Below is the full-text of a Mozilla campaign email I received. Mozilla’s consumer buyer’s guide Privacy not included reviews apps and consumer electronics to help the general public choose products that better respect their privacy, and occasionally organizes petitions & campaigns to push for privacy regulation and accountability.
The bad news: major car companies say they can listen to us in our cars, collect our genetic information, track information about our sex lives, and sometimes even sell our personal information to places we don’t even know.
The good news: major car companies are also listening to our complaints about data privacy.
Last week, [Mozilla] revealed research showing that 25 global car brands are out of control when it comes to collecting, protecting, and even selling our personal information. And [Mozilla] stirred up a hornet’s nest.
Immediately, the auto industry scrambled to defend their disturbing surveillance practices: They spoke to the international press and wrote to the United States Congress, claiming that their car companies are “committed to protecting consumer privacy” and even called for regulation themselves.
As infuriating as this may be, it’s actually good news for our cause. If the auto industry is already getting so defensive, it means they are feeling the pressure from our research and all the bad press. And that means we’re making an impact.
Now is the time to use the momentum, increase public pressure and make car companies stop their intrusive data collection practices. Will you join thousands of Mozilla supporters and become part of the campaign?
Every time you take your car to be serviced by tge dealer it’s plugged into a diagnostics computer which reads the ECU, with the price of storage it is entirely possible that disabling the cell connection just causes the ECU to write it to local storage for upload at service read. The diagnostics machines are definitely connected to manufacturer servers.
Doing so is trivially easy the telematics is going to be caching before sending, all you need to do is manufacture that cache storage to be large enough (and it’s flatfiles we’re talking megs not gigs) and tell the software not to delete until it has an an acknowledged receipt of transfer.
If you’ve removed or disabled the telematics module and its antennas then your most sensitive data - your location - can’t be collected. GPS and mobile data technologies don’t work without hardware, antennas, and electricity.
At that point even if there’s a back-up collection system the most a dealer could dump would be general driving and usage data. That’s a non factor for 99.99% of people, but if that is an issue in your threat model then you should avoid dealers and work only with trusted, independent mechanics. And frankly if your average speed or odometer reading is that sensitive you’re probably on the run and have bigger issues to worry about.
I guess they could also dump your contacts or call data if you’ve synced those with your car, but you shouldn’t be doing that in the first place. Data collection isn’t magic. Don’t give the car data and it won’t have it.
Shop for cars that work fine with their telematics modules & antennas disabled or removed, disable/remove them when you buy yours, and you’ll be fine.