Consumer Rights Wiki - User contributions [en]

Amazon PhotosPlus discontinuation

2025-01-16T07:38:47Z

Sometimeskieran: Some proofreading changes

Amazon PhotosPlus was a subscription-based service that offered users the ability to display their chosen photos on their devices as the "primary content". Additionally, it provided 25GB of Amazon Photos storage, and cost $2 per month. Announced<ref>[https://www.pocket-lint.com/what-is-amazon-photosplus/ What is Amazon PhotosPlus]</ref> in October 2023, Amazon sent an email informing its users that they were discontinuing<ref>[https://www.threads.net/@wheelsee/post/C-58LrqSbYW?xmt=AQGzdSySswLxRPEtQdHvzY0PMn5k0eXCG2lzMqmc0irZoIQ Email sent to all PhotosPlus users informing them of the cancellation of the service]</ref> the service, cancelling it on September 12, 2024.

The Amazon Echo Show 8 was a Digital Frame, launched at $149.99. For $10 more, you could get the Amazon Echo Show 8 Photos Edition, which included 6 months of PhotosPlus and the ability to display your photos as the "primary" content. Amazon spokesperson Courtney Ramirez<ref>[https://www.theverge.com/2023/9/22/23885332/amazon-echo-show-8-photos-edition-digital-frame-price-fee Amazon Echo Show 8] </ref> confirmed that “Occasionally, Alexa will provide content suggestions based on a customer’s interest. However, photos will remain the primary content.”

After the cancellation of the PhotosPlus Service, the Amazon Echo Show 8 Photos Edition is identical<ref>[https://www.howtogeek.com/amazon-cancels-photosplus-subscription/ Effects of cancellation of the PhotosPlus Service on Amazon Echo Show 8 Photos Edition customers]</ref> to the Amazon Echo Show 8, and users who wish to display their photos have to do so with advertisements and promotional content.
== References ==
<references />
[[Category:Incidents]]
[[Category:Amazon]]

Volkswagen car-location data-exposure incident

2025-01-16T07:28:55Z

Sometimeskieran: /* The Incident */ Minor grammatical change

{{Under_Development
|date=January 2025
|stage=early
|priority=high
}}

In 2024, Volkswagen experienced a data security incident involving customer vehicle information stored on Amazon Web Services (AWS). The incident occurred when Volkswagen's implementation of [[CARIAD]], a system used for storing terabytes of customer data, was discovered to have publicly accessible storage instances due to a misconfiguration<ref name=":0">[https://cybersecuritynews.com/volkswagen-data-breach/]"Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked" written by Guru Baran (co-founder of Cyber Security News and GBHackers On Security). [https://archive.ph/tVDzM Archived] from the original on December 28, 2024. Retrieved on January 15, 2025.</ref>.
== Background ==

This incident occurred within a broader context of automotive data security concerns. Modern vehicles increasingly collect and transmit various types of data, including location information, driving patterns, and user identification<ref name=":1">[https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/05/cars-consumer-data-unlawful-collection-use]"Cars & Consumer Data: On Unlawful Collection & Use" written in collaboration by the Office of Technology and the Division of Privacy and Identity Protection in the Bureau of Consumer Protection. [https://web.archive.org/web/20240514181955/https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/05/cars-consumer-data-unlawful-collection-use Archived] from the original on May 14, 2024. Retrieved January 15, 2025.</ref>. The automotive industry has previously faced scrutiny regarding data collection practices, with documented instances of manufacturers collecting and sharing vehicle data with third parties.

== The Incident ==
[[File:Volkswagen.png|alt=Pie Chart showing the total cars affected including the severity of each(whether its location was exposed down to a radius of 10cm or 10km) and breakdown by brand|thumb|Pie Chart showing the total cars affected and breakdown by brand]]
The core issue stemmed from a misconfiguration in Volkswagen's AWS storage implementation, which left customer data publicly accessible without proper authentication or access restrictions<ref name=":0" />. This exposed sensitive information about vehicle locations, EV battery statistics and sensitive customer information. The incident not only breached customer trust, but Volkswagen's own Terms of Service.

== Industry Context ==

The incident highlighted ongoing discussions about automotive data security and privacy. Similar concerns were raised during the [[2020 Massachusetts Right to Repair ballot initiative]], where major automotive manufacturers including General Motors, Ford, Nissan, Toyota, and Honda invested approximately $25 million in campaign advertising discussing data security implications.

== Regulatory Response ==

The National Highway Traffic Safety Administration (NHTSA) has previously expressed concerns about automotive data security. Following the 2020 Massachusetts Right to Repair initiative, NHTSA official Carrie Gules issued a letter addressing potential security vulnerabilities in vehicle data systems{{Citation needed|date=January 2024|reason=Letter reference needed}}.

== Broader Implications ==

This incident demonstrates the broader challenges facing the automotive industry regarding data security and privacy. It has been documented that automotive manufacturers regularly collect various types of vehicle data<ref name=":1" />, including:
* Location information
* Driving patterns
* Vehicle operation metrics
* User behavior data

Some manufacturers have established partnerships with data aggregators and insurance companies for data-sharing purposes. For example, General Motors has been documented to share driving data with LexisNexis and insurance companies, including information about:

* Vehicle location data
* Turning radius information
* Stop times
* Drive times

== See Also ==
* [[Automotive data privacy]]
* [[Right to Repair movement]]
* [[Vehicle telematics]]
* [[Connected car security]]
* [[CARIAD]]
* [[Volkswagen Group]]
* [[2020 Massachusetts Right to Repair ballot initiative]]
* [[General Motors Data Theft]]

== References ==
<references />
''Note: This article represents an ongoing situation and may be updated as more information becomes available.''

[[Category:Data breaches]]
[[Category:Automotive industry incidents]]

[[Category:AWS security incidents]]


3. [https://www.spiegel.de/netzwelt/web/volkswagen-konzern-datenleck-wir-wissen-wo-dein-auto-steht-a-e12d33d0-97bc-493c-96d1-aa5892861027 For the link to the news source which was tipped off by a German hacktivist group]. [https://web.archive.org/web/20241227094207/https://www.spiegel.de/netzwelt/web/volkswagen-konzern-datenleck-wir-wissen-wo-dein-auto-steht-a-e12d33d0-97bc-493c-96d1-aa5892861027 Archived] from the original on December 27, 2024. Retrieved January 15, 2025.

4. [https://www.youtube.com/watch?v=Agcp37iiWLc&t=188s Youtube video with mentioned credits for more information].
[[Category:Vehicle privacy incidents]]
[[Category:Right to repair]]
[[Category:CARIAD]]
[[Category:Incidents]]

RepairShopr data privacy

2025-01-16T07:12:32Z

Sometimeskieran: /* Transparency and Communication */ Fixed grammar error

== RepairShopr Changing Terms of Service ==

=== Introduction ===
[[RepairShopr]], a [[Software-as-a-Service]] (SaaS) platform used primarily for [[Customer Relationship Management]] (CRM) and ticketing in repair shops, has recently been the subject of scrutiny due to changes in its terms of service. Previously praised for its utility and robust features, concerns have arisen about data usage policies and subscription practices after its acquisition by [[Synchro]], leading to dissatisfaction among long-term users.<ref>https://www.youtube.com/watch?v=bu_rjYHZj9I</ref>

=== Background ===
Initially developed by Troy Anderson, RepairShopr gained popularity as an affordable and effective CRM solution for repair businesses. Its features included [[QuickBooks]] integration, shipping automation, and caller ID syncing with ticket statuses. Users valued its simplicity and responsiveness to feedback. However, following its sale to Synchro, the platform has faced criticism for declining functionality, increased pricing, and controversial terms of service updates.<ref>https://www.youtube.com/watch?v=ASJE0501nOA</ref>

=== Key Issues ===

==== AI Tools and Data Usage ====
The most contentious issue involves RepairShopr’s updated terms of service, which grant the platform the right to use "user content" and "usage information" to train AI tools. While Synchro claims no current AI features are operational, the terms allow for future implementation. Critics argue this represents a violation of privacy, as user content includes communications with customers, which are considered sensitive business data.<ref>https://www.repairshopr.com/repairshopr-user-access-and-license-agreement</ref>

==== Opt-Out Policies ====
Users must opt out of data collection for AI training by directly contacting the company. However, previously collected data remains usable under the terms, creating further concerns about consent and [[retroactive policy enforcement]]. This policy is outlined under the '''"Intellectual Property; Reservation of Rights"''' section of the RepairShopr User Access and License Agreement, specifically the sixth point:<ref>https://www.repairshopr.com/repairshopr-user-access-and-license-agreement</ref>

"If you wish to opt out of any future collection and aggregation by Servably of your User Content or Usage Information in an anonymous form in order to train Servably’s AI Tools, please contact us as set forth below. For clarity, such opt-out will apply only on a go-forward basis and will not obligate Servably to cease using any previously anonymized and aggregated User Content or other Usage Information as otherwise permitted in this Agreement."

Furthermore, the opt-out process must be initiated by the business owner, which limits the ability of individual employees or customers of the business to safeguard data. Per Louis Rossmann’s account, the changes to the terms were not disclosed until after they had already taken effect, leaving a window of time where data could have been collected without the user’s knowledge or consent.<ref>https://www.youtube.com/watch?v=bu_rjYHZj9I</ref>

==== Increased Costs and Functionality Decline ====
Since the acquisition, RepairShopr’s subscription fees have increased by 40%, with users reporting degraded service quality. Core functionalities, such as email communication with customers, have experienced extended downtimes, undermining its role as a CRM tool.<ref>https://www.youtube.com/watch?v=ASJE0501nOA</ref>

==== Transparency and Communication ====
Users were notified of changes to the terms of service by email late in December 2024, with the new policies already having been in effect for weeks. Many users criticized the lack of proactive communication, claiming the updates were poorly communicated and buried under non-critical updates.<ref>https://www.youtube.com/watch?v=bu_rjYHZj9I</ref>

=== Broader Implications ===
This case reflects broader trends in SaaS:
* '''Erosion of Ownership Rights:''' Platforms increasingly transition to subscription-based models, asserting greater control over user data and functionality.
* '''AI Training and Data Ethics:''' Policies allowing AI training on user-generated data raise ethical and legal concerns about privacy and informed consent.
* '''Consumer Trust:''' Poor communication and retroactive application of terms erode trust in service providers.
* '''Transparency in Terms of Service:''' SaaS providers should clearly communicate terms changes, ensuring users explicitly consent to updates.

=== See Also ===
* [[Retroactive Application of Policies and Enforcement]]
* [[Consumer Rights in SaaS Platforms]]
* [[AI Training and Data Privacy Ethics]]

== References ==
<references />

[[Category:Incidents]]
[[Category:Synchro]]
[[Category:RepairShopr]]
[[Category:Servably]]
[[Category:Consumer rights]]
[[Category:Anti-consumer]]
[[Category:Subscription-based services]]