Bad news: your car is a spy!
New internet-connected models of every major car brand have rejected Mozilla's privacy and security tests.
That's what new findings from the Mozilla *Privacy Not Included project show. The nonprofit organization found that every major car brand fails to adhere to the most basic privacy and security standards in new internet-connected models, and all 25 brands examined by Mozilla passed the organization's test. Mozilla found brands such as BMW, Ford, Toyota, Tesla and Subaru collect data on drivers, including race, facial expressions, weight, health information and where you drive. Some of the cars tested collected data you wouldn't expect your car to know about, including details about activity sexual, race and immigration status, according to Mozilla.
"Many people think of their car as a private space - somewhere to call your doctor, have a personal conversation with your child on the way to school, cry about a breakup, or drive places you might not want to make them aware of. know about," said Jen Caltrider, program director of the *Privacy Not Included project, in a press release. "But that perception no longer matches reality. All of today's new cars are privacy nightmares on wheels that collect huge amounts of personal information."
Modern cars use a variety of data collection tools, including microphones, cameras and phones connected by drivers to their cars. Manufacturers also collect data through their apps and websites and then may sell or share that data with third parties.
The worst "offender" was Nissan, Mozilla said. The carmaker's privacy policy suggests that the manufacturer collects information including sexual activity, diagnostic health data and genetic data, although there are no details on how exactly this data is collected. Nissan reserves the right to share and sell "preferences, characteristics, psychological tendencies, predispositions, behavior, attitudes, intelligence, skills and aptitudes" to data brokers, law enforcement and other third parties.
"When we collect or share personal data, we comply with all applicable laws and provide the utmost transparency," said Lloryn Love-Carter, Nissan spokesperson. "Nissan's privacy policy incorporates a broad definition of personal information and sensitive personal information, as expressly listed in the growing patchwork of evolving privacy laws, and includes the types of data we may receive through inadvertent means."
Other brands have not fared much better. Volkswagen, for example, collects your driving behaviors like seatbelt and braking habits and links them to details like age and gender for targeted advertising. Kia's privacy policy reserves the right to monitor your "sex life," and Mercedes-Benz ships cars with TikTok pre-installed on the infotainment system, an app that has its own slew of privacy issues.
"BMW USA provides our customers with comprehensive data privacy notices regarding the collection of their personal information. For individual control, BMW USA allows vehicle drivers to make granular choices about the collection and processing of their personal information," said Phil DiIanni, BMW spokesperson. DiIanni said BMW has not reviewed the study, but said "BMW USA does not sell our customers' personal information in the vehicle" and the company takes "comprehensive measures to protect our customers' data."
Mercedes-Benz spokesperson Andrea Berg declined to comment because the company has not reviewed the study, but Berg said the MercedesMe Connect app offers users privacy settings and the ability to opt out of certain services. Gizmodo contacted the other manufacturers named in the story, but none immediately offered comment.
Privacy and security issues extend beyond the nature of the car companies' data . Mozilla said it could not determine whether the brands encrypt the data they collect, and only Mercedes-Benz responded to the organization's questions.
Brian Weiss, spokesperson for the Alliance for Auto Innovation, distributed a link to a letter the organization wrote to Congress about its privacy principles. Those principles "are in effect today and are enforceable by the Federal Trade Commission," Weiss said.
Consent questions are essentially a joke too. Subaru, for example, says that by being a passenger in the car, you are considered a "user" who has given the company consent to collect information about you. Mozilla said a number of car brands say it's the responsibility of drivers to inform passengers about their car's privacy policies - as if privacy policies are meant for drivers in the first place. Toyota, for example, has a constellation of 12 different privacy policies for your reading pleasure.
Original source:https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416
EN 
RO 
IT 
ES 
FR