Skip to main content

The Passenger in the Car Is You—And Your Data -Your connected car is a privacy nightmare.

The Passenger in the Car Is You—And Your Data

By Apirate Monk

How the symbol of American freedom became a privacy nightmare on wheels.

The modern automobile is a marvel of engineering, a seamless fusion of steel, glass, and silicon that promises not just transportation, but an experience. It is a connected hub, a rolling office, an entertainment cocoon. But as we recline in our heated seats, bathed in the glow of touchscreens and serenaded by satellite radio, we have become oblivious to a fundamental transformation. The quintessential symbol of personal freedom has become one of the most powerful and invasive data-gathering devices we own. Your car is watching you. And it’s telling everyone what it sees.

This isn’t hyperbole. This is the stark conclusion of a groundbreaking and deeply troubling report by the Mozilla Foundation. In its September 2023 “Privacy Not Included” guide, the organization that champions a free and open internet turned its attention to the automotive industry. What it found was a privacy catastrophe. After reviewing the practices of 25 major car brands, Mozilla declared connected vehicles the "official worst category of products for privacy that we have ever reviewed." It was a first in the history of their report: every single car brand analyzed received a failing grade for consumer privacy.

The scale of the data collection is breathtaking in its scope and intimacy. Car companies, the report details, are helping themselves to a treasure trove of personal information that extends far beyond the operational necessities of your vehicle. They are recording where you drive, how fast you go, and the routes you take. But the surveillance goes deeper. Much deeper.

Through a complex web of sensors, microphones, cameras, and the connected apps on our smartphones, automakers are harvesting data on a stunningly personal level. Mozilla’s researchers noted that Nissan, in its privacy policy, reserves the right to collect and infer information related to "sexual activity," health diagnoses, and even genetic data, though it offers no clear explanation for how or why. The car has become a listening post, a silent passenger noting every conversation. The cameras, both inside and out, can be used to make inferences about your intelligence, emotional state, and focus.

The industry-wide failure is stark, though some performers are worse than others. Tesla, a brand synonymous with technological futurism, landed at the very bottom of the list, earning the title of "Worst for Privacy." Mozilla’s researchers cited its "untrustworthy AI" and a track record of its employees accessing and internally sharing recorded videos from car cameras. The complete ranking reveals a spectrum of poor performance, from the absolute worst to the merely bad.

Mozilla Foundation's 2023 Car Privacy Rankings (Worst to Best)

Rank (from worst)BrandKey Findings from Mozilla
1Tesla"Worst for Privacy" winner. Untrustworthy AI, history of employees viewing camera footage.
2NissanCollects a wide range of data, including sexual activity, health, and genetic information.
3HyundaiVague privacy policy, shares data with law enforcement based on informal requests.
4KiaMentions collecting information about your "sex life" in its privacy policy.
5CadillacCollects extensive personal data, including through OnStar services.
6GMCShares and sells a wide array of collected driver data.
7ChevroletSimilar data collection practices to its parent company, GM.
8BuickShares data with a vast network of third parties for marketing.
9ChryslerData collection includes driving habits for "research and data analysis."
10JeepPart of Stellantis, which has broad data-sharing permissions.
11DodgeShares data with affiliates, partners, and for marketing purposes.
12VolkswagenData collection is extensive and linked to its connected services.
13SubaruCollects biometric data and uses telematics to track driving behavior.
14ToyotaVague privacy policy that allows for significant data collection and sharing.
15LexusShares data for marketing and has a complex web of privacy policies.
16FordCollects voice commands and driving behavior data.
17LincolnSimilar to Ford, with extensive data collection through its Sync system.
18AcuraCollects precise geolocation and shares it with a variety of third parties.
19HondaGathers a significant amount of data through its HondaLink services.
20Mercedes-BenzCollects a broad range of data but received slightly better marks for security.
21BMWThe "best of the worst," but still collects extensive data, including driver's habits.
22AudiShares data with a range of partners, including for advertising.
23FiatPart of Stellantis, with similar broad data collection policies.
24DaciaOffers the right to data deletion (under GDPR in Europe).
25RenaultAlso offers the right to data deletion (under GDPR in Europe).

This firehose of data is then bundled and sold. Mozilla found that 84% of the car brands it reviewed share your personal data with a vast ecosystem of third parties: service providers, data brokers, and marketing firms. A staggering 76% admitted they will sell it. Even more alarmingly, 56% stated they would share this information with law enforcement or government agencies based on something as flimsy as an "informal request," rather than a court order.

The forensic implications of this are not merely theoretical. The Netherlands Forensic Institute (NFI) has pioneered techniques to extract and analyze the rich data logs stored within vehicles, particularly in the aftermath of accidents. The NFI’s work on Tesla vehicles, for example, revealed that the cars store incredibly detailed information about the operation of driver-assistance systems like Autopilot, alongside precise measurements of speed (accurate to within 0.62 mph), steering wheel angle, and brake usage. This data is a "goldmine for traffic accident analysts," as one NFI investigator put it. It allows for a granular reconstruction of a crash, potentially revealing driver distraction or over-reliance on automated systems. Your car is not just a spy; it's a meticulously accurate witness that can testify against you.

This new reality is a product of the car's evolution into a key node in the "Internet of Things" (IoT), a transformation explored in publications like IEEE Spectrum. This connectivity, while offering conveniences like real-time traffic updates and remote start, creates profound vulnerabilities. The data streams are often poorly secured, a tempting target for hackers. But the more insidious threat comes from the intended uses of this data. As one IEEE Spectrum article noted, the ability of a fleet of connected vehicles to collect data on an entire city creates a new and alarming form of surveillance, one that combines the ubiquity of public cameras with the analytical power of private corporations.

What makes this situation so egregious is the near-total lack of control afforded to the consumer. According to Mozilla’s research, 92% of car brands provide drivers with little to no ability to opt out of this data collection. The only two brands that did offer the right to have data deleted, Renault and Dacia, are primarily available in Europe, where the robust General Data Protection Regulation (GDPR) provides a legal shield. In the United States, a patchwork of state laws creates a confusing and largely toothless regulatory environment.

We are left with a stark and uncomfortable trade-off: to participate in modern life by driving a modern car is to consent to an unprecedented level of surveillance. We have been sold a vision of convenience and connectivity, but the price is our privacy. The car, once a private space that offered an escape, has been inverted. It is now a mobile sensor network, tracking, recording, and monetizing our lives. The open road, that iconic symbol of freedom, is now lined with invisible tollbooths, and we are paying with our personal data every mile of the way.


Sources

  • Mozilla Foundation: Privacy Not Included: What the Car Industry Knows About You Is None of Your Business (September 6, 2023)

    • https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
  • Netherlands Forensic Institute (NFI): Data from Tesla provides a wealth of information for forensic investigators (December 21, 2021)

    • https://www.forensicinstituut.nl/actueel/nieuws/2021/12/21/data-from-tesla-provides-wealth-of-information-for-forensic-investigators
  • IEEE Spectrum: Connected Cars Are Data-Guzzling Monsters (October 25, 2023)

    • https://spectrum.ieee.org/connected-cars-privacy

Comments

Popular posts from this blog

How to set up a pirate radio station- Updated links for 2020

Buy your stuff... I'll go over the list of gear I use for easy setup and tear down.  Obviously, get a transmitter.  I use the  Broadcast Warehouse TX 150 .  150 watts.  It's not cheap though. About $3500 US. And if you prefer, start out with a cheap Chinese knockoff. Here's a list of them (15watts.. which will get you a mile or two no problem, and a lot further if you put your antenna up high). Most are under $200 (and usually include an antenna). Next you need an antenna.  I prefer one of two antenna's.  The first one is an old pirate radio standby called a Comet.  Cheap, easy to set up, easy to tune.   Model number  CFM95SL 5/8 wave. Next, get a cheap laptop.. this is your streaming box.  You'll be streaming from a remote location (i.e. your computer at home or work where you're playing DJ).  I like one with a reasonably big hard drive so I can store music on it that the system defaults to if I lose the internet c...

How to set up pirate radio station in 15 minutes

Here's a post I put up on Reddit recently;  it's in answer to the question of 'what do you do that makes you stand out in a crowd of 200 random people.. prize is $1 MILLION dollars.  Theoretical, of course,  Anyway.. here's the Reddit post they wanted: All-righty then.  It's really simple, but it took a few years to figure out. First, I'll go over the list of gear I use for easy setup and tear down.  Obviously, get a transmitter.  I use the Broadcast Warehouse TX 150 .  150 watts.  Plenty of power for a small town.  Here's the full list of ones they make: http://www.broadcastwarehouse.com/fm-transmitters/60/cat I use the 6th one down from the top- 150W power.  They go up to 1000 watts and down to 1watt.  UK based company, excellent products. Next you need an antenna.  I prefer one of two antenna's.  The first one is an old pirate radio standby called a Comet.  Cheap, easy to set up, easy to tune.  Mod...

Wikipedia keeps deleting the content of our entry. Here's the deleted content.

 So, Wikipedia keeps deleting our postings about KBFR and it's history. Apparently, they can't 'verify' anything, which, is kind of the POINT of Pirate Radio, but whatever. Here's what they deleted: KBFR  ( pirate   radio ) KBFR  ( 95 . 3   FM )  was   a   pirate  ( unlicensed ,  underground )  radio   station   also   known   as   Boulder   Free   Radio ,  based   in   Boulder ,  Colorado .  After   a   brief   revival   in   2006   followed   by   an   FCC   crackdown ,  it   appears   that   the   station   is   off   the   air   for   good . Boulder   Free   Radio   is   unrelated   to   the   FCC - licensed   KBFR   in   Bismarck ,  North   Dakota ,  broadcasting   American   Family   Ra...