The car industry is even worse for your privacy than the worst tech company -- and that's because the worst behavior of the tech industry is embedded in every car. This report from @mozilla is what Consumer Reports should have done years ago -- and it is infuriating. https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
To note, Tesla was the absolute worst on their list.
@jmcrookston @dangillmor Is it really the worst, though? They mostly don't send data off the car unless you opt-in or there's a crash/security event or something, and they let you delete everything associated with your account. They seem pretty upfront about what they do. (Unless they are outright lying about it, which I suppose is a possibility.) This article is mostly mocking the agreements, which I appreciate, but as far as what they actually do, it seems about what you'd expect? am I wrong?
I suspect most car makers are actually pretty good, as well. Same problems with any bush-league online merchant apply, of course – financial details stored using less-than-best-practice.
@jmcrookston @dangillmor although, the whole "safety-critical event" thing makes me wonder – suppose you're speeding in an accident; will that be subpoenaed?
But I guess they could probably even subpoena your cell records to get that, so I suppose that ship has sailed.
Well it's the last on the list, is all I was pointing out.
But to answer, the problem is who knows. Have to know what they do, and I think Mozilla's point writ large is who knows.
That's probably bad drafting for quite a bit of it. I remember more than one kerfuffle where a social media platform was called out for an irrevocable worldwide licence to reproduce your copyrighted works. Well, of course. Because they need to show your pictures.
But we never really know ...
@jmcrookston @dangillmor Well, they do send data off the car for "safety-critical events"
They say about Tesla:
* good that they don't sell data to 3rd parties (but you can opt-in, and maybe that is confusing)
* reminder of the scandal regarding employees sharing pictures from the cameras
* privacy policy is somewhat vague in some areas (sharing with law enforcement, and so on)
* if you opt-out of all data sharing, you don't get software updates/etc because they cut all connectivity, so that is stupid
I think those are the highlights.
my note: the picture sharing scandal implies super-poor internal processes for handling customer data, which is unfortunately far too common for low-end tech firms. (I've worked in several, and it is quite shocking.)