A comprehensive data privacy assessment of 25 major automakers’ vehicle tech deems cars “the official worst category of products for privacy” that the Mozilla Foundation has ever reviewed. For a bit of context here, every car company analyzed by Mozilla’s security experts failed crucial benchmark safeguards, compared to 63 percent of mental health apps they reviewed this year (which often come with their own serious security risks).
“While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” Mozilla’s researchers explained in their findings announcement earlier this week. Because of this, they warn, vehicles’ “brag-worthy bells and whistles” now possess “an unmatched power to watch, listen, and collect information about what you do and where you go in your car.”
The companies boasting abysmal ratings include pretty much any automaker you can imagine—including Ford, Subaru, Jeep, BMW, Honda, Acura, Chevy, and Nissan, among others—with Tesla ranked dead last on the list. According to the experts, nearly 85 percent of surveyed automakers “share” car owners’ data to data brokers and other businesses. In total,19 of the 25 companies actually sell your personal data to third-parties, while over 55 percent of the carmakers’ Privacy Policies allow them to share your information to government and law enforcement authorities. Such data deliveries can be facilitated via a simple “request” instead of a legal warrant or court order.
[Related: Mental wellness apps are basically the Wild West of therapy.]
In an email provided to PopSci, a Kia spokesperson explains, “The privacy of consumers is important to Kia… Whether certain information is collected by us depends on the context in which a consumer interacts with us,” before clarifying that, “Kia does not and has never collected ‘sex life or sexual orientation’ information from vehicles or consumers in the context of providing the Kia Connect Services.”
A spokesperson for Nissan tells PopSci the company complies “with all applicable laws and provide[s] the utmost transparency,” while stating “Nissan does not knowingly collect or disclose consumer information on sexual activity or sexual orientation.”
What’s particularly infuriating these findings is that, as Mozilla explains, there simply isn’t much everyday car owners can do about it. Each individualized review of the 25 carmakers includes a section entitled “Tips to protect yourself,” which includes suggestions such as to avoid using a car’s app and limiting its permissions on your phone.
“But compared to all the data collection you can’t control, these steps feel like tiny drops in a massive bucket,” concedes Mozilla researchers. In response, the Mozilla Foundation has launched a petition asking companies to overhaul their massive, apparently unparalleled data collection programs.
Update 9/07/23 1:26 PM: This article now includes statements from both Kia and Nissan.