Mozilla: cars track even sexual activity, sell user data to third parties

Last updated: 15 November 2023
car infotainment
Image by Shutterstock.

You have no privacy in your car, Mozilla has concluded after testing vehicles from 25 manufacturers. Cameras, microphones, and sensors capture your every move in a privacy nightmare, with all cars failing to comply with data protection. Some were even found spying on the sex life of their owners.

Dubbed “the worst product category we have ever reviewed for privacy,” cars seem to be spying machines, continuously extracting and selling user data. Mozilla's *Privacy Not Included' shopping guide put warning labels on all 25 reviewed car brands, as they “are terrible at privacy and security.”

“That’s right: every car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you,” reviewers warn.

ADVERTISEMENT

They even combined a 17-page list of the kind of data that car-makers can collect. It starts with:

  • Name
  • Address
  • Phone number
  • Email
  • Age
  • Date of birth
  • Demographic data
  • Protected classification information
  • Location
  • Payment information
  • Credit/debit card numbers and financial accounts
  • Lease/financing terms
  • Purchase history
  • Passport and social security numbers
  • Driver’s license number
  • IP addresses

Then, the list takes an altogether creepier turn, including highly personal data such as: sex life or sexual orientation information, health diagnosis data, genetic information, various biometrics such as face and fingerprints, biological and physical characteristics, voiceprints, sleep data, religion, exercise data, and immigration status.

“They can collect super intimate information about you – from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car – in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests,” the Mozilla team writes.

Most car-makers, 84%, share or sell user data with data brokers, service providers, and others. If law enforcement is interested in your activities, 56% of car companies will share the data to a request without a court order.

In many cases (92%), drivers have little to no control over their data, as only two brands, Renault and Dacia, said that drivers have the right to delete their personal data. Those cars are only available in Europe, under the protection of the General Data Protection Regulation (GDPR).

“It’s so strange to us that dating apps and sex toys publish more detailed security information than cars,” researchers write, adding that they couldn’t find confirmation that any of the brands meet their Minimum Security Standards.

It’s also unclear whether any car even encrypts the data that stays in the car.

ADVERTISEMENT

Tesla failed at each of the five possible categories, such as data use, data control, track record, security, and AI, due to the “untrustworthy AI.”

Nissan’s interest in users' “sexual activity” is included in the privacy policy. This brand earned the second-to-last spot due to collecting some of the creepiest categories of data and reserving the right to share or sell it.

Kia's privacy policy also includes collecting “sex life” information. Six car companies reserved the right to collect genetic information. VW, amongst basic personal details, is interested in driving behavior. Audi knows a ton about drivers and their habits, visited locations, streaming music, or how fast they drive, and states that they can share and even sell that data to third parties.

Mozilla’s researchers could not recommend a single car brand for users who are worried about their privacy and data security. There’s little that drivers can do to mitigate modern cars’ invasive behavior.

“Subaru’s privacy policy says that even passengers of a car that uses connected services have “consented” to allow them to use – and maybe even sell – their personal information just by being inside,” researchers provided one example.

Tesla allows drivers to opt out of data collection. However, doing so may leave the vehicle no longer usable.

Here’s a quote from Tesla’s Customer privacy notice:

“If you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle, please contact us to deactivate connectivity. Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, internet radio, voice commands, and web browser functionality rely on such connectivity. If you choose to opt out of vehicle data collection (with the exception of in-car Data Sharing preferences), we will not be able to know or notify you of issues applicable to your vehicle in real time. This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”

Due to the poor results, Mozilla started a petition asking car companies to stop their unparalleled data collection programs.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Jensen Huang’s quantum pivot: when tech leaders admit they’re wrong
Meta AI rolling out in Europe in the coming weeks
“They’re still sulking about the EU switching to USB C:” users react to Apple’s next iPhone plans
Rooting Android invites hackers: up to 3,000 times more vulnerable
Phishing campaign shifts focus to Macs after browsers enhance security on Windows
Links to the “free” TradingView version hide crypto-stealing malware on Reddit
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked