Tetelman, a security engineer, argues that software toggles and privacy settings cannot be trusted because automakers have repeatedly been caught ignoring them. He demonstrates that physically removing the DCM cellular modem and GPS antenna from his 2024 RAV4 Hybrid is the only dependable method to sever the vehicle's connection to Toyota's telemetry servers.
The editorial cites the Mozilla Foundation's *Privacy Not Included* project, which rated automobiles the worst product category for privacy in 2023 — worse than every other consumer category reviewed. It notes that all 25 car brands failed Mozilla's privacy standards, with companies collecting data ranging from driving behavior to genetic information, and that no major automaker has meaningfully improved their practices since.
Tetelman documents that modern Toyota vehicles continuously transmit location history, speed, braking behavior, and driving patterns back to Toyota's servers. He highlights the minimal transparency about how this data is used, retained, or shared as the core motivation for his hardware removal project.
Arkadiy Tetelman — a security engineer known for his technical deep-dives on privacy and application security — published a detailed walkthrough of physically removing the cellular modem (DCM, or Data Communication Module) and GPS antenna from his 2024 Toyota RAV4 Hybrid. The post, which hit 765 points on Hacker News, documents the exact components, disassembly steps, and functional trade-offs involved in severing his car's connection to Toyota's telemetry servers.
The motivation is straightforward: modern Toyota vehicles continuously transmit driving data — including location history, speed, braking behavior, and driving patterns — back to Toyota's servers, with minimal transparency about how that data is used, retained, or shared. Tetelman decided the only reliable way to stop this collection was to remove the hardware entirely, rather than trusting software toggles or privacy settings that automakers have repeatedly been caught ignoring.
The procedure targets two components: the DCM unit (the cellular modem that phones home to Toyota) and the GPS antenna that feeds it precise location data. Both are accessible without major dashboard surgery, though the process requires comfort with interior trim removal and understanding of which connectors to disconnect versus leave alone.
This isn't a niche concern. The Mozilla Foundation's *Privacy Not Included* project rated automobiles the worst product category for privacy in 2023 — worse than sex toys, worse than mental health apps. Every single one of the 25 car brands Mozilla reviewed failed their privacy standards. Toyota, Nissan, Hyundai, and others were found to collect data ranging from driving behavior to "genetic information" (per their privacy policies), and several explicitly reserved the right to sell or share this data with third parties.
Since that report, not a single major automaker has meaningfully improved their data collection practices. If anything, the trend has accelerated. Toyota's connected services platform collects granular driving telemetry that insurance companies have used to adjust premiums — sometimes without the driver's explicit awareness. A 2024 New York Times investigation found that GM had been sharing detailed driving data with LexisNexis, which insurance companies then used to raise rates. Toyota's data pipeline operates on similar infrastructure.
The subscription angle adds insult to injury. Toyota made headlines by charging $8/month for remote start — a feature that works via key fob with zero cloud dependency, but which Toyota software-locked behind their connected services paywall. They partially walked this back after backlash, but the broader pattern remains: automakers are treating telematics hardware as a recurring revenue platform, and the data collection is the subsidy model.
What makes Tetelman's post resonate with the developer community specifically is the framing. This isn't a privacy rant — it's a technical document. Here's the part number. Here's the connector. Here's what breaks and what doesn't. It treats the car as what it functionally is: an IoT device with a cellular connection that the owner didn't consent to and can't fully control through software. The 765-point Hacker News response confirms that this framing hits home for engineers who spend their professional lives understanding exactly how data pipelines work — and who recognize the architecture of surveillance when they see it in their own driveway.
Removing the DCM and GPS antenna is not without consequences, and Tetelman's documentation of what breaks is as valuable as the removal guide itself.
What you lose: - Toyota Connected Services (remote lock/unlock, remote start via app, stolen vehicle locator) - Over-the-air updates (Toyota will need to apply updates at the dealer) - Automatic collision notification (the system that calls emergency services after a crash) - Wi-Fi hotspot functionality - Any feature that depends on the vehicle phoning home
What you keep: - All driving functions (engine, transmission, braking, steering — none depend on the DCM) - Key fob remote start (the hardware function, not the app-based one) - Built-in navigation (runs locally, though map updates would need USB) - Audio system, Bluetooth, CarPlay/Android Auto - All ADAS/safety features (lane assist, adaptive cruise, pre-collision — these use local sensors) - Climate control, heated seats, all comfort features
The critical insight is that the telematics module is architecturally isolated from safety-critical vehicle systems. Toyota, like most automakers, keeps the DCM on a separate CAN bus domain from powertrain and chassis controls. This is a regulatory and engineering requirement — you can't have a cellular modem failure cascade into brake or steering system failures. That architectural boundary is precisely what makes clean removal possible.
The HN discussion surfaced an important nuance around warranty implications. Under the Magnuson-Moss Warranty Act, a manufacturer cannot void your warranty simply because you modified or removed a component — they must demonstrate that your specific modification caused the specific failure they're refusing to cover. Removing the DCM shouldn't affect a powertrain warranty claim, but Toyota could reasonably deny a claim related to connected services or the infotainment system. Several commenters noted that dealers vary wildly in how they handle this in practice.
Tetelman's post is part of a growing body of work that treats consumer vehicles as adversarial computing platforms. This includes previous efforts to disable OnStar in GM vehicles, aftermarket OBD-II port blockers, and the broader "right to repair" movement that has expanded its scope from tractors and phones to car telematics.
The developer community's response reflects a specific frustration: these are people who build data collection systems professionally, and they can see exactly what's happening. When a Toyota privacy policy says it collects "vehicle driving data including speed, acceleration, braking, steering, and location" and "may share with service providers and business partners," a software engineer reads that as a real-time telemetry pipeline with a data broker integration. Because that's what it is.
Some HN commenters pushed back, noting that automatic collision notification is a genuinely life-saving feature and that removing it creates real safety risk. This is a legitimate trade-off, and one that each owner needs to evaluate individually. Others pointed out that you can achieve some privacy improvement by simply removing the SIM card from the DCM rather than the entire module — though this approach has proven unreliable on some Toyota models where the unit may still buffer data locally and transmit when connectivity is restored.
If you're building IoT products, connected services, or any system with telemetry, this post is a mirror. The fact that a security engineer's best option for controlling data collection from a $40,000 product was to physically remove hardware is a design failure that every product team should internalize.
Practical takeaways for developers and engineering leaders:
If you build connected products: Provide genuine, verifiable off switches for telemetry. Not toggles that reduce collection. Not "personalization preferences" that still phone home. Actual kill switches that users can verify via network monitoring. The bar Tetelman had to clear — physical hardware removal — is the bar your users will hold you to if you don't provide a credible software alternative.
If you manage a vehicle fleet or company cars: Understand that your employees' driving data is being collected and potentially shared. This has GDPR implications in Europe, and state-level privacy law implications in California, Colorado, Connecticut, and other states. The intersection of employer-provided vehicles and automaker data collection is an under-examined compliance risk.
If you care about your own privacy: The post itself is the guide. For Toyota RAV4 owners specifically, Tetelman's documentation provides the part numbers and procedures. For other makes, the general approach (identify DCM, trace connections, remove or disconnect) applies, though specifics vary. The r/privacy and brand-specific forums have teardown guides for most popular models.
The regulatory landscape is slowly catching up. The EU's Data Act (effective September 2025) includes provisions for vehicle data access and portability. California's SB-1000 proposed giving car owners explicit control over telemetry data collection. But legislation moves at government speed while telematics hardware ships at automotive production speed — there are roughly 80 million new connected cars hitting roads globally each year.
Until regulation arrives with teeth, posts like Tetelman's serve a dual purpose: they're practical guides for individuals, and they're public documentation of a market failure. When the best user experience a security engineer can design for his own car involves a trim removal tool and a wiring diagram, something in the product development process has gone deeply, structurally wrong.
I have a few year old Volkswagen. I'm security conscious and made sure to disable all the data collection I could find in the companion app, turn off remote access services, dig through the infotainment to turn off what I could, etc.Last year I requested a Carfax on it, and one of the fields in
Does anyone have any details on this claim? Important: Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then i
I have the same car and want to do this, but not for the reasons the author noted but because the GPS unit in the car is broken when paired with Carplay and has the wrong compass heading causing navigation to be completely useless.I have reported this to Toyota multiple times with videos detailing t
The 2024 Ford Maverick has a single fuse for the telematics unit that you can remove without throwing a code or an error. No idea if this remained true after the 2025-2026 refresh, but worth knowing.https://www.mavericktruckclub.com/forum/threads/telematics-f...
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
> Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then it does not do that (see the discussion here and el