Connected cars evolved from mechanical systems to cellular-linked ad platforms, with Stellantis push-ads on a paid-off Jeep Grand Cherokee illustrating missing consent infrastructure.
Key Takeaways
Stellantis delivered a 15-second loyalty ad via OTA to a Jeep Grand Cherokee at ignition; disabling it required calling a business-hours phone line.
Drive-by-wire, CAN bus, and cellular modems transformed the car from property to a platform with telemetry, ad inventory, and remote software control.
OTA updates let manufacturers remove features post-sale: Tesla deleted adjustable regen braking, reduced battery capacity (settled for $1.5M), and stripped Autopilot from resold vehicles.
BMW’s heated seat subscription and Polestar’s 68hp OTA unlock demonstrate hardware-in-car, software-gated capability as a recurring revenue model.
The 2015 Miller/Valasek Jeep Cherokee remote exploit showed the infotainment cellular connection bridges directly to the CAN bus, which has no native authentication.
Hacker News Comment Review
Broad consensus that pre-2015 vehicles are the practical opt-out; commenters cite 2015 Toyota Camry as a usable floor for safety features without ad-tech or phoning home.
Commenters note automakers replicated programmatic targeting logic from web publishing and in-store retail networks but deliberately skipped the GDPR-era consent layer the web was forced to adopt.
Demand signal is real but unmet: multiple commenters explicitly said they would pay for a privacy-respecting new car or a dealership that strips enshittification, with one calling it a YC startup opportunity.
Notable Comments
@cadito: argues automakers are running the same programmatic targeting stack as web publishers, with zero of the consent infrastructure regulators forced onto the web.
@downrightmike: “$60k min, 80+month loans, Insurance++, and you are still the product.”
