New research by Mozilla has uncovered a potentially grave threat facing millions of consumers globally, in a market that many might have thought would never previously have been affected.
The automotive industry has been undergoing a vast transformation over the past decade, and the electrification of many vehicles has brought significant improvements to the way we communicate with vehicles – at a cost.
In order for cars to collect the data they require to operate advanced driver safety features, sometimes tens of sensors may be deployed. Connecting these to the Internet, Mozilla says, has made cars “the worst product category we have ever reviewed for privacy.”
Is your car spying on you?
Mozilla’s crack team of researchers delved into 25 major manufacturers, awarding every single one of them its “Privacy Not Included” label – in other words, slating them for their poor practices.
The study found that all 25 collected more data than was necessary, including usage patterns, connected services and car apps, and even from third parties like Google Maps. Most of them (84%) then go on to sell this data, with three-quarters (76%) including personal data, however only two of them gave users any control over their personal data: namely, Renault and Dacia (which are part of the same company).
The study focussed on the following brands specifically, however it implies a stark reality that all manufacturers are just as bad thanks in part to the fact that car buyers tend not to focus on (or even consider) privacy when buying a new set of wheels. The 25 manufacturers have been grouped here in accordance with parent companies and alliances whereby models produced under different names share parts:
- Acura and Honda
- Audi and Volkswagen
- BMW
- Buick, Cadillac, Chevrolet, and GMC
- Chrysler, Fiat, Jeep, and Dodge
- Dacia, Nissan, and Renault
- Ford and Lincoln
- Hyundai and Kia
- Lexus and Toyota
- Mercedes
- Subaru
- Tesla
To make matters worse, the steps drivers can take to minimize impact are frankly nonexistent, with it either being impossible to opt out of certain elements or where doing so will disable key parts of the car.
We contacted all 25 manufacturers to comment on Mozilla’s findings and to discuss whether privacy may be a key area of interest for them moving forward. Any replies will be posted here:
A GM spokesperson told us on behalf of Buick, Cadillac, Chevrolet, and GMC: “We are not providing comment on the research. GM takes data privacy very seriously and are committed to safeguarding personal information. For every GM vehicle, before any connected vehicle services are activated and before any data is ever collected, the vehicle owner must accept the OnStar Terms & Conditions and Privacy Statement. These detail our data practices and are available online for consumers to review before they even walk into a dealership.”
Nissan told us that the company’s privacy policy is written to comply with federal and state laws, and that it has clear methods for consumers to opt out of data collection. The car maker denied knowingly collecting or disclosing consumer information on sexual activity or sexual orientation in response to Mozilla’s allegations, adding: “Nissan takes privacy and data protection for our consumers and employees very seriously. When we do collect or share personal data, we comply with all applicable laws and provide the utmost transparency. Nissan North America’s Privacy Policy incorporates a broad definition of Personal Information and Sensitive Personal Information, as expressly listed in the growing patchwork of evolving state privacy laws in the U.S., and is inclusive of types of data it may receive through incidental means.”
More from TechRadarPro
- Protect yourself against attacks with the best endpoint protection software and best firewalls
- You might soon be able to do a Zoom call in your Tesla
- An unpatchable AMD chip flaw is jailbreaking Tesla cars