Cars has some of the worst data privacy practices Mozilla has ever seen

If you’re wondering which devices have the worst user privacy practices, it turns out that the answer may lie outside. According to a report published by Mozilla on Wednesday, Automotive is the “worst official category of privacy product” it has ever reviewed. The global nonprofit found that 92% of automakers reviewed provide drivers with little (if any) control over their personal data, with 84% sharing user data with third parties.

Best known for its open-source Firefox web browser, the Mozilla Foundation is known to “defend the health of the Internet.” I have produced numerous reports and guides in the Privacy Unlisted series over the years detailing how products and services like mental health apps and app stores handle user data, along with advice on how to better protect ourselves.

All 25 car brands researched for the report — including Ford, Toyota, Volkswagen, BMW and Tesla — failed to meet the nonprofit’s minimum privacy standards, and were found to collect more personal data from customers than necessary. The type of information that is collected varies from personal information such as medical data to how drivers use the vehicle itself – such as how fast they drive, where they drive, and even what music they listen to. It is noteworthy that both Nissan and Kia allow the collection of information related to the user’s sexual life. By contrast, Mozilla claims that 37% of mental health apps (which also have a bad reputation for data privacy) have better practices for collecting and using personal data.

According to the report, 84% of the car brands reviewed share personal user data with service providers, data brokers and shadow companies, while 76% claim the right to do so. He sells that personal data. 56% are willing to share user information with government and/or law enforcement if requested.

Tesla was the worst-ranked brand in the study, flagged in every privacy category, only the second time this has happened. Tesla’s AI Autopilot has been highlighted as “untrustworthy” after being involved in several crashes and deaths.

Alongside the report, Mozilla also published a breakdown of how car companies collect and share user data. This can include anything from a user’s name, address, phone number, and email address to more intimate data such as photos, calendar information, and even details about a driver’s ethnicity, genetic information, and immigration status.

Mozilla also says it can’t confirm that any of the automakers can meet the organization’s minimum security standards for data encryption and protection against theft. In fact, it claims that dating apps and even sex games typically provide more detailed security information on their products than cars.

“While we worried that our doorbells and internet-connected clocks might be spying on us, car brands have quietly entered the data arena by turning their cars into powerful data-gobbling machines,” Mozilla says in the report.

Mozilla claims to have spent more than 600 hours researching the privacy practices of car brands, three times longer per product than it typically spends on such privacy reviews. The report was so scathing that the organization said the advice it usually gives to help customers protect their personal data sounds like “small drops in a huge stack”. Instead, the Mozilla Foundation has launched a petition urging car companies to stop data collection programs that unfairly benefit from them, hoping that increased awareness will encourage others to hold car companies accountable for their terrible privacy practices.