Attention : *Confidentialité non incluse avec ce produit
Nissan is a Japanese headquartered global car company that traces its roots back to the early 1900s and the Datsun name. Today, they manufacture cars like the Rogue, Pathfinder, Murano, Versa, Sentra, Altima, the Titan truck, and their electric LEAF. Their MyNissan app lets owners remotely start and stop, lock and unlock their car, as well as hock the horn, flash the lights, check your fuel and tire pressure, keep tabs on where you car is, if it's in the boundaries you set up or going over the speed limit you set for it, and access other NissanConnect connected services. So, how is Nissan at privacy? We're not going to mince words here: THEY STINK AT PRIVACY! They are probably the worst car company we reviewed and that says something because all car companies are really bad at privacy.
Que pourrait-il se passer en cas de problème ?
Believe us when we say this: Nissan's privacy policy is probably the most mind boggling creepy, scary, sad, messed up privacy policy we have ever read. And we here at *Privacy Not Included read a LOT of privacy policies. Please people, if you care even a little about privacy, please stay as far away from Nissan's cars, apps, and connected services as you possibly can.
Here's why: They come right out and say they can collect and share your sexual activity, health diagnosis data, and genetic information and other sensitive personal information for targeted marketing purposes. We absolutely aren't making that up. It says so in their Nissan USA privacy notice. And that's not all! They also say they can share and even sell "Inferences drawn from any Personal Data collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes" to others for targeted marketing purposes. Yes, Nissan says they can infer things like how smart you are, if you have a predisposition to drink, if you are acting depressed, and if you are any good at chess (we're guessing that's what they can infer..it could be even worse than that), and then they say they can make as much money off that very personal information as they can. Nissan, you suck.
Whoo! That was a lot. But there is another point we'd like to make about this bonkers language in Nissan's privacy policy. Yes, Nissan sucks for saying they can collect, share, and even in some cases sell all this super intimate personal information. Here's the thing though, there is a pretty high probability other car companies are also collecting, sharing, and selling this exact same stuff. They just aren't as open and honest about it in their privacy policies. Too often we read privacy policies that say things like, "We will share your personal information, for example, your birth date or favorite ice cream flavor, with third parties for targeted advertising purposes." We see lots of lines like, "for example," "might include" and "as well as other information" in privacy policies and this vague language could very well be hiding the fact that these companies also collect personal information like your sexual activities and your genetic information. We too often just don't know. So yes, while Nissan absolutely sucks for claiming this bonkers level of data collection, sharing, and selling in the name of profit, we'll give them this: At least they are honest.
Is there more bad about Nissan? Well of course there is. If you decided to download the MyNissan app to do things like remotely honk your horn at your neighbor's kid whenever they get too close to your car while outside playing, you might stumble upon the Data Safety Information they provide on their MyNissan Google Play Store app page. And when you read the self-reported data safety information Nissan provides you might see a couple things jump out at you. First, Nissan claims, "No data shared with third parties: The developer says this app doesn't share user data with other companies or organizations." Well, we can certainly confirm that this is not true. Nissan clearly states in their privacy policy they share your personal information, car usage data, and other information with lots of marketing and promotional partners, car dealers, business affiliates, service providers and more. That's not good. Bad on Nissan for not being fully honest in their self-reporting of this data safety information. And bad on Google for not doing a better job requiring accurate information and policing this data safety content. (We did some research earlier in 2023 that shows just how big a problem the Data Safety Information is in the Google Play Store. You can read it here. TL;DR: Don't trust it!). The other thing that jumped out at us on the Data Safety page was this statement, "Data can’t be deleted. The developer doesn't provide a way for you to request that your data be deleted." Yeah, that's really bad. Not being able to delete the huge amounts of data this app could collect on you is bad news.
Oh yeah, here's something else you should know about Nissan (although Nissan isn't the only company to say things similar to this). If you use their connected services, you better be prepared to tell every single person who gets in your car all about how much data they collect and why. Yup, Nissan puts all that on you. Their privacy policy specifically states that, "By activating, registering, subscribing, or using any of the services offered by NissanConnect, or by operating or occupying a vehicle that is utilizing such services you agree to Nissan collecting and using the information collected for various purposes as described in this Privacy Notice and in the NissanConnect Services Subscriber Terms and Conditions." Yes, just by sitting in a vehicle that uses NissanConnect services, you agree to have your data collected by Nissan.
It gets even better though! Be prepared to have some awkward conversations with your passengers about how Nissan says they can collect data on things like their sexual activities and intelligence, because when you agree to the NissanConnect Terms of Service you agree to promise (yes, promise, but hey, at least they didn't make you pinky swear!) to tell people all about how Nissan can and will collect their data when they are in your car. Indeed their TOS actually says, "You promise to educate and inform all users and occupants of your Vehicle about the Services and System features and limitations, the terms of the Agreement, including terms concerning data collection and use and privacy, and the Nissan Privacy Policy." So Nissan owners, get to work reading all these privacy and legal documents so you are prepared to "educate and inform" every single passenger in your car all about the data collection and privacy...because remember, you PROMISED! Sign...we laugh...but we also cry.
So, Nissan says they can collect a metric ton of data, share it widely, and then expect you to promise to tell all your passengers that the moment they get in your car, they agree to have their data collected too. Not good. Something else that isn't great with Nissan is their track record at protecting and respecting all this data. To be fair, Nissan doesn't have the worst track record of any of the car companies we reviewed. Still, they aren't perfect, and if you're going to collect data on people's sexual activity, genetic characteristics, and intelligence, yeah, you better be perfect at protecting all that data.
In 2022, one of Nissan's third party service providers they shared some of their users' information with suffered a data breach. Nissan disclosed this data breach a few months later in January, 2023. This is a great reminder that all that data companies collect and then share, you have to trust every link in that collecting/sharing chain to keep your information safe and security. As Nissan themselves say in their privacy policy, "...even well thought out security measures cannot guarantee that data will never be inappropriately accessed.." Speaking of, in January, 2023 a security researcher reported a security vulnerability in Nissan (and Honda and Kia as well) that could allow someone with the technical know how to exploit a bug in the Sirius XM connected service to "unlock the car remotely and start the vehicle with a laptop from anywhere in the world."
With Nissan, there seems to be nothing but bad news. What's the worst that could happen if you buy a Nissan, download their MyNissan app, and use their NissanConnect services? Well, not to be crude, but it would probably really suck have Nissan drawn inferences about you that lead them to believe you are a not so smart, sexually promiscuous, depressed alcoholic who likes to drive really fast on Fridays and Sundays and then sell those inferences to goodness knows who for targeted marketing purposes. We're not even sure what that targeted marketing would look like and we also really don't want to know. But holy hell, this is terrible. And if very sensitive personal data they collect on you about your sexual activity, sexual orientation, medical diagnosis, and genetic information were to ever leak, well, that could get embarrassing (and dangerous!) real fast. We can't say this loud enough. Nissan comes with *PRIVACY NOT INCLUDED.
Also, side note: government regulators and policy makers, if this one example of a car company laughing in the face of their users' privacy isn't enough to jump start you to action, we don't know what will. Please, please, please do something to protect people from this predatory and frightening abuse of personal information in the name of making money!
Conseils pour vous protéger
- Do not give consent to tailored advertisement.
- Opt out from selling of your personal information, as well as from Cross-context Behavioral Advertising.
- Always do a factory reset on your car before selling or trading it away to wipe your data clean and disconnect the app.
- Before reselling your car, make sure to notify the company
- When buying a used car, always make the previous owner removed their connected account and performed a factory reset.
- Always use strong passwords and set up two-factor authentication for apps and services that connect to your car
- Only give access to your data to trusted third-parties
- When connecting a mobile app to the car, make sure to minimize the amount of data collected through this app. You can use iOS or Android settings to limit the data collected through your phone.
- Opt out from your mobile device's location sharing.
- Do not use Amazon Alexa in your car if you are concerned about Amazon collecting that voice request information, IP address, and geolocation information and using it to target you with advertising.
Ce produit peut-il m’espionner ?
Caméra
Appareil : Oui
Application : Oui
Microphone
Appareil : Oui
Application : Non
Piste la géolocalisation
Appareil : Oui
Application : Oui
Que peut-on utiliser pour s’inscrire ?
Adresse e-mail
Oui
Téléphone
Oui
Compte tiers
Ne s’applique pas
Quelles données l’entreprise collecte-t-elle ?
Personnelles
"Name, email address, phone number, mailing address, geolocation, zip code, age, date of birth, driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information, social security number as an employee, service or warranty information regarding vehicles, employment and related information, such as employee identification number National or State Identification Numbers, and dependent information for the administration of certain employee benefits or programs.. Also: Inferences drawn from any Personal Data collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes Vehicle- and driving-related information: the vehicle’s operation including, without limitation, Vehicle Identification Number (VIN), geolocation and navigation information, speed and distance information, driving habit and style, battery use management information (for electric vehicles), battery charging history (for electric vehicles), battery deterioration information (for electric vehicles), electrical system functions, diagnostic trouble codes, maintenance conditions, software version information, and other data, your use of the vehicle and any corresponding services, websites and smartphone applications, vehicle status information (e.g., information about door locks, open doors, engine status, etc.), data about accidents involving the vehicle (e.g., the direction from which the vehicle was hit, and which air bags have deployed)."
Corporelles
Sociales
Professional or employment-related information
Comment l’entreprise utilise-t-elle les données ?
Comment pouvez-vous contrôler vos données ?
Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?
In January 2023, Nissan disclosed a data breach at one of the company's third party service providers that affected close to 18,000 of Nissan's clients. The leaked data included the personal information such as usernames, dates of birth, and Nissan Motor Acceptance Company (NMAC) number. Even though Nissan first learned about the breach in late September, 2022, the company only disclosed the breach on January 16, 2023, almost six months later.
In January, 2023 a security researcher reported a serious security vulnerability in Nissan, Honda, and Kia cars that could allow "hackers and law enforcement agencies unlock the car remotely and start the vehicle with a laptop from anywhere in the world." through Sirius XM radio connected service. That was one of three security vulnerabilities the researcher reported.
Informations liées à la vie privée des enfants
Ce produit peut-il être utilisé hors connexion ?
Informations relatives à la vie privée accessibles et compréhensibles ?
Nissan had fewer privacy policies than other companies, with one privacy policy mostly covering the privacy of their cars, apps, connected services, and other data collection. Good on Nissan for making it easy to find out just how bad they are at privacy.
Liens vers les informations concernant la vie privée
Ce produit respecte-t-il nos critères élémentaires de sécurité ?
Chiffrement
We cannot determine if all data sitting on the car, including telematic data the car collects as well as data shared when you connect your phone sits encrypted, and if all collected data is encrypted in transit. We reached out to the company to attempt to determine this multiple times and received no response.
Mot de passe robuste
Mises à jour de sécurité
Gestion des vulnérabilités
We could not find an official way to report vulnerability. However, we found an unpatched vulnerability on OpenBugBounty
Politique de confidentialité
Nissan employs ProPILOT Assist technology in the newest cars. It includes features like keeping you centered in your lane, and maintaining a preset distance from the vehicle ahead. These features are enabled by numerous cameras, sensors and radars on the car.
Cette IA est-elle non digne de confiance ?
Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?
L’entreprise est-elle transparente sur le fonctionnement de l’IA ?
Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?
Pour aller plus loin
-
Nissan North America Reports Consumer Data BreachIndustry Week
-
Nissan suspends NissanConnect EV smartphone app over serious hacking concernsCNet
-
Nissan data breach exposed clients' full names and dates of birthCybernews
-
Nissan North America data breach caused by vendor-exposed databaseBleeping Computer
-
A Third-Party Data Breach Exposed the Personal Information of 18,000 Nissan CustomersCPO Magazine
-
From Ferrari to Ford, Cybersecurity Bugs Plague Automotive SafetyDark Reading
-
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and MoreSam Curry
-
Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakersSecurity Affairs
-
SiriusXM Software Flaw Let Researchers Unlock And Start Cars RemotelyMotor 1
Commentaires
Vous avez un commentaire ? Dites-nous tout.