Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
23 comments

Mozilla Says Modern Cars Are Data Collection Nightmares on Wheels

Mozilla’s *Privacy Not Included team has evaluated the privacy stances of 25 carmakers, introducing its extensive report with:

Car makers have been bragging about their cars being “computers on wheels” for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants’ privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.

All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.

These findings fall into the category of “I had no idea, but I guess I’m not surprised.” Mozilla concluded that car companies are terrible about privacy because they collect too much personal data, share or sell collected data, give drivers little to no control over their data, and don’t publish useful security details, such as whether all that data is encrypted at rest. Nor are they good at protecting what they collect—Honda, Mercedes-Benz, Nissan, Toyota, and Volkswagen have suffered breaches affecting millions of drivers.

What might that data include? The full list is far too long to transcribe here, but it’s notable that, for instance, Nissan says it may collect:

Sensitive personal information, including driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information.

At least the source of those particular data types is “Direct contact with users”—your Nissan Leaf isn’t detecting backseat nookie. But between today’s sensor- and camera-laden vehicles and their accompanying apps, carmakers can hoover up a vast amount of information about how you drive. Along with geolocation data, Hyundai says it may collect:

driving data about the operation of a Vehicle, such as speed, acceleration and braking data; direction of travel; trip data (mileage, date, length, conditions); ignition events; steering events; cruise control data; seatbelt status; information about Vehicle incidents or events; other information about how you drive a Vehicle; as well as associated date/time stamps for such information.

What remains unknown is just how real the privacy risks are. Just because carmakers craft their privacy policies to say they can collect data about your tooth enamel doesn’t mean they’re doing it or sharing the details with fly-by-night dentists. However, even if nothing is actually happening now, it’s still troubling that carmakers are giving themselves legal cover for whatever they decide to do in the future.

Mozilla’s reports on each carmaker offer suggestions for reducing the impact of this data collection, but there’s not much you can do and little difference between manufacturers. Perhaps signing Mozilla’s petition and helping to spread the word can embarrass some of these companies into doing better.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Mozilla Says Modern Cars Are Data Collection Nightmares on Wheels

Notable Replies

  1. blm

    As a software engineer, I can make a guess at this. Logging is relatively cheap. Having a problem reported with no real way to diagnose it because there isn’t any logging around the problem can be expensive. So you log stuff even if there’s no immediate foreseen need. I’ve experience both cases—lack of logging making diagnosing a problem difficult, and logging thrown in “just because” helping fix a problem (nothing like this case though).

    So in this case, the engineers may have had no real reason to log the boot/trunk opening and closing, but it is a mechanical action performed on/by the car, so logging it may help diagnose a problem with the trunk, particularly if a number of people report problems. Although I’ve never worked on software to run a mechanical device, the standard for the software engineers may be “log everything, just in case”.

  2. Agreed. Logging everything is generally a good thing.

    But there’s no reason the logs need to ever leave the car. Just save it all internally so a service tech can extract it, if necessary to fix a problem.

    Uploading all those logs, including sensitive data like driving habits and location, to a cloud server, on the other hand, is inexcusable.

    If you’re not using a service that actually needs this information (like GM’s OnStar - which provides cloud-based navigation), you shouldn’t be expected to send this information anywhere.

    Now I’m glad that we never bothered setting up the Internet connectivity on the family van (a 2018 Kia Sedona). It has never been configured to access the Internet via any mechanism (e.g. home Wi-Fi or family phones), so it is almost definitely not phoning home (unless there’s a cellular radio included somewhere, but if there was, they wouldn’t be asking us to configure it for Wi-Fi.)

  3. blm

    Totally agree with this. It’s not the logging that’s the problem, it’s when logs leave the car (and then become a profit center) that they become a problem.

    Also, on why things like a trunk/boot being opened or closed would be logged, if they’re measuring more than just a simple “opened” or “closed” event, like the power needed to activate actuators and motors and such, the historical values contained in the logs could be used to predict problems before they occur.

  4. That makes perfect sense to me. The trunk-release mechanism is no longer a simple cable-pull. It’s software controlled (at least via the remote key fob). So you may want to log:

    • Received the trunk-open command from the radio interface
    • Activating the motor/solenoid to release the catch
    • State-change on the trunk-is-open sensor (e.g., the one that turns on the dashboard light)

    So if a customer complains that his trunk won’t open, a tech can figure out if the radio signal isn’t being received, if the signal isn’t being sent to the hardware, or if the hardware is failing to open after receiving the signal. It can reduce the diagnostic phase of problem solving from an hour to a minute. (Of course, repair may still take some time, depending on what’s wrong.)

  5. Indeed. I just spent almost $900 to replace an SUV’s rear hatch release mechanism that had a failing motor on its latch.

    The vehicle does have a manual release mechanism, but it is located inside the vehicle in a hard-to-reach place and requires removal of a panel to access it.

    Filed under: “when convenience features become inconvenient.”

  6. It can be useful to know that you have left the trunk (or in my case, the hatch on a hatchback) is open before you start driving. In our car, the popped up hatch is not in the field of view of the rear-view mirror, and I drove a couple of miles before we reached our destination and noticed the hatch was open when we got out.

    I would say that’s a bad design on couple of grounds – the expense of changing a motor that (evidently) can easily fail, and the the difficulty of manually releasing.

  7. Geofencing within and outside of supermarkets is huge:

    Grocers Raise the Personalization Bar in Race for Digital Loyalty

    The Ways Grocery Shoppers’ Personal Information Is Increasingly Being Shared

  8. Those motorized hatches are ridiculous. It’s 2023 and yet you see people gaze for 15 sec as their hatch inches all the way down so it can finally lock. 30 years ago you would have just slammed your hatch down and been walking away a second later. I’m especially fond of those that make loud peeping nosies as they slow-mo close. As if all the beeping could make it more serious and distract from the fact that the whole slow-mo motorized hatch baloney is just a preposterous idea. :rofl:

    It’s a shame you can’t nowadays buy a brand new 1995 car. Add a decent hybrid drive train that gets 55 mpg. But keep all the electronic doo-hickey nonsense out. I’d gladly pay extra for less of that.

  9. I could see the next development being where the service techs are incentivised to upload this data any time they access it, whether at an official dealership or even just the local, independent garage. I’m sure the data purchasers could potentially still do something with a years worth of data even if all you had to do was call in for your annual service. Maybe truncate it to keep just the most recent three or four weeks, for relevancy? That would be better than nothing to these people.

  10. We have a 2015 Subaru Outback with a motorized hatch, and I’m of two minds about it.

    On the one hand, I like being able to open and close it from inside the car with the press of a button, and I like being able to press the button and have it close as I walk back to get in the car. I do a fair amount of race course setup where I’m putting up signs, so I drive a short distance, stop, open the hatch, get out of the car to install the sign, press the button to close the hatch, get back in the car as it closes, and repeat. Super convenient. And I hope our next car has the feature where it will open automatically if you wave your foot under the bumper because your hands are full—I would use that regularly.

    On the other hand, this particular model freaks out and freezes if you try to close the hatch by hand. I have to warn anyone who’s helping me load the car not to touch it when it’s open.

    And to bring the story back to sensors, about 3% of the time when I press the button to trigger the hatch to open, it opens 2 inches and then stops. The only way I can fix it is to pull it open a little further, then press the close button, wait for it to close, and try again. The dealer claims they’ve fixed it, but it has come back. I wish I could see those logs! :slight_smile:

  11. I haven’t seen any commentary along these lines yet – but I won’t be surprised when law enforcement agencies (and/or insurers) insist on accessing the stored data to identify the speed before impact, when/if the brakes were activated and so on. Like dashcam footage, these records of user activity could be a big surprise to an erring driver

  12. Many cars nowadays provide smartphone apps that allow you to lock and unlock your car remotely and check the status of the windows, trunk and doors. The car would need to log these activities to report the car’s status correctly in the app.

  13. I believe this has been happening for several years starting when OBDII was introduced. I recall a lot of articles on how such usage could be considered as violating at least the 4th & 5th Amendments of the Bill of Rights in the Constitution of these Uninted States.

  14. On the software I work on we only log as much as is absolutely necessary to be able to trace problems and we scrupulously scrub personal and secret data before anything gets logged. The scrubbing is done because it is important we protect users and their data. We only log what is necessary to trace problems because logging always has some impact on a system. Plus it minimises the chances of accidentally leaking information.

  15. Unless it is constantly pushing those statuses the car doesn’t need to log anything for the owner to ask the car through the app for the current status. Then the car can check, send it and immediately delete the data.

  16. My car is approaching its 20th birthday. Beside the fact that I still love driving it, I’m happy that the most advanced tech in it is the anti-lock braking system. Lack of privacy is bad enough, but the massive attack surface in modern cars is another. I’m surprised we haven’t had a bunch of ransomware attacks already.

  17. In my understanding the cars mentioned don’t actually collect all the mentioned data points, for starters there are mostly no sensors to do so. The car makers included the possibility of doing so in their T&Cs. This is bad enough maybe, but waves in the press about collection of health data and worse are slightly exaggerated.

  18. Well I guess you could argue manufacturers only put it into their T&C because they want to be able to eventually do it. If they were crystal clear and committed on not doing it, why would they put provisions to do it in there, right?

  19. This is yet another reason I’m keeping my 2000 Miata. It’s just a car.

  20. I just returned a rental. I love CarPlay but never have owned a car with it. So I tend to eagerly link up, withholding contacts, whenever I rent. The last car, a Kia, had five other phones in the database. In Europe, the cleaners, thanks to GDPR, are supposed to clear them off when detailing the vehicle. I did it myself straight away and then added mine, but the vehicle every time I started up, dredged back up an android it had previously paired to. Needless to say I deleted mine at drop off, turned on the car, checked the list of phones, and just the android was there.

Join the discussion in the TidBITS Discourse forum

Participants

Avatar for ace Avatar for Simon Avatar for tommy Avatar for jeff1 Avatar for romad Avatar for padrecohen Avatar for blm Avatar for jaxon Avatar for MMTalker Avatar for s1dorner Avatar for mHm Avatar for Shamino Avatar for toxdoc Avatar for GaryS Avatar for josehill Avatar for terrabian Avatar for bob_joubert Avatar for gje