Researchers Find Cars Serious Privacy Threat

By Sean Tucker 09/06/2023 8:11am

A car owner uses a smartphone app to unlock their carToday’s cars are data-gathering machines, and as they track your driving habits, store your credit card numbers, and record everywhere you go, they don’t do much to protect your privacy, according to a new report. Privacy researchers from the Mozilla Foundation researched how 25 car brands protect owners’ privacy and found “cars the official worst category of products for privacy that [they have] ever reviewed.”

What Is the Mozilla Foundation?

The Mozilla Foundation is a nonprofit organization dedicated to ensuring “the internet remains a public resource that is open and accessible to us all.” Their *Privacy Not Included reports examine how various tech-related industries handle user privacy.

Every Car Brand Earned a Warning Label

Foundation researchers looked at cars for the first time this year, concluding, “Modern cars are a privacy nightmare.” Every brand the researchers examined earned the foundation’s *Privacy Not Included warning label.

Related: Cars of the Future Will Likely Be More Vulnerable to Hacking

Why? Researchers found that every brand of car they reviewed “collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you.”

Almost All Automakers Can Sell Data

Virtually every car for sale in 2023 interacts with a driver’s cell phone. That means cars often have access to contact lists and other data you might not associate with driving.

Eighty-four percent of the brands the foundation researched reserve the right to share the data they gather. Seventy-six percent reserve the right to sell it.

Only two give owners the right to have their personal data deleted. Those two – Renault and Dacia – don’t sell cars in the U.S.

Very Little Data May Be Encrypted

Automakers also make it difficult for privacy researchers to learn how data is used. The foundation writes, “Our main concern is that we can’t tell whether any of the cars encrypt all of the personal information” cars store, and most didn’t respond to requests for clarification.

Tesla, Nissan Score Worst

Though every brand received the formal demerit of a privacy warning, some performed worse than others. The foundation notes that “Tesla is only the second product we have ever reviewed to receive all of our privacy ‘dings.’” The brand’s partial automation Autopilot system was “reportedly involved in 17 deaths and 736 crashes and is currently the subject of multiple government investigations.”

Nissan took the ignominious silver as the second-worst car company for privacy. Disturbingly, the researchers note that, in the company’s privacy notice, “They come right out and say they can collect and share your sexual activity, health diagnosis data, and genetic information and other sensitive personal information for targeted marketing purposes. We absolutely aren’t making that up.”

Six companies, in total, list genetic information among the categories of data they may collect.

No Consent Required

Don’t remember signing a privacy policy when you bought your car? That’s because, the foundation explains, “Often, they ignore your consent. Sometimes, they assume it. Car companies do that by assuming that you have read and agreed to their policies before you step foot in their cars.

Related: Hackers Show How to Unlock Start Cars Remotely

Subaru’s policy even specifies that passengers consent to data collection by entering the car.

Recommendations to Protect Your Data

The researchers include recommendations on how owners can protect themselves in each of the 25 separate reports they’ve published on automakers. They often include opting out of data sharing in any connected apps automakers provide, using your phone’s privacy settings to limit what information it shares with the car, and notifying the automaker if you sell your car.

But the report notes, “Many people have lifestyles that require driving. So unlike a smart faucet or voice assistant, you don’t have the same freedom to opt out of the whole thing and not drive a car.”

So the organization has started a petition asking automakers “to respect drivers’ privacy and to stop collecting, sharing and selling our very personal information.”