[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/server/staging/proprietary/rec propr-blurbs...
|
From: |
Therese Godefroy |
|
Subject: |
www/server/staging/proprietary/rec propr-blurbs... |
|
Date: |
Mon, 24 Sep 2018 17:02:21 -0400 (EDT) |
CVSROOT: /webcvs/www
Module name: www
Changes by: Therese Godefroy <th_g> 18/09/24 17:02:21
Modified files:
server/staging/proprietary/rec: propr-blurbs.rec propr-pages.rec
surveillance-stub.html
apple-stub.html
Log message:
More fixes.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/server/staging/proprietary/rec/propr-blurbs.rec?cvsroot=www&r1=1.9&r2=1.10
http://web.cvs.savannah.gnu.org/viewcvs/www/server/staging/proprietary/rec/propr-pages.rec?cvsroot=www&r1=1.6&r2=1.7
http://web.cvs.savannah.gnu.org/viewcvs/www/server/staging/proprietary/rec/surveillance-stub.html?cvsroot=www&r1=1.3&r2=1.4
http://web.cvs.savannah.gnu.org/viewcvs/www/server/staging/proprietary/rec/apple-stub.html?cvsroot=www&r1=1.4&r2=1.5
Patches:
Index: propr-blurbs.rec
===================================================================
RCS file: /webcvs/www/www/server/staging/proprietary/rec/propr-blurbs.rec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- propr-blurbs.rec 23 Sep 2018 21:01:10 -0000 1.9
+++ propr-blurbs.rec 24 Sep 2018 21:02:20 -0000 1.10
@@ -92,7 +92,7 @@
PubDate: 2018-07-02
Section: insecurity mobiles
Keyword: samsung
-Blurb: <p>Some Samsung phones randomly <a
href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages";>
send photos to people in the owner's contact list</a>.</p>
+Blurb: <p>Some Samsung phones randomly <a
href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages";>send
photos to people in the owner's contact list</a>.</p>
Id: -201806250
PubDate: 2018-06-25
@@ -213,7 +213,7 @@
Id: -201712240
PubDate: 2017-12-24
Section: insecurity appliances
-Keyword:
+Keyword: stings
Blurb: <p>One of the dangers of the “internet of stings” is that,
if you lose your internet service, you also <a
href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/";>
lose control of your house and appliances</a>.</p>
+
+ <p>For your safety, don't use any appliance with a connection to the real
internet.</p>
@@ -322,7 +322,7 @@
Id: -201711010
PubDate: 2017-11-01
-Section: back-doors universal surveillance toys subscriptions tethers
+Section: back-doors universal subscriptions tethers
Keyword: sony aibo
Blurb: <p>Sony has brought back its robotic pet Aibo, this time <a
href="https://motherboard.vice.com/en_us/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet";>
with a universal back door, and tethered to a server that requires a
subscription</a>.</p>
@@ -362,7 +362,7 @@
Id: -201710040
PubDate: 2017-10-04
-Section: surveillance appliances cameras
+Section: surveillance cameras appliances
Keyword: canary
Blurb: <p>Every “home security” camera, if its manufacturer can
communicate with it, is a surveillance device. <a
href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change";>
Canary camera is an example</a>.</p>
+
@@ -390,7 +390,7 @@
Keyword: iv-pump
Blurb: <p>A “smart” intravenous pump designed for hospitals is
connected to the internet. Naturally <a
href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml";>
its security has been cracked</a>.</p>
+
-+ <p>Note that this article misuses the term <a
href="/philosophy/words-to-avoid.html#Hacker"> “hackers”</a>
referring to crackers.</p>
++ <p>Note that this article misuses the term “<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>” referring to
crackers.</p>
Id: -201709091
PubDate: 2017-09-09
@@ -408,13 +408,13 @@
Id: -201708280
PubDate: 2017-08-28
-Section: insecurity appliances surveillance
-Keyword:
-Blurb: <p>The bad security in many Internet of Stings devices allows <a
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml";>
ISPs to snoop on the people that use them</a>.</p>
+Section: insecurity surveillance stings appliances
+Keyword: iot
+Blurb: <p>The bad security in many Internet of Stings devices allows <a
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml";>ISPs
to snoop on the people that use them</a>.</p>
+
+ <p>Don't be a sucker—reject all the stings.</p>
+
-+ <p>It is unfortunate that the article uses the term <a
href="/philosophy/words-to-avoid.html#Monetize"> “monetize”</a>.</p>
++ <p>It is unfortunate that the article uses the term “<a
href="/philosophy/words-to-avoid.html#Monetize">monetize</a>”.</p>
Id: -201708270
PubDate: 2017-08-27
@@ -471,21 +471,27 @@
+
+ <p>But since Google itself develops malicious apps, we cannot trust Google
to protect us. We must demand release of source code to the public, so we can
depend on each other.</p>
-Id: -201706071
-PubDate: 2017-06-07
-Section: surveillance cameras insecurity appliances
-Keyword:
+Id: -201706204
+PubDate: 2017-06-20
+Section: surveillance home
+Keyword: appliances
+Blurb: <p>Lots of “smart” products are designed <a
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022";>to
listen to everyone in the house, all the time</a>.</p>
++
++ <p>Today's technological practice does not include any way of making a
device that can obey your voice commands without potentially spying on you.
Even if it is air-gapped, it could be saving up records about you for later
examination.</p>
+
+Id: -201706201
+PubDate: 2017-06-20
+Section: insecurity surveillance cameras
+Keyword: appliances
Blurb: <p>Many models of Internet-connected cameras <a
href="/proprietary/proprietary-back-doors.html#InternetCameraBackDoor"> have
backdoors</a>.</p>
+
-+ <p>That is a malicious functionality, but in addition it is a gross
insecurity since anyone, including malicious crackers, <a
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/";>
can find those accounts and use them to get into users' cameras</a>.</p>
++ <p>That is a malicious functionality, but in addition it is a gross
insecurity since anyone, including malicious crackers, <a
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/";>can
find those accounts and use them to get into users' cameras</a>.</p>
Id: -201706200
PubDate: 2017-06-20
-Section: surveillance home appliances
-Keyword:
-Blurb: <p>Lots of “smart” products are designed <a
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022";>to
listen to everyone in the house, all the time</a>.</p>
-+
-+ <p>Today's technological practice does not include any way of making a
device that can obey your voice commands without potentially spying on you.
Even if it is air-gapped, it could be saving up records about you for later
examination.</p>
+Section: appliances
+Keyword: insecurity surveillance cameras
+Blurb: <p>Many models of Internet-connected cameras are tremendously insecure.
They have login accounts with hard-coded passwords, which can't be changed,
and <a
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/";>there
is no way to delete these accounts either</a>.</p>
Id: -201706130
PubDate: 2017-05-03
@@ -515,7 +521,7 @@
PubDate: 2017-06-05
Section: insecurity
Keyword: intel
-Blurb: <p id="intel-me-10-year-vulnerability">Intel's CPU backdoor—the
Intel Management Engine—had a <a
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/";>
major security vulnerability for 10 years</a>.</p>
+Blurb: <p id="intel-me-10-year-vulnerability">Intel's CPU backdoor—the
Intel Management Engine—had a <a
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/";>major
security vulnerability for 10 years</a>.</p>
+
+ <p>The vulnerability allowed a cracker to access the computer's Intel
Active Management Technology (AMT) <a
href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/";>
web interface with an empty password and gave administrative access</a> to
access the computer's keyboard, mouse, monitor among other privileges.</p>
+
@@ -547,7 +553,7 @@
PubDate: 2017-05-16
Section: insecurity
Keyword: conexant
-Blurb: <p>Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
pre-installed on 28 models of HP laptops logged the user's keystroke to a file
in the filesystem. Any process with access to the filesystem or the
MapViewOfFile API could gain access to the log. Furthermore, <a
href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt";>
according to modzero</a> the “information-leak via Covert Storage Channel
enables malware authors to capture keystrokes without taking the risk of being
classified as malicious task by AV heuristics”.</p>
+Blurb: <p>Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
pre-installed on 28 models of HP laptops logged the user's keystroke to a file
in the filesystem. Any process with access to the filesystem or the
MapViewOfFile API could gain access to the log. Furthermore, <a
href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt";>according
to modzero</a> the “information-leak via Covert Storage Channel enables
malware authors to capture keystrokes without taking the risk of being
classified as malicious task by AV heuristics”.</p>
Id: -201705151
PubDate: 2017-05-13
@@ -593,7 +599,7 @@
Id: -201704190
PubDate: 2017-04-19
-Section: surveillance apps mobiles
+Section: surveillance apps mobiles appliances
Keyword: bose
Blurb: <p>Users are suing Bose for <a
href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/";>
distributing a spyware app for its headphones</a>. Specifically, the app
would record the names of the audio files users listen to along with the
headphone's unique serial number.</p>
+
@@ -700,13 +706,13 @@
PubDate: 2017-02-20
Section: insecurity appliances
Keyword:
-Blurb: <p>If you buy a used “smart” car, house, TV, refrigerator,
etc., usually <a
href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html";> the
previous owners can still remotely control it</a>.</p>
+Blurb: <p>If you buy a used “smart” car, house, TV, refrigerator,
etc., usually <a
href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html";>the
previous owners can still remotely control it</a>.</p>
Id: -201702170
PubDate: 2017-02-17
Section: insecurity mobiles cars
Keyword: surveillance apps
-Blurb: <p>The mobile apps for communicating <a
href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/";>
with a smart but foolish car have very bad security</a>.</p>
+Blurb: <p>The mobile apps for communicating <a
href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/";>with
a smart but foolish car have very bad security</a>.</p>
+
+ <p>This is in addition to the fact that the car contains a cellular modem
that tells big brother all the time where it is. If you own such a car, it
would be wise to disconnect the modem so as to turn off the tracking.</p>
@@ -746,7 +752,7 @@
PubDate: 2017-01-27
Section: insecurity mobiles
Keyword: samsung
-Blurb: <p>Samsung phones <a
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/";>
have a security hole that allows an SMS message to install ransomware</a>.</p>
+Blurb: <p>Samsung phones <a
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/";>have
a security hole that allows an SMS message to install ransomware</a>.</p>
Id: -201701210
PubDate: 2017-01-21
@@ -791,7 +797,7 @@
PubDate: 2017-01-06
Section: surveillance webpages websites
Keyword: disqus
-Blurb: <p>When a page uses Disqus for comments, <a
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook";>the
proprietary Disqus software loads a Facebook software package into the browser
of every anonymous visitor to the page, and makes the page's URL available to
Facebook</a>.</p>
+Blurb: <p>When a page uses Disqus for comments, the proprietary Disqus
software <a
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook";>loads
a Facebook software package into the browser of every anonymous visitor to the
page, and makes the page's URL available to Facebook</a>.</p>
Id: -201701050
PubDate: 2017-01-05
@@ -831,7 +837,7 @@
PubDate: 2016-12-06
Section: insecurity appliances
Keyword: my-friend-cayla surveillance toys
-Blurb: <p>The “smart” toys My Friend Cayla and i-Que can be <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws";>
remotely controlled with a mobile phone</a>; physical access is not necessary.
This would enable crackers to listen in on a child's conversations, and even
speak into the toys themselves.</p>
+Blurb: <p>The “smart” toys My Friend Cayla and i-Que can be <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws";>remotely
controlled with a mobile phone</a>; physical access is not necessary. This
would enable crackers to listen in on a child's conversations, and even speak
into the toys themselves.</p>
+
+ <p>This means a burglar could speak into the toys and ask the child to
unlock the front door while Mommy's not looking.</p>
@@ -913,7 +919,7 @@
PubDate: 2016-10-23
Section: insecurity
Keyword: phone-network
-Blurb: <p>4G LTE phone networks are drastically insecure. They can be <a
href="https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/";>
taken over by third parties and used for man-in-the-middle attacks</a>.</p>
+Blurb: <p>4G LTE phone networks are drastically insecure. They can be <a
href="https://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/";>
taken over by third parties and used for man-in-the-middle attacks</a>.</p>
Id: -201609280
PubDate: 2016-09-28
@@ -960,7 +966,20 @@
PubDate: 2016-09-01
Section: deception
Keyword:
-Blurb: <p>Many proprietary programs secretly <a
href="https://web.archive.org/web/20160901222135/http://www.theregister.co.uk/2016/08/05/payperinstall_study/";>install
other proprietary programs that the users don't want</a>.</p>
+Blurb: <p>Many proprietary programs secretly <a
href="https://www.theregister.co.uk/2016/08/05/payperinstall_study/";>install
other proprietary programs that the users don't want</a>.</p>
+
+Id: -201608172
+PubDate: 2007-09-13
+PubDate: 2007-08-26
+PubDate: 2016-08-17
+PubDate: 2015-07-17
+Section: back-doors universal microsoft backdoor
+Keyword: windows-update
+Blurb: <p id="windows-update">Microsoft Windows has a universal back door
through which <a
href="http://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183";>
any change whatsoever can be imposed on the users</a>.</p>
++
++ <p>This was <a
href="http://slated.org/windows_by_stealth_the_updates_you_dont_want";>reported
in 2007</a> for XP and Vista, and it seems that Microsoft used the same method
to push the <a
href="/proprietary/proprietary-sabotage.html#windows10-forcing">Windows 10
downgrade</a> to computers running Windows 7 and 8.</p>
++
++ <p>In Windows 10, the universal back door is no longer hidden; all
“upgrades” will be <a
href="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/";>forcibly
and immediately imposed</a>.</p>
Id: -201608171
PubDate: 2016-08-17
@@ -980,7 +999,7 @@
Keyword: windows
Blurb: <p id="windows10-forcing">In 2015, users reported that <a
href="http://www.networkworld.com/article/2993490/windows/windows-10-upgrades-reportedly-appearing-as-mandatory-for-some-users.html#tk.rss_all";>
Microsoft was forcing them to replace Windows 7 and 8 with all-spying Windows
10</a>.</p>
+
-+ <p>Microsoft did use many tricks to “persuade” reluctant users
to switch. Among other things, it forced <a
href="https://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1";>
stealth downloads of Windows 10</a>. Not only did the unwanted downloads <a
href="https://www.theregister.co.uk/2016/06/03/windows_10_upgrade_satellite_link/";>
use up much needed resources</a>, but many of the people who let installation
proceed found out that this “upgrade” was in fact a <a
href="http://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146";>
downgrade</a>.</p>
++ <p>Microsoft used many tricks to “persuade” reluctant users to
switch. Among other things, it forced <a
href="https://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1";>
stealth downloads of Windows 10</a>, apparently through a <a
href="/proprietary/proprietary-back-doors.html#windows-update">universal back
door</a>. Not only did the unwanted downloads <a
href="https://www.theregister.co.uk/2016/06/03/windows_10_upgrade_satellite_link/";>
use up much needed resources</a>, but many of the people who let installation
proceed found out that this “upgrade” was in fact a <a
href="http://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146";>
downgrade</a>.</p>
+
+ <p>Then Microsoft attacked the computers that were still running Windows 7
or 8 by <a
href="http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html";>
repeatedly switching on a flag that urged users to “upgrade” to
Windows 10</a> when they had turned it off. This was done through <a
href="https://www.theregister.co.uk/2016/03/17/microsoft_windows_10_upgrade_gwx_vs_humanity/";>
deviant use of Windows Update</a>.</p>
+
@@ -992,7 +1011,7 @@
PubDate: 2016-08-11
Section: insecurity cars
Keyword: volkswagen
-Blurb: <p>Due to weak security, <a
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844";>
it is easy to open the doors of 100 million cars built by Volkswagen</a>.</p>
+Blurb: <p>Due to weak security, <a
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844";>it
is easy to open the doors of 100 million cars built by Volkswagen</a>.</p>
Id: -201608080
PubDate: 2016-08-08
@@ -1010,7 +1029,7 @@
PubDate: 2016-07-29
Section: insecurity mobiles
Keyword: whatsapp
-Blurb: <p><a
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/";>
“Deleted” WhatsApp messages are not entirely deleted</a>. They can
be recovered in various ways.</p>
+Blurb: <p><a
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/";>“Deleted”
WhatsApp messages are not entirely deleted</a>. They can be recovered in
various ways.</p>
Id: -201607284
PubDate: 2016-07-28
@@ -1028,7 +1047,7 @@
Id: -201607220
PubDate: 2016-07-22
-Section: apple insecurity
+Section: apple-insecurity
Keyword: api
Blurb: <p>A vulnerability in Apple's Image I/O API allowed an attacker to <a
href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple";>execute
malicious code from any application which uses this API to render a certain
kind of image file</a>.</p>
@@ -1036,7 +1055,7 @@
PubDate: 2016-07-19
Section: insecurity mobiles
Keyword: phone-network
-Blurb: <p>A bug in a proprietary ASN.1 library, used in cell phone towers as
well as cell phones and routers, <a
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover";>
allows taking control of those systems</a>.</p>
+Blurb: <p>A bug in a proprietary ASN.1 library, used in cell phone towers as
well as cell phones and routers, <a
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover";>allows
taking control of those systems</a>.</p>
Id: -201607160
PubDate: 2016-07-16
@@ -1060,7 +1079,7 @@
PubDate: 2016-06-29
Section: insecurity
Keyword: antivirus
-Blurb: <p>Antivirus programs have so many errors that <a
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374";>
they may make security worse</a>.</p>
+Blurb: <p>Antivirus programs have so many errors that <a
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374";>they
may make security worse</a>.</p>
+
+ <p>GNU/Linux does not need antivirus software.</p>
@@ -1068,7 +1087,7 @@
PubDate: 2016-06-08
Section: apple sabotage
Keyword: windows quicktime
-Blurb: <p>Apple <a
href="http://www.theregister.co.uk/2016/04/14/uninstall_quicktime_for_windows/";>
stops users from fixing the security bugs in Quicktime for Windows</a>, while
refusing to fix them itself.</p>
+Blurb: <p>Apple <a
href="https://www.theregister.co.uk/2016/04/14/uninstall_quicktime_for_windows/";>
stops users from fixing the security bugs in Quicktime for Windows</a>, while
refusing to fix them itself.</p>
Id: -201606060
PubDate: 2016-06-06
@@ -1082,7 +1101,7 @@
PubDate: 2016-06-05
Section: surveillance apps mobiles
Keyword: facebook
-Blurb: <p>Facebook's new Magic Photo app <a
href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/";>
scans your mobile phone's photo collections for known faces</a>, and suggests
you to share the picture you take according to who is in the frame.</p>
+Blurb: <p>Facebook's new Magic Photo app <a
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/";>
scans your mobile phone's photo collections for known faces</a>, and suggests
you to share the picture you take according to who is in the frame.</p>
+
+ <p>This spyware feature seems to require online access to some known-faces
database, which means the pictures are likely to be sent across the wire to
Facebook's servers and face-recognition algorithms.</p>
+
@@ -1090,8 +1109,8 @@
Id: -201606030
PubDate: 2016-06-03
-Section: surveillance networks
-Keyword:
+Section: surveillance fixed-comm
+Keyword: routing
Blurb: <p>Investigation Shows <a
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml";>GCHQ
Using US Companies, NSA To Route Around Domestic Surveillance
Restrictions</a>.</p>
+
+ <p>Specifically, it can collect the emails of members of Parliament this
way, because they pass it through Microsoft.</p>
@@ -1100,7 +1119,7 @@
PubDate: 2016-06-01
Section: microsoft sabotage
Keyword: windows
-Blurb: <p>Once Microsoft has tricked a user into accepting installation of
Windows 10, <a
href="http://www.theregister.co.uk/2016/06/01/windows_10_nagware_no_way_out/";>they
find that they are denied the option to cancel or even postpone the imposed
date of installation</a>.</p>
+Blurb: <p>Once Microsoft has tricked a user into accepting installation of
Windows 10, <a
href="https://www.theregister.co.uk/2016/06/01/windows_10_nagware_no_way_out/";>they
find that they are denied the option to cancel or even postpone the imposed
date of installation</a>.</p>
+
+ <p>This demonstrates what we've said for years: using proprietary software
means letting someone have power over you, and you're going to get screwed
sooner or later.</p>
@@ -1149,7 +1168,7 @@
PubDate: 2016-05-02
Section: insecurity appliances
Keyword: samsung
-Blurb: <p>Samsung's “Smart Home” has a big security hole; <a
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/";>
unauthorized people can remotely control it</a>.</p>
+Blurb: <p>Samsung's “Smart Home” has a big security hole; <a
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/";>unauthorized
people can remotely control it</a>.</p>
+
+ <p>Samsung claims that this is an “open” platform so the
problem is partly the fault of app developers. That is clearly true if the apps
are proprietary software.</p>
+
@@ -1163,15 +1182,15 @@
Id: -201604120
PubDate: 2016-04-12
-Section: insecurity apple
+Section: apple-insecurity
Keyword: apps
Blurb: <p>A bug in the iThings Messages app <a
href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/";>allowed
a malicious web site to extract all the user's messaging history</a>.</p>
Id: -201604110
PubDate: 2016-04-11
-Section: amazon insecurity cameras
-Keyword:
-Blurb: <p>Malware found on <a
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html";>
security cameras available through Amazon</a>.</p>
+Section: amazon insecurity appliances
+Keyword: cameras
+Blurb: <p>Malware found on <a
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html";>security
cameras available through Amazon</a>.</p>
+
+ <p>A camera that records locally on physical media, and has no network
connection, does not threaten people with surveillance—neither by
watching people through the camera, nor through malware in the camera.</p>
@@ -1183,9 +1202,9 @@
Id: -201603220
PubDate: 2016-03-22
-Section: insecurity cameras surveillance
+Section: insecurity surveillance cameras appliances
Keyword:
-Blurb: <p>Over 70 brands of network-connected surveillance cameras <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html";>
have security bugs that allow anyone to watch through them</a>.</p>
+Blurb: <p>Over 70 brands of network-connected surveillance cameras <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html";>have
security bugs that allow anyone to watch through them</a>.</p>
Id: -201603170
PubDate: 2016-03-17
@@ -1225,7 +1244,7 @@
Keyword: back-doors phone
Blurb: <p id="nissan-modem">The Nissan Leaf has a built-in cell phone modem
which allows effectively anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/";>to
access its computers remotely and make changes in various settings</a>.</p>
+
-+ <p>That's easy to do because the system has no authentication when accessed
through the modem. However, even if it asked for authentication, you couldn't
be confident that Nissan has no access. The software in the car is
proprietary, <a href="/philosophy/free-software-even-more-important.html">
which means it demands blind faith from its users</a>.</p>
++ <p>That's easy to do because the system has no authentication when accessed
through the modem. However, even if it asked for authentication, you couldn't
be confident that Nissan has no access. The software in the car is
proprietary, <a href="/philosophy/free-software-even-more-important.html">which
means it demands blind faith from its users</a>.</p>
+
+ <p>Even if no one connects to the car remotely, the cell phone modem
enables the phone company to track the car's movements all the time; it is
possible to physically remove the cell phone modem, though.</p>
@@ -1266,7 +1285,7 @@
PubDate: 2016-01-13
Section: surveillance apps mobiles
Keyword: symphony
-Blurb: <p>Apps that include <a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/";>
Symphony surveillance software snoops on what radio and TV programs are
playing nearby</a>. Also on what users post on various sites such as Facebook,
Google+ and Twitter.</p>
+Blurb: <p>Apps that include <a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/";>
Symphony surveillance software snoop on what radio and TV programs are playing
nearby</a>. Also on what users post on various sites such as Facebook, Google+
and Twitter.</p>
Id: -201601110
PubDate: 2016-01-11
@@ -1334,7 +1353,7 @@
PubDate: 2015-11-26
Section: surveillance windows microsoft
Keyword:
-Blurb: <p>A downgrade to Windows 10 deleted surveillance-detection
applications. Then another downgrade inserted a general spying program. Users
noticed this and complained, so Microsoft renamed it <a
href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/";>
to give users the impression it was gone</a>.</p>
+Blurb: <p>A downgrade to Windows 10 deleted surveillance-detection
applications. Then another downgrade inserted a general spying program. Users
noticed this and complained, so Microsoft renamed it <a
href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/";>
to give users the impression it was gone</a>.</p>
+
+ <p>To use proprietary software is to invite such treatment.</p>
@@ -1346,8 +1365,8 @@
Id: -201511250
PubDate: 2015-11-25
-Section: surveillance cameras
-Keyword: nestcam
+Section: surveillance cameras appliances
+Keyword: nest-cam
Blurb: <p>The Nest Cam “smart” camera is <a
href="http://www.bbc.com/news/technology-34922712";>always watching</a>, even
when the “owner” switches it “off.”</p>
+
+ <p>A “smart” device means the manufacturer is using it to
outsmart you.</p>
@@ -1446,7 +1465,7 @@
Id: -201510200
PubDate: 2015-10-20
-Section: back-doors other insecurity
+Section: back-doors other insecurity appliances
Keyword: western-digital
Blurb: <p>“Self-encrypting” disk drives do the encryption with
proprietary firmware so you can't trust it. Western Digital's “My
Passport” drives <a
href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption";>
have a back door</a>.</p>
@@ -1528,7 +1547,7 @@
Keyword: spotify
Blurb: <p>Like most “music screaming” disservices, Spotify is
based on proprietary malware (DRM and snooping). In August 2015 it <a
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy";>
demanded users submit to increased snooping</a>, and some are starting to
realize that it is nasty.</p>
+
-+ <p>This article shows the <a
href="http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/";>
twisted ways that they present snooping as a way to “serve” users
better</a>—never mind whether they want that. This is a typical example
of the attitude of the proprietary software industry towards those they have
subjugated.</p>
++ <p>This article shows the <a
href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/";>
twisted ways that they present snooping as a way to “serve” users
better</a>—never mind whether they want that. This is a typical example
of the attitude of the proprietary software industry towards those they have
subjugated.</p>
+
+ <p>Out, out, damned Spotify!</p>
@@ -1580,18 +1599,6 @@
+
+ <p>If I ever own a car, and it contains a portable phone, I will deactivate
that.</p>
-Id: -201507170
-PubDate: 2007-09-13
-PubDate: 2007-08-26
-PubDate: 2015-07-17
-Section: back-doors universal microsoft backdoor
-Keyword: windows-update
-Blurb: <p>Microsoft Windows has a universal back door through which <a
href="http://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183";>
any change whatsoever can be imposed on the users</a>.</p>
-+
-+ <p>This was <a
href="http://slated.org/windows_by_stealth_the_updates_you_dont_want";>reported
in 2007</a> for XP and Vista, and it seems that Microsoft used the same method
to push the <a
href="/proprietary/malware-microsoft.html#windows10-forcing">Windows 10
downgrade</a> to computers running Windows 7 and 8.</p>
-+
-+ <p>In Windows 10, the universal back door is no longer hidden; all
“upgrades” will be <a
href="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/";>forcibly
and immediately imposed</a>.</p>
-
Id: -201507150
PubDate: 2015-07-15
Section: microsoft subscriptions
@@ -1668,7 +1675,7 @@
PubDate: 2015-05-06
Section: surveillance apps mobiles
Keyword: android
-Blurb: <p>Gratis Android apps (but not <a href="/philosophy/free-sw.html">free
software</a>) connect to 100 <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites";>
tracking and advertising</a> URLs, on the average.</p>
+Blurb: <p>Gratis Android apps (but not <a href="/philosophy/free-sw.html">free
software</a>) connect to 100 <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites";>tracking
and advertising</a> URLs, on the average.</p>
Id: -201505050
PubDate: 2015-05-05
@@ -1680,13 +1687,13 @@
Id: -201504300
PubDate: 2015-04-30
-Section: sabotage surveillance tvsets
+Section: sabotage surveillance tvsets appliances
Keyword: vizio
Blurb: <p>Vizio <a
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html";>
used a firmware “upgrade” to make its TVs snoop on what users
watch</a>. The TVs did not do that when first sold.</p>
Id: -201504090
PubDate: 2015-04-09
-Section: back-doors other sabotage apple
+Section: back-doors other insecurity sabotage apple
Keyword: macos
Blurb: <p>Mac OS X had an <a
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/";>
intentional local back door for 4 years</a>, which could be exploited by
attackers to gain root privileges.</p>
@@ -1732,12 +1739,6 @@
+
+ <p>In its privacy policy, Samsung explicitly confirms that <a
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs";>voice
data containing sensitive information will be transmitted to third
parties</a>.</p>
-Id: -201502060
-PubDate: 2015-02-06
-Section: back-doors other potential
-Keyword: intel amd microsoft
-Blurb: <p>Here is a suspicion that we can't prove, but is worth thinking
about: <a
href="http://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI";>
Writable microcode for Intel and AMD microprocessors</a> may be a vehicle for
the NSA to invade computers, with the help of Microsoft, say respected security
experts.</p>
-
Id: -201501030
PubDate: 2015-01-03
Section: googleDRM drm
@@ -1783,7 +1784,7 @@
Id: -201411040
PubDate: 2014-11-04
Section: surveillance macos apple
-Keyword: system
+Keyword:
Blurb: <p>Apple has made various <a
href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud";>
MacOS programs send files to Apple servers without asking permission</a>.
This exposes the files to Big Brother and perhaps to other snoops.</p>
+
+ <p>It also demonstrates how you can't trust proprietary software, because
even if today's version doesn't have a malicious functionality, tomorrow's
version might add it. The developer won't remove the malfeature unless many
users push back hard, and the users can't remove it themselves.</p>
@@ -1902,7 +1903,7 @@
Id: -201405190
PubDate: 2014-05-19
-Section: insecurity
+Section: insecurity mobiles
Keyword: apps
Blurb: <p>An app to prevent “identity theft” (access to personal
data) by storing users' data on a special server <a
href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/";>was
deactivated by its developer</a> which had discovered a security flaw.</p>
+
@@ -1917,12 +1918,12 @@
Id: -201405110
PubDate: 2014-05-11
Section: sabotage
-Keyword: lg tvsets surveillance
+Keyword: lg
Blurb: <p>LG <a
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml";>disabled
network features</a> on <em>previously purchased</em> “smart” TVs,
unless the purchasers agreed to let LG begin to snoop on them and distribute
their personal data.</p>
Id: -201405080
PubDate: 2014-05-08
-Section: surveillance apple itrucs
+Section: surveillance itrucs apple
Keyword: iphone
Blurb: <p>Apple can, and regularly does, <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/";>
remotely extract some data from iPhones for the state</a>.</p>
@@ -1982,7 +1983,7 @@
Id: -201401190
PubDate: 2014-01-19
-Section: games interference
+Section: games interference apple
Keyword:
Blurb: <p>Some proprietary <a
href="http://www.theguardian.com/technology/2014/jan/19/apple-talking-cats-in-app-purchases";>
games lure children to spend their parents' money</a>.</p>
@@ -2012,17 +2013,17 @@
Id: -201312300
PubDate: 2013-12-30
-Section: apple surveillance ithings
+Section: surveillance ithings apple
Keyword:
Blurb: <p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep";>
Either Apple helps the NSA snoop on all the data in an iThing, or it is
totally incompetent</a>.</p>
Id: -201312290
PubDate: 2013-12-29
-Section: insecurity
+Section: insecurity appliances
Keyword: virus memory-stick
Blurb: <p><a href="http://www.bunniestudios.com/blog/?p=3554";> Some flash
memories have modifiable software</a>, which makes them vulnerable to
viruses.</p>
+
-+ <p>We don't call this a “back door” because it is normal that
you can install a new system in a computer given physical access to it.
However, memory sticks and cards should not be modifiable in this way.</p>
++ <p>We don't call this a “back door” because it is normal that
you can install a new system in a computer, given physical access to it.
However, memory sticks and cards should not be modifiable in this way.</p>
Id: -201312270
PubDate: 2013-12-27
@@ -2040,15 +2041,15 @@
Id: -201312040
PubDate: 2013-12-04
-Section: microsoft insecurity
+Section: microsoft insecurity appliances
Keyword: windows
-Blurb: <p><a
href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/";>
Point-of-sale terminals running Windows were taken over and turned into a
botnet for the purpose of collecting customers' credit card numbers</a>.</p>
+Blurb: <p><a
href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/";>
Point-of-sale terminals running Windows were taken over and turned into a
botnet</a> for the purpose of collecting customers' credit card numbers.</p>
Id: -201311300
PubDate: 2013-11-30
Section: back-doors universal
Keyword: myfreeproxy pua
-Blurb: <p><a
href="http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/";>
Some applications come with MyFreeProxy, which is a universal back door that
can download programs and run them</a>.</p>
+Blurb: <p><a
href="http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/";>
Some applications come with MyFreeProxy, which is a universal back door</a>
that can download programs and run them.</p>
Id: -201311130
PubDate: 2013-11-13
@@ -2059,8 +2060,8 @@
Id: -201311120
PubDate: 2013-09-07
PubDate: 2013-11-12
-Section: insecurity mobiles google apple
-Keyword: blackberry
+Section: insecurity surveillance mobiles phones
+Keyword: iphone android blackberry
Blurb: <p><a
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html";>
The NSA can tap data in smart phones, including iPhones, Android, and
BlackBerry</a>. While there is not much detail here, it seems that this does
not operate via the universal back door that we know nearly all portable phones
have. It may involve exploiting various bugs. There are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone";>
lots of bugs in the phones' radio software</a>.</p>
Id: -201310260
@@ -2071,17 +2072,17 @@
Id: -201310110
PubDate: 2013-10-11
-Section: surveillance webpages javascript
-Keyword: flash
-Blurb: <p>Flash and JavaScript are also used for <a
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/";>
“fingerprinting” devices</a> to identify users.</p>
+Section: surveillance webpages flash
+Keyword: javascript
+Blurb: <p>Flash and JavaScript are used for <a
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/";>
“fingerprinting” devices</a> to identify users.</p>
Id: -201310070
PubDate: 2013-10-07
-Section: drm
+Section: drm appliances
Keyword: dvd bluray
Blurb: <p id="bluray"><a
href="http://web.archive.org/web/20131007102857/http://www.nclnet.org/technology/73-digital-rights-management/124-whos-driving-the-copyright-laws-consumers-insist-on-the-right-to-back-it-up";>
DVDs and Bluray disks have DRM</a>.</p>
+
-+ <p>That page uses spin terms that favor DRM, including <a
href="/philosophy/words-to-avoid.html#DigitalRightsManagement"> digital
“rights” management</a> and <a
href="/philosophy/words-to-avoid.html#Protection">“protect”</a>,
and it claims that “artists” (rather than companies) are primarily
responsible for putting digital restrictions management into these disks.
Nonetheless, it is a reference for the facts.</p>
++ <p>That page uses spin terms that favor DRM, including <a
href="/philosophy/words-to-avoid.html#DigitalRightsManagement"> digital
“rights” management</a> and “<a
href="/philosophy/words-to-avoid.html#Protection">protect</a>”, and it
claims that “artists” (rather than companies) are primarily
responsible for putting digital restrictions management into these disks.
Nonetheless, it is a reference for the facts.</p>
+
+ <p>Every Bluray disk (with few, rare exceptions) has DRM—so don't use
Bluray disks!</p>
@@ -2099,9 +2100,9 @@
Id: -201309050
PubDate: 2013-09-05
-Section: insecurity cameras surveillance
+Section: insecurity surveillance cameras appliances
Keyword:
-Blurb: <p><a
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html";>
The FTC punished a company for making webcams with bad security so that it was
easy for anyone to watch through them</a>.</p>
+Blurb: <p>The FTC punished a company for making webcams with <a
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html";>
bad security so that it was easy for anyone to watch through them</a>.</p>
Id: -201308290
PubDate: 2013-08-29
@@ -2115,17 +2116,17 @@
PubDate: 2013-08-23
Section: back-doors other microsoft backdoor
Keyword: windows tpm
-Blurb: <p>The German government <a
href="https://web.archive.org/web/20160310201616/http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/";>veers
away from Windows 8 computers with TPM 2.0</a>, due to potential back door
capabilities of the TPM 2.0 chip.</p>
+Blurb: <p>The German government <a
href="http://drleonardcoldwell.com/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/";>veers
away from Windows 8 computers with TPM 2.0</a>, due to potential back door
capabilities of the TPM 2.0 chip.</p>
Id: -201308080
PubDate: 2013-08-08
-Section: apple surveillance ithings
+Section: surveillance ithings apple
Keyword:
-Blurb: <p>The iThing also <a
href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/";>
tells Apple its geolocation</a> by default, though that can be turned off.</p>
+Blurb: <p>The iThing also <a
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/";>
tells Apple its geolocation</a> by default, though that can be turned off.</p>
Id: -201308060
PubDate: 2013-08-06
-Section: insecurity
+Section: insecurity appliances
Keyword: disk
Blurb: <p><a href="http://spritesmods.com/?art=hddhack&page=6";>
Replaceable nonfree software in disk drives can be written by a nonfree
program</a>. This makes any system vulnerable to persistent attacks that normal
forensics won't detect.</p>
@@ -2141,6 +2142,12 @@
Keyword:
Blurb: <p>Spyware in Android phones (and Windows? laptops): The Wall Street
Journal (in an article blocked from us by a paywall) reports that <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj";>
the FBI can remotely activate the GPS and microphone in Android phones and
laptops</a>. (I suspect this means Windows laptops.) Here is <a
href="http://cryptome.org/2013/08/fbi-hackers.htm";>more info</a>.</p>
+Id: -201307300
+PubDate: 2013-07-30
+Section: back-doors other potential
+Keyword: intel amd microsoft
+Blurb: <p>Here is a suspicion that we can't prove, but is worth thinking
about: <a
href="https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI";>
Writable microcode for Intel and AMD microprocessors</a> may be a vehicle for
the NSA to invade computers, with the help of Microsoft, say respected security
experts.</p>
+
Id: -201307280
PubDate: 2013-07-28
Section: surveillance android mobiles
@@ -2153,13 +2160,13 @@
PubDate: 2013-02-25
Section: insecurity appliances
Keyword: health
-Blurb: <p><a
href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/";>
It is possible to kill people by taking control of medical implants by
radio</a>. Here is <a href="http://www.bbc.co.uk/news/technology-17631838";>more
information</a>. And <a
href="https://web.archive.org/web/20180203130244/http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html";>here</a>.</p>
+Blurb: <p> It is possible to <a
href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/";>
kill people by taking control of medical implants by radio</a>. More
information in <a href="http://www.bbc.co.uk/news/technology-17631838";>BBC
News</a> and <a
href="https://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html";>
IOActive Labs Research blog</a>.</p>
Id: -201307260
PubDate: 2013-07-26
Section: insecurity appliances
Keyword: home
-Blurb: <p><a
href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/";>
“Smart homes”</a> turn out to be stupidly vulnerable to
intrusion.</p>
+Blurb: <p>“<a
href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/";>Smart
homes</a>” turn out to be stupidly vulnerable to intrusion.</p>
Id: -201307250
PubDate: 2013-07-25
@@ -2185,13 +2192,13 @@
PubDate: 2013-06-10
Section: surveillance windows microsoft
Keyword:
-Blurb: <p>Spyware in older versions of Windows: <a
href="https://web.archive.org/web/20160313105805/http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/";>
Windows Update snoops on the user</a>. <a
href="https://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html";>
Windows 8.1 snoops on local searches</a>. And there's a <a
href="http://www.marketoracle.co.uk/Article40836.html";> secret NSA key in
Windows</a>, whose functions we don't know.</p>
+Blurb: <p>Spyware in older versions of Windows: <a
href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/";>
Windows Update snoops on the user</a>. <a
href="https://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html";>
Windows 8.1 snoops on local searches</a>. And there's a <a
href="http://www.marketoracle.co.uk/Article40836.html";> secret NSA key in
Windows</a>, whose functions we don't know.</p>
Id: -201307000
PubDate: 2013-07
Section: surveillance mobiles phones
Keyword: gps
-Blurb: <p>Portable phones with GPS will send their GPS location on remote
command and users cannot stop them: <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers";>
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
(The US says it will eventually require all new portable phones to have
GPS.)</p>
+Blurb: <p>Portable phones with GPS <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers";>will
send their GPS location on remote command</a>, and users cannot stop them.
(The US says it will eventually require all new portable phones to have
GPS.)</p>
Id: -201306220
PubDate: 2013-06-22
@@ -2209,7 +2216,7 @@
PubDate: 2013-05-10
Section: tethers sabotage adobe
Keyword: adobe
-Blurb: <p>Adobe applications <a
href="https://web.archive.org/web/20160308062844/http://www.wired.com/2013/05/adobe-creative-cloud-petition/";>require
periodic connection to a server</a>.</p>
+Blurb: <p>Adobe applications <a
href="https://www.wired.com/2013/05/adobe-creative-cloud-petition/";>require
periodic connection to a server</a>.</p>
Id: -201305060
PubDate: 2013-05-06
@@ -2264,19 +2271,19 @@
Id: -201212290
PubDate: 2012-12-29
-Section: surveillance networks mobiles
+Section: surveillance fixed-comm appliances
Keyword: cisco
-Blurb: <p>Spyware in Cisco TNP IP phones: <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html";>
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p>
+Blurb: <p>The Cisco <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html";>TNP
IP phones contain a spyware</a>.</p>
Id: -201212180
PubDate: 2012-12-18
-Section: tyrants
+Section: tyrants appliances
Keyword: samsung tvsets
Blurb: <p><a
href="https://wiki.samygo.tv/index.php?title=SamyGO_for_DUMMIES#What_are_Restricted_Firmwares.3F";>
Samsung “Smart” TVs have turned Linux into the base for a tyrant
system</a> so as to impose DRM. What enables Samsung to do this is that Linux
is released under GNU GPL version 2, <a href="/licenses/rms-why-gplv3.html">not
version 3</a>, together with a weak interpretation of GPL version 2.</p>
Id: -201212170
PubDate: 2012-12-17
-Section: insecurity tv surveillance
+Section: insecurity surveillance tvsets appliances
Keyword:
Blurb: <p id="break-security-smarttv"><a
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html";>
Crackers found a way to break security on a “smart” TV</a> and use
its camera to watch the people who are watching TV.</p>
@@ -2326,7 +2333,7 @@
Id: -201210170
PubDate: 2012-10-17
-Section: apple surveillance ithings
+Section: surveillance ithings apple
Keyword:
Blurb: <p>There is also a feature for web sites to track users, which is <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/";>
enabled by default</a>. (That article talks about iOS 6, but it is still true
in iOS 7.)</p>
@@ -2356,7 +2363,7 @@
Id: -201204280
PubDate: 2012-04-28
-Section: apple surveillance ithings
+Section: surveillance ithings apple
Keyword:
Blurb: <p>Users cannot make an Apple ID (<a
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id";>necessary
to install even gratis apps</a>) without giving a valid email address and
receiving the code Apple sends to it.</p>
@@ -2446,8 +2453,8 @@
Id: -201003010
PubDate: 2010-03-01
-Section: surveillance webpages javascript
-Keyword: flash
+Section: surveillance webpages flash
+Keyword:
Blurb: <p>Flash Player's <a
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/";>
cookie feature helps web sites track visitors</a>.</p>
Id: -201002180
@@ -2462,7 +2469,7 @@
Id: -200811210
PubDate: 2008-11-21
-Section: appleDRM drm
+Section: drm apple DRM
Keyword: hardware macos
Blurb: <p><a
href="https://www.eff.org/deeplinks/2008/11/apple-downgrades-macbook-video-drm";>
DRM (digital restrictions mechanisms) in MacOS</a>. This article focuses on
the fact that a new model of Macbook introduced a requirement for monitors to
have malicious hardware, but DRM software in MacOS is involved in activating
the hardware. The software for accessing iTunes is also responsible.</p>
Index: propr-pages.rec
===================================================================
RCS file: /webcvs/www/www/server/staging/proprietary/rec/propr-pages.rec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -b -r1.6 -r1.7
--- propr-pages.rec 23 Sep 2018 21:03:09 -0000 1.6
+++ propr-pages.rec 24 Sep 2018 21:02:20 -0000 1.7
@@ -6,7 +6,7 @@
Page: malware-apple.html
MainKey: apple
-Sections: backdoor DRM deception incompatibility insecurity interference jails
pressuring sabotage surveillance tyrants
+Sections: backdoor DRM deception incompatibility apple-insecurity interference
jails pressuring sabotage surveillance tyrants
Page: malware-amazon.html
MainKey: amazon
@@ -38,7 +38,7 @@
Page: proprietary-surveillance.html
MainKey: surveillance
-Sections: windows macos bios phones ithings android e-readers apps skype games
home wearables toys tvsets cameras cars drones virtual websites javascript
chrome networks
+Sections: windows macos bios phones ithings android e-readers apps skype games
stings tvsets cameras toys home wearables watches cars drones virtual websites
javascript flash chrome fixed-comm
# No Sections keys.
Index: surveillance-stub.html
===================================================================
RCS file:
/webcvs/www/www/server/staging/proprietary/rec/surveillance-stub.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- surveillance-stub.html 23 Sep 2018 21:03:09 -0000 1.3
+++ surveillance-stub.html 24 Sep 2018 21:02:20 -0000 1.4
@@ -68,9 +68,9 @@
<li><a href="#SpywareInBIOS">BIOS</a></li>
</ul>
</li>
- <li><a href="#SpywareOnMobiles">Spyware on Mobiles</a>
+ <li><a href="#SpywareOnMobiles">Spyware in Mobiles</a>
<ul>
- <li><a href="#SpywareInPhones">All Smartphones</a></li>
+ <li><a href="#SpywareInPhones">All “Smart” Phones</a></li>
<li><a href="#SpywareIniThings">iThings</a></li>
<li><a href="#SpywareInTelephones">Android Phones</a></li>
<li><a href="#SpywareInElectronicReaders">E-Readers</a></li>
@@ -85,12 +85,15 @@
</li>
<li><a href="#SpywareInEquipment">Spyware in Connected Equipment</a>
<ul>
- <li><a href="#SpywareAtHome">Home Appliances</a></li>
- <li><a href="#SpywareOnSmartWatches">Smart Watches</a></li>
- <li><a href="#SpywareOnWearables">Other Wearables</a></li>
- <li><a href="#SpywareInToys">Toys</a></li>
<li><a href="#SpywareInTVSets">TV Sets</a></li>
<li><a href="#SpywareInCameras">Cameras</a></li>
+ <li><a href="#SpywareInToys">Toys</a></li>
+ <li><a href="#SpywareAtHome">Other Appliances</a></li>
+ <li><a href="#SpywareOnWearables">Wearables</a>
+ <ul>
+ <li><a href="#SpywareOnSmartWatches">“Smart”
Watches</a></li>
+ </ul>
+ </li>
<li><a href="#SpywareInVehicles">Vehicles</a></li>
<li><a href="#SpywareInDrones">Drones</a></li>
<li><a href="#SpywareInVR">Virtual Reality</a></li>
@@ -103,7 +106,7 @@
<li><a href="#SpywareInFlash">Flash</a></li>
</ul>
</li>
- <li><a href="#SpywareInNetworks">In Phone Networks</a></li>
+ <li><a href="#SpywareOnMobiles">Spying on Fixed Communications</a></li>
</ul>
</div>
<div style="clear: left;"></div>
@@ -193,14 +196,14 @@
<div class="big-section">
- <h3 id="SpywareOnMobiles">Spyware 0n Mobiles</h3>
+ <h3 id="SpywareOnMobiles">Spyware in Mobiles</h3>
<span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
</div>
<div style="clear: left;"></div>
<div class="big-subsection">
- <h4 id="SpywareInPhones">All Smartphones</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInPhones">#SpywareInPhones</a>)</span>
+ <h4 id="SpywareInTelephones">All “Smart” Phones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
</div>
<!-- INSERT phones.list -->
@@ -211,18 +214,18 @@
<!-- INSERT ithings.list -->
<div class="big-subsection">
- <a id="SpywareInTelephones"></a>
<h4 id="SpywareInAndroid">Android Telephones</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
</div>
<!-- INSERT android.list -->
<div class="big-subsection">
- <h4 id="SpywareInElectronicReaders">e-Readers</h4>
+ <h4 id="SpywareInElectronicReaders">E-Readers</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>
<!-- INSERT e-readers.list -->
+
<div class="big-section">
<h3 id="SpywareInApplications">Spyware in Applications</h3>
<span class="anchor-reference-id">(<a
href="#SpywareInApplications">#SpywareInApplications</a>)</span>
@@ -253,20 +256,24 @@
<span class="anchor-reference-id">(<a
href="#SpywareInEquipment">#SpywareInEquipment</a>)</span>
</div>
<div style="clear: left;"></div>
+<!-- INSERT stings.list -->
<div class="big-subsection">
- <h4 id="SpywareAtHome">Home Appliances</h4><span
class="anchor-reference-id">(<a href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+ <h4 id="SpywareInTVSets">TV Sets</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
</div>
-<!-- INSERT home.list -->
+
+<p>Emo Phillips made a joke: The other day a woman came up to me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out the other way.” Evidently that was
+before Amazon “smart” TVs.</p>
+<!-- INSERT tvsets.list -->
<div class="big-subsection">
- <h4 id="SpywareOnWearables">Wearables</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareOnWearables">#SpywareOnWearables</a>)</span>
+ <h4 id="SpywareInCameras">Cameras</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInCameras">#SpywareInCameras</a>)</span>
</div>
-<!-- INSERT wearables.list -->
-
-<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>
-<!-- INSERT watches.list -->
+<!-- INSERT cameras.list -->
<div class="big-subsection">
<h4 id="SpywareInToys">Toys</h4>
@@ -275,21 +282,18 @@
<!-- INSERT toys.list -->
<div class="big-subsection">
- <h4 id="SpywareInTVSets">TV Sets</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
+ <h4 id="SpywareAtHome">Other Home Appliances</h4><span
class="anchor-reference-id">(<a href="#SpywareAtHome">#SpywareAtHome</a>)</span>
</div>
-
-<p>Emo Phillips made a joke: The other day a woman came up to me and
-said, “Didn't I see you on television?” I said, “I
-don't know. You can't see out the other way.” Evidently that was
-before Amazon “smart” TVs.</p>
-<!-- INSERT tvsets.list -->
+<!-- INSERT home.list -->
<div class="big-subsection">
- <h4 id="SpywareInCameras">Cameras</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInCameras">#SpywareInCameras</a>)</span>
+ <h4 id="SpywareOnWearables">Wearables</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnWearables">#SpywareOnWearables</a>)</span>
</div>
-<!-- INSERT cameras.list -->
+<!-- INSERT wearables.list -->
+
+<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>
+<!-- INSERT watches.list -->
<div class="big-subsection">
<h4 id="SpywareInVehicles">Vehicles</h4>
@@ -323,12 +327,17 @@
but the surveillance is an abuse all the same.</p>
<!-- INSERT websites.list -->
+<div class="big-subsection">
+ <h4 id="SpywareInJavascript">JavaScript</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInJavascript">#SpywareInJavascript</a>)</span>
+</div>
+<!-- INSERT javascript.list -->
<div class="big-subsection">
- <h4 id="SpywareInFlash">JavaScript and Flash</h4>
+ <h4 id="SpywareInFlash">Flash</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInFlash">#SpywareInFlash</a>)</span>
</div>
-<!-- INSERT javascript.list -->
+<!-- INSERT flash.list -->
<div class="big-subsection">
<h4 id="SpywareInChrome">Chrome</h4>
@@ -338,11 +347,12 @@
<div class="big-section">
- <h3 id="SpywareInNetworks">Spyware in Communication Networks</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareInNetworks">#SpywareInNetworks</a>)</span>
+ <h3 id="SpywareEverywhere">Spying on Fixed Communications</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareEverywhere">#SpywareEverywhere</a>)</span>
</div>
<div style="clear: left;"></div>
-<!-- INSERT networks.list -->
+<!-- INSERT fixed-comm.list -->
+
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
@@ -401,7 +411,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/09/23 21:03:09 $
+$Date: 2018/09/24 21:02:20 $
<!-- timestamp end -->
</p>
</div>
Index: apple-stub.html
===================================================================
RCS file: /webcvs/www/www/server/staging/proprietary/rec/apple-stub.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -b -r1.4 -r1.5
--- apple-stub.html 23 Sep 2018 21:03:09 -0000 1.4
+++ apple-stub.html 24 Sep 2018 21:02:20 -0000 1.5
@@ -91,7 +91,7 @@
they do not count as malware. We mention them to refute the
supposition that prestigious proprietary software doesn't have grave
bugs.</p>
-<!-- INSERT insecurity.list -->
+<!-- INSERT apple-insecurity.list -->
<h3 id="interference">Apple Interference</h3>
<p>Various proprietary programs often mess up the user's system. They are like
sabotage, but they are not grave enough to qualify
@@ -196,7 +196,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/09/23 21:03:09 $
+$Date: 2018/09/24 21:02:20 $
<!-- timestamp end -->
</p>
</div>
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/15
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/16
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/16
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/17
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/19
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/23
- www/server/staging/proprietary/rec propr-blurbs...,
Therese Godefroy <=
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/26
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/26
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/26
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/27
- www/server/staging/proprietary/rec propr-blurbs..., Therese Godefroy, 2018/09/30