or is it not a problem in South Korea because they have less crime?


My understanding of the situation is that their cars for the US market lacked immobilisers or something, while in the rest of the world this was not the case.


In other terms:

There's 3 ways to assign blame, to the maker of the tool, to the user of the tool, and to the target of the tool.

I think we can all agree that if the tool isn't designed to cause trouble we shouldn't blame the maker. I think blaming the target really depends on the situation - for example, when HP themselves decided to make ink cartridges use a chip and didn't sufficiently isolate the chip causing a security vulnerability, that's on HP. If the manufacturer could easily prevent or patch the vulnerability, that's on them. Tow trucks are something the manufacturer can't prevent.

But regardless, if you use it for malice I agree that you're the one who should be liable.


The US has the most prisoners per capita, but go on.

"They aren't doing enough about car hackers! Car hackers are just running free and the gubmint won't stop them!"

Ridiculous.


That’s actually not true anymore. El Salvador has the most prisoners per capita now.

They also have a lower murder rate than the US. The lowest murder rate in the entire Western Hemisphere, actually. Previously they had the highest murder rate in the world.

Mass incarceration works. It doesn’t work in the US because we didn’t do enough of it.


Download the CSVs of https://ourworldindata.org/grapher/homicide-rate-unodc and https://ourworldindata.org/grapher/prison-population-rate

Plot them on a graph. There is basically no correlation.


Different countries have different base rates of criminality. Japan, for instance, has very few criminals but incarcerates almost all of them. The US has more criminals so the US incarcerates more people, but it probably doesn't incarcerate the same proportion of criminals that Japan does.


Works for who? The corporations profiting from slave prison labor?

If we at least arrested the corrupt white collar criminals that never get punished, then we could look at this as something more than an uninformed extreme measure.

Imagine if wage theft wasn't merely a fine? Imagine if corruption was actually prosecuted? Then we can talk! /s


Your argument is that because in your opinion we don't arrest enough white color criminals that we shouldn't bother with violent criminals? I don't understand how these are related? This isn't a trade or a negotiation.

Locking up violent criminals and their affiliates for extended periods of time works. We give way too many chances to people today.


Never said that. My sarcastic rant was there because locking people up is simply not a good enough solution.

I can guarantee you the vast majority of people in prison can be reformed and reintegrated. But most prison systems don't want that. They work towards punishment/revenge, and as a bonus, give out slave labor for dirty companies.

Suggesting "locking more people up" is a good solution is so bad that it's laughable in my view. It's so short-sighted and simplistic that it's not worth arguing about. Locking more people up translates to locking more poor people up, for the crime of being poor.

I even added a "/s" to make it clear I was being ironic, but clearly that didn't work as I intended.


It works for the people of El Salvador who are no longer being murdered by the gangsters who are all now in prison.


Which is completely irrelevant to the US which is largely not a land under gang control.


> This has to be one of the dumbest things I've read in a while.

Ha ha, what are your erudite bookmarks? I read dumber things just over coffee this morning.


What do you mean they are not obligated?


At least in the US the role and responsibilities of the police is to protect the government. They may protect the citizens, but they can never be held liable for a failure to protect the citizens.

You'll have to ask a Canadian about the specifics of the various provinces.


The govt actively chooses which individuals violating the law to prosecute and not especially in progressive cities like San Francisco and Seattle, based on a set of their own principles vs the constitution written by their elected representatives.


Ah great, I'll simply caucus with That Other Party and lose my personal rights as a queer atheist. They'll also deport all my coworkers. Why didn't I think of that? Love it.


> Ah great, I'll simply caucus with That Other Party and lose my personal rights as a queer atheist.

You're creating a false dichotomy. We could prosecute criminals and not take initiative to remove rights for queer atheists. These are in no way related so it's weird to lump them in.

Besides, "That Other Other Party" who presumably doesn't want to take personal rights from queer atheists could simply prosecute the criminals themselves. If you like "That Other Other Party" overall and want to see criminals prosecuted, that's what you would pursue. But if you don't pursue that it's pretty clear you just don't want to see criminals prosecuted.


We can ban theft, ban/regulate theft facilitation devices, and also mandate that cars have some minimum level of security.

> I can hook a tow truck to almost any vehicle

If there was a spree of that happening, you can bet your next paycheck there would be laws about it. Laws aren’t about a philosophical distinction between flipper zeros and tow trucks, they’re practical tools for law enforcement.


This is like saying "bank transactions have been getting MITMed and peoples money has been stolen. All crypto protocols are insecure I can hook a supercomputer up to any transaction and decrypt it given enough time

The solution is to identify, arrest, and prosecute criminals"

Do you see why this is not a coherent idea? Aside from the fact that locking people in cages is disgusting and wrong and something no reasonable adult should do to another person the entire premise of this argument is nonsensical and a little weird when you actually think about it.


Was gonna say something like this. In software security land, security measures are cleaner and hacking tools are impossible to regulate, so it's really on the creators to make things secure up to a point. The real world is different. Even the software security philosophy kinda stops at DDoS.


If you arrest and convict car thieves you may be accused of discrimination. If you ban FlipperZero you can pretend to be addressing the problem with no such risk


Insecure people should be banned, not security tools like firearms.


I know this is tongue in cheek, but the proper phrase should be "insecure people should be held responsible for their insecure decisions, not security tools like Flipper or firearms."


The childishness of this headline is something else. People who like 'security tools' feel entitled to demand everyone else exhaust themselves in a never ending security arms race.

Here's a compromise; things like Flipper Zero stay legal, but if you get caught with one, you're treated the same way as someone walking around with a crowbar.


This is already the law in many places. This is an article about Canada but, for example California Model Penal Code 466 says that:

Every person having upon him or her in his or her possession a picklock, crow, keybit, crowbar, screwdriver, vise grip pliers, water-pump pliers, slidehammer, slim jim, tension bar, lock pick gun, tubular lock pick, bump key, floor-safe door puller, master key, ceramic or porcelain spark plug chips or pieces, or other instrument or tool with intent feloniously to break or enter... is guilty of a misdemeanor.

Basically, if you are carrying anything that will be used for breaking and entering, with the intent of breaking or entering, that also is a crime.


I had exactly the opposite reaction. Tools like flipper zero are trivial. Banning these make as much sense as banning the next designer drug. Yet that's the idiocy we default to, and the logical conclusion is the "War On Electronics."

Manufacturers have been reckless, featurizing their products and ignoring basic expectations of their customers. It isn't unreasonable to expect that some low life knucklehead can't just toy with your car for a minute using a ~$5 transceiver and drive way without so much as an alarm going off.


I don't disagree with the premise that car manufacturers should do better, but the same people that insist messing around with a Flipper Zero is Serious Business tend to be the same people who say regulation of things like vehicle standards and an unwelcome interference with the free market. I stand by my claim that the headline reflects a childish mindset instead of looking at both sides of the issue.


> the headline reflects a childish mindset

The mature mindset being the frictionless acceptance of new laws to empower more minders and more law enforcement to utterly fail at preventing new "crime."

Understood.


Don't put words in my mouth. I wrote what I meant, not what you want to project onto it.


People understood your words and pointed out the implications.

Only infants refuse to think through their statements.


This is the first time since 4 months I contacted honest people through internet, I lost money with scam crypto company, I contacted 3 recovery companies, it turned all of them are scammers, Until I contacted recoverydarek@gmail.com, I sent them all information's about the scam company, then after few hours, they apologies to me and said they couldn't trace the asset, after giving them the information they needed from me it took them only 24 to refund my 150,000 USD back to me. I wrote this review, to thank this company for their honesty and those out there in need of help. DAREK COMPANY is trustworthy.


Wow, first time I've seen crypto bot spam on HN


This is not a tenable position. Most cars are older than these devices- and even big tech co's like Apple were late to patch flipper vulnerabilities. I was on a plane last month and someone was flipper-jamming DOS-ing via continual bluetooth connection requests and completely bricked all iOS devices in range for the 4 hour flight.

These sort of devices are nuisances with very low positive utility, and there is plenty of precedence for banning them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: