I assume it has to be enabled with physical access to the vehicle, though I don't know this for certain. If they can turn it on remotely, then yeah, that's definitely bad.

I am still unclear, were these diagnostics being sent to a tesla server somewhere or was this information hardlined post review? Source?

Also, how is this bad anyway? Google probably has this information already, if not google, your phone's carrier definitely does.

The more people that track your movements, the more potential for security breaches or malicious use.

I trust Tesla a lot more than I trust Google, Facebook, ISP's, or the banks, and they know everything there is to know about me.

I do understand what you are saying (perhaps more than most people), I guess we just differ in opinion about how much it matters.

I've been arguing about this article on another forum, and have been looking closely at how Musk is interpreting his own data - and he's being loose and fancy-free with it (both sides have engaged in embellishment, it seems). As a result, I don't think he's a shining bastion of honesty - I wouldn't trust Tesla any more than any other entity.