The world's most popular car brands are a data "privacy nightmare," collecting and selling personal information in an age when driving is going increasingly digital, a study showed on Wednesday.
The California-based Mozilla Foundation reviewed 25 car brands and said none of them fully satisfied its standards on privacy and that no other product category had ever received as poor a review, including makers of sex toys or mental health apps.
"Modern cars are a privacy nightmare" at a time when "car makers have been bragging about their cars being 'computers on wheels'", said Mozilla, which is best known for its privacy-conscious Firefox web browser.
"While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines," Mozilla said.
Tesla was the worst offender, according to the study, with Nissan coming in second and singled out for seeking some of the "creepiest categories" of data, including sexual activity.
The study found that a staggering 84 percent of car brands admitted to sharing users' personal data with service providers, data brokers, and other undisclosed businesses.
Most of them, 76 percent, said they sold on their customers' data and more than half said they share data with government and law enforcement on request.
Today's connected vehicles not only mine data from driving, but track in-vehicle entertainment and third-party functions such as satellite radio or maps.
An overwhelming majority of car brands, 92 percent, were found to provide users with little to no control over their personal data with only France's Renault and its Dacia brand allowing users the right to delete data, probably out of compliance with European Union law.
Mozilla complained that none of the car brands - which also included Ford, Chevrolet, Toyota, Volkswagen, and BMW - would confirm they met the foundation's minimum security standards when 68 percent were subject to data leaks, hacks or breaches in the last three years.