Each Tesla car produces a wealth of data that can be accessed by the owner. There are a number of ways to capture this information and use it to produce statistics for your car. There are however some important considerations when doing this, the most important being security as providing any 3rd party with your Tesla email address and password, or to a lesser but still significant degree, your Tesla Token is a potential security risk.
We run through the different options and help you get started with each of these approaches.
Before we go into the different options it is worth explaining a little about how all these systems work. Your Tesla app uses an API to connect your phone, via the internet, to Tesla servers which in turn connect to your car. This API has been hacked (maybe deciphered is a better word) and this enables the car to be interrogated by mimicking the messages the official app sends to the car.
For the API to work and determine which car you want the data for, you need to send, via the API, certain details to identify your account and the car.
All commands simply require a API Token and a car ID, and the token expires about every 6 weeks. You'd think that your exposure is therefore no longer that 6 weeks, however many Apps don't like you simply providing the token and prefer you to provide your Tesla account email address and password or Refresh Token, a special token that does not expire.
Your email address and password has some protection if you have MFA enabled, however if you do not, they have access to your online Tesla account as well as the car, irrespective, they will generate a refresh token to continually be able to access the car.
The refresh token does not give access to the online tesla account, but does give limitless access to the cars on the account, including locating the car, opening it, and driving it.
We feel this is a potential security risk as your security is now only as good as their security, and other than any recommendations of an App on the internet you may have seen, and what they may say, do you really know how good their security is?
We've mentioned it but we're saying it again because we think it is very important. Understanding the security weaknesses is VERY important and why we make the recommendations we do.
Tesla introduced optional multi factor authentication in late 2020 which only helps with the use of the Tesla account email and passord, but once you share your token with a 3rd party app, you are still giving access to your car. And the tokens they have will not expire unless you change your main account password. What we feel would be a better solution is if Tesla sent you a notification whenever your token or Tesla email account was used from a new device. You would be able to see if the details were being used without permission. This, however, would require Tesla to acknowledge and effectively approve the use of their API to third parties.
The consequence here is any 3rd party that is given any of your details have potentially the same access as you do. Because of the demand for some of these third party features such as Apple shortcuts, we have developed our own Tesla API token and API interface which uses Teslas own webpages to generate a short lived intermediate token from which we can generate the refresh token. This at least provides some protection from revealing your email address and password. We also do not store tokens on our servers, but you only have our word for that.
There are broadly 3 different types of data loggers
Online data loggers such as Teslafi, ask you to log into their systems and provide your details. There are a number of options that you can configure regarding sleep, units, etc and this has become a popular option. Teslafi use the collected information (your information) and use this in a number of ways including generating notifications when new software updates have been detected. They also try to pool data to show degradation and charge rates across a number of similar cars. While some of these features may be beneficial to some, the security concerns we have raised regarding the limitations of the Tesla API mean we can not recommend this approach. Teslafi do claim to take a number of reasonable steps to protect the data however we believe the fundamental issue is Teslas security over which they have no control and the other options we recommend are safer and give the owner more control, although a little harder to set up.
Our view is the same for ALL web hosted services or applications that request your Tesla login details or token, we only mention Teslafi as it is the best known. The more popular a 3rd party facility is, the greater a target they are for any hacker as success will yield more details. Tesla have enforeced password changes which will invalidate all existing tokens, and we suspect this was done due to a breach has being detected in the past, although it is unkown which 3rd party that may have been.
The primary advantage such a service provides is that you simply need to create an account and log in.
The second option is a locally hosted service. This means the service is run on your own hardware and you have complete control over the device. Your security is as good as your own local security.
While a locally hosted service sounds complex and expensive, it need not be. These options can be run standalone on something like a Raspberry Pi which costs about the same as an annual subscription to Teslafi. The install can be performed in under 15 mins following a simple set of instructions using Docker, which is a standard approach hosting such applications. Alternatively you may already have existing hardware which is suitable such as a Network attached storage (NAS) or any other computer systems that supports Docker, in which case the option is free.
The two most common loggers are TeslaMate and TeslaLogger which share their origins. The two are very similar although we currently feel TeslaMate is easier to get going while TeslaLogger has more extensive options such as the ability to combine API data with that collected from within the car by apps such as scanmytesla.
The primary advantage of this approach is the security, plus the ability to develop your own dashboards as the data is locally available to you. You can also combine these systems with home automation type software running locally and so these provide a platform for wider integration. The software is held on github and open to scrutiny which allows independant develoeprs to review the code and highlight any backdoor security weaknesses or faults. A second advantage of locally hosted solutions is that 3rd party hackers would need to know to target you. As such, it would be an incredibly speculative attack to both single you out for an attack and go looking for an instance of Teslamate by somebody interested in your Tesla.
One quick tip for Teslamate is to geofence your home location and set the cost of your electricity, this will enable home charging costs to be automatically calculated for you.
Because of the nature of the locally hosted options which run inside an application called Docker, these can be configured anywhere a Docker environment is available, including on a cloud server. Cloud services vary in price but can be had for relatively small amounts of money on a subscription basis, and for those who already have access to a suitable web hosting package the incremental cost could be negligible.
The disadvantages of the cloud environment are largely the same as for a hosted environment, however we believe the risks are smaller on a personal environment as malicious activity is more likely to be focused on sites with many users data.
The advantage of the cloud hosted is you can leave it running, you have no need for a local web connection 24/7 and access to the reports while out and about are slightly easier. Our preference however would be the locally hosted solution as for most people the advantages of home integration or a trial and error approach on a local Raspberry Pi is more fun and more secure.
In car data logging by monitoring the cars canbus is a fairly specialist activity and of a different order of complexity to perform.
The advantages are primarily the depth of information that can be extracted. This can be instantaneous power output, speed, a variety of temperatures from different components, individual battery cell voltages and so on. For some, this type of information is fantastic, especially if they are trying to trouble shoot an issue. For others is just curiosity and they enjoy the challenge of setting the car up and actually obtaining the data even if there's little meaningful benefit of doing so,
To do so you need to buy a canbus adapter cable to ODBC, and an ODBC transmitter. These are fairly readily available although you need to ensure you get the correct canbus connector for your age and model of car. Access on the MS and MX is relatively easy through the removal of a small trim part beneath the large screen.
To make sense of the data stream software such as Scanmytesla is required which will translate all the various data codes into more meaningful dashboards and reports for the owner. As mentioned above, scanmytesla data can also be combined with teslalogger to mix the real time data streams and the broader data available via the API to give a more comprehensive view of the car, although the configuration of such a setup is not trivial.
Ways you can support tesla-info