Three days left! Support our fundraiser by January 5th and 
Mozilla: Modern Cars Are A Privacy Shitshow
from the the-lowest-standards-humanly-possible dept
Mozilla’s latest *Privacy Not Included report isn’t subtle when it comes to calling out the shortcomings of modern, internet-connected vehicles:
All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.
After studying vehicle systems for over 600 hours, Mozilla unsurprisingly found that modern vehicle makers collect way more data on you than they’d ever realistically need to develop useful products, including detailed location data, personal identifiers, data on your sex life (seriously), medical information, income, demographic data, and more:
Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.”
They had to write an entirely separate report on the data vehicles glean from being connected to your phone, which, as we’ve detailed, is its own special privacy nightmare (see their report on mental health apps).
Mozilla then found that 86 percent of car makers then bundle up that data and sell it to a wide assortment of barely regulated data brokers and nitwits, often leaning heavily on the long useless claim that this sort of data trafficking is ok because the data has been “anonymized” (a gibberish term).
None of the carmakers were transparent as to encryption and security practices. 92 percent of carmakers gave users no control over their own data (just two manufacturers owned by the same company, Renault and Dacia, even suggested that should be possible). Mozilla also found that all vehicles have a comically broad definition of “consent” when it comes to user approval of data collection (as in, there really isn’t any, and it’s buried under the usually over-long privacy policies nobody reads).
Again, none of this should be surprising. The United States has proven to be too greedy and corrupt to pass even a baseline privacy law for the internet era, or to even vaguely attempt to regulate data brokers. The U.S. government has also grown fat and comfortable buying access to this over-collected data as an end-around for traditional warrants.
At some point there will be a privacy scandal so grotesque (potentially including mass fatalities or national security) that Congress will be forced to act. Until then, we’re just going to keep rumbling down the same doomed road as every last fart is documented and monetized in ridiculous detail.
Filed Under: cars, consumers, data, data collection, location data, privacy, surveillance, vehicles, warrants
Companies: kia, mozilla, nissan
Comments on “Mozilla: Modern Cars Are A Privacy Shitshow”
Stellantis is completely missing from the table.
Re: Are you certain?
I see Jeep, Ram, Chrysler in the main list from Mozilla. Those are all brands from that company.
How? Do they have a team swabbing your seats for DNA samples whenever you take the car in for service?
Re:
When they figure out how, it’s already provided for in the TOS.
Re:
Simple – they’ll simply look in your phone, where you’ve been visiting familysearch.org, family tree.com and/or ancestry.com. If you’ve signed up for at least one of those sites, chances are pretty good that you’ve sent them a DNA swab from some kit, just to see if Wild Bill Hickok really is one of your ancestors. You know, like your great uncle keeps insisting.
The used vehicle market might see an uptick?
Re:
No, because 99% of car buyers have no idea about this. Plus, how old will your used car need to be to avoid this problem? It would be a buyer’s research nightmare to find out for sure. And how many modern features are most people willing to sacrifice in the process?
“The United States has proven to be too greedy and corrupt”
That is a built in feature, enshrined into law via the Citizens United decision.
Crazy idea….maybe don’t connect your phone to the car?
Oh but you will miss out on all of these things…
and?
I had cassette when everyone else had cd, i survived.
I still had cassette when everyone else was hooking up their ipod, i survived.
I wonder if we can get those great minds who created the little annoy-o-bots (you hide it, it randomly chirps & makes noises driving people crazy) and tv-be-gone to build a fake phone to flood the datastream with crap.
The government isn’t gonna save us, companies will keep trying to get more out of us, so lets inject some agent orange into their forest of data collection.
Once you introduce the idea that consumers can and will fight back by feeding an endless stream of crap, what is that going to do to the value of the data?
Especially since the poison can be made to look like delicious real data, don’t have to feed easy to spot wildly crazy data they could try to filter.
How much more entertaining can it be than seeing something open sourced that protects your data & can give you access to the features safely?
Heh a bluetooth condom, don’t drive without one!
The price of the cars never reflect how much they project they are going to make over the life of the car by selling our data, so lets remind them their business is building cars not creating a revenue stream based on spying on consumers.
No one else is gonna save us from this, so its time to poison the feed to see if we can kill the damn thing.
Re:
Any bets that there’s a car manufacturer building in functionality to interrogate non-connected phones? Even with Bluetooth turned off (doing it by cell site spoofing)?
It kind of destroys the functionality of a communication device if I have to keep it in a Faraday shield all the time.
Re: Re:
So don’t cage the phone, instead put a Faraday cage around the entire car. That’ll keep it from phoning home no matter what method it wants to use.
More practically, find and excise the modem/radio setup that’s phoning home. Either remove it, remove the power to it (probably easier), or failing all else, put a cage around that part of the car. Not so easy, but then again, privacy is something that needs work, as the governments and corps of the world can no longer be trusted. Not. At. All.
And for fuck’s sake, how long have we known for a fact that anyone can drive up along side of a Jeep, and using simple tools, cause the Jeep to slam on it’s brakes, even at 60 or 70 MPH… That alone should’ve set the government to working on both privacy and car manufacturing safety standards, but as noted above: …greedy and corrupt – that tells us everything we need to know about the current state of government.
And my friends wonder why I keep saying I’m living in the wrong century.
Re:
in addition ..
It is entirely possible that after sale of said vehicle, one could get targeted advertising and other nasties based upon the habits and travels of whomever bought the junker.
Re:
If you don’t connect your phone to your car, that significantly reduces the amount of data it can collect about you, but not to zero. It won’t have access to the data that’s on your phone, but it’ll still know where you’re going and when, how you interact with the entertainment system, etc.
Not connecting your phone also doesn’t mean the car can’t phone home and send that data back to the manufacturer. Per Ars Technica:
Re: Re:
I’d tell ’em “No thanks, don’t bother to schedule any emergencies for me, I can do that without your help.”
IOW, they wanted to beat the USA in the surveillance sweepstakes. So far, it looks like their running neck-and-neck with us.
Re:
1) This is an extremely low bar. 2) We shouldn’t be forced to choose between privacy and functionality.
Re: Re:
And yet here we are.
We can bend over and take it or we can try fighting back.
It’s so damn surreal that privacy will soon be a selling point for cars.
This is why I removed the cell modem from my EV and never connected my phone. It periodically nags me to connect to Wifi. Fuck that.
My next car.
Crank down windows.
No radio, as I can get my Own.
Manual transmission/Stick
And if possible, Mechanical pump.
You can Kick start this thing, and Go with Just Fuel.
My Next Car
I think my next car is going to be an analog antique.
My other car is a ’62 Dodge
telematics have their own cellular modems
ahoy,
not connecting one’s car to a phone’s bluetooth isn’t going to protect privacy on mid class+ vehicles. True Kia and Hyundia vehicles will store all your secrets until a fool connects bluetooth yet any vehicle with OnStar, CarNET, etc will have it’s own cellular modem within the telematics module. Its a sorta private network meaning these cars have a 9 digit phone number and it is impossible to dial a 9 digit number from our 10 digit PSTN. However, these cars are able to dial 10 digit numbers and also send SMS messages to 10 digit numbers. For example, drive a VAG vehicle over 100mpr and your car will send a SMS containing all your current travel stats (gps, compas heading, etc) to corporate office.
If one has the ability, just completely remove the telematics module from your vehicle. Its fairly easy in all VAG vehicles (VW/Audi/etc) without sacraficing speakerphone and other bluetooth/infotainment features. Does require jumpering some of the pins on telematic module plug (wiring harness side) & some basic programming changes to the CAN bus gateway controller (so the vehicle doesn’t bitch about having the telematics module disco’d).
G
One way is to remove the “accesrotyt” fuse
Anything that goes on or off with the key goes through this fuse
Remove it, and the devices that go on and off with the key will no longer run.
That is why, for example, GPS based mileage tax will never work. Just pull out the oaccessory fuse or fuses and the tracking device will no no longer work, and it will look like a malfunction and they would never be the wiser.