JFYI: These devices are also installed on cars before it arrives at the dealer or by the dealer itself, but not necessarily by the manufacturer. Rumors are that it is installed by larger dealer groups and is obscured or just failed to be disclosed to the end dealer. Either as part of their LoJak(?) sales upsell or tracking for insurance purposes.
It's usually plugged into your OBD port. If your car has API features, some EV owners have graphed their electricity usage and shown drain/spikes at intervals and led them to find these devices. The consumption from the 12v battery causes the larger EV battery to charge the 12v battery, showing these charging/discharge spikes. There's also sometimes a sticker next to your tire pressure label on the driver's side door mentioning the installation of such a device.
I guess get rid of it if you care to.
eschneider · 14h ago
If you're going to try and track this stuff for real, keep in mind most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move.
b8 · 11h ago
Also that some devices log data locally and require manual pickup + review to avoid detection. Also LEO have been known to temporarily disable such devices when people do scans to detect them for Undercovers.
Ylpertnodi · 11h ago
>Also LEO have been known to temporarily disable such devices when people do scans to detect them for Undercovers.
Any more info on this?
v7n · 5h ago
Since I'm not seeing any other references, here's a timestamp for a YouTube video where an ex-undercover op is interviewed and such thing is mentioned:
How FBI Undercover Agents Actually Work | Authorized Account | Insider https://youtu.be/h6au3ppTm7g?t=1123
logifail · 7h ago
> most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move
I've been working with (non-covert!) tracker devices for a project, and use exactly this approach, when stationary the tracker goes into low-power mode and sends position once every 12 hours to preserve battery life. When motion is detected, we send regular updates.
theoreticalmal · 3h ago
If low cost is the goal, consider a voltage measurement device. ICE engines have electrical systems that run ear 13V when the engine is on, and ~12.5-12.8V when the engine is off
andruby · 2h ago
That would require plugging into the wiring. At that point you no longer need a battery and can just use the car's power.
TheSoftwareGuy · 5m ago
I'd be wary of draining the battery while the car is off. You don't want to prevent the car from starting
Scoundreller · 9h ago
We talking MEMS/inertia detection, vibration detection or auto-geo-fencing?
avidiax · 7h ago
The absolute cheapest thing is just to never update the position unless it significantly changed. Doesn't require anything except the GPS chip.
Bluetooth beacons would need to add an accelerometer, but that undermines their use in pinpointing an object at rest.
rickdeckard · 4h ago
Using the GPS signal to detect motion is the most power-expensive path though.
The cheapest in terms of power consumption is a simple Accelerometer/Gyroscope component.
The difference can be months or even years in longer battery runtime compared to GPS.
aa-jv · 5h ago
Probably the most effective technique for detection would be attained by spoofing the GPS signals, like the IRGC did to capture multiple US' drones?
I used to have a GPS repeater installed in our lab for RF testing. The FAA did not like it at all and threatened us with action.
Don't go spoofing or broadcasting your own GPS signals unless you have a decent legal team behind you.
wcunning · 16m ago
We had one of those in an underground parking garage for autonomous vehicle testing at a previous job, but it was a naturally really well shielded room, and it was just repeating surface signals so no one would complain.
myself248 · 2h ago
Put it in an RF chamber and keep another GPS receiver outside the chamber some distance away to make sure it doesn't lose lock on the real satellites. That's your leakage canary.
seethishat · 1h ago
Ham radio guys and gals have been doing this for decades with APRS. It's fun and easy to do.
Hey this is my industry! Teltonika is a major player in the IoT tracking space. They have features designed specifically to handle this situation. I’m told that GPS jamming and radio pinpointing techniques are used to steal vehicles with these kinds of telematics devices installed, especially in Africa
vv_ · 4h ago
It'd be cheaper to buy an RTL-SDR and an LTE antenna than this tinySA. I'm not convinced that a layman would have enough practical experience with radio's to detect these signals though. The bands used for IoT aren't exclusively used for IoT either - they'll contain "normal" LTE signals too.
blantonl · 15m ago
RTL-SDRs have a typical usable bandwidth only about 2 MHz, so that is going to rule them out of any real usable LTE related decoding and detection
goda90 · 19h ago
Better hope your stalker isn't friends with a law enforcement officer either: https://deflock.me/
b8 · 11h ago
Simply putting a fake plate would bypass that. Truckers usually have a pulley system on their plates to avoid tolls, so maybe more normal drivers will implement such a system or find a way to create something that messes up their camera OCR.
euroderf · 2h ago
> Truckers usually have a pulley system on their plates to avoid tolls
You mean like James Bond's rotating license plates ? Got a pointer to this stuff ?
77pt77 · 20m ago
Just search for it.
I found video review of $80 in seconds.
There's also videos online of cars flipping it right before they cross a toll by plate.
I would not do this. This is serious fraud and antisocial behavior.
SchemaLoad · 11h ago
That would probably flag you immediately for a plate that doesn't match the car, a plate that does match but seen in two places that would be impossible to travel in that time.
potato3732842 · 5h ago
That event would go in the same bucket as the other ten million alerts where the system got confused between visually near identical models or some de-badged sports car.
The fact of the matter is that the powers that be can't overtly use the dragnet in the way that the "how dare someone skip a $2 toll" and "muh two ton death machine" crowds would like to see because the other 99.5% of the public will be all "hey WTF" and politicians will pass laws to pander to those people. The dragnet operating powers that be would rather retain the ability to use the dragnet unfettered even in bad ways so they normally reserve its use for "serious" things.
ge96 · 18h ago
that's not related to flock safety (company) is it?
sodality2 · 18h ago
Yep. Their brand of ALPR cameras have spread like a plague very quickly all over the US
zikduruqe · 4h ago
And Lowe's (hardware store) has signed an agreement with them to put them on their properties. Vote with your wallets.
"Retail giant Lowe’s is another customer, according to two former Flock employees and confirmed by the company. Scott Draher, vice president of asset protection at Lowe’s, said in a statement that Flock cameras are “just one example of a multifaceted approach” to combat shoplifting. He declined to comment on how many of its stores have Flock cameras or if it provides camera feeds to law enforcement."
I noticed that in Abrego Garcia's recent indictment they were able to figure out he was in 2022 based on ALPR pulls that showed he was actually putzing around Texas. My understanding was most ALPRs were being stored for no more than 30 days but apparently that isn't the case, since it appears they did not start to build the trafficking case until this year.
Spooky23 · 15h ago
There's networks of these things, so you can't trust what is said. The host agency may keep for 30 days, but exchange data with third parties, through organizations like NLETS, private collaborations and informal exchange. I'd assume with NLETS searches that the Feds have an overwatch capability and spy on the spies so to speak.
This stuff started with "drug corridors". Police and Feds can and do track vehicles on the I-95 corridor from Maine (and Plattsburgh to NYC) down to Miami as early as 12 years ago. NYT covered it a few years back -- basically they get multiple LPR hits and are usually able to do facial recognition on front seat passengers. If you driving Florida->NYC and stop for a cheesesteak in Philly, you may get some attention up the road.
There's also a growing network of commercial LPR services. Most tow trucks, many parking garages and some delivery vehicles scan and correlate license plates -- repo guys can find wanted cars in hours these days. Also, most traffic cams are saving 24x7 video with LPR.
potato3732842 · 14h ago
Every semi truck these days can be factory equipped with cameras which are all stored in the cloud and analyzed as the service provider sees fit. And if they're not factory equipped they probably have a 3rd party solution in the cab and the same thing is being done.
EGreg · 11h ago
Why don’t they just use facial and gait and heartbeat recognition everywhere? London and other cities already have CCTV cameras, and an AI can quickly figure out wherr you are. In China it has been deployed at scale!
Spooky23 · 4h ago
It probably has, but I have not seen public sources that have reported it.
I’m sure as part of one of our many states of emergency in the United States deployments will be accelerated. NYPD has an extensive camera network in Manhattan that probably does this.
Lammy · 13h ago
The images and video clips are stored for 30 days. The metadata (OCRed plate, and timestamp) are stored forever. Sorry I mean “may be stored indefinitely”.
Source: the privacy policy of the shopping mall near me, who installed these things even before the city did.
stackskipton · 16h ago
Government run ones had limited time due to civil liberties concerns. However, since it’s a private company…
potato3732842 · 14h ago
In some of the Fani Willis court proceedings they dredged up ~10yo cell phone location data like it was nothing about people who weren't relevant enough to warrant special attention 10yr ago.
Jalad · 13h ago
Is that accurate? The Willis proceedings were about events around 2021, so that's only 4 years at best
potato3732842 · 5h ago
They introduced stuff from a really long time ago as evidince of people knowing each other or dealing with each other. Like "you were at X's house then so clearly you knew them" type thing. I don't recall exactly what the context was because the big takeaway was the retention of records.
UPDATE plate_scan SET soft_deleted = 1 WHERE now() - scan_date > 30
closewith · 6h ago
Private ANPR in public spaces is unlawful in the entire EU. The US needs to get a GDPR equivalent to protect basic human rights from corporate surveillance.
manarth · 4h ago
For a given definition of "public".
Driving into a supermarket carpark? Most will have time-limits controlled by private ANPR cameras.
closewith · 3h ago
True, but they can't track vehicles on public roads, and they cannot store or persist the number plates for any other reason then access control.
ge96 · 18h ago
Interesting I had actually considered getting a job there at one point ha... it's like Anduril you know, seems like a cool company but the purpose... Also doubt I'm qualified but yeah.
defsectec · 18h ago
The map of ALPR nodes show that some are installed by "Flock Safety" when you click on a single one and view the details.
So I would assume those two things are directly connected.
Just speculation though. Don't have time to verify currently.
EGreg · 11h ago
They also used to monitor MAC addresses from various wifi access points, the MAC addresses of your computer don’t change. But now I think the vendors started fixing that.
chneu · 10h ago
To be clear, you absolutely can randomize your Mac on most devices nowadays.
extraduder_ire · 8h ago
I think per-AP randomisation of wifi mac has been the default on any mobile device I've checked in the past five years at least. Haven't examined bluetooth as closely.
chneu · 5h ago
It's been the norm on mobile devices for a while. It isn't as normal on desktop but I think most OSes do it nowadays, it might need to be enabled though.
77pt77 · 14h ago
Do you know if they also monitor bluetooth devices?
Like all cars have one and if should be detectable.
Also, most recent cars have DCM which are always sending data, including position to the car maker.
speedgoose · 8h ago
TPMS is also common and detectable.
77pt77 · 33m ago
This is tire pressure monitors for those that don't know.
Didn't even cross my mind...
toomuchtodo · 13h ago
They have Bluetooth hardware but doesn't appear they monitor with it based on available information.
Bluetooth doesn’t have the signal strength beyond 20ft. Even then it requires a handshake pairing to send data as every device shares spectrum.
justinc8687 · 6h ago
Way back in the day (2010), I worked for a company using Bluetooth scanners to measure traffic speeds. We could get about a 500' range with custom hardware.
The real fun part at the time was that every Bluetooth device pretty much was always in pairing mode, and that MACs didn't rotate...
Eventually those both happened, but in ways beyond my comprehension (I worked on the software side), the hardware guys could still pick up the signals to track cars.
GJim · 6h ago
> Bluetooth doesn’t have the signal strength beyond 20ft
Oh dear.
I think you will find a directional antenna can rather increase this by several orders of magnitude.
77pt77 · 32m ago
and 20 feet is not that short.
Those overpass things with cameras and transponders can definitely still pick it up within this range.
Plus like many have written, it's not even difficult to extend that range with cheap hardware.
sodality2 · 13h ago
BLE transmissions go much further last time I experimented with them [0]. However the problem of anonymity comes into play since they frequently generate new MAC addresses.
> since they frequently generate new MAC addresses
This has not been my experience.
77pt77 · 33m ago
I can almost assure you NYC subway does this.
userbinator · 10h ago
I wonder how effective an EMP would be at "sterilising" a vehicle of such trackers. Especially if the vehicle in question has no electronics and uses a mechanically-injected diesel engine.
Lu2025 · 10m ago
The last car without electronics I drove was a Tavria made in Soviet Ukraine 35 years ago. Then dad installed an aftermarket ignition timing chip. You need to go really far back in time to find vehicles without chips.
ehnto · 10h ago
Certainly an interesting thought if you have a very old diesel. I would wonder if all the metal would hamper an EMP pulse that you could safely generate at home.
Diesel's going back 20+ years still have ECUs as well, not to mention the rest of the vehicle's electronics could be at risk. So it would have to be a properly old or unique vehicle.
myself248 · 2h ago
It's an interesting idea. The "obvious" route would be to tear down the vehicle and remove all the ECUs you want to save, then administer the zap. But at that point you probably find the tracker hardware anyway, unless it's really buried in some upholstery or something.
weinzierl · 17h ago
These efforts are commendable, but by and large I think our location data is just a commodity by now and it is best not to assume you can reliably hide your location permanently and reliably without spending a lot of effort.
Not that I'd find that idea pleasant, I just think the ship has sailed.
JohnMakin · 17h ago
This isn't a generic data privacy counter-measure or concern. This is specifically targeted against stalking, which is pretty much one of only a few cases where this kind of thing would be used against you. Specifically the case where the perpetrator will place a device in or on the victim's car.
weinzierl · 16h ago
Sure, but the stalking issue is a subset of the generic data privacy issue or do you believe you can hide from a stalker if everyone else under the sun knows you location. It might be too difficult to use location data brokers for stalking[1] but the whole economy around them makes the app ecosystem weak against location privacy and makes it easy to use a manipulated app for stalking. No special devices needed and certainly no cellular devices needed.
I’m not sure what point you’re really trying to make here. This is a thread about detection methods of an extremely invasive (and rare) method of stalking, which yes is a subset of a data privacy issue. The fact that data brokers can get a lot of location and other data about you is irrelevant to the discussion.
> or do you believe you can hide from a stalker if everyone else under the sun knows you location.
I’m not sure anyone is claiming that the detection methods described in this study are going to make you completely undetectable to any party at all times. Again, not sure what point you’re trying to make here and it feels irrelevant to the larger thread. The original comment seemed to indicate that the article hadn’t been read at all.
timewizard · 15h ago
Knowing where you are is useful.
Knowing where you _aren't_ is equally useful.
I can imagine half a dozen ways to use this data against you in all kinds of settings. Sales, divorce, employment, espionage against your employer, burglary, and basic blackmail.
LorenPechtel · 12h ago
It doesn't necessarily say where you aren't. What if you get in somebody else's car? (Not uncommon for me as we typically carpool to trailheads.)
Jolter · 1h ago
Sure, but if your car is presently driving to the supermarket, it’s a pretty safe bet that you are probably not at your house.
ehnto · 10h ago
That is true for law enforcement, corps and nation states perhaps, but the threat vector here is just regular people who want to track someone. They're not as saavy and don't (usually) have access to the corp/leo/government databases of locating data.
For me it's about car theft, so all I am defending against is what thiefs have access to. If I can detect a scanner popped on a car at a car show before heading back to storage, I am at a huge advantage.
chneu · 10h ago
Real give up attitude. Gosh people have given up.
It isn't that hard, but people are lazy as hell and love convenience.
The security nihilism is thinking you'd need special
hardware to stalk someone, when a malicious app on the victims phone does the job.
anigbrowl · 15h ago
IT's easy to replace a phone, a car not so much
bigiain · 14h ago
Several of my cheapest cars (and quite a few of my cheapest motorcycles) have cost me less than my most expensive phones.
TylerE · 13h ago
Car titles (and thus vehicle transactions) are public record.
roywiggins · 15h ago
I figure it's probably about 1000x easier to gain sufficient access to someone's car to put a tracker on it than their phone
fsflover · 5h ago
The security nihilism is thinking "why try to defend yourself if there are so many attack vectors". Also, my phone has no malicious apps. (It's a GNU/Linux phone.)
striking · 15h ago
Then can you explain why special hardware still keeps showing up in victims' cars?
salawat · 17h ago
That ship is more than capable of being put back in a bottle with enough political will. We just need to come together enough to get the message heard.
BurningFrog · 14h ago
I doubt it. The tech keeps becoming cheaper and easier.
When it's only governments and major corporations that can do something, political will can probably stop it.
When every tech hobbyist with $100 to spare can build their own, I don't know how it can be policed.
weinzierl · 16h ago
Sure. But hardware trackers is the least of our problems. We'd need a hard crackdown on location privacy in mobile operating systems and the app ecosystem. Good luck with mobilizing enough "political will" when the economic interests of a whole industry is affected.
cogman10 · 15h ago
I don't think the economics are a problem. I think it'll be the fed they call in to testify that will shed crocodile tears about how some murdering pedophile was brought to justice using this data.
Very similar to how we lost a ton of civil liberties because shows like 24 bombarded the country with ideas that the only way to stop terrorism was torture.
Unfortunately, a good number of people will happily sacrifice liberties that will be abused simply because it might catch a single bad guy.
GJim · 6h ago
> We'd need a hard crackdown on location privacy ....... Good luck with mobilizing enough "political will"
Genuine LOL
Here we have the GDPR. It works. (Contrary to much tech-bro propaganda spouted on here).
weinzierl · 6h ago
I live in Europe and helped introducing GDPR. It is good at what it was designed for: being a pain for companies that collect data en masse and cannot tolerate the slightest friction (think Facebook).
For everyone it else there are ways. Read about the six legal bases for processing personal data, especially consent and legitimate interest. You will be surprised.
Daviey · 18h ago
Interesting research, but the paper does not address the contribution to the arms race of good vs bad. The criminals will likely use this technique to find legitimate car trackers before stealing the vehicle.
keyringlight · 16h ago
At least for motorbikes, the tactic is to abandon a stolen vehicle for a while after the theft to see if anyone comes for it, then take it to home base. I'd guess it all comes down to how professional an operation you're dealing with, last week a haul was recovered due to a tracker: https://www.bbc.co.uk/news/articles/c1denv9eg6wo
Hilift · 8h ago
There were probably zero arrests from that seizure. There would probably be more seizures if they simply scanned used vehicle VINs going out for export, but there's no resources for that. The whole "export used garbage vehicles to a new home" market is super shady and is a convenient front for theft.
ge96 · 18h ago
If you're lucky your car gets destroyed in a street takeover then insurance gives you a new car (points to head)
edit: on a more serious note, I figure I won't own a nice car till I move somewhere nicer
LorenPechtel · 12h ago
Did you not notice the motion sensor bit? Their technique does not work against a stationary tracker because it's not going to say anything. Thus you can't check out the car before you steal it.
What the bad guys do is steal the car, then leave it somewhere as soon as possible and see if anyone comes for it.
AngryData · 11h ago
I don't think cars should have trackers in them to start with unless the owner specifically puts it in there themselves, so I see this as only good.
Daviey · 8h ago
That's the point, a legitimate tracker, such as personal tracker or fleet tracker for company owned vehicles.
It's usually plugged into your OBD port. If your car has API features, some EV owners have graphed their electricity usage and shown drain/spikes at intervals and led them to find these devices. The consumption from the 12v battery causes the larger EV battery to charge the 12v battery, showing these charging/discharge spikes. There's also sometimes a sticker next to your tire pressure label on the driver's side door mentioning the installation of such a device.
I guess get rid of it if you care to.
Any more info on this?
I've been working with (non-covert!) tracker devices for a project, and use exactly this approach, when stationary the tracker goes into low-power mode and sends position once every 12 hours to preserve battery life. When motion is detected, we send regular updates.
Bluetooth beacons would need to add an accelerometer, but that undermines their use in pinpointing an object at rest.
The cheapest in terms of power consumption is a simple Accelerometer/Gyroscope component. The difference can be months or even years in longer battery runtime compared to GPS.
https://www.gpsworld.com/gps-circle-spoofing-discovered-in-i...
I wonder how easily GPS can be spoofed, locally ...
https://rntfnd.org/2021/10/28/cheap-and-easy-gps-gnss-spoofi...
Seems someone already had the idea:
https://www.reddit.com/r/hardwarehacking/comments/10na5c8/sp...
Don't go spoofing or broadcasting your own GPS signals unless you have a decent legal team behind you.
https://aprs.fi/#!lat=37.25320&lng=-80.43470
https://www.aprs.org/
So that 1979 Ford F150 can be tracked too ;)
You mean like James Bond's rotating license plates ? Got a pointer to this stuff ?
I found video review of $80 in seconds.
There's also videos online of cars flipping it right before they cross a toll by plate.
I would not do this. This is serious fraud and antisocial behavior.
The fact of the matter is that the powers that be can't overtly use the dragnet in the way that the "how dare someone skip a $2 toll" and "muh two ton death machine" crowds would like to see because the other 99.5% of the public will be all "hey WTF" and politicians will pass laws to pander to those people. The dragnet operating powers that be would rather retain the ability to use the dragnet unfettered even in bad ways so they normally reserve its use for "serious" things.
"Retail giant Lowe’s is another customer, according to two former Flock employees and confirmed by the company. Scott Draher, vice president of asset protection at Lowe’s, said in a statement that Flock cameras are “just one example of a multifaceted approach” to combat shoplifting. He declined to comment on how many of its stores have Flock cameras or if it provides camera feeds to law enforcement."
https://ourcommunitynow.com/P/americas-biggest-mall-owner-is...
This stuff started with "drug corridors". Police and Feds can and do track vehicles on the I-95 corridor from Maine (and Plattsburgh to NYC) down to Miami as early as 12 years ago. NYT covered it a few years back -- basically they get multiple LPR hits and are usually able to do facial recognition on front seat passengers. If you driving Florida->NYC and stop for a cheesesteak in Philly, you may get some attention up the road.
There's also a growing network of commercial LPR services. Most tow trucks, many parking garages and some delivery vehicles scan and correlate license plates -- repo guys can find wanted cars in hours these days. Also, most traffic cams are saving 24x7 video with LPR.
I’m sure as part of one of our many states of emergency in the United States deployments will be accelerated. NYPD has an extensive camera network in Manhattan that probably does this.
Source: the privacy policy of the shopping mall near me, who installed these things even before the city did.
https://docs.flocksafety.com/developer-hub/docs/introduction
https://www.flocksafety.com/devices/flock-nova
Driving into a supermarket carpark? Most will have time-limits controlled by private ANPR cameras.
So I would assume those two things are directly connected.
Just speculation though. Don't have time to verify currently.
Like all cars have one and if should be detectable.
Also, most recent cars have DCM which are always sending data, including position to the car maker.
Didn't even cross my mind...
https://www.ryanohoro.com/post/spotting-flock-safety-s-falco...
https://www.cehrp.org/dissection-of-flock-safety-camera/
The real fun part at the time was that every Bluetooth device pretty much was always in pairing mode, and that MACs didn't rotate...
Eventually those both happened, but in ways beyond my comprehension (I worked on the software side), the hardware guys could still pick up the signals to track cars.
Oh dear.
I think you will find a directional antenna can rather increase this by several orders of magnitude.
Those overpass things with cameras and transponders can definitely still pick it up within this range.
Plus like many have written, it's not even difficult to extend that range with cheap hardware.
[0]: https://news.ycombinator.com/item?id=38252566
This has not been my experience.
Diesel's going back 20+ years still have ECUs as well, not to mention the rest of the vehicle's electronics could be at risk. So it would have to be a properly old or unique vehicle.
Not that I'd find that idea pleasant, I just think the ship has sailed.
https://xkcd.com/538/
[1] Even though data brokers have been used to find out the medications of a German MP, for example. https://www.techradar.com/news/even-your-deleted-secret-web-...
> or do you believe you can hide from a stalker if everyone else under the sun knows you location.
I’m not sure anyone is claiming that the detection methods described in this study are going to make you completely undetectable to any party at all times. Again, not sure what point you’re trying to make here and it feels irrelevant to the larger thread. The original comment seemed to indicate that the article hadn’t been read at all.
Knowing where you _aren't_ is equally useful.
I can imagine half a dozen ways to use this data against you in all kinds of settings. Sales, divorce, employment, espionage against your employer, burglary, and basic blackmail.
For me it's about car theft, so all I am defending against is what thiefs have access to. If I can detect a scanner popped on a car at a car show before heading back to storage, I am at a huge advantage.
It isn't that hard, but people are lazy as hell and love convenience.
When it's only governments and major corporations that can do something, political will can probably stop it.
When every tech hobbyist with $100 to spare can build their own, I don't know how it can be policed.
Very similar to how we lost a ton of civil liberties because shows like 24 bombarded the country with ideas that the only way to stop terrorism was torture.
Unfortunately, a good number of people will happily sacrifice liberties that will be abused simply because it might catch a single bad guy.
Genuine LOL
Here we have the GDPR. It works. (Contrary to much tech-bro propaganda spouted on here).
For everyone it else there are ways. Read about the six legal bases for processing personal data, especially consent and legitimate interest. You will be surprised.
edit: on a more serious note, I figure I won't own a nice car till I move somewhere nicer
What the bad guys do is steal the car, then leave it somewhere as soon as possible and see if anyone comes for it.