Nissan apparently collects “Sensitive personal information, including driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information.”
I guess Subaru don’t need telemetry to guess your sexual orientation.
Lesbian Hardcoded.
It depends.
Naturally-aspirated: lesbian with a shitty haircut, a denim vest, and 500 granola crunchy hippie stickers
Turbo: straight white male with a chinstrap, fake diamond stud earring, and 500 aftermarket parts supplier stickers
Seats moving up and down on bumpy road.
Car sensor : sexual activity in progress.
If a car is advertised as smart or connected, there’s a good chance it collects too much personal information.
That’s too bad because most new cars are, and it may cause some people to keep their old polluting but privacy-friendly car longer.
Really goes for almost everything. I don’t want my machines and appliances to be ‘smart’ and ‘connected’. I just want them to do the thing I use them for, that’s it.
Fuck IoT
All my homies hate IoT
The only things that are allowed internet in my house are computers, and phones. (And game systems, if someone brings one over.)
Not our cars, not our dash cams, not our fucking refrigerator.
IoT itself isn’t bad. It’s the companies that are using it to spy on you. If IoT is FOSS/Libre it is good.
But I agree that not everything should have internet access especially if it’s proprietary.
None of my appliances need to be connected to the internet. That’s asinine. (Not directed at you, more “old-man-yells-at-Cloud”)
I think the distinction is need. I dont like it when its mandatory, but i dont mind that the option is there. E.g some people like preheaing their oven on the drive home(or a warning that something on the stove is on if accodently left on), or in case of the dryer, when its done.
One common one I think is helpful is those who may have forgotton to close their garage. Easy way to check without having to drive back and do so.
All new cars - Bruce Schneier wrote in cryptogram that he tried to buy a new car without a permanent internet connection to the manufacturer and it wasn’t possible.
I’m probably never buying a car newer than the one I have. Everything is so ridiculous now. Though if I can just physically disable the WAN communication it uses I guess that’s fine too, though it would likely be expensive to get working again for resale.
It bothers me enough that my car is even capable of doing any kind of steering input I didn’t give it myself, brakes are by wire too, but fully depressing the pedal still connects you to the hydraulics directly so kind of a non issue, it allows for AEB which is a good safety feature though I’ll likely never trip it.
My current car I think can do some kind of connection but I disabled it in the firmware when I flashed the BCM. Not missed, did nothing of benefit to me afaik.
Physically disabling WAN can be a workaround, assuming is can be done and reverse without damage. But it’s not a good solution.
Manufacturers have ways to degrade experience/features when the owner physically disable WAN: deny features and security updates (by doing OTA updates only), drag their feet or void warranty if WAN is disabled, design some features to be unnecessarily dependant on some cloud/online services (eg navigation, media features, …).
They cannot void your warranty over that, maybe for the computer you modified but the Magnuson Moss warranty act means they have to honor the warranty unless they can prove your modifications caused the damage.
Also, who cares if it gets updates? It will continue to work as it did from the factory indefinitely. Security updates aren’t necessary if the car isn’t connected to the internet and those updates cant change how the immobilizer/keys work anyways.
Things can suddenly or progressively break after a while if a system gets too far behind regarding updates.
A few plausible examples:
- The navigation system can send you to non-existing road if it doesn’t know about recent major roadworks. Or give you old/bad speed limit and cause you to get a ticket.
- The GPS receiver may fail to obtain a location if satellite orbit or other parameters shifted too much since the last update (happened to me once after several years).
- A bug may manifest itself only after a while or a given date (similar to y2k) and break some features.
- A vulnerability may be discovered, which make cars that aren’t updated easy to steal as knowledge of the vulnerability spread
- …
Thanks a lot for your post ! The future of cars looks grim.
Serious and naive question: how could I get rid of the tracking at the hardware level when I will have no choice other than to buy a connected car?
Is there an antenna or a SIM card somewhere that I could disconnect/remove? Would the car continue to work if the connection to the manufacturer’s server is lost?No idea, but for starters say goodbye to navigation, it likely uses an internet connection
Built-in nav is trash, anyway. I’ve always used my phone.
For recent cars I am afraid you are right. My current and “old” car has a built in navigation system with the map on an SD-card. No need for a connection to a smartphone - which I do not own. Therefore I suppose it is not communicating with the manufacturer.
Then, someone in my family with a more recent car got several “firmware updates” out of the blue, hinting to a ‘permanent’ connection to the manufacturer.
I have the feeling we need to start organizing and claim a “right to disconnection”. Having the car dial for help after a crash is one thing but what Mozilla’s report describes is at another, much higher level.
I can’t speak for the more modern cars, but my 2019 corolla had a cell phone connection which could be cut by pulling a single fuse. Idunno if it’s a universal name, but it was called the DCM module. The emergency button in the roof was wired through it, and so was one of the right speakers and the built-in microphone. None of them work with the fuse removed. I’ll route the speaker and mic wires around it at some point by going through the glove box, but it hasn’t been a priority for me.
I’m happy i did that too. Apparently toyota is still leaking the location history of a bunch of their cars and i’d hate to see that get abused.
Cars are built in modules, so there is definitely something you could disconnect to prevent it phoning home. You might need to take the dashboard apart though.
There is nothing preventing the car from starting and running without it. As long as you have a key fob it will attempt to start.
Thanks! Knowing that what I might be searching for would be somewhere under the dashboard is a good first step.
Then I am not an engineer nor have any experience in electronics BUT I know from my dad that taking the dashboard apart is not an easy task. If I would succeed I do not know what I would be looking for… Would tan antenna look like a piece of wire? Or could it be embedded in the ‘copper’ circuitry of a PCB? Do cars use regular SIM cards like the ones found in phones or would they look different?
The maintenance manual would probably be a good place to start before trying to put anything apart.
Every platform is different. The maintenance manual won’t tell you as it’s not part of maintenance. If you really want a piece of literature then you’ll need a factory service manual, but no offense if you don’t know what you’re doing you WILL cause damage to your vehicle (or even yourself if you accidentally mess with the airbags)
Valid point, no offense taken. I did not think about the airbags! As for damages to the vehicle, this is something I understand an am willing to accept. If I do stupid things I have to face consequences.
Anyway, getting the help of a mechanic would be point number 1 on my list. If can find one willing to take the challenge :)
+1, I’d really like to know the answer to this too.
Tangentially related: I have a 2022 Subaru, I used to have a 2021 Subaru. Subaru has a mobile app where I can start the car, locate it, unlock the doors, etc. When I traded in the 2021, it never removed it from my app. I’m able to see where the car is parked, and presumably start it, open the doors, whatever.
I tried contacting Subaru, I looked for a bug reporting or bug bounty but couldn’t find one anywhere. All I could find was instructions to remove the car off of my app. I view this as a huge privacy breach, it shouldn’t be my responsibility to remove the previous owners info from the app.
maybe its just me, but as useful and nice to know as this is, I really want Mozilla to focus their efforts on making a good browser, not to spend money doing everything but that.
There are a lot of anti-features (studies, pocket, telemetry, “sponsored suggestions”, etc…) that are justified in “we have to make money somehow” but then they spend it on this stuff.
[edited for clarity]
Hot take: their browser is good.
Sure, I mean I want them to focus their energy on it.
There are a lot of anti-features (studies, pocket, telemetry, “sponsored suggestions”, etc…) that are justified in “we have to make money somehow” but then they spend it on this stuff.Their goal is a healthy and open internet, with the browser being one method of achieving that.
This particular issue is important enough that I’m glad they did it. We needed somebody to do it, and if that means a tiny bit of funding was diverted from browser work, I think it was more than worth it.
(Also, the Mozilla Foundation is not the same as the Mozilla Corporation.)
asking you to do things no reasonable person would ever do – like reciting a 9,461-word privacy policy to everyone who opens your car’s doors.
If this is what they say we agree by tapping that license button, how about they put this on their TV ads?
We desperately need laws to regulate these kinds of privacy policies/user agreements. The VAST majority are way too long and complicated for a normal person to actually understand, let alone read. We need to limit what companies can/can’t do with them instead of letting them do whatever they want to.
We also need a law that prevents them from changing the terms of service on a product someone has been using, then locking them out of it if they don’t agree to the new terms.
We also need a law that prevents them from changing the terms of service on a product someone has been using, then locking them out of it if they don’t agree to the new terms.
This. So, so much.
With mandatory jail time for the managers of companies who break this law, and/or fines that are guaranteed to send the stockholders howling and demanding the executives’s heads on spikes. The current fines clearly aren’t enough of a deterrent and just considered the normal cost of doing business.
I skimmed the article. Some manufacturers are not listed. Mazda for one.
Edit: I am unclear. Should I presume Mazda and others that are not listed are doinga good job?
In Mozilla’s “Privacy not included” report, Mazda isn’t listed as one of the 25 car brands they tested.
Their related article goes on to state, that all of the 25 brands they tested earned the Label, which I take to mean, that by extension probably most if not every car brand has privacy flaws.
I too came looking for Mazda in the report and was disappointed.
I skimmed through their privacy policy and I’m not confident Mozilla would approve. They can share the telemetry that comes from your car, including it’s physical location.
Should I presume Mazda and others that are not listed are doinga good job?
Doubtful. Absence from a list like this usually just means that the people investigating had limited resources, and therefore chose a representative sample instead of doing an exhaustive survey.
If this report gets much attention, it would be a good opportunity for any car makers that do well on privacy (if they exist) to start boldly advertising it.
I wonder if this is part of the reason Chevy dropped Android Auto and Carplay. Can’t lose out on data collection.
It is, I think it’s been discussed to hell and back that it was the reason.
Make sure to sign the petition at the bottom of the mozilla report.
Done
As expected, Tesla has the worst privacy rating
Second worst were these ones:
Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.” Yes, reading car privacy policies is a scary endeavor.
While they’re all bad, Nissan is a no for me. Also between this, the dangerous recalls, and the theft issue, Kia is falling even further down my list
deleted by creator
Kia has the whole “getting stolen really easily” thing right now, as well…
Why does it not surprise me to see a certain elongated muskrat razing privacy policies to the floor, again