Security
Headlines
HeadlinesLatestCVEs

Headline

How the Most Popular Cars in the US Track Drivers

Vehicles from Toyota, Honda, Ford, and more can collect huge volumes of data. Here’s what the companies can access.

Wired
#git#wifi

Privacy4Cars results say it is unclear how Honda uses biometric data, which is information about your body. Honda’s Martin says no Acura or Honda models in the US have systems that transfer biometrics to the company. The airbag system within the car may collect weight and body position information, Martin says, but this is stored on the onboard computer and is only accessible by a physical connection, with state and federal laws outlining who can access it.

Honda’s connected product privacy notice says it is possible to opt out of many forms of data collection, pointing to its apps and owners manuals.

Ford (F150)

Only one Ford model, the F150 truck, appears in recent lists of best-sellers, but it’s often the most popular across all categories. Like most manufacturers, Ford collects information about who owns the vehicle, including names, location details, and driving license data. Privacy4Cars analyzed four Ford documents, which run to around 50,000 words, when looking at the data the company can collect.

Alan Hall, director of technology communications at Ford, says its Connected Vehicle Privacy Notice provides people with the most information about what its cars collect. This includes vehicle data, such as tire pressure, information about how parts are performing, and vehicle charging information if a vehicle is electric.

The company also can collect driving data and characteristics, such as your speed, how you push the pedals, and seat-belt-related data. Information about your travel direction, precise location, speed, and local weather can be gathered from the vehicle.

Voice recognition systems in some of its vehicles can gather information when they are listening. Its “media analytics” involves capturing information about what you listen to in your car, including “radio presets, volume, channels, media sources, title, artist, and genre.”

The section of Ford’s privacy policy that is specific to California, which has stricter data laws than across the US, also provides extra data about what can be collected. “We utilize connected vehicle data to improve quality, minimize environmental impact, and make our vehicles safer and more enjoyable to drive and own,” Hall says.

Chevrolet (Silverado)

Chevrolet, which is owned by General Motors, collects both information about you and what you do with your vehicle, as all manufacturers we analyzed do. A company spokesperson says its privacy statement is the fullest documentation of what the company collects. This document also links to its specific privacy document for connected services, including its cars. We ran the Chevrolet Silverado through the privacy tool.

As a starter, GM collects people’s identifiers, such as names, postal addresses, and email addresses. Chevrolet’s documents say it can collect information about your vehicle, such as its battery, ignition, and window data, gear status, and diagnostic information. It can also collect, among other things, your location, route history, your speed, and “braking and swerving/cornering events.”

The documents also say data “from camera images and sensor data, voice command information, stability control or anti-lock events, security/theft alerts, and infotainment (including radio and rear-seat infotainment) system and Wi-Fi data usage” can be collected. The company can also receive “information about your home energy usage,” which relates to the charging and discharging of electric vehicles.

Jeep and Ram (Grand Cherokee and Ram Pickups)

The Jeep Grand Cherokee and the Ram Pickup are two of the most popular vehicles in the US. Both the Jeep and Ram brands are owned by Stellantis, a firm that was created when Fiat Chrysler Automobiles and the Peugeot group merged in 2021. As a result, they largely use the same connected services privacy policy and terms of service, which can also cover Chrysler, Dodge, and Fiat. (Ram was a line of Dodge trucks until it became its own brand starting in 2010.)

Stellantis can collect your name, address, phone number, email, Social Security number, and driving license number. The driving data the company collects, according to its documents, includes the dates and times you use it, your speed, acceleration and braking data, details of the trip (including location, weather, route taken), and, among other things, cruise control data. Like other manufacturers, it also collects data about the status of your car, including “refueling activity,” battery levels, images from cameras, and error codes that are generated. Your face and fingerprint data may be collected if you use services, such as digital keys, that need this kind of information to operate, the documents say.

Privacy4Cars tool says the company is “silent” in its documents on whether data from synched phones is collected. Mark Silk, the head of software data analytics at Stellantis, says data is not collected from synched phones in vehicles, but the company does collect data from its “branded mobile remote apps.”

Silk says that for the majority of its new vehicles, there are three ways for people to manage their personal data. “The ability to turn off and on the collection of geo-location data at any time from within the vehicle, the ability to opt-in/out and consent to specific uses of their personal data via our digital channels, and the ability to request the ‘right to be forgotten’ at any time—again this can be requested via digital channels,” Silk says, adding the company is rolling out more privacy tools in the future.

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist