Mozilla: Modern Cars Are A Privacy Shitshow (original) (raw)

from the the-lowest-standards-humanly-possible dept

Mozilla’s latest *Privacy Not Included report isn’t subtle when it comes to calling out the shortcomings of modern, internet-connected vehicles:

All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.

After studying vehicle systems for over 600 hours, Mozilla unsurprisingly found that modern vehicle makers collect way more data on you than they’d ever realistically need to develop useful products, including detailed location data, personal identifiers, data on your sex life (seriously), medical information, income, demographic data, and more:

Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.”

They had to write an entirely separate report on the data vehicles glean from being connected to your phone, which, as we’ve detailed, is its own special privacy nightmare (see their report on mental health apps).

Mozilla then found that 86 percent of car makers then bundle up that data and sell it to a wide assortment of barely regulated data brokers and nitwits, often leaning heavily on the long useless claim that this sort of data trafficking is ok because the data has been “anonymized” (a gibberish term).

None of the carmakers were transparent as to encryption and security practices. 92 percent of carmakers gave users no control over their own data (just two manufacturers owned by the same company, Renault and Dacia, even suggested that should be possible). Mozilla also found that all vehicles have a comically broad definition of “consent” when it comes to user approval of data collection (as in, there really isn’t any, and it’s buried under the usually over-long privacy policies nobody reads).

Again, none of this should be surprising. The United States has proven to be too greedy and corrupt to pass even a baseline privacy law for the internet era, or to even vaguely attempt to regulate data brokers. The U.S. government has also grown fat and comfortable buying access to this over-collected data as an end-around for traditional warrants.

At some point there will be a privacy scandal so grotesque (potentially including mass fatalities or national security) that Congress will be forced to act. Until then, we’re just going to keep rumbling down the same doomed road as every last fart is documented and monetized in ridiculous detail.

Filed Under: cars, consumers, data, data collection, location data, privacy, surveillance, vehicles, warrants
Companies: kia, mozilla, nissan