This SUCKS: ‘Cars Are a Privacy Nightmare,’ Mozilla Fumes
Own a car? Care about your privacy? Mozilla Foundation has bad news for you.
All 25 of the most popular car brands collect your personal data. They probably share and/or sell it, they don’t keep it secure—and good luck opting out. The “*Privacy Not Included” team at The Mozilla Foundation are horrified at what they’ve found.
And you will be, too. In today’s SB Blogwatch, we drive the point home.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: P.111.
IoT Cars Considered Harmful
What’s the craic? Frank Bajak reports—“Carmakers are failing the privacy test”:
“Concerns”
Cars are getting an “F” in data privacy. Most major manufacturers admit they may be selling your personal information, a new study finds. … The proliferation of sensors in automobiles — from telematics to fully digitized control consoles — has made them prodigious data-collection hubs.
…
Not one of the 25 car brands whose privacy notices were reviewed — chosen for their popularity in Europe and North America — met the minimum privacy standards of Mozilla. … Nineteen automakers say they can sell your personal data, their notices reveal. Half will share your information with government or law enforcement in response to a “request” — as opposed to requiring a court order.
…
[I] asked … the Alliance for Automotive Innovation … a trade group representing the makers of most cars and light trucks sold in the U.S. … if it supports allowing car buyers to automatically opt out. … Spokesman Brian Weiss said that for safety reasons the group “has concerns” about letting customers completely opt out.
Ooof. Jessica Lyons Hardcastle cuts to the chase—“Does your vehicle really need to know about your bedroom antics?”:
“We’re just being made aware”
Some makers may handle deeply personal data, such as … sexual activity, immigration status, race, facial expressions, weight, health, and even genetic information. … The worst threat to your privacy may be parked in your driveway.
…
Some – like Nissan – also use this private data to develop customer profiles that describe drivers’ “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.” Yes, … Nissan says it can infer how smart you are, then sell that assessment to third parties.
…
A Nissan spokesperson [said] “We’re just being made aware of this report so it will take a bit of time to review it and provide a response.” … Mozilla … said [it] contacted Nissan and all of the other brands listed in the research.
Horse’s mouth? Mozilla’s Jen Caltrider, Misha Rykov and Zoë MacDonald—“Cars Are the Worst Product Category We Have Ever Reviewed”:
“Join us”
Modern cars are a privacy nightmare. … Why are cars we researched so bad at privacy? …
1. All of them … collect too much personal data. …
2. 84% share or sell your data. …
3. 92% give drivers little to no control over their personal data. …
4. We couldn’t confirm whether any … encrypt all of the personal information that sits on the car. And that’s the bare minimum!
…
Tesla is only the second product we have ever reviewed to receive all of our privacy “dings.” …
Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen [including] your “sexual activity.” …
Kia also mentions they can collect information about your “sex life.” …
Hyundai … says they will comply with “lawful requests, whether formal or informal.” That’s a serious red flag.
…
Car companies do clearly know what they should be doing to respect your privacy — even though they absolutely don’t do it. … What can you do about it? … We’re asking car companies to stop their huge data collection programs that only benefit them. Join us! … Sign the petition.
How outraged are you? hilbert42 is truly outraged:
This is truly outrageous. … If governments don’t act to stop the … outrageous invasion of privacy … then it seems we’ll have to take matters into our own hands and resort to hacking our vehicles in similar ways we do with our computers.
…
Fortunately, I drive a vehicle that’s too old to collect this info but if I were presented with a new one then [I’d] sever the vehicle’s connection with the Internet.
Which is exactly what C. Weeks did. And there was a silver lining:
This is why I permanently disabled my Tacoma’s Data Collector Module the day I bought it. (This also killed my hands-free microphone, which immediately justified my decision.)
Petition aside, how do we get car makers to hear us? The Central Scrutinizer cuts to the chase:
It’s total lunacy. When oh when will all these data sucking, privacy invading ***holes ever learn? … With that kind of customer hostile attitude, they deserve precisely zero customers.
But aren’t we going a bit overboard here? u/DingusToucher feels some déjà vu:
Eh, all the same stuff people already consent to with Chinese data mining software disguised as a funny dance application. Or with free messaging applications from Zuck. People are fools. … It’s not really even that hard: Just stop hitting yourself.
Speaking of déjà vu, here are Jon Keegan and Alfred Ng, some 14 months ago:
“Data hubs”
Once a driver gets into a car, dozens of sensors emit data points: … The driver door is unlocked; a passenger is in the driver’s seat; the internal cabin temperature is 86°F; the sunroof is opened; the ignition button is pressed; a trip has started from this location. These data points are processed by the car’s computers and transmitted via cellular radio.
…
As the trip continues, additional information is collected: the vehicle location and speed, whether the brakes are applied, which song is playing on the entertainment system, whether the headlights are on or the oil level is low. The data then begins its own journey from the car manufacturer to companies known as “vehicle data hubs” … which are at the center of the connected vehicle data market. … Due to the sensitive nature of movement and location data, risks are high for violating user privacy.
…
[These] data hubs ingest vehicle and movement data from several different sources: From OEMs, from other connected vehicle data providers, directly from vehicles using aftermarket hardware (such as an … OBD dongle), or from smartphone apps. [They] market their massive troves of data for applications including insurance, traffic management, electric vehicle infrastructure planning, fleet management, advertising, mapping, city planning, and location intelligence.
Everything’s exponentially excremental. So says Eva Galperin—@evacide: [You’re fired—Ed.]
Mozilla’s new report … is nightmare fuel. En****tification has definitely hit the car industry.
Meanwhile, returning to the sexual angle, u/epic_pig’s snort is epic:
It would be even worse if your date’s name was Alexa.
And Finally:
It “looks like something in a video game glitched”
Hat tip: brb
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Mark Zamora (via Unsplash; leveled and cropped)
