Tesla was the worst offender out of all 25 car brands reviewed in the report. | Illustration by Alex Castro / The Verge
If you’re wondering which gadgets have the worst user privacy practices, it turns out the answer may be parked outside. According to a report published by the Mozilla Foundation on Wednesday, cars are “the official worst category of products for privacy” that it’s ever reviewed. The global nonprofit found that 92 percent of the reviewed automakers provide drivers with little (if any) control over their personal data, with 84 percent sharing user data with outside parties.
Best known for its open-source Firefox web browser, the Mozilla Foundation claims to “stand up for the health of the internet.” It’s produced several reports and guides under its “Privacy Not Included” series over the years that detail how products and services like mental health apps and app stores handle user data, with advice on how to better protect ourselves.
Image: Mozilla
Kia and Nissan were notably highlighted for including sexual activity in their data collection practices.
All 25 of the car brands that were researched for the report — including Ford, Toyota, Volkswagen, BMW, and Tesla — failed to meet the nonprofit organization’s minimum privacy standards and were found to collect more personal data from customers than necessary. The kind of information collected varies from personal information like medical data to how drivers are using the vehicle itself — such as how fast they drive, where they drive, and even the music they listen to. Both Nissan and Kia are noted to allow the collection of information regarding a user’s sex life. By contrast, Mozilla claims that 37 percent of mental health apps (which also have a poor reputation for data privacy) had better practices for collecting and using personal data.
Eighty-four percent of the reviewed car brands share personal user data with service providers, data brokers, and potentially sketchy businesses, according to the report, with 76 percent claiming the right to sell that personal data. Fifty-six percent are willing to share user information with the government and / or law enforcement if requested.
Tesla was the worst-ranked brand in the study, getting flagged in every privacy category — only the second time this happened. Tesla’s AI-powered autopilot was highlighted as “untrustworthy” following its involvement in numerous crashes and fatalities.
Alongside the report, Mozilla also published a breakdown explaining how car companies collect and share user data. This can include anything from the user’s name, address, phone number, and email address to more intimate data like photos, calendar information, and even details on the driver’s race, genetic information, and immigration status.
Mozilla says it also couldn’t confirm that any of the automakers could meet the organization’s minimum security standards regarding data encryption and protection against theft. In fact, it claims dating apps and even sex toys typically provide more detailed security information about their products than cars.
“While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” says Mozilla in the report.
Mozilla claims it spent over 600 hours researching the privacy practices of car brands — three times longer per product than it usually spends on these privacy reviews. The report was so scathing that the organization said the advice it typically provides to help customers protect their personal data feels like “tiny drops in a massive bucket.” Instead, the Mozilla Foundation has started a petition urging car companies to stop the data collection programs they’re unfairly benefitting from, expressing that “our hope is that increasing awareness will encourage others to hold car companies accountable for their terrible privacy practices.”