In today’s age of modern technology and global interconnections, it’s easy to forget just how dangerous all the information collection we’re exposed to can really be. A majority of us are aware that our computers, phones, browsers, etc. are gathering our habits and corresponding data, and selling it. However, did you know that your GM vehicle – as well as vehicles from every other automaker – is likely collecting information about you, and that it pertains to more than just the way in which you drive?
According to a report from the Mozilla Foundation, modern vehicles can be considered privacy nightmares. In fact, of the 25 automobile brands reviewed, every single one was found to collect much more data than was necessary. This may seem trivial, as it has little to no impact on your daily commute, but it goes deeper and gets weirder than one might expect.
For starters, automakers are collecting data that has nothing to do with driving your vehicle. A few ways in which they’re able to access personal data is when users connect their phones to their cars, through the vehicle’s integrated apps and from third-party sources. According to Mozilla’s Privacy Not Included study, GM’s multiple privacy policies indicate they can collect data such as “name, address, geolocation data, characteristics such as age, race, color religion, medical conditions, physical or mental disabilities, sex, gender identify, pregnancy, medical conditions, sexual orientation, genetic, physiological, behavioral, and biological characteristics such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data, audio, electronic, visual, thermal, olfactory, or similar information.”
The study also goes on to list data collection about a user’s driving habits, such as “license plate number, vehicle identification number (VIN), geolocation, route history, driving schedule, speed, vehicle direction (heading), audio or video information such as information collected from camera images and sensor data, voice command information, and infotainment (including radio and rear-seat infotainment) system and WiFi data usage.”
In addition, the research found that 83 percent of automobile brands share that personal data with outside parties, while 76 percent are more than willing to sell the information. The worst part is, 92 percent of brands give drivers little to no control over how automakers use their data.
Update: following the publication of this article, GM reached out to us, stating that “GM takes data privacy very seriously and we are committed to safeguarding our customers’ personal information,” while including a link to GM’s U.S. Connected Services privacy statement.
Subscribe to GM Authority as we bring you the latest GM business news, GM security news, and ongoing GM news coverage.
Comments
Funny this article came up. I recently ran my Lexus Nexis report for a separate issue. To my surprise there was over 300 pages of vehicle driving data from my 2022 Sierra. Data included- how far the trip was, hard breaking events, hard acceleration, etc. I believe I shut the data transmission off but it’s very unclear.
How did you shut it off?
I read somewhere that though GM gives say 3 years of On Star usage they continue to track once that expires and the only way to have them not do it is contact them to STOP tracking your car. Dont know if it works and if you have to call or write them. Otherwise they just keep collecting.
How can this evasion of our privacy be stopped?
“How can this evasion of our privacy be stopped?”
It’ll be in the same legislation with Congressional term limits…
Ford is one of the worst too and their fans are also having fits.
gm was mid-pack. Nissan was the creepiest with the sex life thing, although they don’t specify how they would collect that. Tesla got checkmarks for all privacy violations, although anyone who is surprised by that is dumb. Your best bet on gm is to disconnect the shark fin antenna. That will shut it down, although that will also shut down all those apps you want on the display. It is no different than cell phones. Connect, they know.
Here’s the disclosure from Nissan:
“What data does the company collect?
Name, email address, phone number, mailing address, geolocation, zip code, age, date of birth, driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information, social security number as an employee, service or warranty information regarding vehicles, employment and related information, such as employee identification number National or State Identification Numbers, and dependent information for the administration of certain employee benefits or programs.. Also: Inferences drawn from any Personal Data collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes Vehicle- and driving-related information: the vehicle’s operation including, without limitation, Vehicle Identification Number (VIN), geolocation and navigation information, speed and distance information, driving habit and style, battery use management information (for electric vehicles), battery charging history (for electric vehicles), battery deterioration information (for electric vehicles), electrical system functions, diagnostic trouble codes, maintenance conditions, software version information, and other data, your use of the vehicle and any corresponding services, websites and smartphone applications, vehicle status information (e.g., information about door locks, open doors, engine status, etc.), data about accidents involving the vehicle (e.g., the direction from which the vehicle was hit, and which air bags have deployed).”
Maybe drivers of the new high tech vehicles should just not connect their smartphones to the Apple CarPlay and Android auto features in their vehicles and just go old school and just listen to the radio and concentrate on driving!
Chapter 7 time!
I use my Escalade and Impala for my livery service. I tell my customers we can’t talk about anything bug generic topics. Or long term customers nothing about any kind of business. The car hears everything. Imagine you and your wife talking in your car in a long trip about personal stuff and it’s all being monitored? So creepy
Tony do you not remember when you got the white escalade you had all onstar crap ripped out.
How does your phone or your car know anything about your personal health? Not including any mention of the how, makes this an inflammatory BS article.
Well here’s an example off the top of my head. Most phones have built in pedometers to track your activity. They listen all the time (which is why “Hey Siri” or “Okay Goolge” works) so if you ever have the phone in your pocket at a doctors appointment or when talking to anyone about your health. Then you hop in your car and the wireless CarPlay hooks up and transmits that data back to GM.
It came out years ago that smart TVs are listening and sending that info back to the manufacturer. I don’t know why this article would come as a surprise to you.
Remember when GM was making OnStar a required option? Now you know why. Data. Sweet, sweet data!
Making OnStar a required option – but it is what finally clued me in that the telemetry had precious data for sale. My current 2014 SRX OnStar is 3g cellular modem. GM wanted too much to replace it. Since the infrastructure has been replaced so the frequencies can be reused for 5G, the isn’t any macro network that can connect to the car, and OnStar is off. But the Lyriq we’re waiting for will have a 5G modem and that should be around 10 years until 6G becomes a thing (standards discussions have been ongoing for a few years). I wonder if there will be a niche market for a shield to cover the shark fin when telemetry sharing is not desirable. And I wonder if any states have or are working through privacy/tracking issues (similar to what California did last year).
At least we know why GM wants to kill CarPlay and Android Auto in favor of an unknown Google operating system and vehicle telemetry appliance app. I don’t know what concerns me more, the fact that Google’s security history (Android being a horrible malware vector – worse than Windows ever was) or the expected amount of data they are expecting to collect and sell without paying the source of the data (end-user customers) for the privilege.
You think this is bad, wait until the self driving Cruise POS mobiles come online. Your conversations will be recorded and videotaped
I am reading through some of the reports now. That is in fact already happening.
It’s called “videorecording”, nobody uses videotape anymore.
I stand corrected.
Collecting of Medical Information (without written consent from patient) and making it available (remotely or with OBDII access) would be considered a violation of Federal HIPA regulations,
So let see how many of you know how to turn off tracking on your computer or cell phone. Probably less than 10%, so they are tracking you and me as we type on this website. You can either just get dumb phone or a computer not connected to the internet if you are so worried about privacy. The government has the data which i feel less secure than most companies having it. You not going to stop it. However if they ever use it against then you might have case against them in court.
Tracking via computer: easiest is to disconnect from any network. There are other ways that work in varying degrees (assuming the computer needs to be on a network), including use of a good VPN or correct settings usage. Not much different for a cell phone (if the cell phone is on), but even with all the apps not active/off, the mere fact the cell phone is on means physical tracking happens. That’s how cell phone companies know how to find your phone – unless you use a burner and change it out weekly or daily.
i use nuked versions of windows, android etc. my phone is usually with a dead battery somewhere.
im old school.
GM CEO Mary Barra has said that her plan for the company is to generate billions per year from software (AKA subscriptions to things like heated seats), so collecting and selling your data as part of the software should come as no surprise.
Oh, remember to delete your car’s infotainment settings when you sell a car, or even return a rental car, if you have used the Apple or Android connections. Otherwise your data remains in the infotainment system and subsequent users have all of your phone’s data, including your contact list!
Why would you expect anything else from any carmaker, especially one so tightly integrated with the CCP? They can only track my daily driver, my classic cars are much harder to track.
1) Don’t synch your phone to your car via Bluetooth
2) Use a charge-only (i.e., no data) cable
It’s not just the data from your phone, its the data from OnStar. Once it’s activated, even if you don’t have an active subscription, it continues to pull data.
🙂
By daily driving a 1953 Cadullac and a 1979 Chevrolet, as well as keeping my phone turned off unless using it, I manage to avoid all this nonsense.
1953…. sweet. that has to get some attention
It stops traffic wherever it goes. People love it.
Even if your phone is turned off still collecting. I got a burner phone from Walmart. We also still use pagers. The network is still up and running, they’re are also pay phones in Elizabeth 👍.
Be suspicious of anything Mozilla reports. Mozilla is receiving funding from right to repair coalitions, which are using voter referendums in some states including a requirement that automakers develop and use a common open source platform for telematic data transmission. The platform would be monitored by a state agency. The right to repair coalitions are using the guise that automakers are restricting access to diagnostic repair tools and electronic diagnostic information, when what they really want for their funders is a way to do third party direct marketing and remove an automakers ability to make over the air updates. There is already a memorandum of understanding, signed by all members of the Alliance for automotive innovation, that each manufacturer makes available the same diagnostic service tools and information to non affiliated service groups that affiliated dealers and fleet service have access to. In no way can an open source telematic data transmission platform be more secure as Mozilla is claiming. Massachusetts is one state where voters passed a referendum in 2020 with this open source telematic data requirement buried in the verbiage. The MA state AG says she is starting enforcement, even though a Federal Court has not completed a final judgment. Do some research and see what Subaru is restricting on vehicles sold in Massachusetts.
Class action lawsuit anyone??
I think if you cut the wires to the rearview mirror the data transmission stops. When thieves steal cars they rip the mirrors off.