Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Do we trust Tesla with our cars/data??!!

Do we trust Tesla to have unlimited access to our cars...

  • Yes

    Votes: 46 35.9%
  • No

    Votes: 40 31.3%
  • Don't care

    Votes: 42 32.8%

  • Total voters
    128
This site may earn commission on affiliate links.
Tesla issue a refresh token that doesn't expire and a normal use api token that does quite quickly as you suggest, the problem is the refresh token can generate a new api token via one extra step, so all these websites/apps etc like teslamate, teslafi etc use the refresh token to just keep creating new api tokens whenever they need them making the expiry pretty pointless
Hence I've always felt a little weary about all these 3rd party apps that people grant explicit access to.

I don't value the data or utility that they offer enough to do it. Not because I think the authors have bad intentions necessarily, but because they're human and we all make mistakes. Risk vs reward.

I get it's a bit 'lazy', but I think this just makes it easier for Tesla to manage, and can remove a bad actors access to their refresh token if needed.

That said, 'what we don't know can't hurt us'? 🤣
 
A few years ago back during one of many many services visits it seemed like Tesla could access/see my car even when I have disabled 'remote access', didn't think much of that.

The last time I took my car into a service centre it was susprising to learn they didn't need the key, as they could 'access' the car on premises, fine.

Today I had a mobile visit from a ranger, he messaged me to say he was going to arrive in 20 mintues, with me not been home I told him I would unlock the car. Work ended up been busy so I didn't check my phone till later and noted the car was been worked on.......I persumed my wife had given him the key, but it turns out no!!!

So it's pretty certain now Tesla can gain access to any of their cars on the road today, without ANY knowledge/trigger/warning to the owners. My car is out of warranty and coming up to 6 years old, but it seems likely Tesla has this ability even for cars made way back probably the first ever S.

I don't know if this is another display of the 'disruption' Tesla is bringing to the automotive industry, certainly for me, not having to be around when the service tech arrives to work on the car is convince on a different level vs a traditional dealership model....but tin hat moment, Elon if he is truly a mad man, could disable, and with FSD 'drive' any of our cars off a cliff/back to Tesla with no consent from the owners!!

Even Apple I don't think have this level of potential 'control' on their products post sale....Good or Bad??!!

52196959277_08e9873994_c_d.jpg


52196787192_bf04c3abef_c_d.jpg
Very valid point and being someone who widely tries to turn off phone microphones etc and WiFi at home during the night etc I had my concerns.
The screen did completely turn off once while driving and I can happily report I could still operate the car and drive it
which would have been my main concern. The reason btw was a software update not fully updating.

The service centre being able to open the car and general control remotely is amazing for sure. I’ve found opening the car remotely handy on jobs where I have to have kit dropped back at the car etc

Like the silver option btw! My hope is they do a brushed silver one day ;)
 
Our standard at work would be 5 mins internet facing. Obviously the client can keep alive, but permanent token is an odd way to go.
The token is generated for the App to hold, people wouldn't like having to login to the app everytime they use it and retaining and resubmitting your username/password isn't a good idea. While Tesla could make it harder to reuse the token, they wouldn't really be able to make it truly more secure without reauthentication.

Same goes for most client applications, Outlook for example can be token replayed against Office 365 unless you implement something like Conditional Access which wouldn't be practical for a consumer app.