You have no privacy in your car, Mozilla has concluded after testing vehicles from 25 manufacturers. Cameras, microphones, and sensors capture your every move in a privacy nightmare, with all cars failing to comply with data protection. Some were even found spying on the sex life of their owners.
Dubbed “the worst product category we have ever reviewed for privacy,” cars seem to be spying machines, continuously extracting and selling user data. Mozilla's *Privacy Not Included' shopping guide put warning labels on all 25 reviewed car brands, as they “are terrible at privacy and security.”
“That’s right: every car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you,” reviewers warn.
They even combined a 17-page list of the kind of data that car-makers can collect. It starts with:
- Phone number
- Date of birth
- Demographic data
- Protected classification information
- Payment information
- Credit/debit card numbers and financial accounts
- Lease/financing terms
- Purchase history
- Passport and social security numbers
- Driver’s license number
- IP addresses
Then, the list takes an altogether creepier turn, including highly personal data such as: sex life or sexual orientation information, health diagnosis data, genetic information, various biometrics such as face and fingerprints, biological and physical characteristics, voiceprints, sleep data, religion, exercise data, and immigration status.
“They can collect super intimate information about you – from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car – in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests,” the Mozilla team writes.
Most car-makers, 84%, share or sell user data with data brokers, service providers, and others. If law enforcement is interested in your activities, 56% of car companies will share the data to a request without a court order.
In many cases (92%), drivers have little to no control over their data, as only two brands, Renault and Dacia, said that drivers have the right to delete their personal data. Those cars are only available in Europe, under the protection of the General Data Protection Regulation (GDPR).
“It’s so strange to us that dating apps and sex toys publish more detailed security information than cars,” researchers write, adding that they couldn’t find confirmation that any of the brands meet their Minimum Security Standards.
It’s also unclear whether any car even encrypts the data that stays in the car.
Tesla failed at each of the five possible categories, such as data use, data control, track record, security, and AI, due to the “untrustworthy AI.”
Mozilla’s researchers could not recommend a single car brand for users who are worried about their privacy and data security. There’s little that drivers can do to mitigate modern cars’ invasive behavior.
Tesla allows drivers to opt out of data collection. However, doing so may leave the vehicle no longer usable.
Here’s a quote from Tesla’s Customer privacy notice:
“If you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle, please contact us to deactivate connectivity. Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, internet radio, voice commands, and web browser functionality rely on such connectivity. If you choose to opt out of vehicle data collection (with the exception of in-car Data Sharing preferences), we will not be able to know or notify you of issues applicable to your vehicle in real time. This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”
Due to the poor results, Mozilla started a petition asking car companies to stop their unparalleled data collection programs.
More from Cybernews:
Subscribe to our newsletter