'Today, the Mozilla Foundation published its analysis of how well automakers handle the privacy of data collected by their connected cars, and the results will be unlikely to surprise any regular reader of Ars Technica. The researchers were horrified by their findings, stating that "cars are the worst product category we have ever reviewed for privacy." Mozilla looked at 25 car brands and found that all of them collected too much personal data, and from multiple sources—monitoring not just which buttons you push or what you do in any of the infotainment system's apps but also data from other sources like satellite radio or third-party maps. Or even when you connect your phone—remember that prompt asking you if you wanted to share all your contacts and notes with your car when you connected it via Bluetooth? While some gathered data seems innocuous or even helpful—feedback to improve cabin ergonomics and UIs, for example—some data is decidedly not. For example, Nissan's privacy policy says it can collect "sensitive personal information, including driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information," although it's unlikely your car knows whether you're getting busy in the back seat. While this might be technically possible with a car fitted with a camera-based driver-monitoring system, Nissan's privacy policy notes the data source for the quoted paragraph as "direct contact with users and Nissan employees." (Although more sophisticated driver-monitoring systems that claim to detect emotional states have been demonstrated at shows like CES, we're unaware of any that are in production.) Mozilla found plenty more to worry about. Eighty-four percent of the brands they analyzed said they can share your data, and 76 percent said they can sell it. And more than half say they'll share data with the government and law enforcement by request. Users have very little control over what those brands do with their data. Only two of the 25 brands (Renault and Dacia) tell users they have the right to have their data deleted, and neither sell cars in the United States.' -- source: https://arstechnica.com/cars/2023/09/connected-cars-are-a-privacy-nightmare-... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, Hamilton, NZ Mobile +64 22 190 2375 https://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/