[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/server/staging/proprietary proprietary-surv...
From: |
Therese Godefroy |
Subject: |
www/server/staging/proprietary proprietary-surv... |
Date: |
Sat, 20 Aug 2016 18:14:08 +0000 (UTC) |
CVSROOT: /webcvs/www
Module name: www
Changes by: Therese Godefroy <th_g> 16/08/20 18:14:08
Added files:
server/staging/proprietary: proprietary-surveillance.html
Log message:
Add the dog cartoon.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/server/staging/proprietary/proprietary-surveillance.html?cvsroot=www&rev=1.1
Patches:
Index: proprietary-surveillance.html
===================================================================
RCS file: proprietary-surveillance.html
diff -N proprietary-surveillance.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ proprietary-surveillance.html 20 Aug 2016 18:14:08 -0000 1.1
@@ -0,0 +1,1048 @@
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.79 -->
+<title>Proprietary Surveillance - GNU Project - Free Software
Foundation</title>
+<style type="text/css" media="print,screen"><!--
+.pict { max-width: 100%; margin: 1em auto; }
+.pict img { width: 100%; }
+.pict p {
+ text-align: center;
+ font-style: italic;
+ margin-top: .5em;
+}
+.wide { width: 27em; }
+#surveillance {
+ width: 63em; max-width: 100%;
+ margin: auto;
+}
+#surveillance div.toc { width: 24.5em; max-width: 82%; }
address@hidden (min-width: 55em) {
+ #surveillance div.toc {
+ float: left;
+ width: auto; max-width: 48%;
+ margin: .2em 0 1em;
+ }
+ #surveillance .pict.wide {
+ float:right;
+ width: 43%;
+ margin: 7em 0 1em 1.5em;
+ }
+}
+--></style>
+<!--#include virtual="/proprietary/po/proprietary-surveillance.translist" -->
+<!--#include virtual="/server/banner.html" -->
+
+<h2>Proprietary Surveillance</h2>
+
+<div class="announcement">
+<p>This document attempts to
+track <strong>clearly established cases of proprietary software that
+spies on or tracks users</strong>.</p>
+
+<p><a href="/proprietary/proprietary.html">
+ Other examples of proprietary malware</a></p>
+</div>
+
+<div id="surveillance">
+<div class="toc">
+ <h3 id="TableOfContents">Table of Contents</h3>
+ <ul>
+ <li><a href="#Introduction">Introduction</a></li>
+ <li><a href="#OSSpyware">Spyware in Operating Systems</a>
+ <ul>
+ <li><a href="#SpywareInWindows">Spyware in Windows</a></li>
+ <li><a href="#SpywareInMacOS">Spyware in MacOS</a></li>
+ <li><a href="#SpywareInAndroid">Spyware in Android</a></li>
+ </ul>
+ </li>
+ <li><a href="#SpywareOnMobiles">Spyware on Mobiles</a>
+ <ul>
+ <li><a href="#SpywareIniThings">Spyware in iThings</a></li>
+ <li><a href="#SpywareInTelephones">Spyware in Telephones</a></li>
+ <li><a href="#SpywareInMobileApps">Spyware in Mobile Applications</a></li>
+ <li><a href="#SpywareInGames">Spyware in Games</a></li>
+ <li><a href="#SpywareInToys">Spyware in Toys</a></li>
+ </ul>
+ </li>
+ <li><a href="#SpywareAtLowLevel">Spyware at Low Level</a>
+ <ul>
+ <li><a href="#SpywareInBIOS">Spyware in BIOS</a></li>
+ <!-- <li><a href="#SpywareInFirmware">Spyware in Firmware</a></li> -->
+ </ul>
+ </li>
+ <li><a href="#SpywareAtWork">Spyware at Work</a>
+ <ul>
+ <li><a href="#SpywareInSkype">Spyware in Skype</a></li>
+ </ul>
+ </li>
+ <li><a href="#SpywareOnTheRoad">Spyware on the Road</a>
+ <ul>
+ <li><a href="#SpywareInCameras">Spyware in Cameras</a></li>
+ <li><a href="#SpywareInElectronicReaders">Spyware in e-Readers</a></li>
+ <li><a href="#SpywareInVehicles">Spyware in Vehicles</a></li>
+ </ul>
+ </li>
+ <li><a href="#SpywareAtHome">Spyware at Home</a>
+ <ul>
+ <li><a href="#SpywareInTVSets">Spyware in TV Sets</a></li>
+ </ul>
+ </li>
+ <li><a href="#SpywareAtPlay">Spyware at Play</a></li>
+ <li><a href="#SpywareOnTheWeb">Spyware on the Web</a>
+ <ul>
+ <li><a href="#SpywareInChrome">Spyware in Chrome</a></li>
+ <li><a href="#SpywareInFlash">Spyware in Flash</a></li>
+ </ul>
+ </li>
+ <li><a href="#SpywareEverywhere">Spyware Everywhere</a></li>
+ </ul>
+</div>
+
+<div class="pict wide">
+<a href="http://stallman.org/images/dog.jpg">
+<img src="/graphics/dog.small.jpg" alt="Cartoon of a dog, wondering at the 3
ads that popped up on his computer screen..." /></a>
+<p>“How did they find out I'm a dog?” <small>[Click image to
enlarge]</small></p>
+</div>
+</div>
+<div style="clear: left;"></div>
+
+<!-- #Introduction -->
+
+<div class="big-section">
+ <h3 id="Introduction">Introduction</h3>
+</div>
+<div style="clear: left;"></div>
+
+<p>For decades, the Free Software movement has been denouncing the
+abusive surveillance machine of
+<a href="/proprietary/proprietary.html">proprietary software</a>
+companies such as
+<a href="/proprietary/malware-microsoft.html">Microsoft</a>
+and
+<a href="/proprietary/malware-apple.html">Apple</a>.
+
+In the recent years, this tendency to watch people has spread across
+industries, not only in the software business, but also in the
+hardware. Moreover, it also spread dramatically away from the
+keyboard, in the mobile computing industry, in the office, at home, in
+transportation systems, and in the classroom.</p>
+
+<h3 id="LatestAdditions">Latest additions</h3>
+
+<p>Latest additions are found on top under each category.</p>
+
+<!-- #OSSpyware -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection -->
+
+<div class="big-section">
+ <h3 id="OSSpyware">Spyware in Operating Systems</h3>
+ <span class="anchor-reference-id">(<a
href="#OSSpyware">#OSSpyware</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInWindows">Spyware in Windows</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInWindows">#SpywareInWindows</a>)</span>
+</div>
+
+<ul>
+ <li><p><a
href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
+ Windows 10 comes with 13 screens of snooping options</a>, all enabled by
default,
+ and turning them off would be daunting to most users.</p></li>
+
+ <li><p><a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
+ Microsoft has already backdoored its disk encryption</a>.</p></li>
+
+ <li>It appears
+ <a
href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
+ Windows 10 sends data to Microsoft about what applications are
+ running</a>.</li>
+ <li><p>A downgrade to Windows 10 deleted surveillance-detection
+ applications. Then another downgrade inserted a general spying
+ program. Users noticed this and complained, so Microsoft
+ renamed it
+ <a
+href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
+to give users the impression it was gone</a>.</p>
+
+ <p>To use proprietary software is to invite such treatment.</p>
+ </li>
+ <li><p>
+ Windows 10 <a
href="https://web.archive.org/web/20151001035410/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
+ ships with default settings that show no regard for the
+ privacy of its users</a>, giving Microsoft the “right”
+ to snoop on the users' files, text input, voice input,
+ location info, contacts, calendar records and web browsing
+ history, as well as automatically connecting the machines to open
+ hotspots and showing targeted ads.</p></li>
+
+ <li><p>
+ <a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
+ Windows 10 sends identifiable information to Microsoft</a>, even if a user
+ turns off its Bing search and Cortana features, and activates the
+ privacy-protection settings.</p></li>
+
+ <li><p>
+ Microsoft uses Windows 10's “privacy policy” to overtly impose a
+ “right” to look at users' files at any time. Windows 10 full disk
+ encryption <a
href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
+ gives Microsoft a key</a>.</p>
+
+ <p>Thus, Windows is overt malware in regard to surveillance,
+ as in other issues.</p>
+
+ <p>We can suppose Microsoft look at users' files for the US government on
+ demand, though the “privacy policy” does not explicit say so.
Will it
+ look at users' files for the Chinese government on demand?</p>
+
+ <p>The unique “advertising ID” for each user enables other
companies to
+ track the browsing of each specific user.</p>
+
+ <p>It's as if Microsoft has deliberately chosen to make Windows 10
+ maximally evil on every dimension; to make a grab for total power
+ over anyone that doesn't drop Windows now.</p></li>
+
+ <li><p>It only gets worse with time.
+ <a
href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
+ Windows 10 requires users to give permission for total snooping</a>,
+ including their files, their commands, their text input, and their
+ voice input.</p>
+ </li>
+
+ <li><p><a
href="http://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">
+ Windows 8.1 snoops on local searches.</a>.</p>
+ </li>
+
+ <li><p>And there's a
+ <a href="http://www.marketoracle.co.uk/Article40836.html">
+ secret NSA key in Windows</a>, whose functions we don't know.</p>
+ </li>
+</ul>
+
+<p>Microsoft's snooping on users did not start with Windows 10.
+ There's a lot more <a href="/proprietary/malware-microsoft.html">
+ Microsoft malware</a>.</p>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInMacOS">Spyware in MacOS</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInMacOS">#SpywareInMacOS</a>)</span>
+</div>
+
+<ul>
+ <li><p><a
href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
+ MacOS automatically sends to Apple servers unsaved documents being
+ edited</a>. The <a
+
href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
+ things you have not decided to save are even more sensitive than
+ the things you have stored in files</a>.</p>
+ </li>
+
+ <li><p>Apple has made various
+ <a
href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
+ MacOS programs send files to Apple servers without asking
+ permission</a>. This exposes the files to Big Brother and perhaps to
+ other snoops.</p>
+
+ <p>It also demonstrates how you can't trust proprietary software,
+ because even if today's version doesn't have a malicious
+ functionality, tomorrow's version might add it. The developer won't
+ remove the malfeature unless many users push back hard, and the users
+ can't remove it themselves.</p>
+ </li>
+
+ <li><p>Various operations in
+ <a
href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
+ the latest MacOS send reports to Apple</a> servers.</p>
+ </li>
+
+ <li><p>Apple admits the
+ <a
href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
+ spying in a search facility</a>, but there's a lot
+ <a href="https://github.com/fix-macosx/yosemite-phone-home">
+ more snooping that Apple has not talked about</a>.</p>
+ </li>
+
+ <li><p><a
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ Spotlight search</a> sends users' search terms to Apple.</p>
+ </li>
+</ul>
+
+<p>There's a lot more <a href="#SpywareIniThings">iThing spyware</a>, and
+<a href="/proprietary/malware-apple.html">Apple malware</a>.</p>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInAndroid">Spyware in Android</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
+</div>
+
+<ul>
+ <li><p>More than 73% of the most popular Android apps
+ <a href="http://jots.pub/a/2015103001/index.php">share personal,
+ behavioral and location information</a> of their users with third
parties.</p>
+ </li>
+
+ <li><p>“Cryptic communication,” unrelated to the app's
functionality,
+ was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in the 500 most popular gratis Android apps</a>.</p>
+
+ <p>The article should not have described these apps as
+ “free”—they are not free software. The clear way to say
+ “zero price” is “gratis.”</p>
+
+ <p>The article takes for granted that the usual analytics tools are
+ legitimate, but is that valid? Software developers have no right to
+ analyze what users are doing or how. “Analytics” tools that
snoop are
+ just as wrong as any other snooping.</p>
+ </li>
+ <li><p>Gratis Android apps (but not <a href="/philosophy/free-sw.html">free
software</a>)
+ connect to 100
+ <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
and advertising</a> URLs,
+ on the average.</p>
+ </li>
+ <li><p>Spyware is present in some Android devices when they are sold.
+ Some Motorola phones modify Android to
+ <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ send personal data to Motorola</a>.</p>
+ </li>
+
+ <li><p>Some manufacturers add a
+ <a
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ hidden general surveillance package such as Carrier IQ.</a></p>
+ </li>
+
+ <li><p><a href="/proprietary/proprietary-back-doors.html#samsung">
+ Samsung's back door</a> provides access to any file on the system.</p>
+ </li>
+</ul>
+
+
+
+<!-- #SpywareOnMobiles -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareIniThings">Spyware in iThings</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
+</div>
+
+<ul>
+ <li><p>Users cannot make an Apple ID <a
href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary
to install even gratis apps)</a>
+ without giving a valid email address and receiving the code Apple
+ sends to it.</p>
+ </li>
+
+ <li><p>Around 47% of the most popular iOS apps
+ <a href="http://jots.pub/a/2015103001/index.php">share personal,
+ behavioral and location information</a> of their users with third
parties.</p>
+ </li>
+
+ <li><p>iThings automatically upload to Apple's servers all the photos and
+ videos they make.</p>
+
+ <blockquote><p>
+ iCloud Photo Library stores every photo and video you take,
+ and keeps them up to date on all your devices.
+ Any edits you make are automatically updated everywhere. [...]
+ </p></blockquote>
+
+ <p>(From <a href="https://www.apple.com/icloud/photos/">Apple's iCloud
+ information</a> as accessed on 24 Sep 2015.) The iCloud feature is
+ <a href="https://support.apple.com/en-us/HT202033">activated by the
+ startup of iOS</a>. The term “cloud” means
+ “please don't ask where.”</p>
+
+ <p>There is a way to <a href="https://support.apple.com/en-us/HT201104">
+ deactivate iCloud</a>, but it's active by default so it still counts as a
+ surveillance functionality.</p>
+
+ <p>Unknown people apparently took advantage of this to
+ <a
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos of many celebrities</a>. They needed to break Apple's
+ security to get at them, but NSA can access any of them through
+ <a
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
+ </p></li>
+
+ <li><p>Spyware in iThings:
+ the <a
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a> lets stores determine exactly where the iThing is,
+ and get other info too.</p>
+ </li>
+
+ <li><p>There is also a feature for web sites to track users, which is
+ <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled by default</a>. (That article talks about iOS 6, but it
+ is still true in iOS 7.)</p>
+ </li>
+
+ <li><p>The iThing also
+ <a
+href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a> by default, though that can be
+ turned off.</p>
+ </li>
+
+ <li><p>Apple can, and regularly does,
+ <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some data from iPhones for the state</a>.</p>
+ </li>
+
+ <li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
+ Either Apple helps the NSA snoop on all the data in an iThing,
+ or it is totally incompetent.</a></p>
+ </li>
+
+ <li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
+ Several “features” of iOS seem to exist for no
+ possible purpose other than surveillance</a>. Here is the
+ <a
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInTelephones">Spyware in Telephones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
+</div>
+
+<ul>
+ <li><p>According to Edward Snowden,
+ <a href="http://www.bbc.com/news/uk-34444233">agencies can take over
smartphones</a>
+ by sending hidden text messages which enable them to turn the phones
+ on and off, listen to the microphone, retrieve geo-location data from the
+ GPS, take photographs, read text messages, read call, location and web
+ browsing history, and read the contact list. This malware is designed to
+ disguise itself from investigation.</p>
+ </li>
+
+ <li><p>Samsung phones come with
+ <a
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
that users can't delete</a>,
+ and they send so much data that their transmission is a
+ substantial expense for users. Said transmission, not wanted or
+ requested by the user, clearly must constitute spying of some
+ kind.</p></li>
+
+ <li><p>A Motorola phone
+ <a
href="https://www.motorola.com/us/X8-Mobile-Computing-System/x8-mobile-computing-system.html">
+ listens for voice all the time</a>.</p>
+ </li>
+
+ <li><p>Spyware in Android phones (and Windows? laptops): The Wall
+ Street Journal (in an article blocked from us by a paywall)
+ reports that
+ <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI can remotely activate the GPS and microphone in Android
+ phones and laptops</a>.
+ (I suspect this means Windows laptops.) Here is
+ <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p>
+ </li>
+
+ <li><p>Portable phones with GPS will send their GPS location on
+ remote command and users cannot stop them:
+ <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
+ (The US says it will eventually require all new portable phones
+ to have GPS.)</p>
+ </li>
+
+ <li><p>The nonfree Snapchat app's principal purpose is to restrict
+ the use of data on the user's computer, but it does surveillance
+ too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
+ it tries to get the user's list of other people's phone
+ numbers.</a></p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
+</div>
+
+<ul>
+ <li><p>Apps that include
+ <a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
+ Symphony surveillance software snoop on what radio and TV programs
+ are playing nearby</a>. Also on what users post on various sites
+ such as Facebook, Google+ and Twitter.</p>
+ </li>
+
+ <li><p>Facebook's new Magic Photo app
+ <a
+href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
+scans your mobile phone's photo collections for known faces</a>,
+ and suggests you to share the picture you take according to who
+ is in the frame.</p>
+
+ <p>This spyware feature seems to require online access to some
+ known-faces database, which means the pictures are likely to be
+ sent across the wire to Facebook's servers and face-recognition
+ algorithms.</p>
+
+ <p>If so, none of Facebook users' pictures are private
+ anymore, even if the user didn't “upload” them to the
service.</p>
+ </li>
+
+ <li><p>Like most “music screaming” disservices, Spotify
+ is based on proprietary malware (DRM and snooping). In August
+ 2015 it <a
+href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
+ demanded users submit to increased snooping</a>, and some
+ are starting to realize that it is nasty.</p>
+
+ <p>This article shows the <a
+href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ twisted ways that they present snooping as a way
+ to “serve” users better</a>—never mind
+ whether they want that. This is a typical example of
+ the attitude of the proprietary software industry towards
+ those they have subjugated.</p>
+
+ <p>Out, out, damned Spotify!</p>
+ </li>
+ <li><p>Many proprietary apps for mobile devices report which other
+ apps the user has
+ installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing this in a way that at least is visible and
+ optional</a>. Not as bad as what the others do.</p>
+ </li>
+
+ <li><p>FTC says most mobile apps for children don't respect privacy:
+ <a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
+
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
+ </li>
+
+ <li><p>Widely used <a
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop on the user</a>. This is in addition to
+ the snooping done by the phone company, and perhaps by the OS in the
+ phone.</p>
+
+ <p>Don't be distracted by the question of whether the app developers get
+ users to say “I agree”. That is no excuse for malware.</p>
+ </li>
+
+ <li><p>The Brightest Flashlight app
+ <a
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
+ sends user data, including geolocation, for use by companies.</a></p>
+
+ <p>The FTC criticized this app because it asked the user to
+ approve sending personal data to the app developer but did not
+ ask about sending it to other companies. This shows the
+ weakness of the reject-it-if-you-dislike-snooping
+ “solution” to surveillance: why should a flashlight
+ app send any information to anyone? A free software flashlight
+ app would not.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInGames">Spyware in Games</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
+</div>
+
+<ul>
+ <li><p>Angry Birds
+ <a
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies for companies, and the NSA takes advantage to spy through it
too</a>.
+ Here's information on
+ <a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ more spyware apps</a>.</p>
+ <p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
+ More about NSA app spying</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInToys">Spyware in Toys</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
+</div>
+
+<ul>
+ <li><p>A computerized
+ vibrator <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">snoops
+ on its users through the proprietary control app</a>.</p>
+
+ <p>The app reports the temperature of the vibrator minute by
+ minute (thus, indirectly, whether it is surrounded by a person's
+ body), and the vibration frequency.</p>
+
+ <p>Note the totally inadequate proposed response: a labeling
+ standard with which manufacturers would make statements about
+ their products, rather than free software which users can check
+ and change.</p>
+ </li>
+ <li><p>Barbie
+ <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy on children and adults.</a>.</p>
+ </li>
+</ul>
+
+
+<!-- #SpywareAtLowLevel -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInBIOS">Spyware in BIOS</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
+</div>
+
+<ul>
+<li><p>
+<a
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows
installs.
+Note that the specific sabotage method Lenovo used did not affect
+GNU/Linux; also, a “clean” Windows install is not really
+clean since <a href="/proprietary/malware-microsoft.html">Microsoft
+puts in its own malware</a>.
+</p></li>
+</ul>
+
+<!-- #SpywareAtWork -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareAtWork">Spyware at Work</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtWork">#SpywareAtWork</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li><p>Investigation
+ Shows <a
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Using US Companies, NSA To Route Around Domestic Surveillance
+ Restrictions</a>.</p>
+
+ <p>Specifically, it can collect the emails of members of Parliament
+ this way, because they pass it through Microsoft.</p></li>
+
+ <li><p>Spyware in Cisco TNP IP phones:
+ <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInSkype">Spyware in Skype</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
+</div>
+
+<ul>
+ <li><p>Spyware in Skype:
+ <a
href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
+
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
+ Microsoft changed Skype
+ <a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ specifically for spying</a>.</p>
+ </li>
+</ul>
+
+
+
+<!-- #SpywareOnTheRoad -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareOnTheRoad">Spyware on The Road</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<div class="big-subsection">
+ <h4 id="SpywareInCameras">Spyware in Cameras</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInCameras">#SpywareInCameras</a>)</span>
+</div>
+
+<ul>
+ <li>
+ <p>The Nest Cam “smart” camera is <a
+ href="http://www.bbc.com/news/technology-34922712">always
+ watching</a>, even when the “owner” switches it
“off.”</p>
+ <p>A “smart” device means the manufacturer is using it to
outsmart
+ you.</p>
+ </li>
+</ul>
+
+<div class="big-subsection">
+ <h4 id="SpywareInElectronicReaders">Spyware in e-Readers</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
+</div>
+
+<ul>
+ <li><p>E-books can contain Javascript code,
+ and <a
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
+ this code snoops on readers</a>.</p>
+ </li>
+
+ <li><p>Spyware in many e-readers—not only the
+ Kindle: <a href="https://www.eff.org/pages/reader-privacy-chart-2012">
+ they report even which page the user reads at what time</a>.</p>
+ </li>
+
+ <li><p>Adobe made “Digital Editions,” the e-reader used
+ by most US libraries,
+ <a
href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
+ send lots of data to Adobe</a>. Adobe's “excuse”: it's
+ needed to check DRM!</p>
+ </li>
+</ul>
+
+<div class="big-subsection">
+ <h4 id="SpywareInVehicles">Spyware in Vehicles</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
+</div>
+
+<ul>
+<li><p>Computerized cars with nonfree software are
+ <a
href="http://www.bloomberg.com/news/articles/2016-07-12/your-car-s-been-studying-you-closely-and-everyone-wants-the-data">
+ snooping devices</a>.</p>
+ </li>
+
+ <li><p>The Nissan Leaf has a built-in cell phone modem which allows
+ effectively
+ anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+ access its computers remotely and make changes in various
+ settings</a>.</p>
+
+ <p>That's easy to do because the system has no authentication when
+ accessed through the modem. However, even if it asked for
+ authentication, you couldn't be confident that Nissan has no
+ access. The software in the car is
+ proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
+ means it demands blind faith from its users</a>.</p>
+
+ <p>Even if no one connects to the car remotely, the cell phone
+ modem enables the phone company to track the car's movements all
+ the time; it is possible to physically remove the cell phone modem
+ though.</p>
+ </li>
+
+ <li><p>Proprietary software in cars
+ <a
href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records
information about drivers' movements</a>,
+ which is made available to car manufacturers, insurance companies, and
+ others.</p>
+
+ <p>The case of toll-collection systems, mentioned in this article, is not
+ really a matter of proprietary surveillance. These systems are an
+ intolerable invasion of privacy, and should be replaced with anonymous
+ payment systems, but the invasion isn't done by malware. The other
+ cases mentioned are done by proprietary malware in the car.</p></li>
+
+ <li><p>Tesla cars allow the company to extract data remotely and
+ determine the car's location at any time. (See
+ <a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
+ Section 2, paragraphs b and c.</a>). The company says it doesn't
+ store this information, but if the state orders it to get the data
+ and hand it over, the state can store it.</p>
+ </li>
+</ul>
+
+
+<!-- #SpywareAtHome -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareAtHome">Spyware at Home</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
+ Rent-to-own computers were programmed to spy on their renters</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInTVSets">Spyware in TV Sets</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
+</div>
+
+<p>Emo Phillips made a joke: The other day a woman came up to me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out the other way.” Evidently that was
+before Amazon “smart” TVs.</p>
+
+<ul>
+ <li><p>Vizio goes a step further than other TV manufacturers in spying on
+ their users: their <a
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in detail and
+ link them your IP address</a> so that advertisers can track you
+ across devices.</p>
+
+ <p>It is possible to turn this off, but having it enabled by default
+ is an injustice already.</p>
+ </li>
+
+ <li><p>Tivo's alliance with Viacom adds 2.3 million households to
+ the 600 millions social media profiles the company already
+ monitors. Tivo customers are unaware they're being watched by
+ advertisers. By combining TV viewing information with online
+ social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
+ advertisement with online purchases</a>, exposing all users to
+ new combined surveillance by default.</p></li>
+ <li><p>Some web and TV advertisements play inaudible sounds to be
+ picked up by proprietary malware running on other devices in
+ range so as to determine that they are nearby. Once your
+ Internet devices are paired with your TV, advertisers can
+ correlate ads with Web activity, and
+ other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p>
+ </li>
+ <li><p>Vizio “smart” TVs recognize and
+ <a
href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what
people are watching</a>,
+ even if it isn't a TV channel.</p>
+ </li>
+ <li><p>The Amazon “Smart” TV
+ <a
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
+ watching and listening all the time</a>.</p>
+ </li>
+ <li><p>The Samsung “Smart” TV
+ <a
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">transmits
users' voice on the internet to another
+ company, Nuance</a>. Nuance can save it and would then have to
+ give it to the US or some other government.</p>
+ <p>Speech recognition is not to be trusted unless it is done
+ by free software in your own computer.</p>
+ </li>
+ <li><p>Spyware in
+ <a
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ LG “smart” TVs</a> reports what the user watches, and
+ the switch to turn this off has no effect. (The fact that the
+ transmission reports a 404 error really means nothing; the server
+ could save that data anyway.)</p>
+
+ <p>Even worse, it
+ <a
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
+ snoops on other devices on the user's local network.</a></p>
+
+ <p>LG later said it had installed a patch to stop this, but any product
+ could spy this way.</p>
+
+ <p>Meanwhile, LG TVs
+ <a
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
do lots of spying anyway</a>.</p>
+ </li>
+ <li>
+ <p><a
href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">Verizon
cable TV snoops on what programs people watch, and even what they wanted to
record.</a></p>
+ </li>
+</ul>
+
+<!-- #SpywareAtPlay -->
+<div class="big-section">
+ <h3 id="SpywareAtPlay">Spyware at Play</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtPlay">#SpywareAtPlay</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li><p>Many
+ <a
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
+ video game consoles snoop on their users and report to the
+ internet</a>— even what their users weigh.</p>
+
+ <p>A game console is a computer, and you can't trust a computer with
+ a nonfree operating system.</p>
+ </li>
+
+ <li><p>Modern gratis game cr…apps
+ <a
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
+ collect a wide range of data about their users and their users'
+ friends and associates</a>.</p>
+
+ <p>Even nastier, they do it through ad networks that merge the data
+ collected by various cr…apps and sites made by different
+ companies.</p>
+
+ <p>They use this data to manipulate people to buy things, and hunt
+ for “whales” who can be led to spend a lot of money. They
+ also use a back door to manipulate the game play for specific
players.</p>
+
+ <p>While the article describes gratis games, games that cost money
+ can use the same tactics.</p>
+ </li>
+</ul>
+
+<!-- #SpywareOnTheWeb -->
+
+<div class="big-section">
+ <h3 id="SpywareOnTheWeb">Spyware on the Web</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnTheWeb">#SpywareOnTheWeb</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<p>In addition, many web sites spy on their visitors. Web sites are not
+ programs, so it
+ <a href="/philosophy/network-services-arent-free-or-nonfree.html">
+ makes no sense to call them “free” or
“proprietary”</a>,
+ but the surveillance is an abuse all the same.</p>
+
+<ul>
+
+ <li><p><a
href="http://japandailypress.com/government-warns-agencies-against-using-chinas-baidu-application-after-data-transmissions-discovered-2741553/">
+ Baidu's Japanese-input and Chinese-input apps spy on users.</a></p>
+ </li>
+
+ <li><p>Pages that contain “Like” buttons
+ <a
href="http://www.smh.com.au/technology/technology-news/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
+ enable Facebook to track visitors to those pages</a>—even
+ users that don't have Facebook accounts.</p>
+ </li>
+
+ <li><p>Many web sites rat their visitors to advertising networks that track
+ users. Of the top 1000 web sites, <a
+
href="https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/">84%
+ (as of 5/17/2012) fed their visitors third-party cookies, allowing other
+ sites to track them</a>.</p>
+ </li>
+
+ <li><p>Many web sites report all their visitors to Google by using
+ the Google Analytics service, which
+ <a
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
+ tells Google the IP address and the page that was visited.</a></p>
+ </li>
+
+ <li><p>Many web sites try to collect users' address books (the
+ user's list of other people's phone numbers or email addresses).
+ This violates the privacy of those other people.</p>
+ </li>
+
+ <li><p><a
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
+ Microsoft SkyDrive allows the NSA to directly examine users'
data</a>.</p>
+ </li>
+</ul>
+
+<!-- WEBMASTERS: make sure to place new items on top under each subsection -->
+<div class="big-subsection">
+ <h4 id="SpywareInChrome">Spyware in Chrome</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInChrome">#SpywareInChrome</a>)</span>
+</div>
+
+<ul>
+ <li><p>Google Chrome makes it easy for an extension to do <a
+
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
+ snooping on the user's browsing</a>, and many of them do so.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInFlash">Spyware in Flash</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInFlash">#SpywareInFlash</a>)</span>
+</div>
+
+<ul>
+ <li><p>Flash Player's
+ <a
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
+ cookie feature helps web sites track visitors</a>.</p>
+ </li>
+
+ <li><p>Flash is also used for
+ <a
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
+ “fingerprinting” devices </a> to identify users.</p>
+ </li>
+</ul>
+
+<p><a href="/philosophy/javascript-trap.html">Javascript code</a>
+is another method of “fingerprinting” devices.</p>
+
+
+<!-- #SpywareEverywhere -->
+<div class="big-section">
+ <h3 id="SpywareEverywhere">Spyware Everywhere</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareEverywhere">#SpywareEverywhere</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li><p>The natural extension of monitoring people through
+ “their” phones is <a
+
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
+ proprietary software to make sure they can't “fool” the
+ monitoring</a>.</p>
+ </li>
+
+ <li><p><a
href="http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
+ Intel devices will be able to listen for speech all the time, even when
“off.”</a></p>
+ </li>
+</ul>
+
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+<div class="unprintable">
+
+<p>Please send general FSF & GNU inquiries to
+<a href="mailto:address@hidden"><address@hidden></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a href="mailto:address@hidden"><address@hidden></a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:address@hidden">
+ <address@hidden></a>.</p>
+
+ <p>For information on coordinating and submitting translations of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and submitting translations
+of this article.</p>
+</div>
+
+<!-- Regarding copyright, in general, standalone pages (as opposed to
+ files generated as part of manuals) on the GNU web server should
+ be under CC BY-ND 4.0. Please do NOT change or remove this
+ without talking with the webmasters or licensing team first.
+ Please make sure the copyright date is consistent with the
+ document. For web pages, it is ok to list just the latest year the
+ document was modified, or published.
+
+ If you wish to list earlier years, that is ok too.
+ Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+ years, as long as each year in the range is in fact a copyrightable
+ year, i.e., a year in which the document was published (including
+ being publicly visible on the web or in a revision control system).
+
+ There is more detail about copyright years in the GNU Maintainers
+ Information document, www.gnu.org/prep/maintain. -->
+
+<p>Copyright © 2015, 2016 Free Software Foundation, Inc.</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2016/08/20 18:14:08 $
+<!-- timestamp end -->
+</p>
+</div>
+</div>
+</body>
+</html>
- www/server/staging/proprietary proprietary-surv...,
Therese Godefroy <=