Cars are becoming data harvesting nightmares

Privacy is driving off a cliff: with their digital push, vehicle manufacturers collect and sell an obscene amount of personal information.

2024-06-06
Modern vehicles and privacy don't mix.
The automobile industry has discovered a great new source of profits, selling your data. With new interconnected models, car manufacturers are collecting your private driving data, recording video and audio, and mining personal information to the extend of data about your genetic code or sexual activity. By doing so they are mirroring big tech data harvesting strategies to create profiles of you to sell these to a variety of shady data brokers. Here’s what you need to know.

Cars and Data

America is not only one of the world’s leading consumers of automobiles, with nearly 92% of households owning a vehicle, but it also provides some of the weakest data privacy protections on the planet. Auto manufacturers are cashing in on this unfortunate state of affairs and have positioned themselves as some of the biggest and most invasive data collectors.

in the early days, with the rise in computer integration in vehicles, data was simply collected for diagnostics and tuning – a legitimate approach. But today the data sharing policies of manufacturers extends beyond maintenance shops. Companies like VW, BMW, Ford, Nissan, Toyota and even – or should I say particularly?! - newcomers like Tesla, Nio and BYD are voraciously collecting as much data as possible about you and are selling it to data brokers for a major profit. Once again, the collection and sale of your data has turned you the customer into the product and your privacy is, well, let’s put it bluntly: non-existent the moment you buy a new, interconnected car.

How do cars collect data?

There are a variety of ways in which your car can track information about you. From monitoring your driving habits via embedded controlling systems, to sharing your car’s camera and audio recordings with the manufacturer, to collecting information you might provide to an auto dealership, there are many ways in which car makers get hold of your private data. In addition to the automatic data collection in the car, automakers also nudge buyers to install proprietary apps to their smartphones to go all in on big data.

The myVW app listing in Apple’s App Store

The myVW app tracks your driving data and shares it with VW, but also with insurance companies.

You might think little of connecting your smartphone to your car via Bluetooth to listen to music or use it for navigation, but by linking your device, you are exposing even more of your precious data.

Understanding telemetry data

There are multiple ways your vehicle might be tracking you and the degree also depends a bit on how regularly you interact with your car. If you are syncing your full contacts lists when pairing your phone, instead of making calls directly from your mobile device,this alone might expose more of your data than you intend.

Here are some of the main ways that the automotive industry has started tracking their customers:

  • Apps: many automakers have started releasing their own apps which accompany a new vehicle. These apps if given unfettered access to your mobile device will scoop up as much info as possible about you and your behavior.

  • Driver profiles: driver profiles within the vehicles’ onboard system may seem like a nice convenient way of storing your favorite radio stations or seat positions, but it also allows the manufacturer to create detailed behavioral logs based upon how you drive and where.

  • Vehicle diagnostic information: beyond collecting analytics about the vehicles performance for mechanics who might need to replace parts, these logs can also be used for creating profiles of “unsafe” driving practices which could be shared with your insurance companies and lead to increased monthly premiums.

What data do cars collect?

A 2023 in-depth review of all major automotive brands by Mozilla reveals that these companies can be collecting, for instance:

“sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive.”

I’m being generous here, but I do understand some of the reasons for logging driver behavior. Parents of new drivers might welcome a feature like this to monitor whether their child drives safely or whether they need more training. Some of the tracked information might also be useful if the car breaks down so for diagnostic reasons and for better being able to fix what is broken- But harming drivers’ privacy by logging genetic information and sexual activity has nothing to do with vehicle performance, and it is clear that this data is logged purely for pushing targeted advertisements and selling information to data brokers.

This kind of privacy-infringing tracking on a mass scale is a data miner’s dream – direct access to conversations and behavior is the perfect blend of information needed for creating a perfectly tuned ad that can nearly guarantee a successful sale.

Who are the worst offenders?

Tesla: Love them or hate them, Tesla has made themselves a leading figure of the electric car industry. By pushing multiple types of vehicle control and monitoring through their Tesla app, they allow customers to monitor battery life, remotely lock and start the car, and track locations should you forget where you parked your car in a large garage.

Tesla does state upfront that you can disable vehicle connectivity, but that it may cause performance or functionality setbacks. So while officially allowing a way for users to object to data collection, this effectively disables many of the features which would have been major reasons for purchasing a Tesla in the first place.

With in-app location tracking, this scene would no longer be possible.

Poor Kramer wouldn’t have needed to struggle with that AC if they used the Tesla app.

Nissan: From all of the vehicle privacy reviews which Mozilla drafted, Nissan is by far the worst and most creepy offender. Beyond tracking the default diagnostic data, Nissan openly states in their privacy policy that they collect information related to your sexuality and genetics.

We don’t know if other manufacturers are also tracking such detailed personal information about their drivers due to vague phrasing and legal terminology, but regardless of that fact creating databases composed of easily exploitable information is painting a giant target on their backs for malicious hackers eager to blackmail customers.

Volkswagen: The Beetle isn’t the only bug that Volkswagen has begun selling to the masses. Their new vehicles are data mining machines. VW launched their myVW app in 2020. MyVW works similar to the Tesla app by offering remote access controls to your vehicle and just like Tesla much of this information is later sold to third-party groups, even for advertisement purposes.

VW plainly lists the companies which may process your data in the privacy statements for their connected-car services which includes both Amazon and Microsoft – two companies not known for offering pretty good privacy, but for being data harvesting tech giants.

What the future brings

It will be interesting to see what the future of automotive data tracking holds, with a political push towards fully electric vehicles and greater restrictions on older cars, this kind of tracking tech is likely to become unavoidable for drivers.

For now, fortunately, older vehicles are still available which can be driven without requiring app connectivity or built-in tracking. But should you need or want a new vehicle, things are getting difficult already today.

Our best bet is pushing our representatives for strong legislation to protect drivers against this invasion of their privacy with unlimited tracking and sharing of their data.

Author
Brandon fights for your right to privacy by spreading the word about privacy respecting products like Tuta. His expertise in US privacy law, encryption usage and policy, and American surveillance politics lets him explain complicated topics and privacy issues in an easy-to-grasp language. Privacy shouldn't be a luxury and by working at Tuta, Brandon helps bring privacy and security to everyone.
Top posts
Latest posts