Over the past few months, I have introduced you to many aspects of data brokers—organizations that do everything to retrieve as much information as possible about you when you use the internet. Because we all leave traces, these traces, when put together, can be very precise about our identity and behaviors.
I started by explaining what data brokers are and how they work, including their methods of data enrichment and how it can backfire on you in daily life, causing problems such as CPF training scams and a lack of respect for your privacy. However, there is one avenue that I had not yet explored, which relates to “modern” cars.
You might be thinking, “That’s it, Uncle Korben has definitely hit all the red lights, he’s on reserve.” Well, not really, as I recently learned from a study by Mozilla for its *Privacy Not Included project (a site that analyzes the security of all types of connected objects). Get on board, and you’ll quickly understand the relationship between a modern car and data brokers.
Cars & Data Brokers:
Our cars are now equipped with an enormous range of tools used to analyze our behavior and the environment, both external and internal—sensors, cameras, radars, microphones, navigation data, telematics applications, etc. This allows monitoring not only of your driving but also everything around it: the weather, the number of people in the cabin, your movements, the places you usually go, what you say and do in the vehicle, and even filming the exterior.
That’s already a lot of private information collected, but if it stays in your manufacturer’s databases, it limits the harm. Except that there are at least two “small” problems. On the one hand, car manufacturers’ databases are real sieves (more than 2/3 have been hacked in the last 3 years). And above all, the vast majority (almost 85%) of brands acknowledge in their Terms and Conditions that they can collect, share, and sell your data to third parties. This is where you finally see the connection with data brokers since they are among those who buy this data, just like insurance companies. Governments don’t even have to pay for it; more than half of the brands say they will share their information at their request (fortunately in Europe, it’s more complicated… for now).
Ultra-sensitive data and a lack of security seriousness—what could go wrong? Can you imagine how this could be hijacked by hackers or the manufacturers themselves? The source article cites several examples (I’ll let you read that in the article linked above), including one for which Ford has filed a patent: making the car automatically return to its dealership in the event of non-repayment of the loan. And yes, it goes that far; Nissan even mentions that they can record any sexual activity taking place in the car—more intrusive than a bed bug.
For Mozilla, the mass of information retrieved is downright mind-blowing and goes beyond any type of hardware they have tested so far (worse than your phone, connected speaker, etc.). They even talk about a WTF level. This is regardless of the car model (entry-level, SUV, etc.). In 2021, this represented about 60% of models, a figure expected to reach 90% by 2026. Not a single one of the manufacturers manages to meet the minimum standards. What are some of the names among the 25 brands that were examined? Tesla, Honda, Nissan, Kia, Renault (almost the only one to comply with the GDPR for now), Toyota, Volkswagen, Ford, BMW, Mercedes, Fiat…
You’ve understood that the foundation behind the Firefox browser is not sympathetic to the automotive industry and their way of not respecting the privacy of their customers. What can we do on our part? Well, not much, except for signing their petition. Or, alternatively, stick to an old-fashioned, non-modernized traditional car. The value of used 2CVs and other VW Golf 2 GTIs is not likely to drop anytime soon 😉.