Although I concede that this isn’t specifically cyber security, privacy is almost synonymous with security in general, and in that spirit, I encountered this review of Car Privacy Policies: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy
In their conclusions, they summarize that consumers really don’t have choices among brands; “they’re all bad.”
Like we mentioned, all of the cars we researched earned our *Privacy Not Included warning label. All of the car brands we researched got our “data use” and “security” dings — and most earned dings for poor data control and bad track records too! We can’t stress enough how bad and not normal this is for an entire product guide to earn warning labels.
The worst problem is that the review could not conclude or even test how data is being secured on just the car, itself, or how companies are managing the data that they do collect. And the privacy policies are implicit since who reads the Privacy Policy of a car that they’re boarding. To add to the problem, Minnesota has enacted legislation in 2022: https://www.revisor.mn.gov/statutes/cite/169.475 that requires motorists to use hands-free connectivity with their vehicle, which compounds this issue because motorists are compelled to connect their smart phones if they intend to use it while the vehicle is in operation on motorways.
Many people have lifestyles that require driving. So unlike a smart faucet or voice assistant, you don’t have the same freedom to opt out of the whole thing and not drive a car.
Well – I am grateful that my car is most assuredly, “dumb.” In most cases, the on-board Bluetooth merely permits interoperability for hands-free operation, like making a phone call or changing audio tracks.
If you want to join Mozilla’s petition to get this fixed, you can do so: https://foundation.mozilla.org/en/privacynotincluded/articles/car-companies-stop-your-huge-data-collection-programs-en/