Warning: *privacy not included with this product
Nissan is a Japanese headquartered global car company that traces its roots back to the early 1900s and the Datsun name. Today, they manufacture cars like the Rogue, Pathfinder, Murano, Versa, Sentra, Altima, the Titan truck, and their electric LEAF. Their MyNissan app lets owners remotely start and stop, lock and unlock their car, as well as hock the horn, flash the lights, check your fuel and tire pressure, keep tabs on where you car is, if it's in the boundaries you set up or going over the speed limit you set for it, and access other NissanConnect connected services. So, how is Nissan at privacy? We're not going to mince words here: THEY STINK AT PRIVACY! They are probably the worst car company we reviewed and that says something because all car companies are really bad at privacy.
What could happen if something goes wrong?
Here's why: They come right out and say they can collect and share your sexual activity, health diagnosis data, and genetic information and other sensitive personal information for targeted marketing purposes. We absolutely aren't making that up. It says so in their Nissan USA privacy notice. And that's not all! They also say they can share and even sell "Inferences drawn from any Personal Data collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes" to others for targeted marketing purposes. Yes, Nissan says they can infer things like how smart you are, if you have a predisposition to drink, if you are acting depressed, and if you are any good at chess (we're guessing that's what they can infer..it could be even worse than that), and then they say they can make as much money off that very personal information as they can. Nissan, you suck.
So, Nissan says they can collect a metric ton of data, share it widely, and then expect you to promise to tell all your passengers that the moment they get in your car, they agree to have their data collected too. Not good. Something else that isn't great with Nissan is their track record at protecting and respecting all this data. To be fair, Nissan doesn't have the worst track record of any of the car companies we reviewed. Still, they aren't perfect, and if you're going to collect data on people's sexual activity, genetic characteristics, and intelligence, yeah, you better be perfect at protecting all that data.
With Nissan, there seems to be nothing but bad news. What's the worst that could happen if you buy a Nissan, download their MyNissan app, and use their NissanConnect services? Well, not to be crude, but it would probably really suck have Nissan drawn inferences about you that lead them to believe you are a not so smart, sexually promiscuous, depressed alcoholic who likes to drive really fast on Fridays and Sundays and then sell those inferences to goodness knows who for targeted marketing purposes. We're not even sure what that targeted marketing would look like and we also really don't want to know. But holy hell, this is terrible. And if very sensitive personal data they collect on you about your sexual activity, sexual orientation, medical diagnosis, and genetic information were to ever leak, well, that could get embarrassing (and dangerous!) real fast. We can't say this loud enough. Nissan comes with *PRIVACY NOT INCLUDED.
Also, side note: government regulators and policy makers, if this one example of a car company laughing in the face of their users' privacy isn't enough to jump start you to action, we don't know what will. Please, please, please do something to protect people from this predatory and frightening abuse of personal information in the name of making money!
Tips to protect yourself
- Do not give consent to tailored advertisement.
- Opt out from selling of your personal information, as well as from Cross-context Behavioral Advertising.
- Always do a factory reset on your car before selling or trading it away to wipe your data clean and disconnect the app.
- Before reselling your car, make sure to notify the company
- When buying a used car, always make the previous owner removed their connected account and performed a factory reset.
- Always use strong passwords and set up two-factor authentication for apps and services that connect to your car
- Only give access to your data to trusted third-parties
- When connecting a mobile app to the car, make sure to minimize the amount of data collected through this app. You can use iOS or Android settings to limit the data collected through your phone.
- Opt out from your mobile device's location sharing.
- Do not use Amazon Alexa in your car if you are concerned about Amazon collecting that voice request information, IP address, and geolocation information and using it to target you with advertising.
What can be used to sign up?
What data does the company collect?
"Name, email address, phone number, mailing address, geolocation, zip code, age, date of birth, driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information, social security number as an employee, service or warranty information regarding vehicles, employment and related information, such as employee identification number National or State Identification Numbers, and dependent information for the administration of certain employee benefits or programs.. Also: Inferences drawn from any Personal Data collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes Vehicle- and driving-related information: the vehicle’s operation including, without limitation, Vehicle Identification Number (VIN), geolocation and navigation information, speed and distance information, driving habit and style, battery use management information (for electric vehicles), battery charging history (for electric vehicles), battery deterioration information (for electric vehicles), electrical system functions, diagnostic trouble codes, maintenance conditions, software version information, and other data, your use of the vehicle and any corresponding services, websites and smartphone applications, vehicle status information (e.g., information about door locks, open doors, engine status, etc.), data about accidents involving the vehicle (e.g., the direction from which the vehicle was hit, and which air bags have deployed)."
Professional or employment-related information
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In January 2023, Nissan disclosed a data breach at one of the company's third party service providers that affected close to 18,000 of Nissan's clients. The leaked data included the personal information such as usernames, dates of birth, and Nissan Motor Acceptance Company (NMAC) number. Even though Nissan first learned about the breach in late September, 2022, the company only disclosed the breach on January 16, 2023, almost six months later.
In January, 2023 a security researcher reported a serious security vulnerability in Nissan, Honda, and Kia cars that could allow "hackers and law enforcement agencies unlock the car remotely and start the vehicle with a laptop from anywhere in the world." through Sirius XM radio connected service. That was one of three security vulnerabilities the researcher reported.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
We cannot determine if all data sitting on the car, including telematic data the car collects as well as data shared when you connect your phone sits encrypted, and if all collected data is encrypted in transit. We reached out to the company to attempt to determine this multiple times and received no response.
We could not find an official way to report vulnerability. However, we found an unpatched vulnerability on OpenBugBounty
Nissan employs ProPILOT Assist technology in the newest cars. It includes features like keeping you centered in your lane, and maintaining a preset distance from the vehicle ahead. These features are enabled by numerous cameras, sensors and radars on the car.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Nissan North America Reports Consumer Data BreachIndustry Week
Nissan suspends NissanConnect EV smartphone app over serious hacking concernsCNet
Nissan data breach exposed clients' full names and dates of birthCybernews
Nissan North America data breach caused by vendor-exposed databaseBleeping Computer
A Third-Party Data Breach Exposed the Personal Information of 18,000 Nissan CustomersCPO Magazine
From Ferrari to Ford, Cybersecurity Bugs Plague Automotive SafetyDark Reading
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and MoreSam Curry
Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakersSecurity Affairs
SiriusXM Software Flaw Let Researchers Unlock And Start Cars RemotelyMotor 1
Got a comment? Let us hear it.