VW ID.4 / Cariad Platform — Volkswagen Group

⚠️ The bottom line

800,000 Volkswagen electric vehicles' GPS locations leaked from an unsecured Amazon cloud bucket. Not approximate locations — precise parking spots. German politicians, intelligence agents, and police officers among those exposed. VW knew where every car parked, every trip taken, every stop made. They stored it all in the cloud and forgot to lock the door. Volkswagen installed cheat software in 11 million cars to lie about emissions. Executives went to prison. $30 billion in fines. The biggest corporate fraud in automotive history. Now they ask you to trust them with your location data, driving habits, and vehicle telemetry. Fool me once — but VW has done this before, to 11 million people, systematically.

Legal jurisdiction

🇩🇪 Germany (headquarters)

✓GDPR (BfDI + 16 state DPAs) read more →

You can demand deletion, access, and portability. Germany has 17 enforcement bodies — strictest consent rules in EU

Spying

2/4 MODERATE

Is someone spying on me?

Data Sharing

2/4 MODERATE

Who gets my data?

Security

3/4 HIGH

Is it actually secure?

Honesty

1/4 LOW

Can I trust what they say?

3Contradictions

1Critical

2High

0Medium

3Sources

Findings by concern

Spying 2/4 MODERATE 1 finding

⚡ highprivacy policy vs third party research

VW tracked your car to 10-centimetre accuracy. Every engine start, every stop, every charging session. Your daily routine mapped with more precision than your phone GPS provides. They collected terabytes of driving data. The leak proved VW wasn't just collecting data — they were building the most detailed driving surveillance database in European automotive history.

What they claim: VW privacy policy describes vehicle data collection as necessary for service delivery and safety

What we found: The Cariad data leak revealed VW collected terabytes of detailed driving data including exact GPS coordinates every time the engine started and stopped, battery charge patterns, and trip durations. For VW ID models, location data was precise to 10 centimetres. For Audi and Skoda, it was precise to 10 kilometres — but still linkable to individual owners.

Security 3/4 HIGH 1 finding

⚠️ criticalmarketing vs third party research

What they claim: Volkswagen describes its connected vehicle platform as secure and privacy-respecting

What we found: In December 2024, a Der Spiegel investigation with the Chaos Computer Club revealed that Volkswagen's software subsidiary Cariad had exposed precise GPS location data for 800,000 electric vehicles — including VW, Audi, Seat, and Skoda — in an unsecured Amazon cloud storage bucket. The data included precise parking locations, trip histories, and could be linked to owners' names and contact details. Vehicles belonging to German politicians, intelligence service employees, and police officers were among those exposed.

Honesty 1/4 LOW 1 finding

⚡ highmarketing vs regulatory

Volkswagen installed cheat software in 11 million cars to lie about emissions. Executives went to prison. $30 billion in fines. The biggest corporate fraud in automotive history. Now they ask you to trust them with your location data, driving habits, and vehicle telemetry. Fool me once — but VW has done this before, to 11 million people, systematically.

What they claim: Volkswagen promotes trustworthy, transparent approach to customer data

What we found: Volkswagen has a history of systematic deception. Dieselgate (2015) revealed VW installed software in 11 million vehicles to cheat emissions tests — the biggest corporate fraud in automotive history. The company paid $30 billion in fines and settlements. Executives went to prison. The same company now asks customers to trust its connected vehicle data practices.

Sources

Der Spiegel: VW/Cariad exposed 800,000 EV owners location data(link unavailable) (2024-12-27)
EPA: Volkswagen Clean Air Act settlement (2016-10-25)
Chaos Computer Club: We know where your car is parked (2024-12-27)