Mozilla: All Major Car Brands Fail to Adhere to Most Basic Privacy and Security Standards

Cars today gather data from a variety of sources including user interactions, connected services, the car's own app, and even third-party services like Sirius XM or Google Maps.

Mercedes Cars Connected Mercedes Official

Modern vehicles increasingly become a focal point for privacy concerns. A report by the Mozilla Foundation highlights the extent to which these vehicles, often referred to as “computers on wheels”, collect and potentially misuse .

The report underscores the pressing need for car manufacturers to address privacy concerns seriously. As consumers become more aware of these issues, there's a growing call for the automotive industry to prioritize user privacy and security.

The Allure of Advanced Features

The allure of advanced features in modern cars serves as a selling point for manufacturers. However, the implications of such advancements on the privacy of vehicle occupants largely go overlooked. While consumers remain wary of devices like internet-connected doorbells and watches, car brands discreetly transform their vehicles into potent tools. These vehicles, equipped with a myriad of advanced features, possess the capability to observe, listen, and gather vast amounts of information about users' activities and destinations.

Data Collection and Sharing Concerns

The research by Mozilla reveals a concerning trend among car brands. Every brand they study collects more personal data than deemed necessary. This data isn't just for the operation of the vehicle or for maintaining a relationship with the user. Cars today gather data from a variety of sources including user interactions, connected services, the car's own app, and even third-party services like Sirius XM or Google Maps.

The depth of this data collection is so extensive that car companies can obtain intimate details about users, from medical details to personal habits. Another alarming finding is the willingness of car brands to share personal data. A majority of these brands not only share personal data with service providers and data brokers but also sell this data. Furthermore, many of these brands claim the authority to share user information with government agencies or law enforcement based on simple “requests”, bypassing the need for formal court orders. Mozilla provides detailed security reports for the brands Renault Group, Dacia, BMW, Tesla, Fiat Chrysler Automotive, Chrysler, Mercedes-Benz, Jeep, General Motors, Cadillac, Honda, Acura, Ford | Lincoln Motor Company, Lincoln, GMC, Buick, Subaru, Fiat, Volkswagen, Ford, Audi, Toyota, Dodge, Lexus.

Severe Security Gaps

On the security front, despite having extensive privacy policies, none of the car brands confirm if they meet Mozilla's Minimum Security Standards. The lack of clarity on whether these cars encrypt all the personal information they store raises significant concerns. Over recent years, many of these brands face incidents like data leaks and breaches, compromising the privacy of drivers.

Jen Caltrider, Misha Rykov, and Zoë MacDonald from Mozilla comment on the issue, emphasizing the “trackers, cameras, microphones, and sensors capturing your every move”. They further stress the importance of car companies respecting drivers' privacy.