When the Mozilla Foundation reviewed 25 car brands for privacy in 2023, it didn't find a few bad apples. Every single brand failed — making cars, in Mozilla's own words, the worst product category they had ever reviewed. Then I learned what my own car might already be doing with where I drive and how I drive — and who it sells that to. This is the one on this list that can cost you real money.
What your car collects
A modern car is a phone with wheels. Through built-in sensors, cameras, microphones, the connected-services app, and the phone you pair to it, a car can gather an enormous amount: precise location and routes, how hard you brake, how fast you go, when you drive late at night — and, in some policies, far more sensitive things than that. Mozilla found 19 of 25 brands say they can sell your personal data, and 21 of 25 say they share it with service providers and data brokers. More than half say they'll hand information to government or police on an informal request — not necessarily a warrant.
Why your gut is right — the receipts
This already happened, to hundreds of thousands of people. From 2020 to 2024, General Motors collected driving behavior through its OnStar Smart Driver feature — hard braking, sudden acceleration, speeds over 80, late-night trips, and where each happened — and sold it to data brokers LexisNexis and Verisk. Those brokers package driving data for insurers. Many drivers had no idea they were even enrolled, and some watched their insurance premiums jump because of it.
The fallout made it a landmark case. GM ended Smart Driver in April 2024; the FTC banned GM from selling this kind of geolocation and driver-behavior data for five years; and California reached a $12.75 million settlement with GM — the largest penalty ever under its consumer-privacy law. When a tactic earns a federal ban, it was never a fringe worry.
The catch: you probably "agreed" without knowing
Most of this rides on a connected-services account — OnStar, FordPass, Toyota's app, and the like — and a privacy policy you clicked through at the dealership. The data-sharing is usually on by default, and the switch to stop it is buried in an app or an account page you've never opened.
Turn it down (it varies by brand — here's the shape)
- GM / OnStar: call 1-888-466-7827 or sign in at onstar.com, review your data-sharing settings, and opt out of data-sharing and marketing.
- Other brands: open your car's connected-services app (FordPass, Toyota, MyHyundai, etc.) → Account / Privacy → turn off data sharing, "driving data," analytics, and marketing.
- Use your legal right to delete. In many U.S. states you can demand a company delete what it holds and stop selling it. File the automaker's "do not sell / delete my data" request (search "[brand] privacy request").
- Pull your "file." You can request your LexisNexis consumer disclosure report to see what driving data exists about you — the same way you'd pull a credit report — and submit broker opt-outs to LexisNexis Risk Solutions and Verisk.
The honest limits
You can switch off the obvious sharing, but a connected car still talks to the manufacturer to function, and you can't fully audit it the way you can a TV with a DNS filter. The cleanest privacy is an older car, or one you never connect — not realistic for most people. The realistic win is killing the data-broker pipeline, because that's the part that reaches your wallet.
Do it yourself (about 15 minutes)
- Find your car's connected-services account (OnStar, FordPass, etc.).
- Turn off data sharing, driving-behavior tracking, analytics, and marketing.
- File the automaker's "do not sell / delete my data" request.
- Opt out at LexisNexis and Verisk, and request your LexisNexis report to see what's there.
- Re-check after app updates — settings can quietly reset.
You bought transportation. You didn't sign up to have your driving scored and sold back to your own insurer. The data's already moving; this is how you turn off the tap.
Receipts: Mozilla Foundation "Privacy Not Included" car review (Sept 2023 — all 25 brands failed; 19/25 may sell data; 21/25 share with brokers; majority share with government on informal request). FTC enforcement action and California's $12.75M CCPA settlement over GM/OnStar Smart Driver selling driver-behavior data to LexisNexis and Verisk (collected 2020–2024; program ended April 2024). Opt-out steps vary by brand and state. Spotted an error? editor@thebluf.news



