A place to cache linked articles (think custom and personal wayback machine)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.html 33KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304
  1. <!doctype html><!-- This is a valid HTML5 document. -->
  2. <!-- Screen readers, SEO, extensions and so on. -->
  3. <html lang="fr">
  4. <!-- Has to be within the first 1024 bytes, hence before the `title` element
  5. See: https://www.w3.org/TR/2012/CR-html5-20121217/document-metadata.html#charset -->
  6. <meta charset="utf-8">
  7. <!-- Why no `X-UA-Compatible` meta: https://stackoverflow.com/a/6771584 -->
  8. <!-- The viewport meta is quite crowded and we are responsible for that.
  9. See: https://codepen.io/tigt/post/meta-viewport-for-2015 -->
  10. <meta name="viewport" content="width=device-width,initial-scale=1">
  11. <!-- Required to make a valid HTML5 document. -->
  12. <title>It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy (archive) — David Larlet</title>
  13. <meta name="description" content="Publication mise en cache pour en conserver une trace.">
  14. <!-- That good ol' feed, subscribe :). -->
  15. <link rel="alternate" type="application/atom+xml" title="Feed" href="/david/log/">
  16. <!-- Generated from https://realfavicongenerator.net/ such a mess. -->
  17. <link rel="apple-touch-icon" sizes="180x180" href="/static/david/icons2/apple-touch-icon.png">
  18. <link rel="icon" type="image/png" sizes="32x32" href="/static/david/icons2/favicon-32x32.png">
  19. <link rel="icon" type="image/png" sizes="16x16" href="/static/david/icons2/favicon-16x16.png">
  20. <link rel="manifest" href="/static/david/icons2/site.webmanifest">
  21. <link rel="mask-icon" href="/static/david/icons2/safari-pinned-tab.svg" color="#07486c">
  22. <link rel="shortcut icon" href="/static/david/icons2/favicon.ico">
  23. <meta name="msapplication-TileColor" content="#f7f7f7">
  24. <meta name="msapplication-config" content="/static/david/icons2/browserconfig.xml">
  25. <meta name="theme-color" content="#f7f7f7" media="(prefers-color-scheme: light)">
  26. <meta name="theme-color" content="#272727" media="(prefers-color-scheme: dark)">
  27. <!-- Is that even respected? Retrospectively? What a shAItshow…
  28. https://neil-clarke.com/block-the-bots-that-feed-ai-models-by-scraping-your-website/ -->
  29. <meta name="robots" content="noai, noimageai">
  30. <!-- Documented, feel free to shoot an email. -->
  31. <link rel="stylesheet" href="/static/david/css/style_2021-01-20.css">
  32. <!-- See https://www.zachleat.com/web/comprehensive-webfonts/ for the trade-off. -->
  33. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  34. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  35. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  36. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  37. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  38. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  39. <script>
  40. function toggleTheme(themeName) {
  41. document.documentElement.classList.toggle(
  42. 'forced-dark',
  43. themeName === 'dark'
  44. )
  45. document.documentElement.classList.toggle(
  46. 'forced-light',
  47. themeName === 'light'
  48. )
  49. }
  50. const selectedTheme = localStorage.getItem('theme')
  51. if (selectedTheme !== 'undefined') {
  52. toggleTheme(selectedTheme)
  53. }
  54. </script>
  55. <meta name="robots" content="noindex, nofollow">
  56. <meta content="origin-when-cross-origin" name="referrer">
  57. <!-- Canonical URL for SEO purposes -->
  58. <link rel="canonical" href="https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/">
  59. <body class="remarkdown h1-underline h2-underline h3-underline em-underscore hr-center ul-star pre-tick" data-instant-intensity="viewport-all">
  60. <article>
  61. <header>
  62. <h1>It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy</h1>
  63. </header>
  64. <nav>
  65. <p class="center">
  66. <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
  67. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
  68. </svg> Accueil</a> •
  69. <a href="https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/" title="Lien vers le contenu original">Source originale</a>
  70. </p>
  71. </nav>
  72. <hr>
  73. <div class="tw-container paragraph-block ">
  74. <div class="tw-row tw-justify-center ">
  75. <div class="streamfield-content ">
  76. <div class="rich-text"><p data-block-key="vcgtg">Ah, the wind in your hair, the open road ahead, and not a care in the world… except all the trackers, cameras, microphones, and sensors capturing your every move. <i>Ugh.</i> Modern cars are a <b>privacy nightmare</b>.</p><p data-block-key="b3v4d"></p><p data-block-key="3jls1">Car makers have been bragging about their cars being “computers on wheels&quot; for <a href="https://www.latimes.com/business/autos/la-fi-hy-musk-computer-on-wheels-20150319-story.html" target="_blank">years</a> to promote their advanced features. However, the conversation about what driving a computer means for its occupants&#x27; privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.</p><p data-block-key="b62rt"></p><p data-block-key="3hbr6"><b>All 25 car brands we researched earned our *Privacy Not Included warning label -- making cars the official worst category of products for privacy that we have ever reviewed.</b></p></div>
  77. </div>
  78. </div>
  79. </div>
  80. <div class="tw-container linkbutton-block ">
  81. <div class="tw-row tw-justify-center ">
  82. <div class="streamfield-content ">
  83. <a class="tw-btn-primary link-button tw-my-8" href="https://foundation.mozilla.org/privacynotincluded/categories/cars/">Read the reviews</a>
  84. </div>
  85. </div>
  86. </div>
  87. <div class="tw-container paragraph-block ">
  88. <div class="tw-row tw-justify-center ">
  89. <div class="streamfield-content ">
  90. <div class="rich-text"><h2 data-block-key="vcgtg"><a class="fragment-id" id="the-car-brands-we-researched-are-terrible-at-privacy-and-security"></a>The car brands we researched are terrible at privacy and security</h2><p data-block-key="e0fb5"></p><p data-block-key="2n2g4">Why are cars we researched so bad at privacy? And how did they fall so far below our standards? Let us count the ways!</p><p data-block-key="9kda"></p></div>
  91. </div>
  92. </div>
  93. </div>
  94. <div class="tw-container paragraph-block ">
  95. <div class="tw-row tw-justify-center ">
  96. <div class="streamfield-content ">
  97. <div class="rich-text"><h3 data-block-key="vcgtg"><a class="fragment-id" id="1-they-collect-too-much-personal-data-all-of-them"></a>1. They collect too much personal data (all of them)</h3><p data-block-key="725sa"></p><p data-block-key="46pl2">We reviewed 25 car brands in our research and we handed out 25 “dings” for how those companies collect and use data and personal information. That’s right: <i>every car brand</i> we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you. For context, 63% of the mental health apps (another product category that <a href="https://foundation.mozilla.org/privacynotincluded/articles/are-mental-health-apps-better-or-worse-at-privacy-in-2023/" target="_blank">stinks at privacy</a>) we reviewed this year received this “ding.”</p><p data-block-key="fglqs"></p><p data-block-key="8hhm7">And car companies have so many more data-collecting opportunities than other products and apps we use -- more than even smart devices in our homes or the cell phones we take wherever we go. They can collect personal information from how you interact with <b>your car</b>, the <b>connected services</b> you use in your car, the car’s <b>app</b> (which provides a gateway to information on your <b>phone</b>), and can gather even more information about you from <b>third party sources</b> like Sirius XM or Google Maps. It’s a mess. The ways that car companies collect and share your data are so vast and complicated that we wrote an entire piece on <a href="https://foundation.mozilla.org/privacynotincluded/articles/what-data-does-my-car-collect-about-me-and-where-does-it-go/" target="_blank">how that works</a>. The gist is: they can collect super intimate information about you -- from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car -- in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests.</p></div>
  98. </div>
  99. </div>
  100. </div>
  101. <div class="tw-container paragraph-block ">
  102. <div class="tw-row tw-justify-center ">
  103. <div class="streamfield-content ">
  104. <div class="rich-text"><h3 data-block-key="vcgtg"><a class="fragment-id" id="2-most-84-share-or-sell-your-data"></a>2. Most (84%) share or sell your data</h3><p data-block-key="6atg0"></p><p data-block-key="f9nmp">It’s bad enough for the behemoth corporations that own the car brands to have all that personal information in their possession, to use for their own research, marketing, or the ultra-vague “business purposes.” But then, most (84%) of the car brands we researched say they can <b>share</b> your personal data -- with service providers, data brokers, and other businesses <a href="https://foundation.mozilla.org/privacynotincluded/articles/what-data-does-my-car-collect-about-me-and-where-does-it-go/" target="_blank">we know little</a> or nothing about. Worse, nineteen (76%) say they can <b>sell your personal data</b>.</p><p data-block-key="64v3o"></p><p data-block-key="6og3n">A surprising number (56%) also say they can share your information with the <b>government or law enforcement</b> in response to a “request.” Not a high bar court order, but something as easy as an “informal request.” Yikes -- that’s a very low bar! A 2023 rewrite of Thelma &amp; Louise would have the ladies in custody before you’ve had a chance to make a dent in your popcorn. But seriously, car companies&#x27; willingness to share your data is beyond creepy. It has the potential to cause real harm and inspired our worst <a href="https://foundation.mozilla.org/privacynotincluded/articles/after-researching-cars-and-privacy-heres-what-keeps-us-up-at-night/" target="_blank">cars-and-privacy nightmares</a>.</p><p data-block-key="1kjv5"></p><p data-block-key="91c9d">And keep in mind that we only know what companies do with personal data because of the privacy laws that make it illegal not to disclose that information (go California Consumer Privacy Act!). <a href="https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds" target="_blank">So-called</a> anonymized and aggregated data can (and probably is) shared too, with vehicle data hubs (the data brokers of the auto industry) and others. So while you are getting from A to B, you’re also funding your car’s thriving side-hustle in the data business in more ways than one.</p></div>
  105. </div>
  106. </div>
  107. </div>
  108. <div class="tw-container paragraph-block ">
  109. <div class="tw-row tw-justify-center ">
  110. <div class="streamfield-content ">
  111. <div class="rich-text"><h3 data-block-key="vcgtg"><a class="fragment-id" id="3-most-92-give-drivers-little-to-no-control-over-their-personal-data"></a>3. Most (92%) give drivers little to no control over their personal data</h3><p data-block-key="6q2er"></p><p data-block-key="22all">All but two of the 25 car brands we reviewed earned our “ding” for data control, meaning only two car brands, <a href="https://foundation.mozilla.org/privacynotincluded/renault/" target="_blank">Renault</a> and <a href="https://foundation.mozilla.org/privacynotincluded/dacia/" target="_blank">Dacia</a> (which are owned by the same parent company) say that all drivers have the right to have their personal data deleted. We would like to think this deviation is one car company taking a stand for drivers’ privacy. It’s probably no coincidence though that these cars are only available in Europe -- which is protected by the robust General Data Protection Regulation (GDPR) privacy law. In other words: car brands often do whatever they can legally get away with to your personal data.</p></div>
  112. </div>
  113. </div>
  114. </div>
  115. <div class="tw-container paragraph-block ">
  116. <div class="tw-row tw-justify-center ">
  117. <div class="streamfield-content ">
  118. <div class="rich-text"><h3 data-block-key="vcgtg"><a class="fragment-id" id="4-we-couldnt-confirm-whether-any-of-them-meet-our-minimum-security-standards"></a>4. We couldn’t confirm whether <i>any</i> of them meet our Minimum Security Standards</h3><p data-block-key="735ad"></p><p data-block-key="c5l3h">It’s so strange to us that dating apps and sex toys publish more detailed security information than cars. Even though the car brands we researched each had several long-winded privacy policies (<a href="https://foundation.mozilla.org/privacynotincluded/toyota/" target="_blank">Toyota</a> wins with 12), we couldn’t find confirmation that <i>any</i> of the brands <a href="https://foundation.mozilla.org/privacynotincluded/about/methodology/" target="_blank">meet</a> our Minimum Security Standards.</p><p data-block-key="2tcbn"></p><p data-block-key="cu0h4">Our main concern is that we can’t tell whether any of the cars encrypt all of the personal information that sits on the car. And that’s the bare minimum! We don’t call them our state-of-the-art security standards, after all. We reached out (as we always do) by email to ask for clarity but most of the car companies completely ignored us. Those who at least responded (<a href="https://foundation.mozilla.org/privacynotincluded/mercedes-benz/" target="_blank">Mercedes-Benz</a>, <a href="https://foundation.mozilla.org/privacynotincluded/honda/" target="_blank">Honda</a>, and technically <a href="https://foundation.mozilla.org/privacynotincluded/ford/" target="_blank">Ford</a>) still didn’t completely answer our basic security questions.</p><p data-block-key="2p31a"></p><p data-block-key="9f0je">A failure to properly address cybersecurity might explain their frankly embarrassing security and privacy track records. We only looked at the last three years, but still found plenty to go on with 17 (68%) of the car brands earning the “bad track record” ding for leaks, hacks, and breaches that threatened their drivers’ privacy.</p></div>
  119. </div>
  120. </div>
  121. </div>
  122. <div class="tw-container paragraph-block ">
  123. <div class="tw-row tw-justify-center ">
  124. <div class="streamfield-content ">
  125. <div class="rich-text"><h2 data-block-key="vcgtg"><a class="fragment-id" id="at-a-glance-how-the-car-brands-stack-up"></a>At a glance: How the car brands stack up</h2><p data-block-key="b7q9"></p><p data-block-key="c8kmu">Here’s how the cars performed against our privacy and security <a href="https://foundation.mozilla.org/privacynotincluded/about/methodology/" target="_blank">criteria</a>.</p></div>
  126. </div>
  127. </div>
  128. </div>
  129. <div class="tw-container datawrapper-block ">
  130. <div class="tw-row tw-justify-center ">
  131. <div class="streamfield-content ">
  132. <div class="tw-my-4">
  133. <iframe title="All the car brands we reviewed, ranked from bad to worst for your privacy" aria-label="Table" id="datawrapper-chart-qBzPR" src="https://datawrapper.dwcdn.net/qBzPR/5/" scrolling="no" frameborder="0" style="width: 0; min-width: 100% !important; border: none;" height="3999" data-external="1"></iframe><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript">!function(){"use strict";window.addEventListener("message",(function(a){if(void 0!==a.data["datawrapper-height"]){var e=document.querySelectorAll("iframe");for(var t in a.data["datawrapper-height"])for(var r=0;r<e.length;r++)if(e[r].contentWindow===a.source){var i=a.data["datawrapper-height"][t]+"px";e[r].style.height=i}}}))}();
  134. </script>
  135. </div>
  136. </div>
  137. </div>
  138. </div>
  139. <div class="tw-container paragraph-block ">
  140. <div class="tw-row tw-justify-center ">
  141. <div class="streamfield-content ">
  142. <div class="rich-text"><h3 data-block-key="vcgtg"><a class="fragment-id" id="some-not-so-fun-facts-about-these-rankings"></a>Some not-so-fun facts about these rankings:</h3><p data-block-key="f1hq9"></p><ul><li data-block-key="7vu07"><a href="https://foundation.mozilla.org/privacynotincluded/tesla/" target="_blank">Tesla</a> is only the second product we have ever reviewed to receive all of our privacy “dings.” (The first was an <a href="https://foundation.mozilla.org/privacynotincluded/replika-my-ai-friend/" target="_blank">AI chatbot</a> we reviewed earlier this year.) What set them apart was earning the “<b>untrustworthy AI</b>” ding. The brand’s AI-powered autopilot was reportedly <a href="https://www.washingtonpost.com/technology/2023/06/10/tesla-autopilot-crashes-elon-musk/" target="_blank">involved</a> in 17 deaths and 736 crashes and is currently the subject of multiple government <a href="https://www.theverge.com/2023/7/26/23809183/tesla-autopilot-investigation-false-advertising-california-attorney-general" target="_blank">investigations</a>.</li></ul><p data-block-key="3rfcp"></p><ul><li data-block-key="dpeme"><a href="https://foundation.mozilla.org/privacynotincluded/nissan/" target="_blank">Nissan</a> earned its second-to-last spot for collecting some of the <b>creepiest categories</b> of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “<b>sexual activity</b>.” Not to be out done, Kia also mentions they can collect information about your “<b>sex life</b>” in their privacy policy. Oh, and six car companies say they can collect your “<b>genetic information</b>” or “genetic characteristics.” Yes, reading car privacy policies is a scary endeavor.</li></ul><p data-block-key="4u392"></p><ul><li data-block-key="di581">None of the car brands use language that meets Mozilla’s <a href="https://www.mozilla.org/about/policy/transparency/" target="_blank">privacy standard</a> about sharing information with the government or law enforcement, but <a href="https://foundation.mozilla.org/privacynotincluded/hyundai/" target="_blank">Hyundai</a> goes above and beyond. In their privacy policy, it says they will comply with “lawful requests, <b>whether formal or informal</b>.” That’s a serious red flag.</li></ul><p data-block-key="ao5hn"></p><ul><li data-block-key="9vajt">All of the car brands on this list except for Tesla, Renault, and Dacia signed on to a list of <a href="https://www.autosinnovate.org/innovation/Automotive%20Privacy/Consumer_Privacy_Principlesfor_VehicleTechnologies_Services-03-21-19.pdf" target="_blank">Consumer Protection Principles</a> from the US automotive industry group ALLIANCE FOR AUTOMOTIVE INNOVATION, INC. The list includes great privacy-preserving principles such as “data minimization,” “transparency,” and “choice.” But the number of car brands that follow these principles? Zero. It’s interesting if only because it means the car companies do clearly <b>know what they should be doing to respect your privacy</b> even though they absolutely don’t do it.</li></ul><p data-block-key="95tkq"></p></div>
  143. </div>
  144. </div>
  145. </div>
  146. <div class="tw-container paragraph-block ">
  147. <div class="tw-row tw-justify-center ">
  148. <div class="streamfield-content ">
  149. <div class="rich-text"><h2 data-block-key="vcgtg"><a class="fragment-id" id="what-can-you-do-about-it-well"></a>What can you do about it? Well…</h2><p data-block-key="f8r2e"></p><p data-block-key="c4t17">This is usually where we’d encourage you to <a href="https://foundation.mozilla.org/privacynotincluded/categories/cars/" target="_blank">read our reviews</a>, and to choose the products you can trust when you can. But, cars aren’t really like that.</p><p data-block-key="d8ggi"></p><p data-block-key="utph">Sure, there are some steps you can take to protect more of your privacy, and we’ve listed them all in each of our <a href="https://foundation.mozilla.org/privacynotincluded/categories/cars/" target="_blank">reviews</a> under “Tips to protect yourself.” They’re definitely worth doing. You can also avoid using your car’s app or limit its permissions on your phone. (Since many of the apps share a privacy policy with the vehicle, we can’t always tell which data is taken from your phone so it’s probably better to err on the side of caution by not using it.) But compared to all the data collection you can’t control, these steps feel like tiny drops in a massive bucket. Plus, you deserve to benefit from all the features you pay for without also having to give up your privacy.</p><p data-block-key="amorv"></p><p data-block-key="5phvo">The <b>lack of choice</b> has really been among the biggest bummers in reading up on cars and privacy. Consumers’ choices are limited in so many ways with cars, because:</p></div>
  150. </div>
  151. </div>
  152. </div>
  153. <div class="tw-container paragraph-block ">
  154. <div class="tw-row tw-justify-center ">
  155. <div class="streamfield-content ">
  156. <div class="rich-text"><h3 data-block-key="vcgtg"><a class="fragment-id" id="theyre-all-bad"></a>They’re all bad</h3><p data-block-key="f2gap"></p><p data-block-key="9sbk2">People don’t comparison-shop for cars based on privacy. And they shouldn’t be expected to. That’s because there are so many other limiting factors for car buyers. Like cost, fuel efficiency, availability, reliability, and the features you need. Even if you did have the funds and the resources to comparison shop for your car based on privacy, you wouldn’t find much of a difference. Because according to our research, they are all bad! On top of all that, researching cars and privacy was one of the hardest undertakings we as privacy researchers have ever had. Sorting through the large and confusing ecosystem of privacy policies for cars, car apps, car connected services, and more isn’t something most people have the time or experience to do.</p><p data-block-key="3oq41"></p><p data-block-key="6k4r">Like we mentioned, <b><i>all</i></b><b> of the cars we researched earned our *Privacy Not Included warning label</b>. All of the car brands we researched got our “data use” and “security” dings -- and most earned dings for poor data control and bad track records too! We can’t stress enough how bad and not normal this is for an entire product guide to earn warning labels.</p></div>
  157. </div>
  158. </div>
  159. </div>
  160. <div class="tw-container paragraph-block ">
  161. <div class="tw-row tw-justify-center ">
  162. <div class="streamfield-content ">
  163. <div class="rich-text"><h3 data-block-key="vcgtg"><a class="fragment-id" id="its-so-confusing"></a>It’s so confusing</h3><p data-block-key="4hvfh"></p><p data-block-key="6gs8c">We spent over <b>600 hours</b> researching the car brands’ privacy practices. That’s three times as much time per product than we normally do. Even still, we were left with so many questions. None of the privacy policies promise a full picture of how your data is used and shared. If three privacy researchers can barely get to the bottom of what’s going on with cars, how does the average time-pressed person stand a chance?</p></div>
  164. </div>
  165. </div>
  166. </div>
  167. <div class="tw-container paragraph-block ">
  168. <div class="tw-row tw-justify-center ">
  169. <div class="streamfield-content ">
  170. <div class="rich-text"><h3 data-block-key="vcgtg"><a class="fragment-id" id="but-wait-theres-more"></a>But wait, there’s more!</h3><p data-block-key="9fv20"></p><h3 data-block-key="eeitd"><a class="fragment-id" id="consent-is-an-illusion"></a>&quot;Consent” is an illusion</h3><p data-block-key="flifi"></p><p data-block-key="acnho">Many people have lifestyles that require driving. So unlike a smart faucet or voice assistant, you don’t have the same freedom to opt out of the whole thing and not drive a car. We’ve <a href="https://foundation.mozilla.org/privacynotincluded/articles/what-does-giving-your-consent-really-mean/" target="_blank">talked before</a> about the murky ways that companies can manipulate your consent. And car companies are no exception. Often, they ignore your consent. Sometimes, they assume it. Car companies do that by <i>assuming</i> that you have read and agreed to their policies before you step foot in their cars. <a href="https://foundation.mozilla.org/privacynotincluded/subaru/" target="_blank">Subaru</a>’s privacy policy says that even passengers of a car that uses connected services have “consented” to allow them to use -- and maybe even sell -- their personal information just by being inside.</p><p data-block-key="4jloe"></p><p data-block-key="4mbmi">So when car companies say they have your “consent” or won’t do something “without your consent,” it often doesn’t mean what it should. Like when Tesla says, that sure! You can opt out of data collection, but it might break your car:</p></div>
  171. </div>
  172. </div>
  173. </div>
  174. <div class="tw-container single_quote-block ">
  175. <div class="tw-row tw-justify-center ">
  176. <div class="streamfield-content ">
  177. <div class="tw-my-4">
  178. <div class="feature-quote">
  179. <div class="quote-content"><div class="rich-text"><p data-block-key="l3i5y">However, “<b>if you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle</b>, please contact us to deactivate connectivity. Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, Internet radio, voice commands, and web browser functionality rely on such connectivity. If you choose to opt out of vehicle data collection (with the exception of in-car Data Sharing preferences), we will not be able to know or notify you of issues applicable to your vehicle in real time. <b>This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability</b>.&quot;</p></div></div>
  180. <p class="tw-h6-heading tw-text-lg tw-max-w-4xl">Tesla&#x27;s Customer Privacy Notice</p>
  181. <div class="feature-quote-attribution-info tw-max-w-4xl tw-italic">
  182. <div class="rich-text"><p data-block-key="j1i91"><a href="https://www.tesla.com/legal/privacy" target="_blank">https://www.tesla.com/legal/privacy</a></p></div>
  183. </div>
  184. </div>
  185. </div>
  186. </div>
  187. </div>
  188. </div>
  189. <div class="tw-container paragraph-block ">
  190. <div class="tw-row tw-justify-center ">
  191. <div class="streamfield-content ">
  192. <div class="rich-text"><p data-block-key="vcgtg">A few of the car companies we researched take manipulating your consent one step further by making you complicit in getting “consent” from others, saying it’s <i>on you</i> to inform them of your car’s privacy policies. Like when <a href="https://foundation.mozilla.org/privacynotincluded/nissan/" target="_blank">Nissan</a> makes you “<b>promise to</b> <b>educate and inform all users and occupants of your Vehicle</b> about the Services and System features and limitations, the terms of the Agreement, including terms concerning data collection and use and privacy, and the Nissan Privacy Policy.” OK, <a href="https://foundation.mozilla.org/privacynotincluded/nissan/" target="_blank">Nissan</a>! We would love to meet the social butterfly who drafted this line.</p></div>
  193. </div>
  194. </div>
  195. </div>
  196. <div class="tw-container paragraph-block ">
  197. <div class="tw-row tw-justify-center ">
  198. <div class="streamfield-content ">
  199. <div class="rich-text"><h2 data-block-key="vcgtg"><a class="fragment-id" id="dont-worry-there-is-something-you-can-do"></a>Don’t worry!! There is something you can do!</h2><p data-block-key="87cum"></p><p data-block-key="al447">Hey woah don’t hang up your driving gloves just yet! We’re not saying the situation is hopeless. What we are saying is that it’s not fair for the burden to be on consumers to make “better choices” that in this case don’t exist. And we don’t want to take a page from car companies’ books by asking you to do things no reasonable person would ever do -- like reciting a 9,461-word privacy policy to everyone who opens your car’s doors.</p><p data-block-key="5tbvo"></p><p data-block-key="6kfh7">You’re already helping us to spread the word just by reading our research. Our hope is that increasing awareness will encourage others to hold car companies accountable for their terrible privacy practices too. But that’s not all. <b>On behalf of the Mozilla community, we’re asking car companies to stop their huge data collection programs that only benefit them.</b> Join us!</p><p data-block-key="do3m1"></p><p data-block-key="e55j6">Add your name to ask car companies to respect drivers’ privacy and to stop collecting, sharing and selling our very personal information.</p></div>
  200. </div>
  201. </div>
  202. </div>
  203. </article>
  204. <hr>
  205. <footer>
  206. <p>
  207. <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
  208. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
  209. </svg> Accueil</a> •
  210. <a href="/david/log/" title="Accès au flux RSS"><svg class="icon icon-rss2">
  211. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-rss2"></use>
  212. </svg> Suivre</a> •
  213. <a href="http://larlet.com" title="Go to my English profile" data-instant><svg class="icon icon-user-tie">
  214. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-user-tie"></use>
  215. </svg> Pro</a> •
  216. <a href="mailto:david%40larlet.fr" title="Envoyer un courriel"><svg class="icon icon-mail">
  217. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-mail"></use>
  218. </svg> Email</a> •
  219. <abbr class="nowrap" title="Hébergeur : Alwaysdata, 62 rue Tiquetonne 75002 Paris, +33184162340"><svg class="icon icon-hammer2">
  220. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-hammer2"></use>
  221. </svg> Légal</abbr>
  222. </p>
  223. <template id="theme-selector">
  224. <form>
  225. <fieldset>
  226. <legend><svg class="icon icon-brightness-contrast">
  227. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-brightness-contrast"></use>
  228. </svg> Thème</legend>
  229. <label>
  230. <input type="radio" value="auto" name="chosen-color-scheme" checked> Auto
  231. </label>
  232. <label>
  233. <input type="radio" value="dark" name="chosen-color-scheme"> Foncé
  234. </label>
  235. <label>
  236. <input type="radio" value="light" name="chosen-color-scheme"> Clair
  237. </label>
  238. </fieldset>
  239. </form>
  240. </template>
  241. </footer>
  242. <script src="/static/david/js/instantpage-5.1.0.min.js" type="module"></script>
  243. <script>
  244. function loadThemeForm(templateName) {
  245. const themeSelectorTemplate = document.querySelector(templateName)
  246. const form = themeSelectorTemplate.content.firstElementChild
  247. themeSelectorTemplate.replaceWith(form)
  248. form.addEventListener('change', (e) => {
  249. const chosenColorScheme = e.target.value
  250. localStorage.setItem('theme', chosenColorScheme)
  251. toggleTheme(chosenColorScheme)
  252. })
  253. const selectedTheme = localStorage.getItem('theme')
  254. if (selectedTheme && selectedTheme !== 'undefined') {
  255. form.querySelector(`[value="${selectedTheme}"]`).checked = true
  256. }
  257. }
  258. const prefersColorSchemeDark = '(prefers-color-scheme: dark)'
  259. window.addEventListener('load', () => {
  260. let hasDarkRules = false
  261. for (const styleSheet of Array.from(document.styleSheets)) {
  262. let mediaRules = []
  263. for (const cssRule of styleSheet.cssRules) {
  264. if (cssRule.type !== CSSRule.MEDIA_RULE) {
  265. continue
  266. }
  267. // WARNING: Safari does not have/supports `conditionText`.
  268. if (cssRule.conditionText) {
  269. if (cssRule.conditionText !== prefersColorSchemeDark) {
  270. continue
  271. }
  272. } else {
  273. if (cssRule.cssText.startsWith(prefersColorSchemeDark)) {
  274. continue
  275. }
  276. }
  277. mediaRules = mediaRules.concat(Array.from(cssRule.cssRules))
  278. }
  279. // WARNING: do not try to insert a Rule to a styleSheet you are
  280. // currently iterating on, otherwise the browser will be stuck
  281. // in a infinite loop…
  282. for (const mediaRule of mediaRules) {
  283. styleSheet.insertRule(mediaRule.cssText)
  284. hasDarkRules = true
  285. }
  286. }
  287. if (hasDarkRules) {
  288. loadThemeForm('#theme-selector')
  289. }
  290. })
  291. </script>
  292. </body>
  293. </html>