The Mozilla Foundation shared a privacy study of automotive systems
A few days ago, the Mozilla Foundation shared Through a blog post, the results of a study on attitudes towards privacy in the systemss of information of 25 brands Of automobiles distributed in the United States and Europe.
In the Mozilla Foundation publication titled "It's official: cars are the worst product category we've ever reviewed for privacy«, mentions that this particular area It is “a privacy nightmare” for users, since all the trackers, cameras, microphones and sensors capture each of their movements.
From information from the Mozilla Foundation study, It is mentioned that the privacy policies were examined, information systems and mobile applications used in various vehicle brands, among which the popular ones are BMW, Audi, Tesla, Volkswagen, Ford, Chevrolet, among others.
In the study Serious privacy issues identified across manufacturers and overall attitude of all brands reviewed were given the “Privacy Not Included” label and cars were ranked as having the worst privacy practices.
From the shared conclusions of the study, The Mozilla Foundation mentions that manufacturers collect more sensitive data than necessary and use it in areas other than vehicle control and driver interaction:
- Modern cars are equipped with sensors, cameras and microphones that record the user's every movement.
- The information collected also includes driver activity, services used, mobile applications and data from third-party systems such as Sirius XM and Google Maps.
- Among other things, car systems can collect driver health indicators, data on music tracks listened to, and information about where and at what speed the driver is driving.
- 84% of automakers allow the transfer of collected information to third-party service providers and data aggregators in their user agreements.
- 76% of manufacturers do not exclude the sale of personal data and 56% allow the transfer of information to the government or law enforcement if a request for information is received.
- Some providers impose absurd requirements to accept a proposed privacy policy. For example, Subaru's privacy policy states that all passengers who use the vehicle's infotainment system automatically consent to the use and sharing of personal information while inside the vehicle.
- Only 2 out of 25 car brands (Renault and Dacia) provided drivers with tools to manage their personal data, allowing them to delete the data collected.
- 17 of the 25 automotive brands surveyed have experienced incidents related to data leaks, hacks and privacy breaches in the last three years.
In addition, Nissan and Kia mention in their privacy policies possibility of collecting data on “sexual activity” (what a fact), and six other manufacturers allow the collection of genetic information. From the information collected, conclusions are drawn about the driver's interests, preferences, intelligence and skills. In addition, Nissan's privacy policy instructs the driver to inform passengers about the vehicle's privacy policy and the terms and conditions for the processing of personal data.
Separately, Hyundai allows the transfer of information to law enforcement agencies even after receiving an informal request.
Despite the availability of documents regulating the privacy policies of all manufacturers, the researchers were unable to verify that the reviewed systems met the minimum information security standards (encryption, automatic delivery of updates, availability of a contact to transmit information about vulnerabilities, password security, presence of a privacy policy).
For example, researchers sought to understand whether personal data collected was stored encrypted or not. A question about the use of encryption was sent to all manufacturers, but only representatives of Mercedes-Benz, Honda and Ford responded, who, however, did not fully disclose the question asked.
Finally, it is mentioned that to draw attention to the problem, the authors of the study suggest signing a petition created by Mozilla asking car manufacturers to stop collecting, transferring and selling users' personal information.
If you are interested in knowing more about it, you can check the details In the following link.