Re: The more of this I read
I would MUCH rather have my car NOT connected, and secure,
Wrong logic. This means that a major issue with the car is not fixed until you understand about it and take it to the dealer.
An example is BMW taking the thoroughly and fully cretinous decision of allowing key programming via EBD2 while the alarm is in active state. So anyone with a tool which costs 30$ can steal a car which costs 60k. So let's imagine a hypothetical situation similar to a zero day exploit where you are driving a car which is vulnerable somewhere out in the sticks in the deepest darkest Eastern Europe/Latin America/South East Asia (scratch the ones that do not fit). Do you want the next villager down the road to appropriate your car (or your car to crash, stop just because it feels like it, etc) or you are happy to have the firmware uploaded?
What I am not happy with though is the car doing it by _ITSELF_.
This is what is massively opened for abuse including tracking users, updating at the wrong time, etc. What I would want is the car to ask my phone nicely via an app on my phone if I agree that a particular action is appropriate at this particular moment. Ditto for firmware updates, recall alerts, servicing - everything.
The problem is that the car manufacturers will never ever agree to that. They are obsessed with the car doing everything and never ever relinquishing the control. An example of this obsession is the next Eu safety reg which instead of mandating car pairing and car initiated emergency calls in case of a crash has gone for sticking a GSM SIM (with all the opportunities for abuse coming with this) into the car itself.