[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary/po malware-appliances.de-diff.h...
|
From: |
GNUN |
|
Subject: |
www/proprietary/po malware-appliances.de-diff.h... |
|
Date: |
Mon, 1 Oct 2018 03:58:16 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 18/10/01 03:58:16
Modified files:
proprietary/po : malware-appliances.de-diff.html
malware-appliances.de.po
malware-appliances.fr.po malware-appliances.pot
malware-appliances.ru.po
proprietary-surveillance.de.po
proprietary-surveillance.fr.po
proprietary-surveillance.it-diff.html
proprietary-surveillance.it.po
proprietary-surveillance.ja-diff.html
proprietary-surveillance.ja.po
proprietary-surveillance.pot
proprietary-surveillance.ru.po
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-appliances.de-diff.html?cvsroot=www&r1=1.6&r2=1.7
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-appliances.de.po?cvsroot=www&r1=1.55&r2=1.56
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-appliances.fr.po?cvsroot=www&r1=1.83&r2=1.84
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-appliances.pot?cvsroot=www&r1=1.41&r2=1.42
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-appliances.ru.po?cvsroot=www&r1=1.112&r2=1.113
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.de.po?cvsroot=www&r1=1.229&r2=1.230
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.fr.po?cvsroot=www&r1=1.313&r2=1.314
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.it-diff.html?cvsroot=www&r1=1.69&r2=1.70
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.it.po?cvsroot=www&r1=1.242&r2=1.243
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.ja-diff.html?cvsroot=www&r1=1.80&r2=1.81
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.ja.po?cvsroot=www&r1=1.215&r2=1.216
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.pot?cvsroot=www&r1=1.164&r2=1.165
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.ru.po?cvsroot=www&r1=1.401&r2=1.402
Patches:
Index: malware-appliances.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/malware-appliances.de-diff.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -b -r1.6 -r1.7
--- malware-appliances.de-diff.html 26 Sep 2018 17:28:11 -0000 1.6
+++ malware-appliances.de-diff.html 1 Oct 2018 07:58:14 -0000 1.7
@@ -57,444 +57,683 @@
<span class="inserted"><ins><em><ul class="blurbs"></em></ins></span>
<li <span class="removed"><del><strong>id="nest-thermometers">
<p>Nest thermometers
- send</strong></del></span> <span
class="inserted"><ins><em>id="M201809240">
- <p>Researchers have discovered how to</em></ins></span> <a <span
class="removed"><del><strong>href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
+ send</strong></del></span> <span
class="inserted"><ins><em>id="M201809260">
+ <p>Honeywell's "smart" thermostats communicate
+ only through the company's server. They have
+ all the nasty characteristics of such devices:</em></ins></span> <a
<span
class="removed"><del><strong>href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
lot</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9">
+ surveillance, and danger</em></ins></span> of <span
class="removed"><del><strong>data about</strong></del></span> <span
class="inserted"><ins><em>sabotage</a> (of a specific user, or of
+ all users at once), as well as</em></ins></span> the <span
class="removed"><del><strong>user</a>.</p></strong></del></span>
<span class="inserted"><ins><em>risk of an outage (which is what
+ just happened).</p>
+
+ <p>In addition, setting the desired temperature requires running
+ nonfree software. With an old-fashioned thermostat, you can do it
+ using controls right on the thermostat.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li>
+ <p>A remote-control sex toy was found</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201809240">
+ <p>Researchers have discovered how</em></ins></span> to <span
class="removed"><del><strong>make</strong></del></span> <a <span
class="removed"><del><strong>href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
recordings
+ of the conversation between two
users</a>.</p></strong></del></span>
<span
class="inserted"><ins><em>href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co">
hide voice commands in other audio</a>, so that people cannot hear
- them, but Alexa and Siri can.</p>
+ them, but Alexa and Siri can.</p></em></ins></span>
</li>
- <li id="M201807050">
- <p>The Jawbone fitness tracker was tethered to a proprietary phone
- app. In 2017, the company shut down and made the app stop working. <a
-
href="https://www.theguardian.com/technology/2018/jul/05/defunct-jawbone-fitness-trackers-kept-selling-after-app-closure-says-which">All
- the existing trackers stopped working forever</a>.</p>
-
- <p>The article focuses on a further nasty fillip, that
sales</em></ins></span> of <span class="inserted"><ins><em>the
- broken devices continued. But I think that is a secondary issue;
- it made the nasty consequences extend to some additional people.
- The fundamental wrong was to design the devices to depend on something
- else that didn't respect users' freedom.</p>
+ <span class="removed"><del><strong><li>
+ <p>Every “home security” camera, if its manufacturer can
communicate with it,
+ is</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201807050">
+ <p>The Jawbone fitness tracker was tethered to</em></ins></span> a
<span class="removed"><del><strong>surveillance device.</strong></del></span>
<span class="inserted"><ins><em>proprietary phone
+ app. In 2017, the company shut down and made the app stop
working.</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
+ Canary camera is an example</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/jul/05/defunct-jawbone-fitness-trackers-kept-selling-after-app-closure-says-which">All
+ the existing trackers stopped working
forever</a>.</p></em></ins></span>
+
+ <p>The article <span class="removed"><del><strong>describes
wrongdoing by the manufacturer, based</strong></del></span> <span
class="inserted"><ins><em>focuses</em></ins></span> on <span
class="removed"><del><strong>the fact</strong></del></span> <span
class="inserted"><ins><em>a further nasty fillip,</em></ins></span> that <span
class="inserted"><ins><em>sales of</em></ins></span> the <span
class="removed"><del><strong>device</strong></del></span>
+ <span class="inserted"><ins><em>broken devices continued. But I think
that</em></ins></span> is <span class="removed"><del><strong>tethered
to</strong></del></span> a <span class="removed"><del><strong>server.</p>
+ <p><a href="/proprietary/proprietary-tethers.html">More about
proprietary tethering</a>.</p>
+ <p>But</strong></del></span> <span
class="inserted"><ins><em>secondary issue;</em></ins></span>
+ it <span class="removed"><del><strong>also demonstrates
that</strong></del></span> <span
class="inserted"><ins><em>made</em></ins></span> the <span
class="removed"><del><strong>device gives</strong></del></span> <span
class="inserted"><ins><em>nasty consequences extend to some additional people.
+ The fundamental wrong was to design</em></ins></span> the <span
class="removed"><del><strong>company
+ surveillance capability.</p></strong></del></span> <span
class="inserted"><ins><em>devices to depend on something
+ else that didn't respect users' freedom.</p></em></ins></span>
</li>
- <li id="M201804140">
- <p>A medical insurance company <a
-
href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
- offers a gratis electronic toothbrush that snoops on its user by
- sending usage</em></ins></span> data <span
class="removed"><del><strong>about</strong></del></span> <span
class="inserted"><ins><em>back over</em></ins></span> the <span
class="removed"><del><strong>user</a>.</p></strong></del></span>
<span class="inserted"><ins><em>Internet</a>.</p>
+<span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201804140"></em></ins></span>
+ <p>A <span class="removed"><del><strong>“smart”
intravenous pump designed for
+ hospitals is connected to the internet. Naturally</strong></del></span>
<span class="inserted"><ins><em>medical insurance company</em></ins></span>
<a
+<span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">
+ its security has been cracked</a>.</p>
+ <p>Note</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
+ offers a gratis electronic toothbrush</em></ins></span> that <span
class="removed"><del><strong>this article misuses</strong></del></span> <span
class="inserted"><ins><em>snoops on its user by
+ sending usage data back over</em></ins></span> the <span
class="removed"><del><strong>term <a
+href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>
+ referring to crackers.</p></strong></del></span> <span
class="inserted"><ins><em>Internet</a>.</p></em></ins></span>
</li>
- <li id="M201804010">
- <p>Some “Smart” TVs automatically <a
-
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
- load downgrades that install a surveillance app</a>.</p>
+<span class="removed"><del><strong><li>
+ <p>The bad security in many Internet of Stings devices
+ allows</strong></del></span>
- <p>We link to the article for the facts it presents. It
- is too bad that the article finishes by advocating the
- moral weakness of surrendering to Netflix. The Netflix app <a
- href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
- malware too</a>.</p>
+ <span class="inserted"><ins><em><li id="M201804010">
+ <p>Some “Smart” TVs automatically</em></ins></span>
<a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ to snoop on the people</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
+ load downgrades</em></ins></span> that <span
class="removed"><del><strong>use them</a>.</p>
+ <p>Don't be</strong></del></span> <span
class="inserted"><ins><em>install</em></ins></span> a <span
class="removed"><del><strong>sucker—reject all</strong></del></span>
<span class="inserted"><ins><em>surveillance app</a>.</p>
+
+ <p>We link to</em></ins></span> the <span
class="removed"><del><strong>stings.</p>
+ <p>It is unfortunate</strong></del></span> <span
class="inserted"><ins><em>article for the facts it presents. It
+ is too bad</em></ins></span> that the article <span
class="removed"><del><strong>uses</strong></del></span> <span
class="inserted"><ins><em>finishes by advocating</em></ins></span> the
+ <span class="removed"><del><strong>term</strong></del></span>
+ <span class="inserted"><ins><em>moral weakness of surrendering to Netflix.
The Netflix app</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
+ malware too</a>.</p></em></ins></span>
</li>
- <li id="M201802120">
+<span class="removed"><del><strong><li>
+ <p>Many models</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201802120">
<p>Apple devices lock users in <a
href="https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347">
- solely to Apple services</a> by being designed to be imcompatible
+ solely to Apple services</a> by being designed to be incompatible
with all other options, ethical or unethical.</p>
</li>
<li id="M201712240">
- <p>One of the dangers of the “internet of stings”
+ <p>One</em></ins></span> of <span
class="removed"><del><strong>Internet-connected cameras are tremendously
insecure.
+ They have login accounts</strong></del></span> <span
class="inserted"><ins><em>the dangers of the “internet of stings”
is that, if you lose your internet service, you also <a
href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/">
lose control of your house and appliances</a>.</p>
- <p>For your safety, don't use any appliance with a connection to the
+ <p>For your safety, don't use any appliance</em></ins></span> with
<span class="removed"><del><strong>hard-coded passwords, which
can't</strong></del></span> <span class="inserted"><ins><em>a connection to the
real internet.</p>
</li>
<li id="M201711200">
- <p>Amazon recently invited consumers to be suckers and <a
-
href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
- allow delivery staff to open their front doors</a>. Wouldn't you know
+ <p>Amazon recently invited consumers to</em></ins></span> be
+ <span class="removed"><del><strong>changed,</strong></del></span> <span
class="inserted"><ins><em>suckers</em></ins></span> and <a <span
class="removed"><del><strong>href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">there
is no way</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
+ allow delivery staff</em></ins></span> to
+ <span class="removed"><del><strong>delete these accounts
either</a>.</p></strong></del></span> <span
class="inserted"><ins><em>open their front doors</a>. Wouldn't you know
it, the system has a grave security flaw.</p></em></ins></span>
</li>
- <span class="removed"><del><strong><li></strong></del></span>
+<span class="removed"><del><strong><li>
+<p>The proprietary code that runs pacemakers, insulin pumps, and other
+medical devices is</strong></del></span>
- <span class="inserted"><ins><em><li id="M201711100"></em></ins></span>
- <p>A remote-control sex toy was found to make <a
-
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
- recordings of the conversation between two users</a>.</p>
+ <span class="inserted"><ins><em><li id="M201711100">
+ <p>A remote-control sex toy was found to make</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.bbc.co.uk/news/technology-40042584">
+full</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
+ recordings</em></ins></span> of <span class="removed"><del><strong>gross
security faults</a>.</p></strong></del></span> <span
class="inserted"><ins><em>the conversation between two
users</a>.</p></em></ins></span>
</li>
- <span class="removed"><del><strong><li></strong></del></span>
+<span class="removed"><del><strong><li><p>Users are suing Bose
for</strong></del></span>
<span class="inserted"><ins><em><li id="M201711080">
<p>Logitech will sabotage
- all Harmony Link household control devices by <a
-
href="https://arstechnica.com/gadgets/2017/11/logitech-to-shut-down-service-and-support-for-harmony-link-devices-in-2018/">
- turning off the server through which the products' supposed owners
- communicate with them</a>.</p>
-
- <p>The owners suspect this is to pressure them to buy a newer model.
If
- they are wise, they will learn, rather, to distrust any product that
- requires users to talk with them through some specialized
service.</p>
+ all Harmony Link household control devices by</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
+distributing a spyware app for its headphones</a>.
+Specifically, the app would record</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://arstechnica.com/gadgets/2017/11/logitech-to-shut-down-service-and-support-for-harmony-link-devices-in-2018/">
+ turning off</em></ins></span> the <span class="removed"><del><strong>names
of</strong></del></span> <span class="inserted"><ins><em>server through
which</em></ins></span> the <span class="removed"><del><strong>audio files
+users listen to along</strong></del></span> <span
class="inserted"><ins><em>products' supposed owners
+ communicate</em></ins></span> with <span class="removed"><del><strong>the
headphone's unique serial number.
+</p></strong></del></span> <span
class="inserted"><ins><em>them</a>.</p></em></ins></span>
+
+ <p>The <span class="removed"><del><strong>suit accuses
that</strong></del></span> <span class="inserted"><ins><em>owners
suspect</em></ins></span> this <span class="removed"><del><strong>was done
without the users' consent.</strong></del></span> <span
class="inserted"><ins><em>is to pressure them to buy a newer
model.</em></ins></span> If <span class="removed"><del><strong>the fine print
of the app said</strong></del></span>
+ <span class="inserted"><ins><em>they are wise, they will learn, rather, to
distrust any product</em></ins></span> that
+ <span class="inserted"><ins><em>requires</em></ins></span> users <span
class="removed"><del><strong>gave consent for this,
+would that make it acceptable? No way! It should be flat out
+<a href="/philosophy/surveillance-vs-democracy.html">
+illegal to design the app</strong></del></span> to <span
class="removed"><del><strong>snoop at all</a>.
+</p></strong></del></span> <span class="inserted"><ins><em>talk with
them through some specialized service.</p></em></ins></span>
</li>
- <li id="M201710040"></em></ins></span>
+ <li <span class="removed"><del><strong>id="anova">
+ <p>Anova sabotaged users' cooking devices</strong></del></span> <span
class="inserted"><ins><em>id="M201710040">
<p>Every “home security” camera, if its
- manufacturer can communicate with it, is a surveillance device. <a
-
href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
- Canary camera is an example</a>.</p>
+ manufacturer can communicate</em></ins></span> with <span
class="inserted"><ins><em>it, is</em></ins></span> a <span
class="removed"><del><strong>downgrade that
+ tethered them to a remote server.</strong></del></span> <span
class="inserted"><ins><em>surveillance device.</em></ins></span> <a <span
class="removed"><del><strong>href="https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/#more-10275062">Unless
users create</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
+ Canary camera is</em></ins></span> an <span
class="removed"><del><strong>account</strong></del></span> <span
class="inserted"><ins><em>example</a>.</p>
- <p>The article describes wrongdoing by the manufacturer, based on
- the fact that the device is tethered to a server.</p>
+ <p>The article describes wrongdoing by the manufacturer,
based</em></ins></span> on <span class="removed"><del><strong>Anova's servers,
their
+ cookers won't function.</a></p>
+</li>
+
+<li>
+<p>When Miele's Internet of Stings hospital disinfectant dishwasher is
+<a
href="https://motherboard.vice.com/en_us/article/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">connected
to</strong></del></span>
+ the <span class="removed"><del><strong>Internet,
+its security</strong></del></span> <span class="inserted"><ins><em>fact that
the device</em></ins></span> is <span
class="removed"><del><strong>crap</a>.</p>
+<p>For example, a cracker can gain access</strong></del></span> <span
class="inserted"><ins><em>tethered</em></ins></span> to <span
class="removed"><del><strong>the dishwasher's filesystem,
+ infect</strong></del></span> <span class="inserted"><ins><em>a
server.</p>
<p><a href="/proprietary/proprietary-tethers.html">More about
proprietary tethering</a>.</p>
- <p>But it also demonstrates that the device gives the company
- surveillance capability.</p>
+ <p>But</em></ins></span> it <span class="removed"><del><strong>with
malware, and force</strong></del></span> <span class="inserted"><ins><em>also
demonstrates that</em></ins></span> the <span
class="removed"><del><strong>dishwasher to launch attacks on
+ other devices in</strong></del></span> <span class="inserted"><ins><em>device
gives</em></ins></span> the <span class="removed"><del><strong>network. Since
these dishwashers are used in hospitals,
+ such attacks could potentially put hundreds of lives at
risk.</p></strong></del></span> <span class="inserted"><ins><em>company
+ surveillance capability.</p></em></ins></span>
</li>
+<span class="removed"><del><strong><li>
+<p>If you buy a used</strong></del></span>
-<span class="removed"><del><strong><li></strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201709200"></em></ins></span>
- <p>A “smart” intravenous pump
- designed for hospitals is connected to the internet. Naturally <a
-
href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">
+ <span class="inserted"><ins><em><li id="M201709200">
+ <p>A</em></ins></span> “smart” <span
class="removed"><del><strong>car, house, TV, refrigerator,
+etc.,
+usually</strong></del></span> <span class="inserted"><ins><em>intravenous pump
+ designed for hospitals is connected to the internet.
Naturally</em></ins></span> <a <span
class="removed"><del><strong>href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the
+previous owners can still remotely control
it</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">
its security has been cracked</a>.</p>
<p>Note that this article misuses the term <a
href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>
- referring to crackers.</p>
+ referring to crackers.</p></em></ins></span>
</li>
+<span class="removed"><del><strong><li>
+ <p>Vizio
+ “smart”</strong></del></span>
-<span class="removed"><del><strong><li></strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201708280"></em></ins></span>
- <p>The bad security in many Internet of Stings devices allows <a
-
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
- to snoop on the people that use them</a>.</p>
-
- <p>Don't be a sucker—reject all the stings.</p>
+ <span class="inserted"><ins><em><li id="M201708280">
+ <p>The bad security in many Internet of Stings devices
allows</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that is viewed</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ to snoop</em></ins></span> on <span class="removed"><del><strong>them, and
not just broadcasts
+ and cable</a>. Even if the image is coming from the user's own
+ computer,</strong></del></span> the <span class="removed"><del><strong>TV
reports what it is. The existence of</strong></del></span> <span
class="inserted"><ins><em>people that use them</a>.</p>
+
+ <p>Don't be</em></ins></span> a <span
class="removed"><del><strong>way to
+ disable</strong></del></span> <span
class="inserted"><ins><em>sucker—reject all</em></ins></span> the <span
class="removed"><del><strong>surveillance, even if it were not hidden as it was
in
+ these TVs, does not legitimize</strong></del></span> <span
class="inserted"><ins><em>stings.</p>
- <p>It is unfortunate that the article uses the term <a
-
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p>
+ <p>It is unfortunate that</em></ins></span> the <span
class="removed"><del><strong>surveillance.</p></strong></del></span>
<span class="inserted"><ins><em>article uses the term <a
+
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p></em></ins></span>
</li>
-
<span class="removed"><del><strong><li>
- <p>Many models of Internet-connected cameras are tremendously
insecure.</strong></del></span>
+<p>More or less</strong></del></span>
<span class="inserted"><ins><em><li id="M201708230">
<p>Sonos <a
href="http://www.zdnet.com/article/sonos-accept-new-privacy-policy-speakers-cease-to-function/">
- told all its customers, “Agree”
- to snooping or the product will stop working</a>. <a
-
href="https://consumerist.com/2017/08/23/sonos-holds-software-updates-hostage-if-you-dont-sign-new-privacy-agreement/#more-10287321">Another
- article</a> says they won't forcibly change the software, but
- people won't be able to get any upgrades and eventually it will
- stop working.</p>
+ told</em></ins></span> all <span
class="removed"><del><strong>“smart” TVs</strong></del></span>
<span class="inserted"><ins><em>its customers, “Agree”
+ to snooping or the product will stop working</a>.</em></ins></span>
<a
+<span
class="removed"><del><strong>href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
+ on their users</a>.</p>
+
+<p>The report was as of 2014,</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://consumerist.com/2017/08/23/sonos-holds-software-updates-hostage-if-you-dont-sign-new-privacy-agreement/#more-10287321">Another
+ article</a> says they won't forcibly change the
software,</em></ins></span> but <span class="removed"><del><strong>we don't
expect this has got
+better.</p>
+
+<p>This shows that laws requiring products</strong></del></span>
+ <span class="inserted"><ins><em>people won't be able</em></ins></span> to
get <span class="removed"><del><strong>users' formal
+consent before collecting personal data are totally inadequate. And
+what happens if a user declines consent? Probably the TV will say,
+“Without your consent to tracking, the TV</strong></del></span> <span
class="inserted"><ins><em>any upgrades and eventually it</em></ins></span> will
<span class="removed"><del><strong>not
+work.”</p>
+
+<p>Proper laws would say that TVs are not allowed to report what the
+user watches — no exceptions!</p></strong></del></span>
+ <span class="inserted"><ins><em>stop working.</p></em></ins></span>
</li>
+<span class="removed"><del><strong><li>
+<p>Some LG
+TVs</strong></del></span>
- <li id="M201708040">
+ <span class="inserted"><ins><em><li id="M201708040">
<p>While you're using a DJI drone
- to snoop on other people, DJI is in many cases <a
-
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
- on you</a>.</p>
+ to snoop on other people, DJI is in many cases</em></ins></span> <a
<span
class="removed"><del><strong>href="http://openlgtv.org.ru/wiki/index.php/Achievements">are
+tyrants</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
+ on you</a>.</p></em></ins></span>
</li>
- <li id="M201706200">
+<span class="removed"><del><strong><li><a
+href="http://wiki.samygo.tv/index.php5/SamyGO_for_DUMMIES#What_are_Restricted_Firmwares.3F">
+Samsung “Smart” TVs</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201706200">
<p>Many models of Internet-connected cameras
- are tremendously insecure.</em></ins></span> They have login
+ are tremendously insecure. They</em></ins></span> have <span
class="removed"><del><strong>turned Linux into the base
+for a tyrant system</a> so as to impose DRM.
+What enables Samsung to do this</strong></del></span> <span
class="inserted"><ins><em>login
accounts with hard-coded passwords, which can't be changed, and <a
-
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">there
- is no way to delete these accounts either</a>.</p>
+
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">there</em></ins></span>
+ is <span class="inserted"><ins><em>no way to delete these accounts
either</a>.</p>
</li>
-<span class="removed"><del><strong><li></strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201705250"></em></ins></span>
- <p>The proprietary code that runs pacemakers,
- insulin pumps, and other medical devices is <a
- href="http://www.bbc.co.uk/news/technology-40042584"> full of gross
- security faults</a>.</p>
+ <li id="M201705250">
+ <p>The proprietary code</em></ins></span> that <span
class="removed"><del><strong>Linux</strong></del></span> <span
class="inserted"><ins><em>runs pacemakers,
+ insulin pumps, and other medical devices</em></ins></span> is <span
class="removed"><del><strong>released under
+GNU GPL version 2,</strong></del></span> <a <span
class="removed"><del><strong>href="/licenses/rms-why-gplv3.html">not version
3</a>,
+together with a weak interpretation</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.bbc.co.uk/news/technology-40042584">
full</em></ins></span> of <span class="removed"><del><strong>GPL version
2.</strong></del></span> <span class="inserted"><ins><em>gross
+ security faults</a>.</p></em></ins></span>
</li>
-<span
class="removed"><del><strong><li><p>Users</strong></del></span>
+<span class="removed"><del><strong><li>
+<p>A company that makes internet-controlled vibrators
+<a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">is
+being sued</strong></del></span>
<span class="inserted"><ins><em><li id="M201705180">
- <p>Bird and rabbit pets were implemented for Second
- Life by a company that tethered their food to a server. <a
+ <p>Bird and rabbit pets were implemented</em></ins></span> for <span
class="removed"><del><strong>collecting lots of personal information about how
+people use it</a>.</p>
+
+<p>The company's statement</strong></del></span> <span
class="inserted"><ins><em>Second
+ Life by a company</em></ins></span> that <span
class="removed"><del><strong>it anonymizes the data may be true,
+but it doesn't really matter. If it sells the data</strong></del></span> <span
class="inserted"><ins><em>tethered their food</em></ins></span> to a <span
class="removed"><del><strong>data broker,</strong></del></span> <span
class="inserted"><ins><em>server. <a
href="https://www.rockpapershotgun.com/2017/05/19/second-life-ozimals-pet-rabbits-dying">
- It shut down the server and the pets more or less died</a>.</p>
+ It shut down</em></ins></span> the <span class="removed"><del><strong>data
broker can figure out who</strong></del></span> <span
class="inserted"><ins><em>server and</em></ins></span> the <span
class="removed"><del><strong>user is.</p></strong></del></span> <span
class="inserted"><ins><em>pets more or less
died</a>.</p></em></ins></span>
</li>
- <li id="M201704190">
- <p>Users</em></ins></span> are suing Bose for <a
-
href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
- distributing a spyware app for its headphones</a>. Specifically,
- the app would record the names of the audio files users listen to
- along with the headphone's unique serial <span
class="removed"><del><strong>number.
-</p></strong></del></span> <span
class="inserted"><ins><em>number.</p></em></ins></span>
-
- <p>The suit accuses that this was done without the users' consent.
- If the fine print of the app said that users gave consent for this,
- would that make it acceptable? No way! It should be flat out <a
- href="/philosophy/surveillance-vs-democracy.html"> illegal to design
- the app to snoop at <span class="removed"><del><strong>all</a>.
-</p></strong></del></span> <span
class="inserted"><ins><em>all</a>.</p></em></ins></span>
+<span class="removed"><del><strong><li>
+<p>Google/Alphabet</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201704190">
+ <p>Users are suing Bose for</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">
+intentionally broke Revolv home automatic control products that depended
on</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
+ distributing</em></ins></span> a <span
class="removed"><del><strong>server</a> to function. The lesson is,
don't stand</strong></del></span> <span class="inserted"><ins><em>spyware
app</em></ins></span> for <span class="removed"><del><strong>that! Insist
+on self-contained computers that run free software!</p>
+</li>
+
+<li>
+<p>ARRIS cable modem has a <a
+href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1">
+backdoor in</strong></del></span> <span class="inserted"><ins><em>its
headphones</a>. Specifically,</em></ins></span>
+ the <span class="removed"><del><strong>backdoor</a>.</p>
+</li>
+
+<li>
+<p>HP “storage appliances” that use</strong></del></span>
<span class="inserted"><ins><em>app would record</em></ins></span> the <span
class="removed"><del><strong>proprietary
+“Left Hand” operating system have back doors that give HP
+<a
+href="https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/">
+remote login access</a></strong></del></span> <span
class="inserted"><ins><em>names of the audio files users
listen</em></ins></span> to <span class="removed"><del><strong>them. HP
claims</strong></del></span>
+ <span class="inserted"><ins><em>along with the headphone's unique serial
number.</p>
+
+ <p>The suit accuses</em></ins></span> that this <span
class="removed"><del><strong>does not give HP
+access to</strong></del></span> <span class="inserted"><ins><em>was done
without</em></ins></span> the <span class="removed"><del><strong>customer's
data, but if</strong></del></span> <span class="inserted"><ins><em>users'
consent.
+ If</em></ins></span> the <span class="removed"><del><strong>back door
allows
+installation</strong></del></span> <span class="inserted"><ins><em>fine
print</em></ins></span> of <span class="removed"><del><strong>software changes,
a change could be installed</strong></del></span> <span
class="inserted"><ins><em>the app said</em></ins></span> that <span
class="inserted"><ins><em>users gave consent for this,</em></ins></span>
+ would <span class="removed"><del><strong>give access</strong></del></span>
<span class="inserted"><ins><em>that make it acceptable? No way! It should be
flat out <a
+ href="/philosophy/surveillance-vs-democracy.html">
illegal</em></ins></span> to <span
class="inserted"><ins><em>design</em></ins></span>
+ the <span class="removed"><del><strong>customer's data.
+</p></strong></del></span> <span class="inserted"><ins><em>app to snoop
at all</a>.</p></em></ins></span>
</li>
- <li <span
class="removed"><del><strong>id="anova"></strong></del></span> <span
class="inserted"><ins><em>id="M201704120"></em></ins></span>
+<span class="removed"><del><strong><li>
+<p><a
+href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html">
+Some D-Link routers</a> have a back door for changing settings
in</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201704120">
<p>Anova sabotaged users' cooking devices
- with a downgrade that tethered them to a remote server. <a
-
href="https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/#more-10275062">Unless
- users create an account on Anova's servers, their cookers won't <span
class="removed"><del><strong>function.</a></p></strong></del></span>
- <span
class="inserted"><ins><em>function</a>.</p></em></ins></span>
- </li>
+ with</em></ins></span> a
+<span class="removed"><del><strong>dlink of an eye.</p>
-<span class="removed"><del><strong><li></strong></del></span>
+<p>
+<a href="https://github.com/elvanderb/TCP-32764">Many models of routers
+have back doors</a>.</p>
+</li>
- <span class="inserted"><ins><em><li id="M201703270"></em></ins></span>
- <p>When Miele's Internet of
- Stings hospital disinfectant dishwasher is <a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">connected</strong></del></span>
+<li>
+<p><a href="http://sekurak.pl/tp-link-httptftp-backdoor/">
+The TP-Link router has</strong></del></span> <span
class="inserted"><ins><em>downgrade that tethered them to</em></ins></span> a
<span class="removed"><del><strong>backdoor</a>.</p>
+</li>
+
+<li>
+<p>The</strong></del></span> <span class="inserted"><ins><em>remote
server.</em></ins></span> <a <span
class="removed"><del><strong>href="http://michaelweinberg.org/post/137045828005/free-the-cube">
+“Cube” 3D printer was designed with DRM</a>:
it</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/#more-10275062">Unless
+ users create an account on Anova's servers, their
cookers</em></ins></span> won't <span class="removed"><del><strong>accept
+third-party printing materials. It is the Keurig</strong></del></span>
+ <span class="inserted"><ins><em>function</a>.</p>
+ </li>
+
+ <li id="M201703270">
+ <p>When Miele's Internet</em></ins></span> of <span
class="removed"><del><strong>printers. Now it</strong></del></span>
+ <span class="inserted"><ins><em>Stings hospital disinfectant
dishwasher</em></ins></span> is
+<span class="removed"><del><strong>being discontinued, which means that
eventually authorized materials won't
+be available and the printers may become unusable.</p>
+
+<p>With a</strong></del></span> <a <span
class="removed"><del><strong>href="http://www.fsf.org/resources/hw/endorsement/aleph-objects">
+printer that gets</strong></del></span>
<span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">
- connected</em></ins></span> to the Internet, its security is
crap</a>.</p>
+ connected to</em></ins></span> the <span
class="removed"><del><strong>Respects Your Freedom</a>, this problem
would not
+even be</strong></del></span> <span class="inserted"><ins><em>Internet, its
security is crap</a>.</p>
- <p>For example, a cracker can gain access to the dishwasher's
- filesystem, infect it with malware, and force the dishwasher to launch
- attacks on other devices in the network. Since these dishwashers are
+ <p>For example,</em></ins></span> a <span
class="removed"><del><strong>remote possibility.</p>
+
+<p>How pitiful that</strong></del></span> <span
class="inserted"><ins><em>cracker can gain access to</em></ins></span> the
<span class="removed"><del><strong>author of that article says that there was
+“nothing wrong”</strong></del></span> <span
class="inserted"><ins><em>dishwasher's
+ filesystem, infect it</em></ins></span> with <span
class="removed"><del><strong>designing</strong></del></span> <span
class="inserted"><ins><em>malware, and force</em></ins></span> the <span
class="removed"><del><strong>device</strong></del></span> <span
class="inserted"><ins><em>dishwasher</em></ins></span> to <span
class="removed"><del><strong>restrict users</strong></del></span> <span
class="inserted"><ins><em>launch
+ attacks on other devices</em></ins></span> in the <span
class="removed"><del><strong>first place. This is like putting a “cheat
me and mistreat me”
+sign</strong></del></span> <span class="inserted"><ins><em>network. Since
these dishwashers are
used in hospitals, such attacks could potentially put hundreds of
lives at risk.</p>
</li>
-<span class="removed"><del><strong><li></strong></del></span>
- <span class="inserted"><ins><em><li id="M201703140">
+ <li id="M201703140">
<p>A computerized vibrator <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping on its users through the proprietary control
app</a>.</p>
+ was snooping</em></ins></span> on <span class="removed"><del><strong>your
chest. We should know better: we should condemn all companies
+that take advantage</strong></del></span> <span class="inserted"><ins><em>its
users through the proprietary control app</a>.</p>
- <p>The app was reporting the temperature of the vibrator minute by
- minute (thus, indirectly, whether it was surrounded by a person's
- body), as well as the vibration frequency.</p>
+ <p>The app was reporting the temperature</em></ins></span> of <span
class="removed"><del><strong>people like him. Indeed,</strong></del></span>
<span class="inserted"><ins><em>the vibrator minute by
+ minute (thus, indirectly, whether</em></ins></span> it <span
class="removed"><del><strong>is</strong></del></span> <span
class="inserted"><ins><em>was surrounded by a person's
+ body), as well as</em></ins></span> the <span
class="removed"><del><strong>acceptance of</strong></del></span> <span
class="inserted"><ins><em>vibration frequency.</p>
<p>Note the totally inadequate proposed response: a labeling
- standard with which manufacturers would make statements about their
- products, rather than free software which users could have checked
+ standard with which manufacturers would make statements
about</em></ins></span> their <span class="removed"><del><strong>unjust
practice</strong></del></span>
+ <span class="inserted"><ins><em>products, rather than free software which
users could have checked
and changed.</p>
- <p>The company that made the vibrator <a
+ <p>The company</em></ins></span> that <span
class="removed"><del><strong>teaches</strong></del></span> <span
class="inserted"><ins><em>made the vibrator <a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
- was sued for collecting lots of personal information about how people
- used it</a>.</p>
+ was sued for collecting lots of personal information about
how</em></ins></span> people <span
class="removed"><del><strong>to</strong></del></span>
+ <span class="inserted"><ins><em>used it</a>.</p>
- <p>The company's statement that it was anonymizing the data may be
- true, but it doesn't really matter. If it had sold the data to a data
- broker, the data broker would have been able to figure out who the
+ <p>The company's statement that it was anonymizing the data
may</em></ins></span> be <span class="removed"><del><strong>doormats.</p>
+</li>
+
+<li>
+<p>Philips “smart” lightbulbs <a
+href="https://www.techdirt.com/articles/20151214/07452133070/lightbulb-drm-philips-locks-purchasers-out-third-party-bulbs-with-firmware-update.shtml"></strong></del></span>
+ <span class="inserted"><ins><em>true, but it doesn't really matter. If it
had sold the data to a data
+ broker, the data broker would</em></ins></span> have been <span
class="removed"><del><strong>designed not</strong></del></span> <span
class="inserted"><ins><em>able</em></ins></span> to <span
class="removed"><del><strong>interact with other companies' smart
+lightbulbs</a>.</p>
+
+<p>If</strong></del></span> <span class="inserted"><ins><em>figure out
who the
user was.</p>
<p>Following this lawsuit, <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered to pay a total of C$4m</a> to its
- customers.</p>
+ the company has been ordered to pay</em></ins></span> a <span
class="removed"><del><strong>product is “smart”, and you didn't
build it, it is
+cleverly serving</strong></del></span> <span class="inserted"><ins><em>total
of C$4m</a> to</em></ins></span> its <span
class="removed"><del><strong>manufacturer <em>against
you</em>.</p></strong></del></span>
+ <span class="inserted"><ins><em>customers.</p></em></ins></span>
</li>
- <li id="M201702280">
- <p>“CloudPets” toys with microphones <a
-
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
- leak childrens' conversations to the manufacturer</a>. Guess what?
<a
-
href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
- Crackers found a way to access the data</a> collected by the
+<span class="removed"><del><strong><li>
+<p><a
+href="http://web.archive.org/web/20131007102857/http://www.nclnet.org/technology/73-digital-rights-management/124-whos-driving-the-copyright-laws-consumers-insist-on-the-right-to-back-it-up">
+DVDs and Bluray disks have DRM</a>.
+</p>
+
+<p>That page uses spin terms that favor DRM,
+including</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201702280">
+ <p>“CloudPets” toys with microphones</em></ins></span>
<a <span
class="removed"><del><strong>href="/philosophy/words-to-avoid.html#DigitalRightsManagement">
+digital “rights” management</a>
+and</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
+ leak childrens' conversations to the manufacturer</a>. Guess
what?</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/words-to-avoid.html#Protection">“protect”</a>,
+and it claims that “artists” (rather than companies) are
+primarily responsible for putting digital restrictions management into
+these disks. Nonetheless, it is</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
+ Crackers found</em></ins></span> a <span
class="removed"><del><strong>reference for</strong></del></span> <span
class="inserted"><ins><em>way to access</em></ins></span> the <span
class="removed"><del><strong>facts.
+</p>
+
+<p>Every Bluray disk (with few, rare exceptions) has DRM—so
+don't use Bluray disks!</p>
+</li>
+
+<li id="cameras-bugs">
+<p>Over 70 brands of network-connected surveillance cameras have <a
+href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
+security bugs that allow anyone</strong></del></span> <span
class="inserted"><ins><em>data</a> collected by the
manufacturer's snooping.</p>
- <p>That the manufacturer and the FBI could listen to these
- conversations was unacceptable by itself.</p>
+ <p>That the manufacturer and the FBI could listen</em></ins></span>
to <span class="removed"><del><strong>watch through
them</a>.</p></strong></del></span> <span
class="inserted"><ins><em>these
+ conversations was unacceptable by itself.</p></em></ins></span>
</li>
- <li id="M201702200"></em></ins></span>
- <p>If you buy a used “smart”
- car, house, TV, refrigerator, etc., usually <a
-
href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the
- previous owners can still remotely control it</a>.</p>
- </li>
-<span class="removed"><del><strong><li></strong></del></span>
+<span class="removed"><del><strong><li>
+<p>Samsung's “Smart Home” has</strong></del></span>
- <span class="inserted"><ins><em><li id="M201702060"></em></ins></span>
+ <span class="inserted"><ins><em><li id="M201702200">
+ <p>If you buy</em></ins></span> a <span
class="removed"><del><strong>big security hole;</strong></del></span> <span
class="inserted"><ins><em>used “smart”
+ car, house, TV, refrigerator, etc., usually</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">
+unauthorized people</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the
+ previous owners</em></ins></span> can <span
class="inserted"><ins><em>still</em></ins></span> remotely control
it</a>.</p>
+
+<span class="removed"><del><strong><p>Samsung
claims</strong></del></span>
+ <span class="inserted"><ins><em></li>
+
+ <li id="M201702060">
<p>Vizio “smart” <a
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
- report everything that is viewed on them, and not just broadcasts and
- cable</a>. Even if the image is coming from the user's own computer,
- the TV reports what it is. The existence of a way to disable the
- surveillance, even if it were not hidden as it was in these TVs,
+ report everything</em></ins></span> that <span
class="removed"><del><strong>this</strong></del></span> is <span
class="removed"><del><strong>an “open” platform
so</strong></del></span> <span class="inserted"><ins><em>viewed on them, and
not just broadcasts and
+ cable</a>. Even if</em></ins></span> the
+<span class="removed"><del><strong>problem</strong></del></span> <span
class="inserted"><ins><em>image</em></ins></span> is <span
class="removed"><del><strong>partly</strong></del></span> <span
class="inserted"><ins><em>coming from</em></ins></span> the <span
class="removed"><del><strong>fault</strong></del></span> <span
class="inserted"><ins><em>user's own computer,
+ the TV reports what it is. The existence</em></ins></span> of <span
class="removed"><del><strong>app developers. That is clearly
true</strong></del></span> <span class="inserted"><ins><em>a way to disable the
+ surveillance, even</em></ins></span> if <span class="inserted"><ins><em>it
were not hidden as it was in these TVs,
does not legitimize the surveillance.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>More or less all “smart” TVs</strong></del></span>
- <span class="inserted"><ins><em><li id="M201612230">
+ <li id="M201612230">
<p>VR equipment, measuring every slight motion,
- creates the potential for the most intimate
- surveillance ever. All it takes to make this potential
real</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
- on their users</a>.</p>
+ creates the potential for</em></ins></span> the <span
class="removed"><del><strong>apps are proprietary software.</p>
-<p>The report was</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
- software</em></ins></span> as <span class="removed"><del><strong>of 2014,
but we don't expect this has got
-better.</p>
+<p>Anything whose name is “Smart” is</strong></del></span>
most <span class="removed"><del><strong>likely going</strong></del></span>
<span class="inserted"><ins><em>intimate
+ surveillance ever. All it takes</em></ins></span> to
+<span class="removed"><del><strong>screw you.</p>
+</li>
-<p>This shows that laws requiring products to get users' formal
-consent before collecting personal data are totally inadequate. And
-what happens if a user declines consent? Probably the TV will say,
-“Without your consent to tracking, the TV</strong></del></span> <span
class="inserted"><ins><em>malicious as many other programs listed in this
+<li>
+<p>
+Malware found on</strong></del></span> <span class="inserted"><ins><em>make
this potential real</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">
+security cameras available through Amazon</a>.
+</p>
+
+<p>A camera that records locally on physical media, and has no network
+connection, does not threaten people with surveillance—neither
+by watching people through the camera, nor through
malware</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
+ software as malicious as many other programs listed</em></ins></span> in
<span class="inserted"><ins><em>this
page</a>.</p>
- <p>You can bet Facebook</em></ins></span> will <span
class="removed"><del><strong>not
-work.”</p>
+ <p>You can bet Facebook will implement</em></ins></span> the
+<span class="removed"><del><strong>camera.</p>
+</li>
-<p>Proper laws would say that TVs are not allowed to report
what</strong></del></span> <span
class="inserted"><ins><em>implement</em></ins></span> the
-<span class="removed"><del><strong>user watches — no
exceptions!</p></strong></del></span> <span
class="inserted"><ins><em>maximum possible
- surveillance on Oculus Rift devices. The moral is, never trust a VR
- system with nonfree software in it.</p></em></ins></span>
+<li>
+<p> <a
+href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
+FitBit fitness trackers have</strong></del></span> <span
class="inserted"><ins><em>maximum possible
+ surveillance on Oculus Rift devices. The moral is, never
trust</em></ins></span> a <span class="removed"><del><strong>Bluetooth
vulnerability</a> that allows
+attackers to send malware to the devices, which can subsequently
+spread to computers and other FitBit trackers that
interact</strong></del></span> <span class="inserted"><ins><em>VR
+ system</em></ins></span> with
+<span class="removed"><del><strong>them.</p></strong></del></span> <span
class="inserted"><ins><em>nonfree software in it.</p></em></ins></span>
</li>
+
<span class="removed"><del><strong><li>
-<p>Some LG
-TVs</strong></del></span>
+<p> “Self-encrypting” disk drives do the encryption with
+proprietary firmware so you can't trust it. Western
Digital's</strong></del></span>
<span class="inserted"><ins><em><li id="M201612200">
- <p>The developer of Ham Radio Deluxe</em></ins></span> <a <span
class="removed"><del><strong>href="http://openlgtv.org.ru/wiki/index.php/Achievements">are
-tyrants</a>.</p>
+ <p>The developer of Ham Radio Deluxe</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">
+“My Passport” drives have a back door</a>.</p>
</li>
-<li><a
-href="http://wiki.samygo.tv/index.php5/SamyGO_for_DUMMIES#What_are_Restricted_Firmwares.3F">
-Samsung “Smart” TVs have turned Linux into the
base</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20161220/12411836320/company-bricks-users-software-after-he-posts-negative-review.shtml">sabotaged
- a customer's installation as punishment</em></ins></span> for <span
class="inserted"><ins><em>posting</em></ins></span> a <span
class="removed"><del><strong>tyrant system</a></strong></del></span>
<span class="inserted"><ins><em>negative
+<li>
+<p>
+Hospira infusion pumps, which are used to administer drugs
to</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20161220/12411836320/company-bricks-users-software-after-he-posts-negative-review.shtml">sabotaged</em></ins></span>
+ a <span class="removed"><del><strong>patient, were rated “<a
+href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">
+least secure IP device I've ever seen</a>”
by</strong></del></span> <span class="inserted"><ins><em>customer's
installation as punishment for posting</em></ins></span> a <span
class="removed"><del><strong>security
+researcher.</p>
+
+<p>Depending on what drug</strong></del></span> <span
class="inserted"><ins><em>negative
review</a>.</p>
- <p>Most proprietary software companies don't use their
power</em></ins></span> so <span class="removed"><del><strong>as to impose DRM.
-What enables Samsung to do this</strong></del></span>
- <span class="inserted"><ins><em>harshly, but it</em></ins></span> is <span
class="inserted"><ins><em>an injustice</em></ins></span> that <span
class="removed"><del><strong>Linux is released under
-GNU GPL version 2, <a href="/licenses/rms-why-gplv3.html">not version
3</a>,
-together with a weak interpretation of GPL version 2.</strong></del></span>
<span class="inserted"><ins><em>they all <em>have</em> such
+ <p>Most proprietary software companies don't use their power so
+ harshly, but it</em></ins></span> is <span
class="removed"><del><strong>being infused, the insecurity could
+open the door to murder.</p></strong></del></span> <span
class="inserted"><ins><em>an injustice that they all <em>have</em>
such
power.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li>
-<p>A company that makes internet-controlled vibrators
-<a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">is
-being sued for collecting lots of personal information about how
-people use it</a>.</p></strong></del></span>
+<p>Due</strong></del></span>
- <span class="inserted"><ins><em><li id="M201612061"></em></ins></span>
- <p>The <span class="removed"><del><strong>company's statement that
it anonymizes the data may</strong></del></span> <span
class="inserted"><ins><em>“smart” toys My Friend Cayla and i-Que
can</em></ins></span> be <span class="removed"><del><strong>true,
-but it doesn't really matter. If it sells the data</strong></del></span> <span
class="inserted"><ins><em><a
+ <span class="inserted"><ins><em><li id="M201612061">
+ <p>The “smart” toys My Friend Cayla and i-Que can be
<a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely
controlled with a mobile phone</a>; physical access is not
- necessary. This would enable crackers</em></ins></span> to <span
class="inserted"><ins><em>listen in on</em></ins></span> a <span
class="removed"><del><strong>data broker,</strong></del></span> <span
class="inserted"><ins><em>child's
- conversations, and even speak into</em></ins></span> the <span
class="removed"><del><strong>data broker can figure out
who</strong></del></span> <span class="inserted"><ins><em>toys
themselves.</p>
+ necessary. This would enable crackers</em></ins></span> to <span
class="removed"><del><strong>bad security</strong></del></span> <span
class="inserted"><ins><em>listen</em></ins></span> in <span
class="inserted"><ins><em>on</em></ins></span> a <span
class="removed"><del><strong>drug pump, crackers</strong></del></span> <span
class="inserted"><ins><em>child's
+ conversations, and even speak into the toys themselves.</p>
- <p>This means a burglar could speak into</em></ins></span> the <span
class="removed"><del><strong>user is.</p></strong></del></span> <span
class="inserted"><ins><em>toys and ask the child
- to unlock the front door while Mommy's not
looking.</p></em></ins></span>
+ <p>This means a burglar</em></ins></span> could <span
class="removed"><del><strong>use it to <a
+href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">
+kill patients</a>.</p>
+</li>
+
+<li>
+<p><a
+href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
+“Smart homes”</a> turn out to be stupidly
vulnerable</strong></del></span> <span class="inserted"><ins><em>speak into the
toys and ask the child</em></ins></span>
+ to
+<span class="removed"><del><strong>intrusion.</p></strong></del></span>
<span class="inserted"><ins><em>unlock the front door while Mommy's not
looking.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li>
-<p>Google/Alphabet</strong></del></span>
+<p>The</strong></del></span>
<span class="inserted"><ins><em><li id="M201608080">
<p>Ransomware</em></ins></span> <a
-<span
class="removed"><del><strong>href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">
-intentionally broke Revolv home automatic control products that depended on
-a server</a> to function. The lesson is, don't
stand</strong></del></span>
+<span
class="removed"><del><strong>href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
+FTC punished a company</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/">
- has been developed</em></ins></span> for <span
class="removed"><del><strong>that! Insist
-on self-contained computers</strong></del></span> <span
class="inserted"><ins><em>a thermostat</em></ins></span> that <span
class="removed"><del><strong>run free software!</p></strong></del></span>
<span class="inserted"><ins><em>uses proprietary
+ has been developed</em></ins></span> for <span
class="removed"><del><strong>making webcams with bad security</a>
so</strong></del></span> <span class="inserted"><ins><em>a
thermostat</em></ins></span> that <span class="removed"><del><strong>it was
easy for anyone to watch them.</p></strong></del></span> <span
class="inserted"><ins><em>uses proprietary
software</a>.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li>
-<p>ARRIS cable modem has a <a
-href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1">
-backdoor in the backdoor</a>.</p>
-</li>
-
-<li>
-<p>HP “storage appliances”</strong></del></span>
+<p>It is possible to</strong></del></span>
<span class="inserted"><ins><em><li id="M201605020">
- <p>Samsung's “Smart Home” has a big security hole; <a
-
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">
- unauthorized people can remotely control it</a>.</p>
-
- <p>Samsung claims</em></ins></span> that <span
class="removed"><del><strong>use</strong></del></span> <span
class="inserted"><ins><em>this is an “open” platform so the
- problem is partly the fault of app developers. That is clearly true
- if</em></ins></span> the <span class="inserted"><ins><em>apps
are</em></ins></span> proprietary
-<span class="removed"><del><strong>“Left Hand” operating system
have back doors that give HP
+ <p>Samsung's “Smart Home” has a big security
hole;</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">
+kill</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">
+ unauthorized</em></ins></span> people <span
class="removed"><del><strong>by taking</strong></del></span> <span
class="inserted"><ins><em>can remotely</em></ins></span> control <span
class="inserted"><ins><em>it</a>.</p>
+
+ <p>Samsung claims that this is an “open” platform so the
+ problem is partly the fault</em></ins></span> of <span
class="removed"><del><strong>medical implants by radio</a>. More
+information in <a
+href="http://www.bbc.co.uk/news/technology-17631838">BBC News</a> and
<a
-href="https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/">
-remote login access</a></strong></del></span> <span
class="inserted"><ins><em>software.</p>
+href="http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">
+IOActive Labs Research blog</a>.</p>
+</li>
+
+<li>
+<p>Lots of <a
+href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">
+hospital equipment has lousy security</a>, and it can be fatal.</p>
+</li>
- <p>Anything whose name is “Smart” is most likely
going</em></ins></span>
- to <span class="removed"><del><strong>them. HP
claims</strong></del></span> <span class="inserted"><ins><em>screw
you.</p>
+<li>
+<p><a
+href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
+Point-of-sale terminals running Windows were taken over</a> and turned
+into a botnet for</strong></del></span> <span class="inserted"><ins><em>app
developers. That is clearly true
+ if</em></ins></span> the <span class="removed"><del><strong>purpose of
collecting customers' credit card
+numbers.</p></strong></del></span> <span class="inserted"><ins><em>apps
are proprietary software.</p>
+
+ <p>Anything whose name is “Smart” is most likely going
+ to screw you.</p></em></ins></span>
</li>
- <li id="M201604110">
- <p>Malware was found on <a
-
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">
+ <li <span class="removed"><del><strong>id="vizio-snoop">
+<p>Vizio</strong></del></span> <span
class="inserted"><ins><em>id="M201604110">
+ <p>Malware was found on</em></ins></span> <a <span
class="removed"><del><strong>href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
+used a firmware “upgrade” to make its TVs
snoop</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">
security cameras available through Amazon</a>.</p>
- <p>A camera</em></ins></span> that <span
class="removed"><del><strong>this</strong></del></span> <span
class="inserted"><ins><em>records locally on physical media, and has no network
- connection,</em></ins></span> does not <span
class="removed"><del><strong>give HP
-access to</strong></del></span> <span class="inserted"><ins><em>threaten
people with surveillance—neither
- by watching people through</em></ins></span> the <span
class="removed"><del><strong>customer's data, but if</strong></del></span>
<span class="inserted"><ins><em>camera, nor through malware
in</em></ins></span> the <span class="removed"><del><strong>back door allows
-installation of software changes, a change could be
installed</strong></del></span>
- <span class="inserted"><ins><em>camera.</p>
- </li>
-
- <li id="M201604050">
- <p>Google/Alphabet <a
-
href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">
- intentionally broke Revolv home automatic control
products</em></ins></span> that
-<span class="removed"><del><strong>would give access</strong></del></span>
- <span class="inserted"><ins><em>depended on a
server</a></em></ins></span> to <span class="inserted"><ins><em>function,
by shutting down</em></ins></span> the <span
class="removed"><del><strong>customer's data.
-</p></strong></del></span> <span class="inserted"><ins><em>server.
- The lesson is, reject all such products. Insist on self-contained
+ <p>A camera that records locally</em></ins></span> on <span
class="removed"><del><strong>what
+users watch</a>. The TVs did</strong></del></span> <span
class="inserted"><ins><em>physical media, and has no network
+ connection, does</em></ins></span> not <span
class="removed"><del><strong>do that when first
sold.</p></strong></del></span> <span class="inserted"><ins><em>threaten
people with surveillance—neither
+ by watching people through the camera, nor through malware in the
+ camera.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li>
+<p>LG</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201604050">
+ <p>Google/Alphabet</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
+disabled network features</a></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">
+ intentionally broke Revolv home automatic control products that
+ depended</em></ins></span> on <span
class="removed"><del><strong><em>previously purchased</em>
+“smart” TVs, unless the purchasers agreed to let LG
+begin</strong></del></span> <span class="inserted"><ins><em>a
server</a></em></ins></span> to <span
class="removed"><del><strong>snoop</strong></del></span> <span
class="inserted"><ins><em>function, by shutting down the server.
+ The lesson is, reject all such products. Insist</em></ins></span> on
<span class="removed"><del><strong>them and distribute their personal
data.</p></strong></del></span> <span
class="inserted"><ins><em>self-contained
computers that run free software!</p></em></ins></span>
</li>
<span class="removed"><del><strong><li>
<p><a
-href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html">
-Some D-Link routers</a> have a back door for changing settings in a
-dlink of an eye.</p>
-
-<p>
-<a href="https://github.com/elvanderb/TCP-32764">Many
models</strong></del></span>
+href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">
+Barbie is going</strong></del></span>
<span class="inserted"><ins><em><li id="M201603220">
- <p>Over 70 brands</em></ins></span> of <span
class="removed"><del><strong>routers</strong></del></span> <span
class="inserted"><ins><em>network-connected surveillance
cameras</em></ins></span> have <span class="removed"><del><strong>back
doors</a>.</p>
+ <p>Over 70 brands of network-connected surveillance cameras have
<a
+
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
+ security bugs that allow anyone</em></ins></span> to <span
class="removed"><del><strong>spy</a> on children and adults.</p>
</li>
<li>
-<p><a href="http://sekurak.pl/tp-link-httptftp-backdoor/">
-The TP-Link router has a backdoor</a>.</p></strong></del></span>
<span class="inserted"><ins><em><a
-
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
- security bugs that allow anyone to watch through
them</a>.</p></em></ins></span>
+<p><a
+href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+Cisco TNP IP phones are spying
devices</a>.</p></strong></del></span> <span
class="inserted"><ins><em>watch through
them</a>.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li></strong></del></span>
<span class="inserted"><ins><em><li id="M201601100"></em></ins></span>
<p>The <a
- href="http://michaelweinberg.org/post/137045828005/free-the-cube">
+<span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">Nest
Cam
+“smart” camera</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://michaelweinberg.org/post/137045828005/free-the-cube">
“Cube” 3D printer was designed with DRM</a>: it
- won't accept third-party printing materials. It is the Keurig of
- printers. Now it is being discontinued, which means that eventually
- authorized materials won't be available and the printers may become
+ won't accept third-party printing materials. It</em></ins></span> is
<span class="removed"><del><strong>always watching</a>, even
when</strong></del></span> the
+<span class="removed"><del><strong>“owner”
switches</strong></del></span> <span class="inserted"><ins><em>Keurig of
+ printers. Now</em></ins></span> it <span
class="removed"><del><strong>“off.”</p>
+
+<p>A “smart” device</strong></del></span> <span
class="inserted"><ins><em>is being discontinued, which</em></ins></span> means
<span class="inserted"><ins><em>that eventually
+ authorized materials won't be available and</em></ins></span> the <span
class="removed"><del><strong>manufacturer is using it to</strong></del></span>
<span class="inserted"><ins><em>printers may become
unusable.</p>
<p>With a <a
@@ -511,107 +750,52 @@
people to be doormats.</p>
</li>
-<span class="removed"><del><strong><li></strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201512140"></em></ins></span>
- <p>Philips “smart” lightbulbs <span
class="removed"><del><strong><a
-href="https://www.techdirt.com/articles/20151214/07452133070/lightbulb-drm-philips-locks-purchasers-out-third-party-bulbs-with-firmware-update.shtml">
-have</strong></del></span> <span class="inserted"><ins><em>had
initially</em></ins></span> been
- designed <span class="removed"><del><strong>not</strong></del></span> to
interact with other companies' smart
-<span
class="removed"><del><strong>lightbulbs</a>.</p></strong></del></span>
<span class="inserted"><ins><em>light bulbs, but <a
+ <li id="M201512140">
+ <p>Philips “smart” lightbulbs had initially been
+ designed to interact with other companies' smart light bulbs, but <a
href="https://www.techdirt.com/articles/20151214/07452133070/lightbulb-drm-philips-locks-purchasers-out-third-party-bulbs-with-firmware-update.shtml">
later the company updated the firmware to disallow
- interoperability</a>.</p></em></ins></span>
+ interoperability</a>.</p>
<p>If a product is “smart”, and you didn't build it,
it is cleverly serving its manufacturer <em>against
you</em>.</p>
</li>
-<span class="removed"><del><strong><li></strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201512074"></em></ins></span>
+ <li id="M201512074">
<p><a
-<span
class="removed"><del><strong>href="http://web.archive.org/web/20131007102857/http://www.nclnet.org/technology/73-digital-rights-management/124-whos-driving-the-copyright-laws-consumers-insist-on-the-right-to-back-it-up">
-DVDs and Bluray disks</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html">
- Some D-Link routers</a></em></ins></span> have <span
class="removed"><del><strong>DRM</a>.
-</p>
-
-<p>That page uses spin terms that favor DRM,
-including <a
href="/philosophy/words-to-avoid.html#DigitalRightsManagement">
-digital “rights” management</a>
-and <a
href="/philosophy/words-to-avoid.html#Protection">“protect”</a>,
-and it claims that “artists” (rather than companies) are
-primarily responsible for putting digital restrictions management into
-these disks. Nonetheless, it is</strong></del></span> a <span
class="removed"><del><strong>reference</strong></del></span> <span
class="inserted"><ins><em>back door</em></ins></span> for <span
class="removed"><del><strong>the facts.
-</p>
-
-<p>Every Bluray disk (with few, rare exceptions)</strong></del></span>
<span class="inserted"><ins><em>changing settings in a
+
href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html">
+ Some D-Link routers</a> have a back door for changing settings in a
dlink of an eye.</p>
<p><a href="http://sekurak.pl/tp-link-httptftp-backdoor/"> The
TP-Link
- router</em></ins></span> has <span
class="removed"><del><strong>DRM—so
-don't use Bluray disks!</p>
-</li>
+ router has a back door</a>.</p>
-<li id="cameras-bugs">
-<p>Over 70 brands</strong></del></span> <span
class="inserted"><ins><em>a back door</a>.</p>
-
- <p><a href="https://github.com/elvanderb/TCP-32764">Many
models</em></ins></span> of <span
class="removed"><del><strong>network-connected surveillance
cameras</strong></del></span>
- <span class="inserted"><ins><em>routers</em></ins></span> have <span
class="removed"><del><strong><a
-href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
-security bugs that allow anyone to watch through
them</a>.</p></strong></del></span> <span
class="inserted"><ins><em>back doors</a>.</p></em></ins></span>
+ <p><a href="https://github.com/elvanderb/TCP-32764">Many
models of
+ routers have back doors</a>.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>Samsung's “Smart Home” has a big security hole; <a
-href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">
-unauthorized people can remotely control it</a>.</p>
-
-<p>Samsung claims that this is an “open” platform so the
-problem</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201511250">
- <p>The Nest Cam “smart” camera</em></ins></span> is
<span class="removed"><del><strong>partly</strong></del></span> <span
class="inserted"><ins><em><a
+ <li id="M201511250">
+ <p>The Nest Cam “smart” camera is <a
href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
- even when</em></ins></span> the <span class="removed"><del><strong>fault
of app developers. That is clearly true if</strong></del></span> <span
class="inserted"><ins><em>“owner” switches it
“off.”</p>
-
- <p>A “smart” device means</em></ins></span> the <span
class="removed"><del><strong>apps are proprietary software.</p>
+ even when the “owner” switches it “off.”</p>
-<p>Anything whose name is “Smart”</strong></del></span>
<span class="inserted"><ins><em>manufacturer</em></ins></span> is <span
class="removed"><del><strong>most likely going</strong></del></span> <span
class="inserted"><ins><em>using it</em></ins></span>
- to
-<span class="removed"><del><strong>screw</strong></del></span> <span
class="inserted"><ins><em>outsmart</em></ins></span> you.</p>
+ <p>A “smart” device means the manufacturer is using it
+ to</em></ins></span> outsmart you.</p>
</li>
<span class="removed"><del><strong><li>
-<p>
-Malware found on <a
-href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">
-security cameras available through Amazon</a>.
-</p>
-
-<p>A camera that records locally on physical media,
and</strong></del></span>
+<p>Vizio goes</strong></del></span>
<span class="inserted"><ins><em><li id="M201511198">
- <p>ARRIS cable modem</em></ins></span> has <span
class="removed"><del><strong>no network
-connection, does not threaten people with surveillance—neither
-by watching people through the camera, nor through
malware</strong></del></span> <span class="inserted"><ins><em>a <a
+ <p>ARRIS cable modem has</em></ins></span> a <span
class="removed"><del><strong>step further than</strong></del></span> <span
class="inserted"><ins><em><a
href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1">
- back door</em></ins></span> in the
-<span class="removed"><del><strong>camera.</p></strong></del></span>
<span class="inserted"><ins><em>back door</a>.</p></em></ins></span>
+ back door in the back door</a>.</p>
</li>
-<span class="removed"><del><strong><li>
-<p> <a
-href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
-FitBit fitness trackers have a Bluetooth vulnerability</a> that allows
-attackers</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201511130">
+ <li id="M201511130">
<p>Some web and TV advertisements play inaudible
- sounds</em></ins></span> to <span
class="removed"><del><strong>send</strong></del></span> <span
class="inserted"><ins><em>be picked up by proprietary</em></ins></span> malware
<span class="removed"><del><strong>to the devices, which can subsequently
-spread to computers and</strong></del></span> <span
class="inserted"><ins><em>running
- on</em></ins></span> other <span class="removed"><del><strong>FitBit
trackers that</strong></del></span> <span class="inserted"><ins><em>devices in
range so as to determine that they
+ sounds to be picked up by proprietary malware running
+ on</em></ins></span> other <span class="inserted"><ins><em>devices in
range so as to determine that they
are nearby. Once your Internet devices are paired with
your TV, advertisers can correlate ads with Web activity, and other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
@@ -646,26 +830,18 @@
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
Bluetooth vulnerability</a> that allows attackers to send malware
to the devices, which can subsequently spread to computers and other
- FitBit trackers that</em></ins></span> interact with them.</p>
+ FitBit trackers that interact with them.</p>
</li>
-<span class="removed"><del><strong><li>
-<p> “Self-encrypting”</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201510200">
- <p>“Self-encrypting”</em></ins></span> disk drives
+ <li id="M201510200">
+ <p>“Self-encrypting” disk drives
do the encryption with proprietary firmware so you
- can't trust it. Western Digital's <span class="removed"><del><strong><a
-href="https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption"></strong></del></span>
“My Passport” drives <span class="inserted"><ins><em><a
-
href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption"></em></ins></span>
+ can't trust it. Western Digital's “My Passport” drives <a
+
href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">
have a back door</a>.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>
-Hospira</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201507240">
+ <li id="M201507240">
<p>Vizio “smart” TVs recognize and <a
href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
what people are watching</a>, even if it isn't a TV
channel.</p>
@@ -685,11 +861,9 @@
</li>
<li id="M201505050">
- <p>Hospira</em></ins></span> infusion pumps, which are used
+ <p>Hospira infusion pumps, which are used
to administer drugs to a patient, were rated “<a
-<span
class="removed"><del><strong>href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">
-least</strong></del></span>
- <span
class="inserted"><ins><em>href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least</em></ins></span>
+
href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least
secure IP device I've ever seen</a>” by a security
researcher.</p>
@@ -697,148 +871,53 @@
the door to murder.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>Due to bad security in a drug pump, crackers could use it to <a
-href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">
-kill patients</a>.</p>
-</li>
-
-<li>
-<p><a
-href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
-“Smart homes”</a> turn out to be stupidly vulnerable to
-intrusion.</p>
-</li>
-
-<li>
-<p>The <a
-href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
-FTC punished a company for making webcams with bad security</a> so
-that it was easy for anyone to watch them.</p>
-</li>
-
-<li>
-<p>It is possible to <a
-href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">
-kill people by taking control of medical implants by radio</a>. More
-information in <a
-href="http://www.bbc.co.uk/news/technology-17631838">BBC News</a> and
-<a
-href="http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">
-IOActive Labs Research blog</a>.</p>
-</li>
-
-<li>
-<p>Lots of <a
-href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">
-hospital equipment has lousy security</a>, and it can be fatal.</p>
-</li>
-
-<li>
-<p><a
-href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
-Point-of-sale terminals running Windows were taken over</a> and turned
-into a botnet for the purpose of collecting customers' credit card
-numbers.</p>
-</li>
-
-<li id="vizio-snoop">
-<p>Vizio
-<a
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
-used</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201504300">
+ <li id="M201504300">
<p>Vizio <a
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
- used</em></ins></span> a firmware “upgrade” to make its TVs
snoop on what
+ used a firmware “upgrade” to make its TVs snoop on what
users watch</a>. The TVs did not do that when first sold.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>LG</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201502180">
- <p>Barbie</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
-disabled network features</a> on <em>previously
purchased</em>
-“smart” TVs, unless the purchasers agreed to let LG
-begin to snoop on them and distribute their personal data.</p>
-</li>
-
-<li>
-<p><a
-href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">
-Barbie is</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is</em></ins></span>
- going to <span
class="removed"><del><strong>spy</a></strong></del></span> <span
class="inserted"><ins><em>spy</em></ins></span> on children and <span
class="removed"><del><strong>adults.</p>
-</li>
-
-<li>
-<p><a
-href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
-Cisco TNP IP phones are spying
devices</a>.</p></strong></del></span> <span
class="inserted"><ins><em>adults</a>.</p></em></ins></span>
+ <li id="M201502180">
+ <p>Barbie <a
+
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
+ going to spy on children and adults</a>.</p>
</li>
-<span class="removed"><del><strong><li></strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201502090"></em></ins></span>
- <p>The <span class="inserted"><ins><em>Samsung “Smart”
TV</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">Nest
Cam
-“smart” camera is always watching</a>, even
when</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
- transmits users' voice on</em></ins></span> the
-<span class="removed"><del><strong>“owner”
switches</strong></del></span> <span class="inserted"><ins><em>internet to
another company, Nuance</a>.
- Nuance can save</em></ins></span> it <span
class="removed"><del><strong>“off.”</p>
-
-<p>A “smart” device means</strong></del></span> <span
class="inserted"><ins><em>and would then have to give it to</em></ins></span>
the <span class="removed"><del><strong>manufacturer</strong></del></span> <span
class="inserted"><ins><em>US or some
+ <li id="M201502090">
+ <p>The Samsung “Smart” TV <a
+
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
+ transmits users' voice on the internet to another company,
Nuance</a>.
+ Nuance can save it and would then have to give it to the US or some
other government.</p>
- <p>Speech recognition</em></ins></span> is <span
class="removed"><del><strong>using</strong></del></span> <span
class="inserted"><ins><em>not to be trusted unless</em></ins></span> it <span
class="inserted"><ins><em>is done by free
+ <p>Speech recognition is not to be trusted unless it is done by free
software in your own computer.</p>
<p>In its privacy policy, Samsung explicitly confirms that <a
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
- data containing sensitive information will be
transmitted</em></ins></span> to <span class="removed"><del><strong>outsmart
-you.</p></strong></del></span> <span class="inserted"><ins><em>third
- parties</a>.</p></em></ins></span>
+ data containing sensitive information will be transmitted to third
+ parties</a>.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>Vizio goes a step further than other</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201411090">
- <p>The Amazon “Smart”</em></ins></span> TV <span
class="removed"><del><strong>manufacturers in spying on
-their users: their</strong></del></span> <span
class="inserted"><ins><em>is</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you"></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
+ <li id="M201411090">
+ <p>The Amazon “Smart” TV is <a
+
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
snooping all the time</a>.</p>
</li>
<li id="M201409290">
- <p>More or less all</em></ins></span> “smart” TVs <span
class="removed"><del><strong>analyze your viewing habits in detail and
-link them your IP address</a> so that advertisers can track you
-across devices.</p>
-
-<p>It is possible to turn this off,</strong></del></span> <span
class="inserted"><ins><em><a
+ <p>More or less all “smart” TVs <a
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
on their users</a>.</p>
- <p>The report was as of 2014,</em></ins></span> but <span
class="removed"><del><strong>having it enabled by default
-is an injustice already.</p>
-</li>
-
-<li>
-<p>Tivo's alliance with Viacom adds 2.3 million
households</strong></del></span> <span class="inserted"><ins><em>we don't
expect this has got
+ <p>The report was as of 2014, but we don't expect this has got
better.</p>
- <p>This shows that laws requiring products</em></ins></span> to
<span class="inserted"><ins><em>get users' formal
+ <p>This shows that laws requiring products to get users' formal
consent before collecting personal data are totally inadequate.
- And what happens if a user declines consent? Probably</em></ins></span>
the <span class="removed"><del><strong>600
-millions social media profiles</strong></del></span> <span
class="inserted"><ins><em>TV will
- say, “Without your consent to tracking,</em></ins></span> the <span
class="removed"><del><strong>company already monitors. Tivo
-customers are unaware they're being watched by advertisers. By
-combining</strong></del></span> TV <span class="removed"><del><strong>viewing
information with online social media
-participation, Tivo can now</strong></del></span> <span
class="inserted"><ins><em>will not
+ And what happens if a user declines consent? Probably the TV will
+ say, “Without your consent to tracking, the</em></ins></span> TV
<span class="removed"><del><strong>manufacturers in
spying</strong></del></span> <span class="inserted"><ins><em>will not
work.”</p>
<p>Proper laws would say that TVs are not allowed to report what the
@@ -846,38 +925,53 @@
</li>
<li id="M201407170">
- <p id="nest-thermometers">Nest thermometers send</em></ins></span>
<a
-<span
class="removed"><del><strong>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
-correlate TV advertisement with online purchases</a>, exposing all
-users</strong></del></span>
- <span
class="inserted"><ins><em>href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
lot of
+ <p id="nest-thermometers">Nest thermometers send <a
+ href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of
data about the user</a>.</p>
</li>
<li id="M201405201">
<p>LG <a
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
- disabled network features</a> on <em>previously
purchased</em>
- “smart” TVs, unless the purchasers agreed</em></ins></span> to
<span class="removed"><del><strong>new combined surveillance by
default.</p></strong></del></span> <span class="inserted"><ins><em>let LG
begin
- to snoop on them and distribute their personal
data.</p></em></ins></span>
+ disabled network features</a></em></ins></span> on <span
class="inserted"><ins><em><em>previously purchased</em>
+ “smart” TVs, unless the purchasers agreed to let LG begin
+ to snoop on them and distribute</em></ins></span> their <span
class="removed"><del><strong>users: their</strong></del></span> <span
class="inserted"><ins><em>personal data.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>Some web</strong></del></span>
+ <li id="M201404250">
+ <p>Lots of</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+“smart” TVs analyze your viewing habits in
detail</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">
+ hospital equipment has lousy security</a>,</em></ins></span> and
+<span class="removed"><del><strong>link them your IP address</a> so that
advertisers</strong></del></span> <span
class="inserted"><ins><em>it</em></ins></span> can <span
class="removed"><del><strong>track you
+across devices.</p>
- <span class="inserted"><ins><em><li id="M201404250">
- <p>Lots of <a
- href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">
- hospital equipment has lousy security</a>,</em></ins></span> and
<span class="removed"><del><strong>TV advertisements play inaudible
sounds</strong></del></span> <span class="inserted"><ins><em>it can be
fatal.</p>
+<p>It is possible</strong></del></span> <span
class="inserted"><ins><em>be fatal.</p>
</li>
<li id="M201312290">
<p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some
flash
- memories have modifiable software</a>, which makes them vulnerable
- to viruses.</p>
+ memories have modifiable software</a>, which makes them
vulnerable</em></ins></span>
+ to <span class="removed"><del><strong>turn</strong></del></span> <span
class="inserted"><ins><em>viruses.</p>
- <p>We don't call this a “back door” because it is normal
- that you can install a new system in a computer, given physical
access</em></ins></span>
+ <p>We don't call</em></ins></span> this <span
class="removed"><del><strong>off, but having</strong></del></span> <span
class="inserted"><ins><em>a “back door” because</em></ins></span>
it <span class="removed"><del><strong>enabled by default</strong></del></span>
is <span class="removed"><del><strong>an injustice already.</p>
+</li>
+
+<li>
+<p>Tivo's alliance with Viacom adds 2.3 million households to the 600
+millions social media profiles the company already monitors. Tivo
+customers are unaware they're being watched by advertisers. By
+combining TV viewing information with online social media
+participation, Tivo</strong></del></span> <span
class="inserted"><ins><em>normal
+ that you</em></ins></span> can <span class="removed"><del><strong>now <a
+href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
+correlate TV advertisement with online purchases</a>, exposing all
+users to</strong></del></span> <span class="inserted"><ins><em>install
a</em></ins></span> new <span class="removed"><del><strong>combined
surveillance by default.</p>
+</li>
+
+<li>
+<p>Some web and TV advertisements play inaudible
sounds</strong></del></span> <span class="inserted"><ins><em>system in a
computer, given physical access</em></ins></span>
to <span class="inserted"><ins><em>it. However, memory sticks and cards
should not</em></ins></span> be <span class="removed"><del><strong>picked
up by proprietary malware</strong></del></span> <span
class="inserted"><ins><em>modifiable in
this way.</p>
@@ -1103,7 +1197,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/09/26 17:28:11 $
+$Date: 2018/10/01 07:58:14 $
<!-- timestamp end -->
</p>
</div>
Index: malware-appliances.de.po
===================================================================
RCS file: /web/www/www/proprietary/po/malware-appliances.de.po,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -b -r1.55 -r1.56
--- malware-appliances.de.po 26 Sep 2018 17:28:11 -0000 1.55
+++ malware-appliances.de.po 1 Oct 2018 07:58:14 -0000 1.56
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: malware-appliances.html\n"
"Report-Msgid-Bugs-To: Webmasters <address@hidden>\n"
-"POT-Creation-Date: 2018-09-26 17:26+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: 2018-07-20 22:00+0200\n"
"Last-Translator: Jоегg Kоhпе <joeko (AT) online [PUNKT] de>\n"
"Language-Team: German <address@hidden>\n"
@@ -100,6 +100,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a href="
+"\"https://www.businessinsider.com/honeywell-iot-thermostats-server-";
+"outage-2018-9\"> surveillance, and danger of sabotage</a> (of a specific "
+"user, or of all users at once), as well as the risk of an outage (which is "
+"what just happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Researchers have discovered how to <a href=\"http://news.rub.de/english/";
"press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> hide "
"voice commands in other audio</a>, so that people cannot hear them, but "
@@ -151,7 +168,7 @@
msgid ""
"Apple devices lock users in <a href=\"https://gizmodo.com/homepod-is-the-";
"ultimate-apple-product-in-a-bad-way-1822883347\"> solely to Apple services</"
-"a> by being designed to be imcompatible with all other options, ethical or "
+"a> by being designed to be incompatible with all other options, ethical or "
"unethical."
msgstr ""
Index: malware-appliances.fr.po
===================================================================
RCS file: /web/www/www/proprietary/po/malware-appliances.fr.po,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -b -r1.83 -r1.84
--- malware-appliances.fr.po 26 Sep 2018 18:28:33 -0000 1.83
+++ malware-appliances.fr.po 1 Oct 2018 07:58:14 -0000 1.84
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: malware-appliances.html\n"
-"POT-Creation-Date: 2018-09-26 13:56+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: 2018-09-26 20:27+0200\n"
"Last-Translator: Thrérèse Godefroy <godef.th AT free.fr>\n"
"Language-Team: French <address@hidden>\n"
@@ -14,6 +14,7 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Outdated-Since: 2018-10-01 07:55+0000\n"
#. type: Content of: <title>
msgid "Malware in Appliances - GNU Project - Free Software Foundation"
@@ -82,6 +83,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a href="
+"\"https://www.businessinsider.com/honeywell-iot-thermostats-server-";
+"outage-2018-9\"> surveillance, and danger of sabotage</a> (of a specific "
+"user, or of all users at once), as well as the risk of an outage (which is "
+"what just happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Researchers have discovered how to <a href=\"http://news.rub.de/english/";
"press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> hide "
"voice commands in other audio</a>, so that people cannot hear them, but "
@@ -156,10 +174,20 @@
"geolocation-drm\">est malveillante également</a>."
#. type: Content of: <ul><li><p>
+# | Apple devices lock users in <a
+# |
href=\"https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347\";>
+# | solely to Apple services</a> by being designed to be i[-m-]{+n+}compatible
+# | with all other options, ethical or unethical.
+#, fuzzy
+#| msgid ""
+#| "Apple devices lock users in <a href=\"https://gizmodo.com/homepod-is-the-";
+#| "ultimate-apple-product-in-a-bad-way-1822883347\"> solely to Apple "
+#| "services</a> by being designed to be imcompatible with all other options, "
+#| "ethical or unethical."
msgid ""
"Apple devices lock users in <a href=\"https://gizmodo.com/homepod-is-the-";
"ultimate-apple-product-in-a-bad-way-1822883347\"> solely to Apple services</"
-"a> by being designed to be imcompatible with all other options, ethical or "
+"a> by being designed to be incompatible with all other options, ethical or "
"unethical."
msgstr ""
"Les appareils d'Apple <a href=\"https://gizmodo.com/homepod-is-the-ultimate-";
Index: malware-appliances.pot
===================================================================
RCS file: /web/www/www/proprietary/po/malware-appliances.pot,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -b -r1.41 -r1.42
--- malware-appliances.pot 26 Sep 2018 17:28:11 -0000 1.41
+++ malware-appliances.pot 1 Oct 2018 07:58:15 -0000 1.42
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: malware-appliances.html\n"
-"POT-Creation-Date: 2018-09-26 17:26+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <address@hidden>\n"
"Language-Team: LANGUAGE <address@hidden>\n"
@@ -64,6 +64,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a "
+"href=\"https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9\";>
"
+"surveillance, and danger of sabotage</a> (of a specific user, or of all "
+"users at once), as well as the risk of an outage (which is what just "
+"happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Researchers have discovered how to <a "
"href=\"http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\";>
"
"hide voice commands in other audio</a>, so that people cannot hear them, but "
@@ -115,7 +132,7 @@
msgid ""
"Apple devices lock users in <a "
"href=\"https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347\";>
"
-"solely to Apple services</a> by being designed to be imcompatible with all "
+"solely to Apple services</a> by being designed to be incompatible with all "
"other options, ethical or unethical."
msgstr ""
Index: malware-appliances.ru.po
===================================================================
RCS file: /web/www/www/proprietary/po/malware-appliances.ru.po,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -b -r1.112 -r1.113
--- malware-appliances.ru.po 26 Sep 2018 17:57:34 -0000 1.112
+++ malware-appliances.ru.po 1 Oct 2018 07:58:15 -0000 1.113
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: malware-appliances.html\n"
-"POT-Creation-Date: 2018-09-26 17:26+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: 2018-09-26 16:09+0000\n"
"Last-Translator: Ineiev <address@hidden>\n"
"Language-Team: Russian <address@hidden>\n"
@@ -15,6 +15,7 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Outdated-Since: 2018-10-01 07:55+0000\n"
#. type: Content of: <title>
msgid "Malware in Appliances - GNU Project - Free Software Foundation"
@@ -82,6 +83,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a href="
+"\"https://www.businessinsider.com/honeywell-iot-thermostats-server-";
+"outage-2018-9\"> surveillance, and danger of sabotage</a> (of a specific "
+"user, or of all users at once), as well as the risk of an outage (which is "
+"what just happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Researchers have discovered how to <a href=\"http://news.rub.de/english/";
"press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> hide "
"voice commands in other audio</a>, so that people cannot hear them, but "
@@ -158,10 +176,20 @@
"geolocation-drm\">Netflix Ñоже вÑедоноÑно</a>."
#. type: Content of: <ul><li><p>
+# | Apple devices lock users in <a
+# |
href=\"https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347\";>
+# | solely to Apple services</a> by being designed to be i[-m-]{+n+}compatible
+# | with all other options, ethical or unethical.
+#, fuzzy
+#| msgid ""
+#| "Apple devices lock users in <a href=\"https://gizmodo.com/homepod-is-the-";
+#| "ultimate-apple-product-in-a-bad-way-1822883347\"> solely to Apple "
+#| "services</a> by being designed to be imcompatible with all other options, "
+#| "ethical or unethical."
msgid ""
"Apple devices lock users in <a href=\"https://gizmodo.com/homepod-is-the-";
"ultimate-apple-product-in-a-bad-way-1822883347\"> solely to Apple services</"
-"a> by being designed to be imcompatible with all other options, ethical or "
+"a> by being designed to be incompatible with all other options, ethical or "
"unethical."
msgstr ""
"УÑÑÑойÑÑва Apple замÑкаÑÑ Ð¿Ð¾Ð»ÑзоваÑелей <a
href=\"https://gizmodo.com/";
Index: proprietary-surveillance.de.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.de.po,v
retrieving revision 1.229
retrieving revision 1.230
diff -u -b -r1.229 -r1.230
--- proprietary-surveillance.de.po 30 Sep 2018 18:28:15 -0000 1.229
+++ proprietary-surveillance.de.po 1 Oct 2018 07:58:15 -0000 1.230
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
"Report-Msgid-Bugs-To: Webmasters <address@hidden>\n"
-"POT-Creation-Date: 2018-09-30 18:25+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: 2018-05-18 22:00+0200\n"
"Last-Translator: Jоегg Kоhпе <joeko (AT) online [PUNKT] de>\n"
"Language-Team: German <address@hidden>\n"
@@ -3581,6 +3581,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a href="
+"\"https://www.businessinsider.com/honeywell-iot-thermostats-server-";
+"outage-2018-9\"> surveillance, and danger of sabotage</a> (of a specific "
+"user, or of all users at once), as well as the risk of an outage (which is "
+"what just happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Crackers found a way to break the security of an Amazon device, and <a href="
"\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\";> turn it into a "
"listening device</a> for them."
Index: proprietary-surveillance.fr.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.fr.po,v
retrieving revision 1.313
retrieving revision 1.314
diff -u -b -r1.313 -r1.314
--- proprietary-surveillance.fr.po 30 Sep 2018 21:07:38 -0000 1.313
+++ proprietary-surveillance.fr.po 1 Oct 2018 07:58:15 -0000 1.314
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-09-30 18:25+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: 2018-09-30 23:07+0200\n"
"Last-Translator: Félicien Pillot <felicien AT gnu.org>\n"
"Language-Team: French <address@hidden>\n"
@@ -15,6 +15,7 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Outdated-Since: 2018-10-01 07:55+0000\n"
"Plural-Forms: \n"
"X-Generator: Gtranslator 2.91.5\n"
@@ -2924,6 +2925,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a href="
+"\"https://www.businessinsider.com/honeywell-iot-thermostats-server-";
+"outage-2018-9\"> surveillance, and danger of sabotage</a> (of a specific "
+"user, or of all users at once), as well as the risk of an outage (which is "
+"what just happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Crackers found a way to break the security of an Amazon device, and <a href="
"\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\";> turn it into a "
"listening device</a> for them."
Index: proprietary-surveillance.it-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.it-diff.html,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -b -r1.69 -r1.70
--- proprietary-surveillance.it-diff.html 30 Sep 2018 18:28:15 -0000
1.69
+++ proprietary-surveillance.it-diff.html 1 Oct 2018 07:58:15 -0000
1.70
@@ -492,13 +492,25 @@
<span class="inserted"><ins><em><ul class="blurbs">
<li id="M201509220"></em></ins></span>
- <p><a <span
class="removed"><del><strong>href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found that 90%</strong></del></span>
+ <p><a <span
class="removed"><del><strong>href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found that 90% of the top-ranked gratis
+ proprietary Android apps contained recognizable tracking libraries.
For</strong></del></span>
<span
class="inserted"><ins><em>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
Lenovo stealthily installed crapware and spyware via
- BIOS</a> on Windows installs. Note that the specific
- sabotage method Lenovo used did not affect GNU/Linux; also, a
- “clean” Windows install is not really clean since <a
- href="/proprietary/malware-microsoft.html">Microsoft puts in its
+ BIOS</a> on Windows installs. Note that</em></ins></span> the <span
class="removed"><del><strong>paid proprietary apps, it was only 60%.</p>
+
+ <p>The article confusingly describes gratis apps as “free”,
+ but most of them are</strong></del></span> <span
class="inserted"><ins><em>specific
+ sabotage method Lenovo used did</em></ins></span> not <span
class="removed"><del><strong>in fact
+ <a href="/philosophy/free-sw.html">free software</a>.
+ It also uses the ugly word “monetize”. A good replacement
+ for that word</strong></del></span> <span class="inserted"><ins><em>affect
GNU/Linux; also, a
+ “clean” Windows install</em></ins></span> is <span
class="removed"><del><strong>“exploit”; nearly always that will fit
+ perfectly.</p>
+</li>
+
+<li>
+ <p>Apps for BART</strong></del></span> <span
class="inserted"><ins><em>not really clean since</em></ins></span> <a <span
class="removed"><del><strong>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop</strong></del></span>
+ <span
class="inserted"><ins><em>href="/proprietary/malware-microsoft.html">Microsoft
puts in its
own malware</a>.</p>
</li>
</ul>
@@ -506,7 +518,9 @@
<div class="big-section">
- <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
+ <h3 id="SpywareOnMobiles">Spyware</em></ins></span> on <span
class="removed"><del><strong>users</a>.</p>
+ <p>With free software apps, users could <em>make sure</em>
that they don't snoop.</p>
+ <p>With</strong></del></span> <span
class="inserted"><ins><em>Mobiles</h3>
<span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
</div>
<div style="clear: left;"></div>
@@ -520,19 +534,38 @@
<li id="M201601110">
<p>The natural extension of monitoring
people through “their” phones is <a
-
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
- proprietary software to make sure they can't “fool”
- the monitoring</a>.</p>
+
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html"></em></ins></span>
+ proprietary <span class="removed"><del><strong>apps, one can only hope
that</strong></del></span> <span class="inserted"><ins><em>software to make
sure</em></ins></span> they <span
class="removed"><del><strong>don't.</p></strong></del></span> <span
class="inserted"><ins><em>can't “fool”
+ the monitoring</a>.</p></em></ins></span>
</li>
- <li id="M201510050">
- <p>According to Edward Snowden, <a
- href="http://www.bbc.com/news/uk-34444233">agencies can take over
+<span class="removed"><del><strong><li>
+ <p>A study found 234 Android apps that track users by
+ <a
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201510050">
+ <p>According</em></ins></span> to <span
class="removed"><del><strong>ultrasound from beacons placed in stores or played
by TV programs</a>.
+ </p>
+
+</li>
+
+<li>
+ <p>Pairs of Android apps</strong></del></span> <span
class="inserted"><ins><em>Edward Snowden, <a
+ href="http://www.bbc.com/news/uk-34444233">agencies</em></ins></span>
can <span class="removed"><del><strong>collude</strong></del></span> <span
class="inserted"><ins><em>take over
smartphones</a> by sending hidden text messages which enable
- them to turn the phones on and off, listen to the microphone,
- retrieve geo-location data from the GPS, take photographs, read
+ them</em></ins></span> to <span class="removed"><del><strong>transmit
users' personal
+ data</strong></del></span> <span class="inserted"><ins><em>turn the
phones on and off, listen</em></ins></span> to <span
class="removed"><del><strong>servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
+ tens of thousands of pairs that collude</a>.</p>
+</li>
+
+<li>
+<p>Google Play intentionally sends app developers <a
+href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"></strong></del></span>
the <span class="removed"><del><strong>personal details of users that
install</strong></del></span> <span class="inserted"><ins><em>microphone,
+ retrieve geo-location data from</em></ins></span> the <span
class="removed"><del><strong>app</a>.</p>
+
+<p>Merely asking</strong></del></span> <span
class="inserted"><ins><em>GPS, take photographs, read
text messages, read call, location and web browsing history, and
- read the contact list. This malware is designed to disguise itself
+ read</em></ins></span> the <span
class="removed"><del><strong>“consent” of
users</strong></del></span> <span class="inserted"><ins><em>contact list. This
malware</em></ins></span> is <span class="removed"><del><strong>not
enough</strong></del></span> <span
class="inserted"><ins><em>designed</em></ins></span> to <span
class="removed"><del><strong>legitimize actions like this.
At</strong></del></span> <span class="inserted"><ins><em>disguise itself
from investigation.</p>
</li>
@@ -541,19 +574,25 @@
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
The NSA can tap data in smart phones, including iPhones,
Android, and BlackBerry</a>. While there is not much
- detail here, it seems that this does not operate via
- the universal back door that we know nearly all portable
- phones have. It may involve exploiting various bugs. There are <a
+ detail here, it seems that</em></ins></span> this <span
class="removed"><del><strong>point, most users have
+stopped reading</strong></del></span> <span class="inserted"><ins><em>does not
operate via</em></ins></span>
+ the <span class="removed"><del><strong>“Terms and
Conditions”</strong></del></span> <span
class="inserted"><ins><em>universal back door</em></ins></span> that <span
class="removed"><del><strong>spell out
+what they</strong></del></span> <span class="inserted"><ins><em>we know nearly
all portable
+ phones have. It may involve exploiting various bugs.
There</em></ins></span> are <span
class="removed"><del><strong>“consenting” to. Google should clearly
+and honestly identify</strong></del></span> <span
class="inserted"><ins><em><a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
- lots of bugs in the phones' radio software</a>.</p>
+ lots of bugs in</em></ins></span> the <span
class="removed"><del><strong>information it collects</strong></del></span>
<span class="inserted"><ins><em>phones' radio software</a>.</p>
</li>
<li id="M201307000">
<p>Portable phones with GPS <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
- will send their GPS location on remote command, and users cannot stop
- them</a>. (The US says it will eventually require all new portable
phones
- to have GPS.)</p>
+ will send their GPS location</em></ins></span> on <span
class="removed"><del><strong>users, instead
+of hiding</strong></del></span> <span class="inserted"><ins><em>remote
command, and users cannot stop
+ them</a>. (The US says</em></ins></span> it <span
class="removed"><del><strong>in an obscurely worded EULA.</p>
+
+<p>However,</strong></del></span> <span class="inserted"><ins><em>will
eventually require all new portable phones</em></ins></span>
+ to <span class="removed"><del><strong>truly protect people's privacy, we
must prevent Google</strong></del></span> <span class="inserted"><ins><em>have
GPS.)</p>
</li>
</ul>
@@ -565,10 +604,11 @@
<ul class="blurbs">
<li id="M201711250">
- <p>The DMCA and the EU Copyright Directive make it <a
+ <p>The DMCA</em></ins></span> and <span
class="removed"><del><strong>other companies from getting</strong></del></span>
<span class="inserted"><ins><em>the EU Copyright Directive make it <a
href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
- illegal to study how iOS cr…apps spy on users</a>, because
- this would require circumventing the iOS DRM.</p>
+ illegal to study how iOS cr…apps spy on users</a>,
because</em></ins></span>
+ this <span class="removed"><del><strong>personal information
in</strong></del></span> <span class="inserted"><ins><em>would require
circumventing</em></ins></span> the <span class="removed"><del><strong>first
+place!</p></strong></del></span> <span class="inserted"><ins><em>iOS
DRM.</p>
</li>
<li id="M201709210">
@@ -585,41 +625,52 @@
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>—which would mean no way
to use it without having your fingerprints taken. Users would have
- no way to tell whether the phone is snooping on them.</p>
+ no way to tell whether the phone is snooping on
them.</p></em></ins></span>
</li>
- <li id="M201611170">
+ <span class="removed"><del><strong><li>
+ <p>Google Play (a component</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201611170">
<p>iPhones <a
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
- lots of personal data to Apple's servers</a>. Big Brother can get
+ lots</em></ins></span> of <span
class="removed"><del><strong>Android)</strong></del></span> <span
class="inserted"><ins><em>personal data to Apple's servers</a>. Big
Brother can get
them from there.</p>
</li>
<li id="M201609280">
- <p>The iMessage app on iThings <a
-
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every phone number that the user types into it</a>; the
+ <p>The iMessage app on iThings</em></ins></span> <a
+ <span
class="removed"><del><strong>href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
+ tracks</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
+ a server every phone number that</em></ins></span> the <span
class="removed"><del><strong>users' movements without their
permission</a>.</p>
+
+ <p>Even if you disable Google Maps</strong></del></span> <span
class="inserted"><ins><em>user types into it</a>; the
server records these numbers for at least 30 days.</p>
</li>
<li id="M201509240">
- <p>iThings automatically upload to Apple's servers all the photos
- and videos they make.</p>
+ <p>iThings automatically upload to Apple's servers all the
photos</em></ins></span>
+ and <span class="removed"><del><strong>location
tracking,</strong></del></span> <span class="inserted"><ins><em>videos they
make.</p>
- <blockquote><p> iCloud Photo Library stores every photo and
video you
- take, and keeps them up to date on all your devices. Any edits you
+ <blockquote><p> iCloud Photo Library stores every photo and
video</em></ins></span> you <span class="removed"><del><strong>must
+ disable Google Play itself</strong></del></span>
+ <span class="inserted"><ins><em>take, and keeps them up</em></ins></span>
to <span class="removed"><del><strong>completely stop the tracking.
This</strong></del></span> <span class="inserted"><ins><em>date on all your
devices. Any edits you
make are automatically updated everywhere. […]
</p></blockquote>
<p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
- information</a> as accessed on 24 Sep 2015.) The iCloud feature is
- <a href="https://support.apple.com/en-us/HT202033">activated by the
- startup of iOS</a>. The term “cloud” means “please
+ information</a> as accessed on 24 Sep 2015.) The iCloud
feature</em></ins></span> is
+ <span class="removed"><del><strong>yet another
example</strong></del></span>
+ <span class="inserted"><ins><em><a
href="https://support.apple.com/en-us/HT202033">activated by the
+ startup</em></ins></span> of <span class="removed"><del><strong>nonfree
software pretending</strong></del></span> <span
class="inserted"><ins><em>iOS</a>. The term “cloud” means
“please
don't ask where.”</p>
- <p>There is a way to
- <a href="https://support.apple.com/en-us/HT201104"> deactivate
- iCloud</a>, but it's active by default so it still counts as a
- surveillance functionality.</p>
+ <p>There is a way</em></ins></span> to <span
class="removed"><del><strong>obey the user,
+ when</strong></del></span>
+ <span class="inserted"><ins><em><a
href="https://support.apple.com/en-us/HT201104"> deactivate
+ iCloud</a>, but</em></ins></span> it's <span
class="removed"><del><strong>actually doing something else.
Such</strong></del></span> <span class="inserted"><ins><em>active by default so
it still counts as</em></ins></span> a <span class="removed"><del><strong>thing
would be almost
+ unthinkable</strong></del></span>
+ <span class="inserted"><ins><em>surveillance functionality.</p>
<p>Unknown people apparently took advantage of this to <a
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
@@ -633,55 +684,67 @@
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
remotely extract some data from iPhones for the state</a>.</p>
- <p>This may have improved with <a
+ <p>This may have improved</em></ins></span> with <span
class="removed"><del><strong>free software.</p></strong></del></span>
<span class="inserted"><ins><em><a
href="http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html">
iOS 8 security improvements</a>; but <a
href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
- not as much as Apple claims</a>.</p>
+ not as much as Apple claims</a>.</p></em></ins></span>
</li>
- <li id="M201407230">
+ <span
class="removed"><del><strong><li><p>More</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201407230">
<p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
- Several “features”</em></ins></span> of <span
class="inserted"><ins><em>iOS seem to exist
- for no possible purpose other than surveillance</a>. Here
is</em></ins></span> the <span
class="removed"><del><strong>top-ranked</strong></del></span> <span
class="inserted"><ins><em><a
-
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Several “features” of iOS seem to exist
+ for no possible purpose other</em></ins></span> than <span
class="removed"><del><strong>73% of</strong></del></span> <span
class="inserted"><ins><em>surveillance</a>. Here is</em></ins></span>
the <span class="removed"><del><strong>most popular Android
apps</strong></del></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share
personal,
+ behavioral</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
Technical presentation</a>.</p>
</li>
<li id="M201401100">
<p>The <a class="not-a-duplicate"
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets stores determine exactly where the iThing is, and
- get other info too.</p>
+ iBeacon</a> lets stores determine exactly where the iThing
is,</em></ins></span> and <span class="removed"><del><strong>location
information</a> of their users with third
parties.</p></strong></del></span>
+ <span class="inserted"><ins><em>get other info
too.</p></em></ins></span>
</li>
- <li id="M201312300">
+ <span class="removed"><del><strong><li><p>“Cryptic
communication,” unrelated to</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201312300">
<p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either Apple helps the NSA snoop on all the data in an iThing, or it
+ Either Apple helps</em></ins></span> the <span
class="removed"><del><strong>app's functionality,
+ was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in</strong></del></span> <span class="inserted"><ins><em>NSA snoop on
all</em></ins></span> the <span class="removed"><del><strong>500 most popular
gratis Android apps</a>.</p></strong></del></span> <span
class="inserted"><ins><em>data in an iThing, or it
is totally incompetent</a>.</p>
</li>
- <li id="M201308080">
- <p>The iThing also <a
+ <li id="M201308080"></em></ins></span>
+ <p>The <span class="removed"><del><strong>article should not have
described these apps as
+ “free”—they are not free software. The clear
way</strong></del></span> <span class="inserted"><ins><em>iThing also <a
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
tells Apple its geolocation</a> by default, though that can be
turned off.</p>
</li>
<li id="M201210170">
- <p>There is also a feature for web sites to track users, which is
<a
+ <p>There is also a feature for web sites</em></ins></span> to <span
class="removed"><del><strong>say
+ “zero price”</strong></del></span> <span
class="inserted"><ins><em>track users, which</em></ins></span> is <span
class="removed"><del><strong>“gratis.”</p>
+
+ <p>The</strong></del></span> <span class="inserted"><ins><em><a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
- enabled by default</a>. (That article talks about iOS 6, but it is
- still true in iOS 7.)</p>
+ enabled by default</a>. (That</em></ins></span> article <span
class="removed"><del><strong>takes for granted that the usual analytics tools
are
+ legitimate,</strong></del></span> <span class="inserted"><ins><em>talks
about iOS 6,</em></ins></span> but <span
class="inserted"><ins><em>it</em></ins></span> is <span
class="removed"><del><strong>that valid? Software developers have no
right</strong></del></span>
+ <span class="inserted"><ins><em>still true in iOS 7.)</p>
</li>
<li id="M201204280">
<p>Users cannot make an Apple ID (<a
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">
- necessary to install even</em></ins></span> gratis
- <span class="removed"><del><strong>proprietary Android apps contained
recognizable tracking libraries. For</strong></del></span> <span
class="inserted"><ins><em>apps</a>) without giving a valid
+ necessary</em></ins></span> to
+ <span class="removed"><del><strong>analyze what users are doing or how.
“Analytics” tools that snoop</strong></del></span> <span
class="inserted"><ins><em>install even gratis apps</a>) without giving a
valid
email address and receiving the verification code Apple sends
to it.</p>
</li>
@@ -697,110 +760,162 @@
<li id="M201711210">
<p>Android tracks location for Google <a
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
- even when “location services” are turned off, even
when</em></ins></span>
- the <span class="removed"><del><strong>paid proprietary apps, it was only
60%.</p>
-
- <p>The article confusingly describes gratis apps as “free”,
- but most</strong></del></span> <span class="inserted"><ins><em>phone has no
SIM card</a>.</p>
- </li>
-
- <li id="M201611150">
- <p>Some portable phones <a
-
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
- sold with spyware sending lots</em></ins></span> of <span
class="removed"><del><strong>them are not in fact</strong></del></span> <span
class="inserted"><ins><em>data to China</a>.</p>
+ even when “location services”</em></ins></span> are
+ <span class="removed"><del><strong>just as wrong as any other
snooping.</p></strong></del></span> <span
class="inserted"><ins><em>turned off, even when
+ the phone has no SIM card</a>.</p></em></ins></span>
+ </li>
+ <span class="removed"><del><strong><li><p>Gratis Android apps
(but not</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201611150">
+ <p>Some portable phones</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/free-sw.html">free
software</a>)
+ connect</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
+ sold with spyware sending lots of data</em></ins></span> to <span
class="removed"><del><strong>100</strong></del></span> <span
class="inserted"><ins><em>China</a>.</p>
</li>
<li id="M201609140">
- <p>Google Play (a component of Android)</em></ins></span> <a
<span class="removed"><del><strong>href="/philosophy/free-sw.html">free
software</a>.
- It also uses</strong></del></span>
+ <p>Google Play (a component of Android)</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
- tracks</em></ins></span> the <span class="removed"><del><strong>ugly word
“monetize”. A good replacement
- for that word</strong></del></span> <span class="inserted"><ins><em>users'
movements without their permission</a>.</p>
+ tracks the users' movements without their permission</a>.</p>
- <p>Even if you disable Google Maps and location tracking, you must
- disable Google Play itself to completely stop the tracking.
This</em></ins></span> is <span
class="removed"><del><strong>“exploit”; nearly always that will fit
- perfectly.</p></strong></del></span>
- <span class="inserted"><ins><em>yet another example of nonfree software
pretending to obey the user,
- when it's actually doing something else. Such a thing would be almost
- unthinkable with free software.</p></em></ins></span>
+ <p>Even if you disable Google Maps</em></ins></span> and <span
class="removed"><del><strong>advertising</a> URLs,
+ on</strong></del></span> <span class="inserted"><ins><em>location
tracking, you must
+ disable Google Play itself to completely stop</em></ins></span> the <span
class="removed"><del><strong>average.</p>
+ </li>
+ <li><p>Spyware</strong></del></span> <span
class="inserted"><ins><em>tracking. This</em></ins></span> is <span
class="removed"><del><strong>present in some Android
devices</strong></del></span>
+ <span class="inserted"><ins><em>yet another example of nonfree software
pretending to obey the user,</em></ins></span>
+ when <span class="removed"><del><strong>they are sold.
+ Some Motorola</strong></del></span> <span class="inserted"><ins><em>it's
actually doing something else. Such a thing would be almost
+ unthinkable with free software.</p>
</li>
-<span class="removed"><del><strong><li>
- <p>Apps for BART</strong></del></span>
+ <li id="M201507030">
+ <p>Samsung</em></ins></span> phones <span
class="removed"><del><strong>modify Android to</strong></del></span> <span
class="inserted"><ins><em>come with</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
+ that users can't delete</a>, and they</em></ins></span> send <span
class="removed"><del><strong>personal</strong></del></span> <span
class="inserted"><ins><em>so much</em></ins></span> data <span
class="removed"><del><strong>to Motorola</a>.</p>
+ </li>
- <span class="inserted"><ins><em><li id="M201507030">
- <p>Samsung phones come with</em></ins></span> <a <span
class="removed"><del><strong>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
on users</a>.</p>
- <p>With free software apps, users could <em>make
sure</em></strong></del></span>
- <span
class="inserted"><ins><em>href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps</em></ins></span>
- that <span class="inserted"><ins><em>users can't delete</a>,
and</em></ins></span> they <span class="removed"><del><strong>don't
snoop.</p>
- <p>With proprietary apps, one can only hope</strong></del></span>
<span class="inserted"><ins><em>send so much data</em></ins></span> that <span
class="removed"><del><strong>they don't.</p></strong></del></span> <span
class="inserted"><ins><em>their
- transmission is a substantial expense for users. Said transmission,
+ <li><p>Some manufacturers add</strong></del></span> <span
class="inserted"><ins><em>that their
+ transmission is</em></ins></span> a
+ <span class="removed"><del><strong><a
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ hidden general surveillance package such as Carrier
IQ.</a></p></strong></del></span> <span
class="inserted"><ins><em>substantial expense for users. Said transmission,
not wanted or requested by the user, clearly must constitute spying
of some kind.</p></em></ins></span>
</li>
-<span class="removed"><del><strong><li>
- <p>A study found 234</strong></del></span>
+ <span
class="removed"><del><strong><li><p><a</strong></del></span>
<span class="inserted"><ins><em><li id="M201403120">
- <p><a href="/proprietary/proprietary-back-doors.html#samsung">
+ <p><a</em></ins></span>
href="/proprietary/proprietary-back-doors.html#samsung">
Samsung's back door</a> provides access to any file on the
system.</p>
</li>
+<span class="removed"><del><strong></ul>
- <li id="M201308010">
- <p>Spyware in</em></ins></span> Android <span
class="removed"><del><strong>apps that track users</strong></del></span> <span
class="inserted"><ins><em>phones (and Windows? laptops): The Wall Street
- Journal (in an article blocked from us</em></ins></span> by <span
class="inserted"><ins><em>a paywall) reports that <a
-
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
- the FBI can remotely activate the GPS and microphone in Android phones
- and laptops</a>. (I suspect this means Windows laptops.) Here
is</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
- to ultrasound from beacons placed in stores or played by TV
programs</a>.
- </p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p></em></ins></span>
- </li>
-<span class="removed"><del><strong><li>
- <p>Pairs of</strong></del></span>
- <span class="inserted"><ins><em><li id="M201307280">
+<!-- #SpywareOnMobiles -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+
+<div class="big-section">
+ <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareIniThings">Spyware</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201308010">
+ <p>Spyware</em></ins></span> in <span
class="removed"><del><strong>iThings</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
+</div>
+
+<ul>
+ <li><p>Apple proposes</strong></del></span> <span
class="inserted"><ins><em>Android phones (and Windows? laptops): The Wall Street
+ Journal (in an article blocked from us by a paywall) reports
that</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>
+ — which would mean no way to use it without having your
fingerprints
+ taken. Users would have no way to tell whether</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"></em></ins></span>
+ the <span class="removed"><del><strong>phone</strong></del></span> <span
class="inserted"><ins><em>FBI can remotely activate the GPS and microphone in
Android phones
+ and laptops</a>. (I suspect this means Windows laptops.)
Here</em></ins></span> is <span class="removed"><del><strong>snooping on
+ them.</p></li>
+
+ <li><p>iPhones</strong></del></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send
+ lots of</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
+ </li>
+
+ <li id="M201307280">
<p>Spyware is present in some Android devices when
- they are sold. Some Motorola phones modify</em></ins></span> Android
<span class="removed"><del><strong>apps can collude</strong></del></span> to
<span class="removed"><del><strong>transmit users'</strong></del></span> <span
class="inserted"><ins><em><a
+ they are sold. Some Motorola phones modify Android to <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
- send</em></ins></span> personal data to <span
class="removed"><del><strong>servers.</strong></del></span> <span
class="inserted"><ins><em>Motorola</a>.</p>
+ send</em></ins></span> personal data to <span
class="removed"><del><strong>Apple's servers</a>. Big Brother can
+ get them from there.</p></strong></del></span> <span
class="inserted"><ins><em>Motorola</a>.</p></em></ins></span>
</li>
- <li id="M201307250">
- <p>A Motorola phone</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
- tens of thousands of pairs that
collude</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
- listens for voice all the time</a>.</p></em></ins></span>
+ <span class="removed"><del><strong><li><p>The iMessage app on
iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
+ a server every</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201307250">
+ <p>A Motorola</em></ins></span> phone <span
class="removed"><del><strong>number that the user types into it</a>; the
server records these numbers</strong></del></span> <span
class="inserted"><ins><em><a
+
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens</em></ins></span> for <span class="removed"><del><strong>at least
30
+ days.</p></strong></del></span> <span
class="inserted"><ins><em>voice all the
time</a>.</p></em></ins></span>
</li>
-<span class="removed"><del><strong><li></strong></del></span>
+ <span class="removed"><del><strong><li><p>Users cannot make an
Apple ID</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201302150">
+ <p>Google Play intentionally sends app developers</em></ins></span>
<a <span
class="removed"><del><strong>href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary
to install even gratis apps)</a>
+ without giving a valid email address and receiving</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"></em></ins></span>
+ the <span class="removed"><del><strong>code Apple
+ sends to it.</p>
+ </li>
- <span class="inserted"><ins><em><li id="M201302150"></em></ins></span>
- <p>Google Play intentionally sends app developers <a
-
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
- the personal details of users that install the app</a>.</p>
+ <li><p>Around 47%</strong></del></span> <span
class="inserted"><ins><em>personal details</em></ins></span> of <span
class="inserted"><ins><em>users that install</em></ins></span> the <span
class="removed"><del><strong>most popular iOS apps
+ <a class="not-a-duplicate"
+ href="http://jots.pub/a/2015103001/index.php">share personal,
+ behavioral and location information</a></strong></del></span>
<span class="inserted"><ins><em>app</a>.</p>
- <p>Merely asking the “consent” of users is not enough to
- legitimize actions like this. At this point, most users have stopped
- reading the “Terms and Conditions” that spell out what
- they are “consenting” to. Google should clearly and
- honestly identify the information it collects on users, instead of
- hiding it in an obscurely worded EULA.</p>
+ <p>Merely asking the “consent”</em></ins></span> of
<span class="removed"><del><strong>their</strong></del></span> users <span
class="removed"><del><strong>with third parties.</p>
+ </li>
+
+ <li><p>iThings automatically upload</strong></del></span> <span
class="inserted"><ins><em>is not enough</em></ins></span> to <span
class="removed"><del><strong>Apple's servers all</strong></del></span>
+ <span class="inserted"><ins><em>legitimize actions like this. At this
point, most users have stopped
+ reading</em></ins></span> the <span
class="removed"><del><strong>photos</strong></del></span> <span
class="inserted"><ins><em>“Terms</em></ins></span> and
+ <span class="removed"><del><strong>videos</strong></del></span> <span
class="inserted"><ins><em>Conditions” that spell out
what</em></ins></span>
+ they <span class="removed"><del><strong>make.</p>
+
+ <blockquote><p>
+ iCloud Photo Library stores every photo and video you take,
+ and keeps them up to date on all your devices.
+ Any edits you make</strong></del></span> are <span
class="removed"><del><strong>automatically updated everywhere. [...]
+ </p></blockquote>
+
+ <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
+ information</a> as accessed on 24 Sep 2015.) The iCloud feature is
+ <a href="https://support.apple.com/en-us/HT202033">activated
by</strong></del></span> <span
class="inserted"><ins><em>“consenting” to. Google should clearly
and
+ honestly identify</em></ins></span> the
+ <span class="removed"><del><strong>startup</strong></del></span> <span
class="inserted"><ins><em>information it collects on users,
instead</em></ins></span> of <span class="removed"><del><strong>iOS</a>.
The term “cloud” means
+ “please don't ask where.”</p>
+
+ <p>There is a way to <a
href="https://support.apple.com/en-us/HT201104">
+ deactivate iCloud</a>, but it's active by default
so</strong></del></span>
+ <span class="inserted"><ins><em>hiding</em></ins></span> it <span
class="removed"><del><strong>still counts as</strong></del></span> <span
class="inserted"><ins><em>in an obscurely worded EULA.</p>
<p>However, to truly protect people's privacy, we must prevent Google
and other companies from getting this personal information in the
first place!</p>
</li>
- <span class="removed"><del><strong><li>
- <p>Google Play (a component</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201111170">
- <p>Some manufacturers add a <a
+ <li id="M201111170">
+ <p>Some manufacturers add</em></ins></span> a <span
class="inserted"><ins><em><a
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
- hidden general surveillance package such as Carrier IQ</a>.</p>
+ hidden general</em></ins></span> surveillance <span
class="removed"><del><strong>functionality.</p>
+
+ <p>Unknown people apparently took advantage of</strong></del></span>
<span class="inserted"><ins><em>package such as Carrier IQ</a>.</p>
</li>
</ul>
@@ -814,31 +929,37 @@
<li id="M201603080">
<p>E-books can contain JavaScript code, and <a
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
- sometimes this code snoops on readers</a>.</p>
+ sometimes</em></ins></span> this <span
class="removed"><del><strong>to</strong></del></span> <span
class="inserted"><ins><em>code snoops on readers</a>.</p>
</li>
<li id="M201410080">
<p>Adobe made “Digital Editions,”
- the e-reader used by most US libraries, <a
-
href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
- send lots</em></ins></span> of <span
class="removed"><del><strong>Android)</strong></del></span> <span
class="inserted"><ins><em>data to Adobe</a>. Adobe's
“excuse”: it's
- needed to check DRM!</p>
+ the e-reader used by most US libraries,</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
+ send lots</em></ins></span> of <span class="removed"><del><strong>many
celebrities</a>. They needed</strong></del></span> <span
class="inserted"><ins><em>data</em></ins></span> to <span
class="removed"><del><strong>break Apple's
+ security</strong></del></span> <span
class="inserted"><ins><em>Adobe</a>. Adobe's “excuse”: it's
+ needed</em></ins></span> to <span class="removed"><del><strong>get at
them, but NSA can access any of them through</strong></del></span> <span
class="inserted"><ins><em>check DRM!</p>
</li>
<li id="M201212031">
- <p>The Electronic Frontier Foundation has examined and
found</em></ins></span> <a
- <span
class="removed"><del><strong>href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
- tracks</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.eff.org/pages/reader-privacy-chart-2012">various
- kinds of surveillance in</em></ins></span> the <span
class="removed"><del><strong>users' movements without their
permission</a>.</p>
+ <p>The Electronic Frontier Foundation has examined and
found</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
+ </p></li>
- <p>Even if you disable Google Maps</strong></del></span> <span
class="inserted"><ins><em>Swindle</em></ins></span> and <span
class="inserted"><ins><em>other e-readers</a>.</p>
+ <li><p>Spyware</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.eff.org/pages/reader-privacy-chart-2012">various
+ kinds of surveillance</em></ins></span> in <span
class="removed"><del><strong>iThings:
+ the <a class="not-a-duplicate"
+
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a> lets stores determine exactly
where</strong></del></span> the <span class="removed"><del><strong>iThing
is,</strong></del></span> <span
class="inserted"><ins><em>Swindle</em></ins></span> and <span
class="removed"><del><strong>get</strong></del></span> other <span
class="removed"><del><strong>info too.</p></strong></del></span> <span
class="inserted"><ins><em>e-readers</a>.</p></em></ins></span>
</li>
- <li id="M201212030">
+ <span class="removed"><del><strong><li><p>There is also a
feature for web sites to track users,</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201212030">
<p>Spyware in many e-readers—not only the Kindle: <a
href="https://www.eff.org/pages/reader-privacy-chart-2012"> they
- report even which page the user reads at what time</a>.</p>
+ report even</em></ins></span> which <span
class="removed"><del><strong>is</strong></del></span> <span
class="inserted"><ins><em>page the user reads at what time</a>.</p>
</li>
</ul>
@@ -857,221 +978,189 @@
<ul class="blurbs">
<li id="M201808030">
- <p>Some Google apps on Android <a
-
href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
+ <p>Some Google apps on Android</em></ins></span> <a <span
class="removed"><del><strong>href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled by default</a>. (That article talks about iOS
6,</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
record the user's location even when users disable “location
tracking”</a>.</p>
- <p>There are other ways to turn off the other kinds
of</em></ins></span> location
- tracking, <span class="inserted"><ins><em>but most users will be tricked
by the misleading control.</p>
+ <p>There are other ways to turn off the other kinds of location
+ tracking,</em></ins></span> but <span class="removed"><del><strong>it
+ is still true in iOS 7.)</p></strong></del></span> <span
class="inserted"><ins><em>most users will be tricked by the misleading
control.</p></em></ins></span>
</li>
- <li id="M201806110">
- <p>The Spanish football streaming app <a
-
href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks
+ <span class="removed"><del><strong><li><p>The iThing
also</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201806110">
+ <p>The Spanish football streaming app</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a> by default, though that
can</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks
the user's movements and listens through the
microphone</a>.</p>
<p>This makes them act as spies for licensing enforcement.</p>
<p>I expect it implements DRM, too—that there is no way to save
- a recording. But I can't be sure from the article.</p>
+ a recording. But I can't</em></ins></span> be
+ <span class="removed"><del><strong>turned
off.</p></strong></del></span> <span class="inserted"><ins><em>sure from
the article.</p>
- <p>If</em></ins></span> you <span class="removed"><del><strong>must
- disable Google Play itself</strong></del></span> <span
class="inserted"><ins><em>learn</em></ins></span> to <span
class="removed"><del><strong>completely stop the
tracking.</strong></del></span> <span class="inserted"><ins><em>care much less
about sports, you will benefit in
- many ways.</em></ins></span> This is
- <span class="removed"><del><strong>yet another example of nonfree software
pretending to obey the user,
- when it's actually doing something else. Such a thing would be almost
- unthinkable with free software.</p></strong></del></span> <span
class="inserted"><ins><em>one more.</p></em></ins></span>
+ <p>If you learn to care much less about sports, you will benefit in
+ many ways. This is one more.</p></em></ins></span>
</li>
- <span
class="removed"><del><strong><li><p>More</strong></del></span>
+ <span class="removed"><del><strong><li><p>Apple can, and
regularly does,</strong></del></span>
<span class="inserted"><ins><em><li id="M201804160">
- <p>More</em></ins></span> than <span
class="removed"><del><strong>73%</strong></del></span> <span
class="inserted"><ins><em><a
-
href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%</em></ins></span>
- of the <span class="removed"><del><strong>most
popular</strong></del></span> <span
class="inserted"><ins><em>5,855</em></ins></span> Android apps
- <span class="removed"><del><strong><a
href="http://jots.pub/a/2015103001/index.php">share personal,
- behavioral</strong></del></span> <span class="inserted"><ins><em>studied by
researchers were found to snoop</em></ins></span>
- and <span class="removed"><del><strong>location
information</a></strong></del></span> <span
class="inserted"><ins><em>collect information about its users</a>.
40%</em></ins></span> of <span class="removed"><del><strong>their users with
third parties.</p>
- </li>
-
- <li><p>“Cryptic communication,” unrelated
to</strong></del></span> the <span class="removed"><del><strong>app's
functionality,
- was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119"></strong></del></span>
<span class="inserted"><ins><em>apps were</em></ins></span>
- found <span class="inserted"><ins><em>to insecurely snitch on its users.
Furthermore, they could
- detect only some methods of snooping,</em></ins></span> in <span
class="removed"><del><strong>the 500 most popular gratis Android
apps</a>.</p>
-
- <p>The article should not have described</strong></del></span> these
<span class="inserted"><ins><em>proprietary</em></ins></span> apps <span
class="removed"><del><strong>as
- “free”—they are not free software.</strong></del></span>
<span class="inserted"><ins><em>whose
- source code they cannot look at.</em></ins></span> The <span
class="removed"><del><strong>clear way to say
- “zero price” is “gratis.”</p>
+ <p>More than</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some data from iPhones for the
state</a>.</p>
+ </li>
- <p>The article takes for granted that the usual analytics tools are
- legitimate, but</strong></del></span> <span class="inserted"><ins><em>other
apps might be snooping
+ <li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
+ Either Apple helps</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
+ of</em></ins></span> the <span
class="removed"><del><strong>NSA</strong></del></span> <span
class="inserted"><ins><em>5,855 Android apps studied by researchers were found
to</em></ins></span> snoop <span class="removed"><del><strong>on
all</strong></del></span>
+ <span class="inserted"><ins><em>and collect information about its
users</a>. 40% of</em></ins></span> the <span
class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>apps were
+ found to insecurely snitch on its users. Furthermore, they could
+ detect only some methods of snooping,</em></ins></span> in <span
class="removed"><del><strong>an iThing,
+ or it</strong></del></span> <span class="inserted"><ins><em>these
proprietary apps whose
+ source code they cannot look at. The other apps might be snooping
in other ways.</p>
- <p>This</em></ins></span> is <span
class="inserted"><ins><em>evidence</em></ins></span> that <span
class="removed"><del><strong>valid? Software developers have no right to
- analyze what users are doing or how. “Analytics” tools that
snoop are
- just as wrong as any other snooping.</p>
- </li>
- <li><p>Gratis Android</strong></del></span> <span
class="inserted"><ins><em>proprietary</em></ins></span> apps <span
class="removed"><del><strong>(but not <a
href="/philosophy/free-sw.html">free software</a>)
- connect to 100
- <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking</strong></del></span>
<span class="inserted"><ins><em>generally work against
- their users. To protect their privacy</em></ins></span> and <span
class="removed"><del><strong>advertising</a> URLs,
- on the average.</p>
- </li>
- <li><p>Spyware is present in some Android devices when they are
sold.
- Some Motorola phones modify</strong></del></span> <span
class="inserted"><ins><em>freedom,</em></ins></span> Android <span
class="inserted"><ins><em>users
- need</em></ins></span> to <span class="inserted"><ins><em>get rid of the
proprietary software—both proprietary
- Android by</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
- send personal data to Motorola</a>.</p>
- </li>
-
- <li><p>Some manufacturers add a
- <a
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
- hidden general surveillance package such as Carrier
IQ.</a></p>
- </li>
-
- <li><p><a
href="/proprietary/proprietary-back-doors.html#samsung">
- Samsung's back door</a> provides access</strong></del></span>
<span
class="inserted"><ins><em>href="https://replicant.us">switching</em></ins></span>
to <span class="removed"><del><strong>any file on</strong></del></span> <span
class="inserted"><ins><em>Replicant</a>,
- and the proprietary apps by getting apps from the free software
- only <a href="https://f-droid.org/">F-Droid store</a> that
<a
- href="https://f-droid.org/wiki/page/Antifeatures"> prominently
warns</em></ins></span>
- the <span
class="removed"><del><strong>system.</p></strong></del></span> <span
class="inserted"><ins><em>user if an app contains
anti-features</a>.</p></em></ins></span>
+ <p>This</em></ins></span> is <span
class="removed"><del><strong>totally incompetent.</a></p>
</li>
-<span class="removed"><del><strong></ul>
-
-
-<!-- #SpywareOnMobiles -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
-
-<div class="big-section">
- <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
-</div>
-<div style="clear: left;"></div>
+ <li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
+ Several “features”</strong></del></span> <span
class="inserted"><ins><em>evidence that proprietary apps generally work against
+ their users. To protect their privacy and freedom, Android users
+ need to get rid</em></ins></span> of <span
class="removed"><del><strong>iOS seem</strong></del></span> <span
class="inserted"><ins><em>the proprietary software—both proprietary
+ Android by <a
href="https://replicant.us">switching</em></ins></span> to <span
class="removed"><del><strong>exist for no
+ possible purpose other than surveillance</a>. Here
is</strong></del></span> <span class="inserted"><ins><em>Replicant</a>,
+ and the proprietary apps by getting apps from</em></ins></span> the <span
class="inserted"><ins><em>free software
+ only</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p></strong></del></span> <span
class="inserted"><ins><em>href="https://f-droid.org/">F-Droid
store</a> that <a
+ href="https://f-droid.org/wiki/page/Antifeatures"> prominently warns
+ the user if an app contains
anti-features</a>.</p></em></ins></span>
+ </li>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
- <h4 id="SpywareIniThings">Spyware in iThings</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
+ <h4 id="SpywareInTelephones">Spyware in Telephones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
</div>
<ul>
- <li><p>Apple proposes</strong></del></span>
+ <li><p>According to Edward Snowden,</strong></del></span>
<span class="inserted"><ins><em><li id="M201804020">
- <p>Grindr collects information about</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>
- —</strong></del></span>
+ <p>Grindr collects information about</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.bbc.com/news/uk-34444233">agencies
can take over smartphones</a>
+ by sending hidden text messages</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status"></em></ins></span>
- which <span class="removed"><del><strong>would mean no
way</strong></del></span> <span class="inserted"><ins><em>users are
HIV-positive, then provides the information</em></ins></span> to <span
class="removed"><del><strong>use it without having your fingerprints
- taken. Users would</strong></del></span>
- <span class="inserted"><ins><em>companies</a>.</p>
+ which <span class="removed"><del><strong>enable them</strong></del></span>
<span class="inserted"><ins><em>users are HIV-positive, then provides the
information to
+ companies</a>.</p>
- <p>Grindr should not</em></ins></span> have <span
class="removed"><del><strong>no way</strong></del></span> <span
class="inserted"><ins><em>so much information about its users.
+ <p>Grindr should not have so much information about its users.
It could be designed so that users communicate such info to each
- other but not</em></ins></span> to <span class="removed"><del><strong>tell
whether</strong></del></span> the <span class="removed"><del><strong>phone is
snooping</strong></del></span> <span class="inserted"><ins><em>server's
database.</p>
+ other but not</em></ins></span> to <span
class="removed"><del><strong>turn</strong></del></span> the <span
class="removed"><del><strong>phones</strong></del></span> <span
class="inserted"><ins><em>server's database.</p>
</li>
<li id="M201803050">
<p>The moviepass app and dis-service
- spy</em></ins></span> on
- <span class="removed"><del><strong>them.</p></li>
-
- <li><p>iPhones</strong></del></span> <span
class="inserted"><ins><em>users even more than users expected.
It</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send
- lots of personal data</strong></del></span>
- <span
class="inserted"><ins><em>href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
- where they travel before and after going</em></ins></span> to <span
class="removed"><del><strong>Apple's servers</a>. Big
Brother</strong></del></span> <span class="inserted"><ins><em>a
movie</a>.</p>
+ spy</em></ins></span> on <span class="inserted"><ins><em>users even more
than users expected. It <a
+
href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
+ where they travel before</em></ins></span> and <span
class="removed"><del><strong>off, listen</strong></del></span> <span
class="inserted"><ins><em>after going</em></ins></span> to <span
class="removed"><del><strong>the microphone, retrieve geo-location data from the
+ GPS, take photographs, read text messages, read call,
location</strong></del></span> <span class="inserted"><ins><em>a
movie</a>.</p>
<p>Don't be tracked—pay cash!</p>
</li>
<li id="M201711240">
<p>Tracking software in popular Android apps
- is pervasive and sometimes very clever. Some trackers</em></ins></span> can
- <span class="removed"><del><strong>get them from
there.</p></strong></del></span> <span class="inserted"><ins><em><a
+ is pervasive</em></ins></span> and <span class="removed"><del><strong>web
+ browsing history,</strong></del></span> <span
class="inserted"><ins><em>sometimes very clever. Some trackers can <a
href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
follow a user's movements around a physical store by noticing WiFi
- networks</a>.</p></em></ins></span>
+ networks</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>The
iMessage</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201708270">
- <p>The Sarahah</em></ins></span> app <span
class="removed"><del><strong>on iThings</strong></del></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
- uploads all</em></ins></span> phone <span
class="removed"><del><strong>number that the user types into it</a>; the
server records these</strong></del></span> numbers <span
class="removed"><del><strong>for at least 30
- days.</p>
- </li>
-
- <li><p>Users cannot make an Apple ID <a
href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary
to install even gratis apps)</a>
- without giving a valid</strong></del></span> <span
class="inserted"><ins><em>and</em></ins></span> email <span
class="inserted"><ins><em>addresses</a> in user's</em></ins></span>
address <span class="removed"><del><strong>and receiving</strong></del></span>
- <span class="inserted"><ins><em>book to developer's server. Note that
this article misuses</em></ins></span> the <span
class="removed"><del><strong>code Apple
- sends</strong></del></span> <span class="inserted"><ins><em>words
+ <li id="M201708270">
+ <p>The Sarahah app <a
+
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ uploads all phone numbers</em></ins></span> and <span
class="removed"><del><strong>read</strong></del></span> <span
class="inserted"><ins><em>email addresses</a> in user's address
+ book to developer's server. Note that this article
misuses</em></ins></span> the <span class="removed"><del><strong>contact list.
This malware is designed</strong></del></span> <span
class="inserted"><ins><em>words
“<a href="/philosophy/free-sw.html">free
software</a>”
- referring</em></ins></span> to <span
class="removed"><del><strong>it.</p></strong></del></span> <span
class="inserted"><ins><em>zero price.</p></em></ins></span>
+ referring</em></ins></span> to
+ <span class="removed"><del><strong>disguise itself from
investigation.</p></strong></del></span> <span
class="inserted"><ins><em>zero price.</p></em></ins></span>
</li>
- <span class="removed"><del><strong><li><p>Around 47% of the most
popular iOS</strong></del></span>
+ <span class="removed"><del><strong><li><p>Samsung phones come
with</strong></del></span>
<span class="inserted"><ins><em><li id="M201707270">
- <p>20 dishonest Android</em></ins></span> apps <span
class="inserted"><ins><em>recorded</em></ins></span> <a <span
class="removed"><del><strong>class="not-a-duplicate"
- href="http://jots.pub/a/2015103001/index.php">share personal,
- behavioral</strong></del></span>
+ <p>20 dishonest Android apps recorded</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
that users can't delete</a>,</strong></del></span>
<span
class="inserted"><ins><em>href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
- calls</em></ins></span> and <span class="removed"><del><strong>location
information</a> of their users with third parties.</p>
- </li>
+ calls and sent them and text messages and emails to
snoopers</a>.</p>
- <li><p>iThings automatically upload</strong></del></span> <span
class="inserted"><ins><em>sent them and text messages and
emails</em></ins></span> to <span class="removed"><del><strong>Apple's servers
all</strong></del></span> <span
class="inserted"><ins><em>snoopers</a>.</p>
-
- <p>Google did not intend to make these apps spy;
on</em></ins></span> the <span
class="removed"><del><strong>photos</strong></del></span> <span
class="inserted"><ins><em>contrary, it
- worked in various ways to prevent that,</em></ins></span> and
- <span class="removed"><del><strong>videos</strong></del></span> <span
class="inserted"><ins><em>deleted these apps after
- discovering what</em></ins></span> they <span
class="removed"><del><strong>make.</p>
-
- <blockquote><p>
- iCloud Photo Library stores every photo and video you
take,</strong></del></span> <span class="inserted"><ins><em>did. So we cannot
blame Google specifically
- for the snooping of these apps.</p>
-
- <p>On the other hand, Google redistributes nonfree Android
apps,</em></ins></span> and <span class="removed"><del><strong>keeps them up to
date on all your devices.
- Any edits you make are automatically updated everywhere. [...]
- </p></blockquote>
+ <p>Google did not intend to make these apps spy; on the contrary, it
+ worked in various ways to prevent that,</em></ins></span> and <span
class="inserted"><ins><em>deleted these apps after
+ discovering what</em></ins></span> they <span
class="removed"><del><strong>send so much data that their transmission is a
+ substantial expense</strong></del></span> <span
class="inserted"><ins><em>did. So we cannot blame Google
specifically</em></ins></span>
+ for <span class="removed"><del><strong>users. Said transmission, not
wanted or
+ requested by</strong></del></span> the <span
class="removed"><del><strong>user, clearly must constitute
spying</strong></del></span> <span
class="inserted"><ins><em>snooping</em></ins></span> of <span
class="removed"><del><strong>some
+ kind.</p></li>
- <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
- information</a></strong></del></span>
- <span class="inserted"><ins><em>therefore shares in the responsibility for
the injustice of their being
- nonfree. It also distributes its own nonfree apps, such</em></ins></span>
as <span class="removed"><del><strong>accessed on 24 Sep 2015.) The iCloud
feature is</strong></del></span> <span class="inserted"><ins><em>Google
Play,</em></ins></span>
- <a <span
class="removed"><del><strong>href="https://support.apple.com/en-us/HT202033">activated
by the
- startup</strong></del></span> <span
class="inserted"><ins><em>href="/philosophy/free-software-even-more-important.html">which
+ <li><p>A Motorola phone
+ <a
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all</strong></del></span> <span
class="inserted"><ins><em>these apps.</p>
+
+ <p>On</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p>
+ </li>
+
+ <li><p>Spyware in</strong></del></span> <span
class="inserted"><ins><em>other hand, Google redistributes
nonfree</em></ins></span> Android <span class="removed"><del><strong>phones
(and Windows? laptops): The Wall
+ Street Journal (in an article blocked from us by a paywall)
+ reports that
+ <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI can remotely activate the GPS</strong></del></span> <span
class="inserted"><ins><em>apps,</em></ins></span> and <span
class="removed"><del><strong>microphone</strong></del></span>
+ <span class="inserted"><ins><em>therefore shares</em></ins></span> in
<span class="removed"><del><strong>Android
+ phones and laptops</a>.
+ (I suspect this means Windows laptops.) Here is
+ <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
+ </li>
+
+ <li><p>Portable phones with GPS will send</strong></del></span>
<span class="inserted"><ins><em>the responsibility for the injustice
of</em></ins></span> their <span class="removed"><del><strong>GPS location on
+ remote command and users cannot stop them:</strong></del></span> <span
class="inserted"><ins><em>being
+ nonfree. It also distributes its own nonfree apps, such as Google
Play,</em></ins></span>
+ <a <span
class="removed"><del><strong>href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
+ (The US says it will eventually require all new portable phones
+ to</strong></del></span> <span
class="inserted"><ins><em>href="/philosophy/free-software-even-more-important.html">which
are malicious</a>.</p>
- <p>Could Google have done a better job</em></ins></span> of <span
class="removed"><del><strong>iOS</a>. The term “cloud” means
- “please don't ask where.”</p>
+ <p>Could Google</em></ins></span> have <span
class="removed"><del><strong>GPS.)</p>
+ </li>
- <p>There</strong></del></span> <span
class="inserted"><ins><em>preventing apps from
- cheating? There</em></ins></span> is <span
class="removed"><del><strong>a</strong></del></span> <span
class="inserted"><ins><em>no systematic</em></ins></span> way <span
class="inserted"><ins><em>for Google, or Android users,</em></ins></span>
- to <span class="removed"><del><strong><a
href="https://support.apple.com/en-us/HT201104">
- deactivate iCloud</a>, but it's active by default
so</strong></del></span> <span class="inserted"><ins><em>inspect executable
proprietary apps to see what they do.</p>
-
- <p>Google could demand the source code for these apps, and study
- the source code somehow to determine whether they mistreat users in
- various ways. If</em></ins></span> it <span
class="removed"><del><strong>still counts as</strong></del></span> <span
class="inserted"><ins><em>did</em></ins></span> a
- <span class="removed"><del><strong>surveillance functionality.</p>
+ <li><p>The nonfree Snapchat app's principal
purpose</strong></del></span> <span class="inserted"><ins><em>done a better job
of preventing apps from
+ cheating? There</em></ins></span> is <span class="inserted"><ins><em>no
systematic way for Google, or Android users,</em></ins></span>
+ to <span class="removed"><del><strong>restrict</strong></del></span> <span
class="inserted"><ins><em>inspect executable proprietary apps to see what they
do.</p>
- <p>Unknown people apparently took advantage</strong></del></span>
<span class="inserted"><ins><em>good job</em></ins></span> of <span
class="removed"><del><strong>this</strong></del></span> <span
class="inserted"><ins><em>this, it could more or less
+ <p>Google could demand</em></ins></span> the <span
class="removed"><del><strong>use of data on</strong></del></span> <span
class="inserted"><ins><em>source code for these apps, and
study</em></ins></span>
+ the <span class="removed"><del><strong>user's computer,
but</strong></del></span> <span class="inserted"><ins><em>source code somehow
to determine whether they mistreat users in
+ various ways. If</em></ins></span> it <span
class="removed"><del><strong>does surveillance
+ too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"></strong></del></span>
<span class="inserted"><ins><em>did a good job of this,</em></ins></span> it
<span class="removed"><del><strong>tries</strong></del></span> <span
class="inserted"><ins><em>could more or less
prevent such snooping, except when the app developers are clever
- enough</em></ins></span> to
- <span class="removed"><del><strong><a
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
- nude photos of many celebrities</a>. They
needed</strong></del></span> <span class="inserted"><ins><em>outsmart the
checking.</p>
+ enough</em></ins></span> to <span
class="removed"><del><strong>get</strong></del></span> <span
class="inserted"><ins><em>outsmart</em></ins></span> the <span
class="removed"><del><strong>user's list</strong></del></span> <span
class="inserted"><ins><em>checking.</p>
<p>But since Google itself develops malicious apps, we cannot trust
- Google</em></ins></span> to <span class="removed"><del><strong>break
Apple's
- security</strong></del></span> <span class="inserted"><ins><em>protect
us. We must demand release of source code</em></ins></span> to <span
class="removed"><del><strong>get at them, but NSA</strong></del></span> <span
class="inserted"><ins><em>the
- public, so we</em></ins></span> can <span
class="removed"><del><strong>access any of them through</strong></del></span>
<span class="inserted"><ins><em>depend on each other.</p>
+ Google to protect us. We must demand release</em></ins></span> of <span
class="removed"><del><strong>other people's phone
+ numbers.</a></p></strong></del></span> <span
class="inserted"><ins><em>source code to the
+ public, so we can depend on each other.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
- <li id="M201705230">
+<div class="big-subsection">
+ <h4 id="SpywareInMobileApps">Spyware</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201705230">
<p>Apps for BART <a
href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
on users</a>.</p>
@@ -1083,220 +1172,140 @@
</li>
<li id="M201705040">
- <p>A study found 234 Android apps that track users
by</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
- </p></li>
+ <p>A study found 234 Android apps that track users by <a
+
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ to ultrasound from beacons placed</em></ins></span> in <span
class="removed"><del><strong>Mobile Applications</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
+</div>
- <li><p>Spyware</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
- to ultrasound from beacons placed</em></ins></span> in <span
class="removed"><del><strong>iThings:
- the <a class="not-a-duplicate"
-
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets</strong></del></span> stores <span
class="removed"><del><strong>determine exactly where the iThing is,
- and get other info too.</p></strong></del></span> <span
class="inserted"><ins><em>or played by TV
- programs</a>.</p></em></ins></span>
+<ul>
+ <li></strong></del></span> <span class="inserted"><ins><em>stores or
played by TV
+ programs</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>There is also a
feature for web sites</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201704260">
- <p>Faceapp appears</em></ins></span> to <span
class="removed"><del><strong>track users, which is
- <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
- enabled</strong></del></span> <span class="inserted"><ins><em>do lots of
surveillance, judging</em></ins></span> by <span
class="removed"><del><strong>default</a>. (That article talks about iOS
6, but</strong></del></span> <span class="inserted"><ins><em><a
+ <li id="M201704260"></em></ins></span>
+ <p>Faceapp appears to do lots of surveillance, judging by <a
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
- how much access</em></ins></span> it
- <span class="removed"><del><strong>is still true</strong></del></span>
<span class="inserted"><ins><em>demands to personal data</em></ins></span> in
<span class="removed"><del><strong>iOS 7.)</p></strong></del></span>
<span class="inserted"><ins><em>the
device</a>.</p></em></ins></span>
+ how much access it demands to personal data in the <span
class="removed"><del><strong>device</a>.
+ </p></strong></del></span> <span
class="inserted"><ins><em>device</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>The iThing
also</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201704190">
- <p>Users are suing Bose for</em></ins></span> <a
-<span
class="removed"><del><strong>href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
- tells Apple</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
- distributing a spyware app for</em></ins></span> its <span
class="removed"><del><strong>geolocation</a> by default,
though</strong></del></span> <span
class="inserted"><ins><em>headphones</a>. Specifically,
+ <li id="M201704190">
+ <p>Users are suing Bose for <a
+
href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
+ distributing a spyware app for its headphones</a>. Specifically,
the app would record the names of the audio files users listen to
along with the headphone's unique serial number.</p>
- <p>The suit accuses</em></ins></span> that <span
class="removed"><del><strong>can</strong></del></span> <span
class="inserted"><ins><em>this was done without the users' consent.
+ <p>The suit accuses that this was done without the users' consent.
If the fine print of the app said that users gave consent for this,
- would that make it acceptable? No way! It should</em></ins></span> be
- <span class="removed"><del><strong>turned off.</p>
- </li>
-
- <li><p>Apple can, and regularly does,</strong></del></span>
<span class="inserted"><ins><em>flat out</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some data from iPhones for the
state</a>.</p>
- </li>
-
- <li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either Apple helps</strong></del></span>
- <span
class="inserted"><ins><em>href="/philosophy/surveillance-vs-democracy.html">
illegal to design</em></ins></span>
- the <span class="removed"><del><strong>NSA</strong></del></span> <span
class="inserted"><ins><em>app to</em></ins></span> snoop <span
class="removed"><del><strong>on all the</strong></del></span> <span
class="inserted"><ins><em>at all</a>.</p>
+ would that make it acceptable? No way! It should be flat out <a
+ href="/philosophy/surveillance-vs-democracy.html"> illegal to design
+ the app to snoop at all</a>.</p>
</li>
<li id="M201704074">
<p>Pairs of Android apps can collude
- to transmit users' personal</em></ins></span> data <span
class="removed"><del><strong>in</strong></del></span> <span
class="inserted"><ins><em>to servers. <a
+ to transmit users' personal data to servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
- study found tens of thousands of pairs that collude</a>.</p>
+ study found tens of thousands of pairs that
collude</a>.</p></em></ins></span>
</li>
- <li id="M201703300">
+ <span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201703300"></em></ins></span>
<p>Verizon <a
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
- announced</em></ins></span> an <span class="removed"><del><strong>iThing,
- or</strong></del></span> <span class="inserted"><ins><em>opt-in
proprietary search app that</em></ins></span> it <span
class="removed"><del><strong>is totally incompetent.</a></p>
- </li>
-
- <li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
- Several “features”</strong></del></span> <span
class="inserted"><ins><em>will</a> pre-install
- on some</em></ins></span> of <span class="removed"><del><strong>iOS seem
to exist for no
- possible purpose other than surveillance</a>. Here
is</strong></del></span> <span class="inserted"><ins><em>its phones. The app
will give Verizon</em></ins></span> the
- <span class="removed"><del><strong><a
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
- Technical presentation</a>.</p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInTelephones">Spyware in Telephones</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
-</div>
-
-<ul>
- <li><p>According to Edward Snowden,
- <a href="http://www.bbc.com/news/uk-34444233">agencies can take
over smartphones</a>
- by sending hidden text messages which enable them to
turn</strong></del></span> <span class="inserted"><ins><em>same information
- about</em></ins></span> the <span
class="removed"><del><strong>phones</strong></del></span> <span
class="inserted"><ins><em>users' searches that Google normally gets when they
use
+ announced an opt-in proprietary search app that it will</a>
pre-install
+ on some of its phones. The app will give Verizon the same information
+ about the users' searches that Google normally gets when they use
its search engine.</p>
<p>Currently, the app is <a
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
- being pre-installed</em></ins></span> on <span
class="inserted"><ins><em>only one phone</a>,</em></ins></span> and <span
class="removed"><del><strong>off, listen to</strong></del></span> the <span
class="removed"><del><strong>microphone, retrieve geo-location data
from</strong></del></span> <span class="inserted"><ins><em>user must
- explicitly opt-in before</em></ins></span> the
- <span class="removed"><del><strong>GPS, take photographs, read text
messages, read call, location and web
- browsing history, and read</strong></del></span> <span
class="inserted"><ins><em>app takes effect. However,</em></ins></span> the
<span class="removed"><del><strong>contact list. This
malware</strong></del></span> <span class="inserted"><ins><em>app
- remains spyware—an “optional” piece of
spyware</em></ins></span> is <span class="removed"><del><strong>designed to
- disguise itself from investigation.</p></strong></del></span>
- <span class="inserted"><ins><em>still spyware.</p></em></ins></span>
+ being pre-installed on only one phone</a>, and the user must
+ explicitly opt-in before the app takes effect. However, the app
+ remains spyware—an “optional” piece of spyware is
+ still spyware.</p>
</li>
- <span class="removed"><del><strong><li><p>Samsung phones come
with</strong></del></span>
+ <span
class="removed"><del><strong><li><p>The</strong></del></span>
<span class="inserted"><ins><em><li id="M201701210">
- <p>The Meitu photo-editing app</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
that users can't delete</a>,
- and they send so much</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
- user</em></ins></span> data <span class="removed"><del><strong>that their
transmission is</strong></del></span> <span
class="inserted"><ins><em>to</em></ins></span> a
- <span class="removed"><del><strong>substantial expense for users. Said
transmission, not wanted or
- requested by the user, clearly must constitute spying of some
- kind.</p></li>
+ <p>The</em></ins></span> Meitu photo-editing app <a
+
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
+ user <span class="removed"><del><strong>data to a Chinese
company</a>.</p></li>
+
+ <li><p>A pregnancy test controller application not only
+ can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy
+ on many sorts of data in the phone, and in server accounts, it can
+ alter them too</a>.
+ </p></li>
- <li><p>A Motorola phone</strong></del></span> <span
class="inserted"><ins><em>Chinese company</a>.</p>
+ <li><p>The</strong></del></span> <span
class="inserted"><ins><em>data to a Chinese company</a>.</p>
</li>
<li id="M201611280">
- <p>The Uber app tracks</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
- listens for voice all</strong></del></span>
- <span
class="inserted"><ins><em>href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
- movements before and after</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p>
- </li>
-
- <li><p>Spyware in Android phones (and Windows? laptops): The Wall
- Street Journal (in an article blocked from us by</strong></del></span>
<span class="inserted"><ins><em>ride</a>.</p>
+ <p>The</em></ins></span> Uber app tracks <a
+
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
+ movements before and after the ride</a>.</p>
<p>This example illustrates how “getting the user's
- consent” for surveillance is inadequate as</em></ins></span> a <span
class="removed"><del><strong>paywall)
- reports that</strong></del></span> <span
class="inserted"><ins><em>protection against
+ consent” for surveillance is inadequate as a protection against
massive surveillance.</p>
</li>
- <li id="M201611160">
- <p>A</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
- the FBI can remotely activate</strong></del></span>
- <span
class="inserted"><ins><em>href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
- research paper</a> that investigated</em></ins></span> the <span
class="removed"><del><strong>GPS</strong></del></span> <span
class="inserted"><ins><em>privacy</em></ins></span> and <span
class="removed"><del><strong>microphone in</strong></del></span> <span
class="inserted"><ins><em>security of
- 283</em></ins></span> Android
- <span class="removed"><del><strong>phones</strong></del></span> <span
class="inserted"><ins><em>VPN apps concluded that “in spite of the
promises
- for privacy, security,</em></ins></span> and <span
class="removed"><del><strong>laptops</a>.
- (I suspect this means Windows laptops.) Here</strong></del></span>
<span class="inserted"><ins><em>anonymity given by the majority of VPN
+ <span
class="removed"><del><strong><li><p>Google's</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201611160">
+ <p>A <a
+
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
+ research paper</a> that investigated the privacy and security of
+ 283 Android VPN apps concluded that “in spite of the promises
+ for privacy, security, and anonymity given by the majority of VPN
apps—millions of users may be unawarely subject to poor security
guarantees and abusive practices inflicted by VPN apps.”</p>
- <p>Following</em></ins></span> is
- <span class="removed"><del><strong><a
href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
- </li>
-
- <li><p>Portable phones with GPS will send their GPS location on
- remote command</strong></del></span> <span class="inserted"><ins><em>a
non-exhaustive list of proprietary VPN apps from
+ <p>Following is a non-exhaustive list of proprietary VPN apps from
the research paper that tracks and infringes the privacy of
users:</p>
<dl>
<dt>SurfEasy</dt>
- <dd>Includes tracking libraries such as NativeX</em></ins></span>
and <span class="inserted"><ins><em>Appflood,
- meant to track</em></ins></span> users <span
class="removed"><del><strong>cannot stop them:
- <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
-
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
- (The US says</strong></del></span> <span class="inserted"><ins><em>and
show them targeted ads.</dd>
+ <dd>Includes tracking libraries such as NativeX and Appflood,
+ meant to track users and show them targeted ads.</dd>
<dt>sFly Network Booster</dt>
<dd>Requests the <code>READ_SMS</code> and
<code>SEND_SMS</code>
- permissions upon installation, meaning</em></ins></span> it <span
class="removed"><del><strong>will eventually require all new portable
phones</strong></del></span> <span class="inserted"><ins><em>has full access to
users'
+ permissions upon installation, meaning it has full access to users'
text messages.</dd>
<dt>DroidVPN and TigerVPN</dt>
- <dd>Requests the <code>READ_LOGS</code>
permission</em></ins></span> to <span class="inserted"><ins><em>read logs
- for other apps and also core system logs. TigerVPN
developers</em></ins></span> have <span
class="removed"><del><strong>GPS.)</p>
- </li>
-
- <li><p>The nonfree Snapchat app's principal purpose
is</strong></del></span>
- <span class="inserted"><ins><em>confirmed this.</dd>
+ <dd>Requests the <code>READ_LOGS</code> permission to
read logs
+ for other apps and also core system logs. TigerVPN developers have
+ confirmed this.</dd>
<dt>HideMyAss</dt>
<dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
- may turn them over</em></ins></span> to <span
class="removed"><del><strong>restrict</strong></del></span> the <span
class="removed"><del><strong>use of data on</strong></del></span> <span
class="inserted"><ins><em>UK government if requested.</dd>
+ may turn them over to the UK government if requested.</dd>
<dt>VPN Services HotspotShield</dt>
- <dd>Injects JavaScript code into</em></ins></span> the <span
class="removed"><del><strong>user's computer, but it does surveillance
- too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
- it tries</strong></del></span> <span class="inserted"><ins><em>HTML
pages returned</em></ins></span> to <span
class="removed"><del><strong>get</strong></del></span> the <span
class="removed"><del><strong>user's list</strong></del></span>
- <span class="inserted"><ins><em>users. The stated
purpose</em></ins></span> of <span class="removed"><del><strong>other people's
phone
- numbers.</a></p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
-</div>
-
-<ul>
- <li>
- <p>Faceapp appears</strong></del></span> <span
class="inserted"><ins><em>the JS injection is</em></ins></span> to <span
class="removed"><del><strong>do lots of surveillance, judging by
- <a
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
- how much access</strong></del></span> <span
class="inserted"><ins><em>display ads. Uses
- roughly five tracking libraries. Also,</em></ins></span> it <span
class="removed"><del><strong>demands to personal data in</strong></del></span>
<span class="inserted"><ins><em>redirects</em></ins></span> the <span
class="removed"><del><strong>device</a>.
- </p>
- </li>
-
- <li>
- <p>Verizon <a
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
- announced an opt-in proprietary search</strong></del></span> <span
class="inserted"><ins><em>user's
+ <dd>Injects JavaScript code into the HTML pages returned to the
+ users. The stated purpose of the JS injection is to display ads. Uses
+ roughly five tracking libraries. Also, it redirects the user's
traffic through valueclick.com (an advertising website).</dd>
<dt>WiFi Protector VPN</dt>
<dd>Injects JavaScript code into HTML pages, and also uses roughly
- five tracking libraries. Developers of this</em></ins></span> app <span
class="inserted"><ins><em>have confirmed</em></ins></span> that <span
class="removed"><del><strong>it will</a>
- pre-install on some</strong></del></span>
- <span class="inserted"><ins><em>the non-premium
version</em></ins></span> of <span class="removed"><del><strong>its phones.
The</strong></del></span> <span class="inserted"><ins><em>the</em></ins></span>
app <span class="removed"><del><strong>will give Verizon</strong></del></span>
<span class="inserted"><ins><em>does JavaScript injection for
+ five tracking libraries. Developers of this app have confirmed that
+ the non-premium version of the app does JavaScript injection for
tracking and display ads.</dd>
</dl>
</li>
<li id="M201609210">
- <p>Google's new voice messaging app <a
-
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ <p>Google's</em></ins></span> new voice messaging app <a <span
class="removed"><del><strong>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ all conversations</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
all conversations</a>.</p>
</li>
@@ -1304,55 +1313,31 @@
<p>Facebook's new Magic Photo app <a
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
scans your mobile phone's photo collections for known faces</a>,
- and suggests you to share</em></ins></span> the <span
class="removed"><del><strong>same
- information about</strong></del></span> <span
class="inserted"><ins><em>picture you take according to who is
- in</em></ins></span> the <span class="removed"><del><strong>users'
searches that Google normally gets when
- they use its search engine.</p>
-
- <p>Currently,</strong></del></span> <span
class="inserted"><ins><em>frame.</p>
+ and suggests you to share the picture you take according to who is
+ in the frame.</p>
<p>This spyware feature seems to require online access to some
- known-faces database, which means</em></ins></span> the <span
class="removed"><del><strong>app is <a
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
- being pre-installed on only one phone</a>,</strong></del></span>
<span class="inserted"><ins><em>pictures are likely to be
- sent across the wire to Facebook's servers</em></ins></span> and <span
class="inserted"><ins><em>face-recognition
+ known-faces database, which means the pictures are likely to be
+ sent across the wire to Facebook's servers and face-recognition
algorithms.</p>
<p>If so, none of Facebook users' pictures are private anymore,
- even if</em></ins></span> the user <span class="removed"><del><strong>must
explicitly opt-in before the app takes effect. However,</strong></del></span>
<span class="inserted"><ins><em>didn't “upload” them
to</em></ins></span> the
- <span class="removed"><del><strong>app remains spyware—an
“optional” piece of spyware is
- still spyware.</p></strong></del></span> <span
class="inserted"><ins><em>service.</p></em></ins></span>
+ even if the user didn't “upload” them to the service.</p>
</li>
- <span class="removed"><del><strong><li><p>The Meitu
photo-editing</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201605310">
- <p>Facebook's</em></ins></span> app <span
class="inserted"><ins><em>listens all the time,</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
- user data</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
- snoop on what people are listening</em></ins></span> to <span
class="removed"><del><strong>a Chinese company</a>.</p></li>
-
- <li><p>A</strong></del></span> <span
class="inserted"><ins><em>or watching</a>. In addition,
+ <li id="M201605310">
+ <p>Facebook's app listens all the time, <a
+
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
+ snoop on what people are listening to or watching</a>. In addition,
it may be analyzing people's conversations to serve them with targeted
advertisements.</p>
</li>
<li id="M201604250">
- <p>A</em></ins></span> pregnancy test controller application not
only can <a <span
class="removed"><del><strong>href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
- spy</em></ins></span> on many sorts of data in the phone, and in server
accounts,
- it can alter them <span class="removed"><del><strong>too</a>.
- </p></li>
-
- <li><p>The Uber app tracks <a
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
- movements before and after the ride</a>.</p>
-
- <p>This example illustrates how “getting the user's
consent”
- for surveillance is inadequate as a protection against massive
- surveillance.</p>
- </li>
-
- <li><p>Google's new voice messaging app <a
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
- all conversations</a>.</p></strong></del></span> <span
class="inserted"><ins><em>too</a>.</p></em></ins></span>
+ <p>A pregnancy test controller application not only can <a
+
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
+ spy on many sorts of data in the phone, and in server accounts,
+ it can alter them too</a>.</p></em></ins></span>
</li>
<span
class="removed"><del><strong><li><p>Apps</strong></del></span>
@@ -1499,20 +1484,21 @@
approve sending personal data to the app developer but did not ask
about sending it to other companies. This shows the weakness of
the reject-it-if-you-dislike-snooping “solution” to
- surveillance: why should a flashlight app send any information to
+ surveillance: why should a <span class="removed"><del><strong>flashlight
+ app send any</strong></del></span> <span
class="inserted"><ins><em>flashlight app send any information to
anyone? A free software flashlight app would not.</p>
</li>
- <span class="inserted"><ins><em><li id="M201212100">
+ <li id="M201212100">
<p>FTC says most mobile apps for children don't respect privacy:
<a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
- </li></em></ins></span>
+ </li>
</ul>
<div class="big-subsection">
- <h4 <span class="removed"><del><strong>id="SpywareInGames">Spyware in
Games</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInSkype">Skype</h4>
+ <h4 id="SpywareInSkype">Skype</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
</div>
@@ -1528,14 +1514,11 @@
<div class="big-subsection">
- <h4 id="SpywareInGames">Games</h4></em></ins></span>
+ <h4 id="SpywareInGames">Games</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
</div>
-<span class="removed"><del><strong><ul>
- <li><p>nVidia's</strong></del></span>
-
-<span class="inserted"><ins><em><ul class="blurbs">
+<ul class="blurbs">
<li id="M201806240">
<p>Red Shell is a spyware that
is found in many proprietary games. It <a
@@ -1553,184 +1536,133 @@
<li id="M201711070">
<p>The driver for a certain gaming keyboard <a
-
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
- information to China</a>.</p>
+
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends</em></ins></span>
+ information to <span class="removed"><del><strong>anyone? A free software
flashlight
+ app would not.</p></strong></del></span> <span
class="inserted"><ins><em>China</a>.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
- <li id="M201611070">
+<div class="big-subsection">
+ <h4 id="SpywareInGames">Spyware in Games</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
+</div>
+
+<ul>
+ <li><p>nVidia's</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201611070">
<p>nVidia's</em></ins></span> proprietary GeForce Experience <a
href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
users identify themselves and then sends personal data about them to
nVidia servers</a>.</p>
</li>
- <span
class="removed"><del><strong><li><p>Angry</strong></del></span>
+ <span class="removed"><del><strong><li><p>Angry
Birds</strong></del></span>
<span class="inserted"><ins><em><li id="M201512290">
- <p>Many <a
-
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
- video game consoles snoop on their users and report to the
- internet</a>—even what their users weigh.</p>
-
- <p>A game console is a computer, and you can't trust a computer with
- a nonfree operating system.</p>
- </li>
-
- <li id="M201509160">
- <p>Modern gratis game cr…apps <a
-
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
- collect a wide range of data about their users and their users'
- friends and associates</a>.</p>
-
- <p>Even nastier, they do it through ad networks that merge the data
- collected by various cr…apps and sites made by different
- companies.</p>
-
- <p>They use this data to manipulate people to buy things, and hunt
for
- “whales” who can be led to spend a lot of money. They also
- use a back door to manipulate the game play for specific players.</p>
-
- <p>While the article describes gratis games, games that cost money
- can use the same tactics.</p>
- </li>
-
- <li id="M201401280">
- <p>Angry</em></ins></span> Birds <a
-
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
- spies for companies, and the NSA takes advantage
- to spy through it too</a>. Here's information on <a
-
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ <p>Many</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies for companies, and the NSA takes advantage to spy through it
too</a>.
+ Here's information</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
+ video game consoles snoop</em></ins></span> on
+ <span class="removed"><del><strong><a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
more spyware apps</a>.</p>
-
- <p><a
-
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
+ <p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
More about NSA app spying</a>.</p>
</li>
-
- <span class="inserted"><ins><em><li id="M200510200">
- <p>Blizzard Warden is a hidden
- “cheating-prevention” program that <a
- href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
- spies on every process running on a gamer's computer and sniffs a
- good deal of personal data</a>, including lots of activities which
- have nothing to do with cheating.</p>
- </li></em></ins></span>
</ul>
-
-<div <span class="removed"><del><strong>class="big-subsection">
- <h4 id="SpywareInToys">Spyware</strong></del></span> <span
class="inserted"><ins><em>class="big-section">
- <h3 id="SpywareInEquipment">Spyware</em></ins></span> in <span
class="removed"><del><strong>Toys</h4></strong></del></span> <span
class="inserted"><ins><em>Connected Equipment</h3></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInToys">#SpywareInToys</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInEquipment">#SpywareInEquipment</a>)</span></em></ins></span>
+<div class="big-subsection">
+ <h4 id="SpywareInToys">Spyware in Toys</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>
-<span class="removed"><del><strong><ul>
- <li></strong></del></span>
-<span class="inserted"><ins><em><div style="clear: left;"></div>
-
-<ul class="blurbs">
- <li id="M201708280"></em></ins></span>
- <p>The <span class="removed"><del><strong>“smart” toys
My Friend Cayla and i-Que transmit
- <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations to Nuance Communications</a>,
- a speech recognition company based in the U.S.</p>
-
- <p>Those toys also contain major</strong></del></span> <span
class="inserted"><ins><em>bad</em></ins></span> security <span
class="removed"><del><strong>vulnerabilities; crackers
- can remotely control the toys with a mobile phone. This would
- enable crackers to listen</strong></del></span> in <span
class="removed"><del><strong>on a child's speech, and even speak
- into the toys themselves.</p>
- </li>
-
+<ul>
<li>
- <p>A computerized vibrator</strong></del></span> <span
class="inserted"><ins><em>many Internet of Stings devices
allows</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
- to snoop</em></ins></span> on <span class="removed"><del><strong>its users
through the proprietary control app</a>.</p>
-
- <p>The app was reporting the temperature of</strong></del></span>
the <span class="removed"><del><strong>vibrator minute by
- minute (thus, indirectly, whether it was surrounded
by</strong></del></span> <span class="inserted"><ins><em>people that use
them</a>.</p>
-
- <p>Don't be</em></ins></span> a <span
class="removed"><del><strong>person's
- body), as well as</strong></del></span> <span
class="inserted"><ins><em>sucker—reject all</em></ins></span> the <span
class="removed"><del><strong>vibration frequency.</p>
-
- <p>Note</strong></del></span> <span
class="inserted"><ins><em>stings.</p>
+ <p>The “smart” toys My Friend
Cayla</strong></del></span> <span class="inserted"><ins><em>their
users</em></ins></span> and <span class="removed"><del><strong>i-Que transmit
+ <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations</strong></del></span> <span
class="inserted"><ins><em>report</em></ins></span> to <span
class="removed"><del><strong>Nuance Communications</a>,
+ a speech recognition company based in the U.S.</p>
- <p>It is unfortunate that</em></ins></span> the <span
class="removed"><del><strong>totally inadequate proposed
response:</strong></del></span> <span class="inserted"><ins><em>article uses
the term <a
-
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p>
+ <p>Those toys also contain major security vulnerabilities; crackers
+ can remotely control</strong></del></span> the <span
class="removed"><del><strong>toys with a mobile phone. This would
+ enable crackers to listen in on</strong></del></span>
+ <span class="inserted"><ins><em>internet</a>—even what their
users weigh.</p>
+
+ <p>A game console is</em></ins></span> a <span
class="removed"><del><strong>child's speech,</strong></del></span> <span
class="inserted"><ins><em>computer,</em></ins></span> and <span
class="removed"><del><strong>even speak
+ into the toys themselves.</p></strong></del></span> <span
class="inserted"><ins><em>you can't trust a computer with
+ a nonfree operating system.</p></em></ins></span>
</li>
-</ul>
-
-<div class="big-subsection">
- <h4 id="SpywareInTVSets">TV Sets</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
-</div>
+ <span class="removed"><del><strong><li>
+ <p>A computerized vibrator</strong></del></span>
-<p>Emo Phillips made</em></ins></span> a <span
class="removed"><del><strong>labeling
- standard with which manufacturers would make statements about
- their products, rather than free software which users could have
- checked</strong></del></span> <span class="inserted"><ins><em>joke: The
other day a woman came up to me</em></ins></span> and <span
class="removed"><del><strong>changed.</p>
+ <span class="inserted"><ins><em><li id="M201509160">
+ <p>Modern gratis game cr…apps</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ was snooping on its users through the proprietary control
app</a>.</p>
+
+ <p>The app was reporting the temperature of the vibrator minute by
+ minute (thus, indirectly, whether it was surrounded by a person's
+ body), as well as the vibration frequency.</p>
+
+ <p>Note the totally inadequate proposed
response:</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
+ collect</em></ins></span> a <span class="removed"><del><strong>labeling
+ standard with which manufacturers would make
statements</strong></del></span> <span class="inserted"><ins><em>wide range of
data</em></ins></span> about their <span class="removed"><del><strong>products,
rather than free software which</strong></del></span> users <span
class="removed"><del><strong>could have
+ checked</strong></del></span> and <span
class="removed"><del><strong>changed.</p>
- <p>The company that made</strong></del></span>
-<span class="inserted"><ins><em>said, “Didn't I see you on
television?” I said, “I
-don't know. You can't see out</em></ins></span> the <span
class="removed"><del><strong>vibrator
+ <p>The company that made the vibrator
<a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
was sued for collecting lots of personal information about how
people used it</a>.</p>
- <p>The company's statement</strong></del></span> <span
class="inserted"><ins><em>other way.” Evidently</em></ins></span> that
<span class="removed"><del><strong>it</strong></del></span> was <span
class="removed"><del><strong>anonymizing the data may be
- true, but it doesn't really matter. If it had sold the
data</strong></del></span>
-<span class="inserted"><ins><em>before Amazon “smart”
TVs.</p>
+ <p>The company's statement that</strong></del></span> <span
class="inserted"><ins><em>their users'
+ friends and associates</a>.</p>
-<ul class="blurbs">
- <li id="M201804010">
- <p>Some “Smart” TVs automatically <a
-
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
- load downgrades that install a surveillance app</a>.</p>
+ <p>Even nastier, they do</em></ins></span> it <span
class="removed"><del><strong>was anonymizing</strong></del></span> <span
class="inserted"><ins><em>through ad networks that merge</em></ins></span> the
data <span class="removed"><del><strong>may be
+ true, but it doesn't really matter. If it had sold
the</strong></del></span>
+ <span class="inserted"><ins><em>collected by various cr…apps and
sites made by different
+ companies.</p>
- <p>We link</em></ins></span> to <span class="removed"><del><strong>a
- data broker,</strong></del></span> the <span
class="removed"><del><strong>data broker would have been able to figure out
- who</strong></del></span> <span class="inserted"><ins><em>article
for</em></ins></span> the <span class="removed"><del><strong>user was.</p>
+ <p>They use this</em></ins></span> data to <span
class="removed"><del><strong>a
+ data broker, the data broker would have been able</strong></del></span>
<span class="inserted"><ins><em>manipulate people</em></ins></span> to <span
class="removed"><del><strong>figure out</strong></del></span> <span
class="inserted"><ins><em>buy things, and hunt for
+ “whales”</em></ins></span> who <span
class="removed"><del><strong>the user was.</p>
<p>Following this lawsuit,
- <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"></strong></del></span>
<span class="inserted"><ins><em>facts it presents. It
- is too bad that</em></ins></span> the <span
class="removed"><del><strong>company has been ordered to pay a
total</strong></del></span> <span class="inserted"><ins><em>article finishes by
advocating the
- moral weakness</em></ins></span> of <span
class="removed"><del><strong>C$4m</a></strong></del></span> <span
class="inserted"><ins><em>surrendering</em></ins></span> to <span
class="removed"><del><strong>its customers.</p></strong></del></span>
<span class="inserted"><ins><em>Netflix. The Netflix app <a
- href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
- malware too</a>.</p></em></ins></span>
- </li>
+ <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
+ the company has been ordered</strong></del></span> <span
class="inserted"><ins><em>can be led</em></ins></span> to <span
class="removed"><del><strong>pay</strong></del></span> <span
class="inserted"><ins><em>spend</em></ins></span> a <span
class="removed"><del><strong>total</strong></del></span> <span
class="inserted"><ins><em>lot</em></ins></span> of <span
class="removed"><del><strong>C$4m</a>
+ to its customers.</p>
+ </li>
+
+ <li><p> “CloudPets” toys with microphones
+ <a
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations to the
+ manufacturer</a>. Guess what?
+ <a
href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found</strong></del></span> <span class="inserted"><ins><em>money. They also
+ use</em></ins></span> a <span
class="removed"><del><strong>way</strong></del></span> <span
class="inserted"><ins><em>back door</em></ins></span> to <span
class="removed"><del><strong>access</strong></del></span> <span
class="inserted"><ins><em>manipulate</em></ins></span> the <span
class="removed"><del><strong>data</a>
+ collected by</strong></del></span> <span class="inserted"><ins><em>game
play for specific players.</p>
- <span class="removed"><del><strong><li><p>
“CloudPets” toys with microphones</strong></del></span>
+ <p>While</em></ins></span> the <span
class="removed"><del><strong>manufacturer's snooping.</p>
- <span class="inserted"><ins><em><li id="M201702060">
- <p>Vizio “smart”</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations to</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
- report everything that is viewed on them, and not just broadcasts and
- cable</a>. Even if</em></ins></span> the
- <span class="removed"><del><strong>manufacturer</a>. Guess what?
- <a
href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found</strong></del></span> <span class="inserted"><ins><em>image is coming
from the user's own computer,
- the TV reports what it is. The existence of</em></ins></span> a way to
<span class="removed"><del><strong>access the data</a>
- collected by</strong></del></span> <span
class="inserted"><ins><em>disable</em></ins></span> the <span
class="removed"><del><strong>manufacturer's snooping.</p>
-
- <p>That</strong></del></span>
- <span class="inserted"><ins><em>surveillance, even if it were not hidden
as it was in these TVs,
- does not legitimize</em></ins></span> the <span
class="removed"><del><strong>manufacturer</strong></del></span> <span
class="inserted"><ins><em>surveillance.</p>
+ <p>That</strong></del></span> <span
class="inserted"><ins><em>article describes gratis games, games that cost money
+ can use</em></ins></span> the <span
class="removed"><del><strong>manufacturer</strong></del></span> <span
class="inserted"><ins><em>same tactics.</p>
</li>
- <li id="M201511130">
- <p>Some web</em></ins></span> and <span
class="removed"><del><strong>the FBI could listen</strong></del></span> <span
class="inserted"><ins><em>TV advertisements play inaudible
- sounds</em></ins></span> to <span class="removed"><del><strong>these
conversations
- was unacceptable</strong></del></span> <span
class="inserted"><ins><em>be picked up</em></ins></span> by <span
class="removed"><del><strong>itself.</p></li>
+ <li id="M201401280">
+ <p>Angry Birds <a
+
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies for companies,</em></ins></span> and the <span
class="removed"><del><strong>FBI could listen to these conversations
+ was unacceptable by itself.</p></li>
<li><p>Barbie
- <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy on children and adults</a>.</p>
+ <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going</strong></del></span> <span class="inserted"><ins><em>NSA takes
advantage</em></ins></span>
+ to spy <span class="inserted"><ins><em>through it too</a>. Here's
information</em></ins></span> on <span class="removed"><del><strong>children
and adults</a>.</p>
</li>
</ul>
<!-- #SpywareAtLowLevel -->
-<!-- WEBMASTERS: make sure to place new items</strong></del></span> <span
class="inserted"><ins><em>proprietary malware running</em></ins></span>
- on <span class="removed"><del><strong>top under each subsection -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
<div class="big-section">
<h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
@@ -1740,92 +1672,110 @@
<div class="big-subsection">
- <h4 id="SpywareInBIOS">Spyware</strong></del></span> <span
class="inserted"><ins><em>other devices</em></ins></span> in <span
class="removed"><del><strong>BIOS</h4>
+ <h4 id="SpywareInBIOS">Spyware in BIOS</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
</div>
<ul>
-<li><p>
-<a
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
-Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows
installs.
-Note</strong></del></span> <span class="inserted"><ins><em>range so as to
determine</em></ins></span> that <span class="removed"><del><strong>the
specific sabotage method Lenovo used did not affect
-GNU/Linux; also, a “clean” Windows install is not really
-clean since</strong></del></span> <span class="inserted"><ins><em>they
- are nearby. Once your Internet devices are paired with
- your TV, advertisers can correlate ads with Web activity, and
other</em></ins></span> <a <span
class="removed"><del><strong>href="/proprietary/malware-microsoft.html">Microsoft
-puts</strong></del></span>
- <span
class="inserted"><ins><em>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
- cross-device tracking</a>.</p>
+<li><p></strong></del></span> <a <span
class="removed"><del><strong>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+Lenovo stealthily installed crapware and</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ more</em></ins></span> spyware <span class="removed"><del><strong>via
BIOS</a> on Windows installs.
+Note that the specific sabotage method Lenovo used did not affect
+GNU/Linux; also, a “clean” Windows install</strong></del></span>
<span class="inserted"><ins><em>apps</a>.</p>
+
+ <p><a
+
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
+ More about NSA app spying</a>.</p>
</li>
- <li id="M201511060">
- <p>Vizio goes a step further than other TV
- manufacturers</em></ins></span> in <span class="removed"><del><strong>its
own malware</a>.
+ <li id="M200510200">
+ <p>Blizzard Warden</em></ins></span> is <span
class="removed"><del><strong>not really
+clean since</strong></del></span> <span class="inserted"><ins><em>a hidden
+ “cheating-prevention” program that</em></ins></span> <a
<span
class="removed"><del><strong>href="/proprietary/malware-microsoft.html">Microsoft
+puts in its own malware</a>.
</p></li>
</ul>
<!-- #SpywareAtWork -->
-<!-- WEBMASTERS: make sure to place new items</strong></del></span> <span
class="inserted"><ins><em>spying</em></ins></span> on <span
class="removed"><del><strong>top under each subsection -->
+<!-- WEBMASTERS: make sure</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
+ spies on every process running on a gamer's computer and sniffs a
+ good deal of personal data</a>, including lots of activities which
+ have nothing</em></ins></span> to <span class="removed"><del><strong>place
new items on top under each subsection --></strong></del></span> <span
class="inserted"><ins><em>do with cheating.</p>
+ </li>
+</ul></em></ins></span>
+
+
<div class="big-section">
- <h3 id="SpywareAtWork">Spyware at Work</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtWork">#SpywareAtWork</a>)</span>
+ <h3 <span class="removed"><del><strong>id="SpywareAtWork">Spyware at
Work</h3></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInEquipment">Spyware in Connected
Equipment</h3></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareAtWork">#SpywareAtWork</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInEquipment">#SpywareInEquipment</a>)</span></em></ins></span>
</div>
<div style="clear: left;"></div>
-<ul>
+<span class="removed"><del><strong><ul>
<li><p>Investigation
- Shows</strong></del></span> <span class="inserted"><ins><em>their
users: their</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Shows</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201708280">
+ <p>The bad security in many Internet of Stings devices
allows</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
Using US Companies, NSA To Route Around Domestic Surveillance
Restrictions</a>.</p>
- <p>Specifically, it</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze your viewing habits in detail and
- link them your IP address</a> so that advertisers</em></ins></span>
can <span class="removed"><del><strong>collect the emails of members of
Parliament</strong></del></span> <span class="inserted"><ins><em>track you
- across devices.</p>
+ <p>Specifically, it can collect</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ to snoop on</em></ins></span> the <span
class="removed"><del><strong>emails of members of Parliament
+ this way, because they pass it through Microsoft.</p></li>
- <p>It is possible to turn</em></ins></span> this <span
class="removed"><del><strong>way, because they pass</strong></del></span> <span
class="inserted"><ins><em>off, but having</em></ins></span> it <span
class="removed"><del><strong>through Microsoft.</p></li>
+ <li><p>Spyware in Cisco TNP IP phones:</strong></del></span>
<span class="inserted"><ins><em>people that use them</a>.</p>
- <li><p>Spyware in Cisco TNP IP phones:
- <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
-
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
<span class="inserted"><ins><em>enabled by default
- is an injustice already.</p></em></ins></span>
+ <p>Don't be a sucker—reject all the stings.</p>
+
+ <p>It is unfortunate that the article uses the
term</em></ins></span> <a <span
class="removed"><del><strong>href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
+ <span
class="inserted"><ins><em>href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p></em></ins></span>
</li>
-<span class="removed"><del><strong></ul>
+</ul>
<div class="big-subsection">
- <h4 id="SpywareInSkype">Spyware in Skype</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareInSkype">Spyware in
Skype</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInTVSets">TV
Sets</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInSkype">#SpywareInSkype</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></em></ins></span>
</div>
-<ul>
+<span class="removed"><del><strong><ul>
<li><p>Spyware in Skype:
<a
href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
Microsoft changed Skype</strong></del></span>
- <span class="inserted"><ins><em><li id="M201511020">
- <p>Tivo's alliance with Viacom adds 2.3 million households
- to the 600 millions social media profiles the company
- already monitors. Tivo customers are unaware they're
- being watched by advertisers. By combining TV viewing
- information with online social media participation, Tivo can
now</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
- specifically for spying</a>.</p>
+<span class="inserted"><ins><em><p>Emo Phillips made a joke: The other
day a woman came up to me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out the other way.” Evidently that was
+before Amazon “smart” TVs.</p>
+
+<ul class="blurbs">
+ <li id="M201804010">
+ <p>Some “Smart” TVs automatically</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ specifically</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
+ load downgrades that install a surveillance app</a>.</p>
+
+ <p>We link to the article</em></ins></span> for <span
class="removed"><del><strong>spying</a>.</p>
</li>
</ul>
<!-- #SpywareOnTheRoad -->
-<!-- WEBMASTERS: make sure</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
- correlate TV advertisement with online purchases</a>, exposing all
- users</em></ins></span> to <span
class="removed"><del><strong>place</strong></del></span> new <span
class="removed"><del><strong>items on top under each subsection -->
+<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>the facts it presents. It
+ is too bad that the article finishes by advocating the
+ moral weakness of surrendering</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each subsection -->
<div class="big-section">
- <h3 id="SpywareOnTheRoad">Spyware on The Road</h3>
+ <h3 id="SpywareOnTheRoad">Spyware on</strong></del></span> <span
class="inserted"><ins><em>Netflix.</em></ins></span> The <span
class="removed"><del><strong>Road</h3>
<span class="anchor-reference-id">(<a
href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span>
</div>
<div style="clear: left;"></div>
@@ -1837,48 +1787,76 @@
<ul>
<li>
- <p>The Nest Cam</strong></del></span> <span
class="inserted"><ins><em>combined surveillance by default.</p>
+ <p>The Nest Cam</strong></del></span> <span
class="inserted"><ins><em>Netflix app <a
+ href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
+ malware too</a>.</p>
</li>
- <li id="M201507240">
- <p>Vizio</em></ins></span> “smart” <span
class="removed"><del><strong>camera is</strong></del></span> <span
class="inserted"><ins><em>TVs recognize and</em></ins></span> <a
- <span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">always</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
- what people are</em></ins></span> watching</a>, even <span
class="removed"><del><strong>when the “owner” switches it
“off.”</p>
- <p>A “smart” device means the manufacturer is using it
to outsmart
- you.</p>
+ <li id="M201702060">
+ <p>Vizio</em></ins></span> “smart” <span
class="removed"><del><strong>camera is</strong></del></span> <a
+ <span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">always
+ watching</a>, even when</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that is viewed on them, and not just broadcasts and
+ cable</a>. Even if</em></ins></span> the <span
class="removed"><del><strong>“owner” switches</strong></del></span>
<span class="inserted"><ins><em>image is coming from the user's own computer,
+ the TV reports what</em></ins></span> it <span
class="removed"><del><strong>“off.”</p>
+ <p>A “smart” device means</strong></del></span> <span
class="inserted"><ins><em>is. The existence of a way to
disable</em></ins></span> the <span class="removed"><del><strong>manufacturer
is using</strong></del></span>
+ <span class="inserted"><ins><em>surveillance, even if</em></ins></span> it
<span class="removed"><del><strong>to outsmart
+ you.</p></strong></del></span> <span
class="inserted"><ins><em>were not hidden as it was in these TVs,
+ does not legitimize the surveillance.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
- <h4 id="SpywareInElectronicReaders">Spyware in e-Readers</h4>
+ <h4 id="SpywareInElectronicReaders">Spyware</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201511130">
+ <p>Some web and TV advertisements play inaudible
+ sounds to be picked up by proprietary malware running
+ on other devices</em></ins></span> in <span
class="removed"><del><strong>e-Readers</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>
<ul>
- <li><p>E-books can contain Javascript code,
- and</strong></del></span> <span class="inserted"><ins><em>if it isn't a TV
channel.</p>
+ <li><p>E-books</strong></del></span> <span
class="inserted"><ins><em>range so as to determine that they
+ are nearby. Once your Internet devices are paired with
+ your TV, advertisers</em></ins></span> can <span
class="removed"><del><strong>contain Javascript code,</strong></del></span>
<span class="inserted"><ins><em>correlate ads with Web
activity,</em></ins></span> and <span
class="inserted"><ins><em>other</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
+ this code snoops on readers</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
+ cross-device tracking</a>.</p></em></ins></span>
</li>
- <li id="M201505290">
- <p>Verizon cable TV</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
- this code</strong></del></span>
- <span
class="inserted"><ins><em>href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/"></em></ins></span>
- snoops on <span class="removed"><del><strong>readers</a>.</p>
- </li>
+ <span
class="removed"><del><strong><li><p>Spyware</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201511060">
+ <p>Vizio goes a step further than other TV
+ manufacturers</em></ins></span> in <span class="removed"><del><strong>many
e-readers—not only the
+ Kindle:</strong></del></span> <span class="inserted"><ins><em>spying on
their users: their</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.eff.org/pages/reader-privacy-chart-2012">
+ they report even which page the user reads at what
time</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in detail and
+ link them your IP address</a> so that advertisers can track you
+ across devices.</p>
- <li><p>Spyware in many e-readers—not only the
- Kindle: <a
href="https://www.eff.org/pages/reader-privacy-chart-2012">
- they report</strong></del></span> <span class="inserted"><ins><em>what
programs people watch, and</em></ins></span> even <span
class="removed"><del><strong>which page the user reads at</strong></del></span>
what <span class="removed"><del><strong>time</a>.</p>
+ <p>It is possible to turn this off, but having it enabled by default
+ is an injustice already.</p></em></ins></span>
</li>
- <li><p>Adobe made “Digital Editions,” the e-reader
used
- by most US libraries,
- <a
href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
+ <span class="removed"><del><strong><li><p>Adobe made
“Digital Editions,”</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201511020">
+ <p>Tivo's alliance with Viacom adds 2.3 million households
+ to</em></ins></span> the <span class="removed"><del><strong>e-reader
used</strong></del></span> <span class="inserted"><ins><em>600 millions social
media profiles the company
+ already monitors. Tivo customers are unaware they're
+ being watched</em></ins></span> by <span class="removed"><del><strong>most
US libraries,</strong></del></span> <span
class="inserted"><ins><em>advertisers. By combining TV viewing
+ information with online social media participation, Tivo can
now</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
send lots of data to Adobe</a>. Adobe's “excuse”: it's
- needed</strong></del></span> <span class="inserted"><ins><em>they
wanted</em></ins></span> to <span class="removed"><del><strong>check
DRM!</p>
+ needed</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
+ correlate TV advertisement with online purchases</a>, exposing all
+ users</em></ins></span> to <span class="removed"><del><strong>check
DRM!</p></strong></del></span> <span class="inserted"><ins><em>new
combined surveillance by default.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
<h4 id="SpywareInVehicles">Spyware in Vehicles</h4>
@@ -1886,21 +1864,31 @@
</div>
<ul>
-<li><p>Computerized cars with nonfree software are
- <a
href="http://www.bloomberg.com/news/articles/2016-07-12/your-car-s-been-studying-you-closely-and-everyone-wants-the-data">
+<li><p>Computerized cars with nonfree software
are</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201507240">
+ <p>Vizio “smart” TVs recognize and</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.bloomberg.com/news/articles/2016-07-12/your-car-s-been-studying-you-closely-and-everyone-wants-the-data">
snooping devices</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>record</a>.</p></em></ins></span>
+ <span
class="inserted"><ins><em>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
+ what people are watching</a>, even if it isn't a TV
channel.</p></em></ins></span>
</li>
<li <span class="removed"><del><strong>id="nissan-modem"><p>The
Nissan Leaf has a built-in cell phone modem which allows
effectively
- anyone</strong></del></span> <span
class="inserted"><ins><em>id="M201504300">
- <p>Vizio</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
- access its computers remotely and make changes in various
+ anyone</strong></del></span> <span
class="inserted"><ins><em>id="M201505290">
+ <p>Verizon cable TV</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+ access its computers remotely</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
+ snoops on what programs people watch,</em></ins></span> and <span
class="removed"><del><strong>make changes in various
settings</a>.</p>
- <p>That's easy</strong></del></span>
- <span
class="inserted"><ins><em>href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
+ <p>That's easy</strong></del></span> <span
class="inserted"><ins><em>even what they wanted to
+ record</a>.</p>
+ </li>
+
+ <li id="M201504300">
+ <p>Vizio <a
+
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
used a firmware “upgrade”</em></ins></span> to <span
class="inserted"><ins><em>make its TVs snoop on what
users watch</a>. The TVs did not</em></ins></span> do <span
class="removed"><del><strong>because the system has no
authentication</strong></del></span> <span
class="inserted"><ins><em>that</em></ins></span> when
<span class="removed"><del><strong>accessed through</strong></del></span>
<span class="inserted"><ins><em>first sold.</p>
@@ -1911,42 +1899,42 @@
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
transmits users' voice on</em></ins></span> the <span
class="removed"><del><strong>modem. However, even if</strong></del></span>
<span class="inserted"><ins><em>internet to another company, Nuance</a>.
Nuance can save</em></ins></span> it <span
class="removed"><del><strong>asked for
- authentication, you couldn't</strong></del></span> <span
class="inserted"><ins><em>and would then have to give it to the US or some
+ authentication, you couldn't be confident that Nissan has no
+ access. The software in</strong></del></span> <span
class="inserted"><ins><em>and would then have to give it to</em></ins></span>
the <span class="removed"><del><strong>car</strong></del></span> <span
class="inserted"><ins><em>US or some
other government.</p>
- <p>Speech recognition is not to</em></ins></span> be <span
class="removed"><del><strong>confident that Nissan has no
- access. The</strong></del></span> <span class="inserted"><ins><em>trusted
unless it is done by free</em></ins></span>
- software in <span class="removed"><del><strong>the
car</strong></del></span> <span class="inserted"><ins><em>your own
computer.</p>
+ <p>Speech recognition</em></ins></span> is
+ <span class="removed"><del><strong>proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
+ means</strong></del></span> <span class="inserted"><ins><em>not to be
trusted unless</em></ins></span> it <span class="removed"><del><strong>demands
blind faith from</strong></del></span> <span class="inserted"><ins><em>is done
by free
+ software in your own computer.</p>
+
+ <p>In</em></ins></span> its <span
class="removed"><del><strong>users</a>.</p>
- <p>In its privacy policy, Samsung explicitly confirms that <a
+ <p>Even if no one connects</strong></del></span> <span
class="inserted"><ins><em>privacy policy, Samsung explicitly confirms that <a
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
- data containing sensitive information will be transmitted to third
+ data containing sensitive information will be
transmitted</em></ins></span> to <span class="inserted"><ins><em>third
parties</a>.</p>
</li>
<li id="M201411090">
- <p>The Amazon “Smart” TV</em></ins></span> is
- <span class="removed"><del><strong>proprietary,</strong></del></span>
<a <span
class="removed"><del><strong>href="/philosophy/free-software-even-more-important.html">which
- means it demands blind faith from its</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
- snooping all the time</a>.</p>
+ <p>The Amazon “Smart” TV is <a
+
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
+ snooping all</em></ins></span> the <span class="removed"><del><strong>car
remotely, the cell phone
+ modem enables the phone company</strong></del></span> <span
class="inserted"><ins><em>time</a>.</p>
</li>
<li id="M201409290">
<p>More or less all “smart” TVs <a
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
- on their</em></ins></span> users</a>.</p>
+ on their users</a>.</p>
- <span class="removed"><del><strong><p>Even if no one
connects</strong></del></span>
-
- <span class="inserted"><ins><em><p>The report was as of 2014, but we
don't expect this has got
+ <p>The report was as of 2014, but we don't expect this has got
better.</p>
- <p>This shows that laws requiring products</em></ins></span> to
<span class="inserted"><ins><em>get users' formal
+ <p>This shows that laws requiring products</em></ins></span> to
<span class="removed"><del><strong>track</strong></del></span> <span
class="inserted"><ins><em>get users' formal
consent before collecting personal data are totally inadequate.
- And what happens if a user declines consent? Probably</em></ins></span>
the <span class="removed"><del><strong>car remotely, the cell phone
- modem enables the phone company</strong></del></span> <span
class="inserted"><ins><em>TV will
- say, “Without your consent</em></ins></span> to <span
class="removed"><del><strong>track the car's movements
all</strong></del></span> <span
class="inserted"><ins><em>tracking,</em></ins></span> the <span
class="removed"><del><strong>time; it is possible</strong></del></span> <span
class="inserted"><ins><em>TV will not
+ And what happens if a user declines consent? Probably</em></ins></span>
the <span class="removed"><del><strong>car's movements
all</strong></del></span> <span class="inserted"><ins><em>TV will
+ say, “Without your consent to tracking,</em></ins></span> the <span
class="removed"><del><strong>time; it is possible</strong></del></span> <span
class="inserted"><ins><em>TV will not
work.”</p>
<p>Proper laws would say that TVs are not allowed</em></ins></span>
to <span class="removed"><del><strong>physically remove</strong></del></span>
<span class="inserted"><ins><em>report what</em></ins></span> the <span
class="removed"><del><strong>cell phone modem
@@ -1956,147 +1944,152 @@
<li <span
class="removed"><del><strong>id="records-drivers"><p>Proprietary
software</strong></del></span> <span
class="inserted"><ins><em>id="M201405200">
<p>Spyware</em></ins></span> in <span
class="removed"><del><strong>cars</strong></del></span> <span
class="inserted"><ins><em>LG “smart” TVs</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records
information about drivers' movements</a>,
- which is made available to car manufacturers, insurance
companies,</strong></del></span>
- <span
class="inserted"><ins><em>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- reports what the user watches,</em></ins></span> and
- <span class="removed"><del><strong>others.</p>
+ which is made available to car manufacturers, insurance companies, and
+ others.</p>
- <p>The case of toll-collection systems, mentioned
in</strong></del></span> <span class="inserted"><ins><em>the switch to
turn</em></ins></span> this <span class="removed"><del><strong>article, is not
- really</strong></del></span> <span class="inserted"><ins><em>off has
- no effect</a>. (The fact that the transmission
reports</em></ins></span> a <span class="removed"><del><strong>matter of
proprietary surveillance. These systems are an
+ <p>The case of toll-collection systems, mentioned in this article,
is not
+ really a matter of proprietary surveillance. These systems are an
intolerable invasion of privacy, and should be replaced with anonymous
- payment systems, but</strong></del></span> <span
class="inserted"><ins><em>404 error
- really means nothing;</em></ins></span> the <span
class="removed"><del><strong>invasion isn't done by malware.
The</strong></del></span> <span class="inserted"><ins><em>server could save
that data anyway.)</p>
+ payment systems, but the invasion isn't done by malware. The other
+ cases mentioned are done by proprietary malware in the
car.</p></li>
+
+ <li><p>Tesla cars allow</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ reports what</em></ins></span> the <span
class="removed"><del><strong>company to extract data
remotely</strong></del></span> <span class="inserted"><ins><em>user
watches,</em></ins></span> and
+ <span class="removed"><del><strong>determine</strong></del></span> the
<span class="removed"><del><strong>car's location at any time. (See
+ <a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
+ Section 2, paragraphs b and c.</a>). The company says it doesn't
+ store</strong></del></span> <span class="inserted"><ins><em>switch to
turn</em></ins></span> this <span class="removed"><del><strong>information, but
if</strong></del></span> <span class="inserted"><ins><em>off has
+ no effect</a>. (The fact that</em></ins></span> the <span
class="removed"><del><strong>state orders it to get</strong></del></span> <span
class="inserted"><ins><em>transmission reports a 404 error
+ really means nothing;</em></ins></span> the <span
class="inserted"><ins><em>server could save that</em></ins></span> data
+ <span class="removed"><del><strong>and hand</strong></del></span> <span
class="inserted"><ins><em>anyway.)</p>
- <p>Even worse, it <a
+ <p>Even worse,</em></ins></span> it <span
class="removed"><del><strong>over,</strong></del></span> <span
class="inserted"><ins><em><a
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
- snoops on</em></ins></span> other
- <span class="removed"><del><strong>cases mentioned are done by
proprietary malware in the car.</p></li>
+ snoops on other devices on</em></ins></span> the <span
class="removed"><del><strong>state can store it.</p>
+ </li>
+</ul>
- <li><p>Tesla cars allow</strong></del></span> <span
class="inserted"><ins><em>devices on</em></ins></span> the <span
class="removed"><del><strong>company</strong></del></span> <span
class="inserted"><ins><em>user's local network</a>.</p>
- <p>LG later said it had installed a patch</em></ins></span> to <span
class="removed"><del><strong>extract data remotely and
- determine the car's location at</strong></del></span> <span
class="inserted"><ins><em>stop this, but</em></ins></span> any <span
class="removed"><del><strong>time. (See
- <a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
- Section 2, paragraphs b and c.</a>). The company says it doesn't
- store</strong></del></span>
- <span class="inserted"><ins><em>product could spy</em></ins></span> this
<span class="removed"><del><strong>information, but if the state orders
it</strong></del></span> <span class="inserted"><ins><em>way.</p>
+<!-- #SpywareAtHome -->
+<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>user's local network</a>.</p>
+
+ <p>LG later said it had installed a patch</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareAtHome">Spyware at Home</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+</div>
+<div style="clear: left;"></div>
- <p>Meanwhile, LG TVs <a
-
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
- do lots of spying anyway</a>.</p>
+<ul>
+ <li><p>Nest thermometers
+ send</strong></del></span> <span class="inserted"><ins><em>stop this, but any
+ product could spy this way.</p>
+
+ <p>Meanwhile, LG TVs</em></ins></span> <a <span
class="removed"><del><strong>href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
+ lot</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
+ do lots</em></ins></span> of <span class="removed"><del><strong>data about
the user</a>.</p></strong></del></span> <span
class="inserted"><ins><em>spying anyway</a>.</p></em></ins></span>
</li>
- <li id="M201212170">
+ <span class="removed"><del><strong><li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
+ Rent-to-own computers were programmed</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201212170">
<p id="break-security-smarttv"><a
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
- Crackers found a way</em></ins></span> to <span
class="removed"><del><strong>get the data</strong></del></span> <span
class="inserted"><ins><em>break security on a “smart”
TV</a></em></ins></span>
- and <span class="removed"><del><strong>hand it over,</strong></del></span>
<span class="inserted"><ins><em>use its camera to watch</em></ins></span> the
<span class="removed"><del><strong>state can store
it.</p></strong></del></span> <span class="inserted"><ins><em>people who
are watching TV.</p></em></ins></span>
+ Crackers found a way to break security on a “smart”
TV</a>
+ and use its camera</em></ins></span> to <span
class="removed"><del><strong>spy on their
renters</a>.</p></strong></del></span> <span
class="inserted"><ins><em>watch the people who are watching
TV.</p></em></ins></span>
</li>
</ul>
-<span class="removed"><del><strong><!-- #SpywareAtHome -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
--></strong></del></span>
-
-
-<div <span class="removed"><del><strong>class="big-section">
- <h3 id="SpywareAtHome">Spyware at
Home</h3></strong></del></span> <span
class="inserted"><ins><em>class="big-subsection">
- <h4 id="SpywareInCameras">Cameras</h4></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareAtHome">#SpywareAtHome</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInCameras">#SpywareInCameras</a>)</span></em></ins></span>
+<div class="big-subsection">
+ <h4 <span class="removed"><del><strong>id="SpywareInTVSets">Spyware in
TV Sets</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInCameras">Cameras</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInCameras">#SpywareInCameras</a>)</span></em></ins></span>
</div>
-<span class="removed"><del><strong><div style="clear: left;"></div>
-<ul>
- <li><p>Nest thermometers
- send</strong></del></span>
+<span class="removed"><del><strong><p>Emo Phillips made a joke: The
other day</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
<li id="M201710040">
<p>Every “home security” camera, if its
- manufacturer can communicate with it, is a surveillance
device.</em></ins></span> <a <span
class="removed"><del><strong>href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
- lot of data</strong></del></span>
+ manufacturer can communicate with it, is</em></ins></span> a <span
class="removed"><del><strong>woman came up to me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out the other way.” Evidently that was
+before Amazon “smart” TVs.</p>
+
+<ul>
+ <li>
+ <p>Vizio
+ “smart”</strong></del></span> <span
class="inserted"><ins><em>surveillance device.</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
- Canary camera is an example</a>.</p>
+ Canary camera</em></ins></span> is <span
class="removed"><del><strong>viewed</strong></del></span> <span
class="inserted"><ins><em>an example</a>.</p>
- <p>The article describes wrongdoing by the manufacturer, based on
- the fact that the device is tethered to a server.</p>
+ <p>The article describes wrongdoing by the manufacturer,
based</em></ins></span> on <span class="removed"><del><strong>them, and not
just broadcasts
+ and cable</a>. Even if</strong></del></span>
+ the <span class="removed"><del><strong>image</strong></del></span> <span
class="inserted"><ins><em>fact that the device</em></ins></span> is <span
class="removed"><del><strong>coming from</strong></del></span> <span
class="inserted"><ins><em>tethered to a server.</p>
- <p><a
href="/proprietary/proprietary-tethers.html">More</em></ins></span> about
- <span class="inserted"><ins><em>proprietary tethering</a>.</p>
+ <p><a href="/proprietary/proprietary-tethers.html">More about
+ proprietary tethering</a>.</p>
- <p>But it also demonstrates that</em></ins></span> the <span
class="removed"><del><strong>user</a>.</p></strong></del></span>
<span class="inserted"><ins><em>device gives the company
- surveillance capability.</p></em></ins></span>
+ <p>But it also demonstrates that</em></ins></span> the <span
class="removed"><del><strong>user's own
+ computer,</strong></del></span> <span class="inserted"><ins><em>device
gives</em></ins></span> the <span class="removed"><del><strong>TV reports what
it is. The existence</strong></del></span> <span
class="inserted"><ins><em>company
+ surveillance capability.</p>
</li>
- <span class="removed"><del><strong><li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
- Rent-to-own computers were programmed</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201603220">
- <p>Over 70 brands of network-connected surveillance cameras have
<a
+ <li id="M201603220">
+ <p>Over 70 brands</em></ins></span> of <span
class="removed"><del><strong>a way</strong></del></span> <span
class="inserted"><ins><em>network-connected surveillance cameras have <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
- security bugs that allow anyone</em></ins></span> to <span
class="removed"><del><strong>spy on their
renters</a>.</p></strong></del></span> <span
class="inserted"><ins><em>watch through them</a>.</p>
+ security bugs that allow anyone</em></ins></span> to
+ <span class="removed"><del><strong>disable the
surveillance,</strong></del></span> <span class="inserted"><ins><em>watch
through them</a>.</p>
</li>
<li id="M201511250">
<p>The Nest Cam “smart” camera is <a
- href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
- even when the “owner” switches it “off.”</p>
+ href="http://www.bbc.com/news/technology-34922712">always
watching</a>,</em></ins></span>
+ even <span class="removed"><del><strong>if</strong></del></span> <span
class="inserted"><ins><em>when the “owner”
switches</em></ins></span> it <span class="removed"><del><strong>were not
hidden</strong></del></span> <span
class="inserted"><ins><em>“off.”</p>
<p>A “smart” device means the manufacturer is using it
- to outsmart you.</p></em></ins></span>
+ to outsmart you.</p>
</li>
</ul>
<div class="big-subsection">
- <h4 <span class="removed"><del><strong>id="SpywareInTVSets">Spyware in
TV Sets</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInToys">Toys</h4></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInToys">#SpywareInToys</a>)</span></em></ins></span>
+ <h4 id="SpywareInToys">Toys</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>
-<span class="removed"><del><strong><p>Emo Phillips
made</strong></del></span>
-
-<span class="inserted"><ins><em><ul class="blurbs">
+<ul class="blurbs">
<li id="M201711244">
- <p>The Furby Connect has</em></ins></span> a <span
class="removed"><del><strong>joke: The other day</strong></del></span> <span
class="inserted"><ins><em><a
+ <p>The Furby Connect has a <a
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
- universal back door</a>. If the product as shipped doesn't act
as</em></ins></span> a <span class="removed"><del><strong>woman came
up</strong></del></span>
- <span class="inserted"><ins><em>listening device, remote
changes</em></ins></span> to <span class="removed"><del><strong>me and
-said, “Didn't I see you on television?” I said, “I
-don't know. You can't see out</strong></del></span> the <span
class="removed"><del><strong>other way.” Evidently
that</strong></del></span> <span class="inserted"><ins><em>code could surely
convert it
- into one.</p>
+ universal back door</a>. If the product as shipped doesn't
act</em></ins></span> as <span class="inserted"><ins><em>a
+ listening device, remote changes to the code could surely
convert</em></ins></span> it
+ <span class="inserted"><ins><em>into one.</p>
</li>
<li id="M201711100">
- <p>A remote-control sex toy</em></ins></span> was
-<span class="removed"><del><strong>before Amazon “smart”
TVs.</p>
-
-<ul>
- <li>
- <p>Vizio
- “smart”</strong></del></span> <span
class="inserted"><ins><em>found to make</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
- report everything that is viewed on them, and not just broadcasts
- and cable</a>. Even if</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
- recordings of</em></ins></span> the <span
class="removed"><del><strong>image is coming from</strong></del></span> <span
class="inserted"><ins><em>conversation between two users</a>.</p>
- </li>
-
- <li id="M201703140">
- <p>A computerized vibrator <a
-
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping on its users through</em></ins></span> the <span
class="removed"><del><strong>user's own
- computer,</strong></del></span> <span
class="inserted"><ins><em>proprietary control app</a>.</p>
-
- <p>The app was reporting</em></ins></span> the <span
class="removed"><del><strong>TV reports what it is. The
existence</strong></del></span> <span
class="inserted"><ins><em>temperature</em></ins></span> of <span
class="removed"><del><strong>a way to
- disable</strong></del></span> the <span
class="removed"><del><strong>surveillance, even if it were not hidden
as</strong></del></span> <span class="inserted"><ins><em>vibrator minute by
- minute (thus, indirectly, whether</em></ins></span> it was <span
class="removed"><del><strong>in
- these TVs, does not legitimize</strong></del></span> <span
class="inserted"><ins><em>surrounded by a person's
- body), as well as</em></ins></span> the <span
class="removed"><del><strong>surveillance.</p>
- </li>
-
- <li><p>More or less all “smart” TVs <a
-href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
- on</strong></del></span> <span class="inserted"><ins><em>vibration
frequency.</p>
+ <p>A remote-control sex toy</em></ins></span> was <span
class="removed"><del><strong>in
+ these TVs, does not legitimize</strong></del></span> <span
class="inserted"><ins><em>found to make <a
+
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
+ recordings of</em></ins></span> the <span
class="removed"><del><strong>surveillance.</p></strong></del></span>
<span class="inserted"><ins><em>conversation between two
users</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>More or less all
“smart” TVs</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201703140">
+ <p>A computerized vibrator</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ was snooping</em></ins></span> on <span class="inserted"><ins><em>its
users through the proprietary control app</a>.</p>
+
+ <p>The app was reporting the temperature of the vibrator minute by
+ minute (thus, indirectly, whether it was surrounded by a person's
+ body), as well as the vibration frequency.</p>
<p>Note the totally inadequate proposed response: a labeling
standard with which manufacturers would make statements
about</em></ins></span> their <span
class="removed"><del><strong>users</a>.</p></strong></del></span>
@@ -2122,69 +2115,65 @@
user <span class="removed"><del><strong>watches — no
exceptions!</p>
</li>
<li><p>Vizio goes a step further than other TV manufacturers in
spying on
- their users: their</strong></del></span> <span
class="inserted"><ins><em>was.</p>
-
- <p>Following this lawsuit,</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ their users: their <a
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
“smart” TVs analyze your viewing habits in detail and
link them your IP address</a> so that advertisers can track you
across devices.</p>
- <p>It is possible</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered</em></ins></span> to <span
class="removed"><del><strong>turn this off, but having it enabled by default
- is an injustice already.</p></strong></del></span> <span
class="inserted"><ins><em>pay a total of C$4m</a> to its
- customers.</p></em></ins></span>
- </li>
+ <p>It is possible to turn</strong></del></span> <span
class="inserted"><ins><em>was.</p>
- <span class="removed"><del><strong><li><p>Tivo's
alliance</strong></del></span>
+ <p>Following</em></ins></span> this <span
class="removed"><del><strong>off, but having it enabled by default
+ is an injustice already.</p>
+ </li>
- <span class="inserted"><ins><em><li id="M201702280">
- <p>“CloudPets” toys</em></ins></span> with <span
class="removed"><del><strong>Viacom adds 2.3 million
households</strong></del></span> <span class="inserted"><ins><em>microphones
<a
-
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
- leak childrens' conversations</em></ins></span> to the <span
class="removed"><del><strong>600 millions social media profiles the company
already
+ <li><p>Tivo's alliance with Viacom adds 2.3 million households to
+ the 600 millions social media profiles</strong></del></span> <span
class="inserted"><ins><em>lawsuit, <a
+
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"></em></ins></span>
+ the company <span class="removed"><del><strong>already
monitors. Tivo customers are unaware they're being watched by
advertisers. By combining TV viewing information with online
- social media participation, Tivo can now</strong></del></span> <span
class="inserted"><ins><em>manufacturer</a>. Guess what?</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
- advertisement with online purchases</a>, exposing all
users</strong></del></span>
- <span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
- Crackers found a way</em></ins></span> to
- <span class="removed"><del><strong>new combined
surveillance</strong></del></span> <span class="inserted"><ins><em>access the
data</a> collected</em></ins></span> by <span
class="removed"><del><strong>default.</p></li>
+ social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
+ advertisement</strong></del></span> <span class="inserted"><ins><em>has
been ordered to pay a total of C$4m</a> to its
+ customers.</p>
+ </li>
+
+ <li id="M201702280">
+ <p>“CloudPets” toys</em></ins></span> with <span
class="removed"><del><strong>online purchases</a>, exposing all
users</strong></del></span> <span class="inserted"><ins><em>microphones <a
+
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
+ leak childrens' conversations</em></ins></span> to
+ <span class="removed"><del><strong>new combined
surveillance</strong></del></span> <span class="inserted"><ins><em>the
manufacturer</a>. Guess what? <a
+
href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
+ Crackers found a way to access the data</a>
collected</em></ins></span> by <span
class="removed"><del><strong>default.</p></li>
<li><p>Some web</strong></del></span> <span
class="inserted"><ins><em>the
manufacturer's snooping.</p>
<p>That the manufacturer</em></ins></span> and <span
class="removed"><del><strong>TV advertisements play inaudible
sounds</strong></del></span> <span class="inserted"><ins><em>the FBI could
listen</em></ins></span> to <span class="removed"><del><strong>be
picked up</strong></del></span> <span class="inserted"><ins><em>these
conversations was unacceptable</em></ins></span> by <span
class="removed"><del><strong>proprietary malware running on other devices in
- range so as to determine that they are nearby. Once your
- Internet devices are paired with your TV, advertisers can
- correlate ads with Web activity, and
- other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p></strong></del></span> <span
class="inserted"><ins><em>itself.</p></em></ins></span>
+ range so as</strong></del></span> <span
class="inserted"><ins><em>itself.</p>
</li>
- <span
class="removed"><del><strong><li><p>Vizio</strong></del></span>
- <span class="inserted"><ins><em><li id="M201612060">
- <p>The</em></ins></span> “smart” <span
class="removed"><del><strong>TVs recognize</strong></del></span> <span
class="inserted"><ins><em>toys My Friend Cayla</em></ins></span> and <span
class="inserted"><ins><em>i-Que transmit</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
what people are watching</a>,
- even if it isn't</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
- conversations to Nuance Communications</a>,</em></ins></span> a
<span class="removed"><del><strong>TV channel.</p>
- </li>
- <li><p>The Amazon “Smart” TV
- <a
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
- watching</strong></del></span> <span class="inserted"><ins><em>speech
recognition
+ <li id="M201612060">
+ <p>The “smart” toys My Friend Cayla and i-Que transmit
<a
+
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
+ conversations</em></ins></span> to <span
class="removed"><del><strong>determine that they are nearby. Once your
+ Internet devices are paired with your TV,
advertisers</strong></del></span> <span class="inserted"><ins><em>Nuance
Communications</a>, a speech recognition
company based in the U.S.</p>
- <p>Those toys also contain major security vulnerabilities; crackers
- can remotely control the toys with a mobile phone. This would enable
- crackers to listen in on a child's speech,</em></ins></span> and <span
class="removed"><del><strong>listening all</strong></del></span> <span
class="inserted"><ins><em>even speak into</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p></strong></del></span>
- <span class="inserted"><ins><em>toys
themselves.</p></em></ins></span>
+ <p>Those toys also contain major security vulnerabilities;
crackers</em></ins></span>
+ can
+ <span class="removed"><del><strong>correlate ads</strong></del></span>
<span class="inserted"><ins><em>remotely control the toys</em></ins></span>
with <span class="removed"><del><strong>Web activity,</strong></del></span>
<span class="inserted"><ins><em>a mobile phone. This would enable
+ crackers to listen in on a child's speech,</em></ins></span> and
+ <span class="removed"><del><strong>other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p></strong></del></span> <span
class="inserted"><ins><em>even speak into the
+ toys themselves.</p></em></ins></span>
</li>
- <span class="removed"><del><strong><li><p>The Samsung
“Smart” TV</strong></del></span>
+ <span class="removed"><del><strong><li><p>Vizio
“smart” TVs recognize and</strong></del></span>
<span class="inserted"><ins><em><li id="M201502180">
- <p>Barbie</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">transmits
users' voice on the internet</strong></del></span>
+ <p>Barbie</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
what people are watching</a>,
+ even if it isn't</strong></del></span>
<span
class="inserted"><ins><em>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
- going</em></ins></span> to <span class="removed"><del><strong>another
- company, Nuance</a>. Nuance can save it</strong></del></span> <span
class="inserted"><ins><em>spy on children</em></ins></span> and <span
class="removed"><del><strong>would then have</strong></del></span> <span
class="inserted"><ins><em>adults</a>.</p>
+ going to spy on children and adults</a>.</p>
</li>
</ul>
@@ -2196,12 +2185,13 @@
<ul class="blurbs">
<li id="M201708040">
- <p>While you're using a DJI drone
+ <p>While you're using</em></ins></span> a <span
class="removed"><del><strong>TV channel.</p></strong></del></span> <span
class="inserted"><ins><em>DJI drone
to snoop on other people, DJI is in many cases <a
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
- on you</a>.</p>
+ on you</a>.</p></em></ins></span>
</li>
-</ul>
+ <span class="removed"><del><strong><li><p>The Amazon
“Smart” TV</strong></del></span>
+<span class="inserted"><ins><em></ul>
<div class="big-subsection">
@@ -2209,6 +2199,25 @@
</div>
<ul class="blurbs">
+ <li id="M201809260">
+ <p>Honeywell's "smart" thermostats communicate
+ only through the company's server. They have
+ all the nasty characteristics of such devices:</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
+ watching</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9">
+ surveillance,</em></ins></span> and <span
class="removed"><del><strong>listening</strong></del></span> <span
class="inserted"><ins><em>danger of sabotage</a> (of a specific user, or
of</em></ins></span>
+ all <span class="inserted"><ins><em>users at once), as well
as</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p>
+ </li>
+ <li><p>The Samsung “Smart” TV
+ <a
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">transmits
users' voice on</strong></del></span> <span class="inserted"><ins><em>risk of
an outage (which is what
+ just happened).</p>
+
+ <p>In addition, setting</em></ins></span> the <span
class="removed"><del><strong>internet to another
+ company, Nuance</a>. Nuance</strong></del></span> <span
class="inserted"><ins><em>desired temperature requires running
+ nonfree software. With an old-fashioned thermostat, you</em></ins></span>
can <span class="removed"><del><strong>save</strong></del></span> <span
class="inserted"><ins><em>do</em></ins></span> it <span
class="removed"><del><strong>and would then have</strong></del></span>
+ <span class="inserted"><ins><em>using controls right on the
thermostat.</p>
+ </li>
+
<li id="M201808120">
<p>Crackers found a way</em></ins></span> to
<span class="removed"><del><strong>give</strong></del></span> <span
class="inserted"><ins><em>break the security of an Amazon device,
@@ -2773,7 +2782,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/09/30 18:28:15 $
+$Date: 2018/10/01 07:58:15 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary-surveillance.it.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.it.po,v
retrieving revision 1.242
retrieving revision 1.243
diff -u -b -r1.242 -r1.243
--- proprietary-surveillance.it.po 30 Sep 2018 18:28:17 -0000 1.242
+++ proprietary-surveillance.it.po 1 Oct 2018 07:58:15 -0000 1.243
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-09-30 18:25+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: 2017-12-31 13:19+0100\n"
"Last-Translator: Andrea Pescetti <address@hidden>\n"
"Language-Team: Italian <address@hidden>\n"
@@ -3328,6 +3328,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a href="
+"\"https://www.businessinsider.com/honeywell-iot-thermostats-server-";
+"outage-2018-9\"> surveillance, and danger of sabotage</a> (of a specific "
+"user, or of all users at once), as well as the risk of an outage (which is "
+"what just happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Crackers found a way to break the security of an Amazon device, and <a href="
"\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\";> turn it into a "
"listening device</a> for them."
Index: proprietary-surveillance.ja-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.ja-diff.html,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -b -r1.80 -r1.81
--- proprietary-surveillance.ja-diff.html 30 Sep 2018 18:28:17 -0000
1.80
+++ proprietary-surveillance.ja-diff.html 1 Oct 2018 07:58:15 -0000
1.81
@@ -1414,81 +1414,31 @@
<span class="removed"><del><strong>determine</strong></del></span> <span
class="inserted"><ins><em>abusive practices inflicted by VPN
apps.”</p>
<p>Following is a non-exhaustive list of proprietary VPN apps
from</em></ins></span>
- the <span class="removed"><del><strong>car's location at any time. (See
- <a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
- Section 2, paragraphs b</strong></del></span> <span
class="inserted"><ins><em>research paper that tracks</em></ins></span> and
<span class="removed"><del><strong>c.</a>). The company says it doesn't
- store this information, but if</strong></del></span> <span
class="inserted"><ins><em>infringes</em></ins></span> the <span
class="removed"><del><strong>state orders it</strong></del></span> <span
class="inserted"><ins><em>privacy of users:</p>
+ the <span class="removed"><del><strong>car's</strong></del></span> <span
class="inserted"><ins><em>research paper that tracks and infringes the privacy
of users:</p>
<dl>
<dt>SurfEasy</dt>
<dd>Includes tracking libraries such as NativeX and Appflood,
- meant</em></ins></span> to <span class="removed"><del><strong>get the
data</strong></del></span> <span class="inserted"><ins><em>track
users</em></ins></span> and <span
class="removed"><del><strong>hand</strong></del></span> <span
class="inserted"><ins><em>show them targeted ads.</dd>
+ meant to track users and show them targeted ads.</dd>
<dt>sFly Network Booster</dt>
<dd>Requests the <code>READ_SMS</code> and
<code>SEND_SMS</code>
- permissions upon installation, meaning</em></ins></span> it <span
class="removed"><del><strong>over, the state can store it.</p>
- </li>
-</ul>
-
-
-<!-- #SpywareAtHome -->
-<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>has full access</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each subsection -->
-
-<div class="big-section">
- <h3 id="SpywareAtHome">Spyware at Home</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-<ul>
- <li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
- Rent-to-own computers were programmed</strong></del></span> <span
class="inserted"><ins><em>users'
+ permissions upon installation, meaning it has full access to users'
text messages.</dd>
<dt>DroidVPN and TigerVPN</dt>
- <dd>Requests the <code>READ_LOGS</code>
permission</em></ins></span> to <span class="removed"><del><strong>spy on their
renters</a>.</p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInTVSets">Spyware in TV Sets</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
-</div>
-
-<p>Emo Phillips made a joke: The</strong></del></span> <span
class="inserted"><ins><em>read logs
- for</em></ins></span> other <span class="removed"><del><strong>day a
woman came up</strong></del></span> <span class="inserted"><ins><em>apps and
also core system logs. TigerVPN developers have
+ <dd>Requests the <code>READ_LOGS</code> permission to
read logs
+ for other apps and also core system logs. TigerVPN developers have
confirmed this.</dd>
<dt>HideMyAss</dt>
- <dd>Sends traffic</em></ins></span> to <span
class="removed"><del><strong>me</strong></del></span> <span
class="inserted"><ins><em>LinkedIn. Also, it stores detailed
logs</em></ins></span> and
-<span class="removed"><del><strong>said, “Didn't I see you on
television?” I said, “I
-don't know. You can't see out the other way.” Evidently that was
-before Amazon “smart” TVs.</p>
-
-<ul>
- <li><p>More or less all “smart” TVs <a href="
-
http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
- on their users</a>.</p>
-
- <p>The report was as of 2014, but we don't expect this has got
better.</p>
-
- <p>This shows that laws requiring products</strong></del></span>
- <span class="inserted"><ins><em>may turn them over</em></ins></span> to
<span class="removed"><del><strong>get users' formal
- consent before collecting personal data are totally inadequate.
- And what happens</strong></del></span> <span
class="inserted"><ins><em>the UK government</em></ins></span> if <span
class="removed"><del><strong>a user declines consent?
Probably</strong></del></span> <span
class="inserted"><ins><em>requested.</dd>
+ <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
+ may turn them over to the UK government if requested.</dd>
<dt>VPN Services HotspotShield</dt>
- <dd>Injects JavaScript code into</em></ins></span> the <span
class="removed"><del><strong>TV
- will say, “Without your consent</strong></del></span> <span
class="inserted"><ins><em>HTML pages returned</em></ins></span> to <span
class="removed"><del><strong>tracking,</strong></del></span> the <span
class="removed"><del><strong>TV will
- not work.”</p>
-
- <p>Proper laws would say that TVs are not
allowed</strong></del></span>
- <span class="inserted"><ins><em>users. The stated purpose of the JS
injection is</em></ins></span> to <span class="removed"><del><strong>report
what</strong></del></span> <span class="inserted"><ins><em>display ads. Uses
- roughly five tracking libraries. Also, it redirects</em></ins></span>
the <span class="removed"><del><strong>user watches — no
exceptions!</p>
- </li>
- <li><p>Vizio goes a step further than other TV manufacturers in
spying on
- their users: their</strong></del></span> <span
class="inserted"><ins><em>user's
+ <dd>Injects JavaScript code into the HTML pages returned to the
+ users. The stated purpose of the JS injection is to display ads. Uses
+ roughly five tracking libraries. Also, it redirects the user's
traffic through valueclick.com (an advertising website).</dd>
<dt>WiFi Protector VPN</dt>
@@ -1500,60 +1450,38 @@
</li>
<li id="M201609210">
- <p>Google's new voice messaging app</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ <p>Google's new voice messaging app <a
+
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
all conversations</a>.</p>
</li>
<li id="M201606050">
<p>Facebook's new Magic Photo app <a
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
- scans</em></ins></span> your <span class="removed"><del><strong>viewing
habits in detail</strong></del></span> <span class="inserted"><ins><em>mobile
phone's photo collections for known faces</a>,</em></ins></span>
- and
- <span class="removed"><del><strong>link them your IP address</a>
so that advertisers can track</strong></del></span> <span
class="inserted"><ins><em>suggests</em></ins></span> you
- <span class="removed"><del><strong>across devices.</p>
-
- <p>It is possible to turn this off, but having it enabled by
default
- is an injustice already.</p>
- </li>
-
- <li><p>Tivo's alliance with Viacom adds 2.3 million
households</strong></del></span> to <span
class="inserted"><ins><em>share</em></ins></span> the <span
class="removed"><del><strong>600 millions social media
profiles</strong></del></span> <span class="inserted"><ins><em>picture you take
according to who is
- in</em></ins></span> the <span class="removed"><del><strong>company already
- monitors. Tivo customers are unaware they're being watched by
- advertisers. By combining TV viewing information with online
- social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
- advertisement with</strong></del></span> <span
class="inserted"><ins><em>frame.</p>
-
- <p>This spyware feature seems to require</em></ins></span> online
<span class="removed"><del><strong>purchases</a>, exposing all
users</strong></del></span> <span
class="inserted"><ins><em>access</em></ins></span> to
- <span class="removed"><del><strong>new combined surveillance by
default.</p></li>
- <li><p>Some web and TV advertisements play inaudible
sounds</strong></del></span> <span class="inserted"><ins><em>some
- known-faces database, which means the pictures are
likely</em></ins></span> to be
- <span class="removed"><del><strong>picked up by proprietary malware
running on other devices in
- range so as</strong></del></span>
- <span class="inserted"><ins><em>sent across the wire</em></ins></span> to
<span class="removed"><del><strong>determine that they</strong></del></span>
<span class="inserted"><ins><em>Facebook's servers and face-recognition
+ scans your mobile phone's photo collections for known faces</a>,
+ and suggests you to share the picture you take according to who is
+ in the frame.</p>
+
+ <p>This spyware feature seems to require online access to some
+ known-faces database, which means the pictures are likely to be
+ sent across the wire to Facebook's servers and face-recognition
algorithms.</p>
- <p>If so, none of Facebook users' pictures</em></ins></span> are
<span class="removed"><del><strong>nearby. Once your
- Internet devices</strong></del></span> <span
class="inserted"><ins><em>private anymore,
+ <p>If so, none of Facebook users' pictures are private anymore,
even if the user didn't “upload” them to the service.</p>
</li>
<li id="M201605310">
<p>Facebook's app listens all the time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
- snoop on what people</em></ins></span> are <span
class="removed"><del><strong>paired</strong></del></span> <span
class="inserted"><ins><em>listening to or watching</a>. In addition,
- it may be analyzing people's conversations to serve them</em></ins></span>
with <span class="removed"><del><strong>your TV,
advertisers</strong></del></span> <span class="inserted"><ins><em>targeted
+ snoop on what people are listening to or watching</a>. In addition,
+ it may be analyzing people's conversations to serve them with targeted
advertisements.</p>
</li>
<li id="M201604250">
- <p>A pregnancy test controller application not
only</em></ins></span> can
- <span class="removed"><del><strong>correlate ads with Web activity, and
- other</strong></del></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p>
- </li>
- <li><p>Vizio “smart”</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
+ <p>A pregnancy test controller application not only can <a
+
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
spy on many sorts of data in the phone, and in server accounts,
it can alter them too</a>.</p>
</li>
@@ -1585,7 +1513,7 @@
<li id="M201510300">
<p>More than 73% and 47% of mobile applications, from Android and iOS
respectively <a href="https://techscience.org/a/2015103001/">share
- personal, behavioral and location information</a> of their users with
+ personal, behavioral and</em></ins></span> location <span
class="inserted"><ins><em>information</a> of their users with
third parties.</p>
</li>
@@ -1643,7 +1571,7 @@
<p>Many proprietary apps for mobile devices
report which other apps the user has installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
- is doing this in a way that at least is visible and optional</a>. Not
+ is doing this in a way that</em></ins></span> at <span
class="inserted"><ins><em>least is visible and optional</a>. Not
as bad as what the others do.</p>
</li>
@@ -1670,7 +1598,7 @@
approve sending personal data to the app developer but did not ask
about sending it to other companies. This shows the weakness of
the reject-it-if-you-dislike-snooping “solution” to
- surveillance: why should a flashlight app send any information to
+ surveillance: why should a flashlight app send</em></ins></span> any <span
class="removed"><del><strong>time. (See</strong></del></span> <span
class="inserted"><ins><em>information to
anyone? A free software flashlight app would not.</p>
</li>
@@ -1908,13 +1836,14 @@
</li>
<li id="M201411090">
- <p>The Amazon “Smart” TV is <a
-
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
+ <p>The Amazon “Smart” TV is</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
+ Section 2, paragraphs b</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
snooping all the time</a>.</p>
</li>
<li id="M201409290">
- <p>More or less all “smart”</em></ins></span> TVs <span
class="removed"><del><strong>recognize</strong></del></span> <span
class="inserted"><ins><em><a
+ <p>More or less all “smart” TVs <a
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
on their users</a>.</p>
@@ -1934,7 +1863,8 @@
<li id="M201405200">
<p>Spyware in LG “smart” TVs <a
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- reports what the user watches, and the switch to turn this off has
+ reports what the user watches,</em></ins></span> and <span
class="removed"><del><strong>c.</a>). The company says it doesn't
+ store</strong></del></span> <span class="inserted"><ins><em>the switch
to turn</em></ins></span> this <span
class="removed"><del><strong>information,</strong></del></span> <span
class="inserted"><ins><em>off has
no effect</a>. (The fact that the transmission reports a 404 error
really means nothing; the server could save that data anyway.)</p>
@@ -1942,7 +1872,7 @@
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
snoops on other devices on the user's local network</a>.</p>
- <p>LG later said it had installed a patch to stop this, but any
+ <p>LG later said it had installed a patch to stop
this,</em></ins></span> but <span class="inserted"><ins><em>any
product could spy this way.</p>
<p>Meanwhile, LG TVs <a
@@ -1966,97 +1896,159 @@
<ul class="blurbs">
<li id="M201710040">
- <p>Every “home security” camera, if its
+ <p>Every “home security” camera,</em></ins></span> if
<span class="inserted"><ins><em>its
manufacturer can communicate with it, is a surveillance device. <a
href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
Canary camera is an example</a>.</p>
- <p>The article describes wrongdoing by the manufacturer, based on
+ <p>The article describes wrongdoing by</em></ins></span> the <span
class="removed"><del><strong>state orders</strong></del></span> <span
class="inserted"><ins><em>manufacturer, based on
the fact that the device is tethered to a server.</p>
<p><a href="/proprietary/proprietary-tethers.html">More about
proprietary tethering</a>.</p>
- <p>But it also demonstrates that the device gives the company
+ <p>But</em></ins></span> it <span class="inserted"><ins><em>also
demonstrates that the device gives the company
surveillance capability.</p>
</li>
<li id="M201603220">
<p>Over 70 brands of network-connected surveillance cameras have
<a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
- security bugs that allow anyone to watch through them</a>.</p>
+ security bugs that allow anyone</em></ins></span> to <span
class="removed"><del><strong>get</strong></del></span> <span
class="inserted"><ins><em>watch through them</a>.</p>
</li>
<li id="M201511250">
<p>The Nest Cam “smart” camera is <a
href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
- even when the “owner” switches it “off.”</p>
+ even when</em></ins></span> the <span class="removed"><del><strong>data
+ and hand</strong></del></span> <span
class="inserted"><ins><em>“owner” switches</em></ins></span> it
<span class="removed"><del><strong>over,</strong></del></span> <span
class="inserted"><ins><em>“off.”</p>
- <p>A “smart” device means the manufacturer is using it
- to outsmart you.</p>
+ <p>A “smart” device means</em></ins></span> the <span
class="removed"><del><strong>state can store it.</p>
+ </li>
+</ul>
+
+
+<!-- #SpywareAtHome -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+
+<div class="big-section">
+ <h3 id="SpywareAtHome">Spyware at Home</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
+ Rent-to-own computers were programmed</strong></del></span> <span
class="inserted"><ins><em>manufacturer is using it</em></ins></span>
+ to <span class="removed"><del><strong>spy on their
renters</a>.</p></strong></del></span> <span
class="inserted"><ins><em>outsmart you.</p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInToys">Toys</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareInTVSets">Spyware in
TV Sets</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInToys">Toys</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInToys">#SpywareInToys</a>)</span></em></ins></span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><p>Emo Phillips
made</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
<li id="M201711244">
- <p>The Furby Connect has a <a
+ <p>The Furby Connect has</em></ins></span> a <span
class="removed"><del><strong>joke: The other day</strong></del></span> <span
class="inserted"><ins><em><a
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
- universal back door</a>. If the product as shipped doesn't act as a
- listening device, remote changes to the code could surely convert it
+ universal back door</a>. If the product as shipped doesn't act
as</em></ins></span> a <span class="removed"><del><strong>woman came
up</strong></del></span>
+ <span class="inserted"><ins><em>listening device, remote
changes</em></ins></span> to <span class="removed"><del><strong>me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out</strong></del></span> the <span
class="removed"><del><strong>other way.” Evidently
that</strong></del></span> <span class="inserted"><ins><em>code could surely
convert it
into one.</p>
</li>
<li id="M201711100">
- <p>A remote-control sex toy was found to make <a
-
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
- recordings of the conversation between two users</a>.</p>
- </li>
+ <p>A remote-control sex toy</em></ins></span> was
+<span class="removed"><del><strong>before Amazon “smart”
TVs.</p>
+
+<ul>
+ <li><p>More or less all “smart”
TVs</strong></del></span> <span class="inserted"><ins><em>found to
make</em></ins></span> <a <span class="removed"><del><strong>href="
+
http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
+ on their</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
+ recordings of the conversation between two</em></ins></span>
users</a>.</p>
+ <span class="inserted"><ins><em></li>
<li id="M201703140">
<p>A computerized vibrator <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping on its users through the proprietary control
app</a>.</p>
+ was snooping on its users through the proprietary control
app</a>.</p></em></ins></span>
+
+ <p>The <span
class="removed"><del><strong>report</strong></del></span> <span
class="inserted"><ins><em>app</em></ins></span> was <span
class="removed"><del><strong>as</strong></del></span> <span
class="inserted"><ins><em>reporting the temperature</em></ins></span> of <span
class="removed"><del><strong>2014, but we don't expect this has got
better.</p>
- <p>The app was reporting the temperature of the vibrator minute by
+ <p>This shows that laws requiring products to get users' formal
+ consent before collecting personal data are totally inadequate.
+ And what happens if a user declines consent?
Probably</strong></del></span> the <span class="removed"><del><strong>TV
+ will say, “Without your consent to tracking,</strong></del></span>
<span class="inserted"><ins><em>vibrator minute by
minute (thus, indirectly, whether it was surrounded by a person's
- body), as well as the vibration frequency.</p>
+ body), as well as</em></ins></span> the <span
class="removed"><del><strong>TV will
+ not work.”</p>
+
+ <p>Proper laws would say that TVs are not allowed to report
what</strong></del></span> <span class="inserted"><ins><em>vibration
frequency.</p>
+
+ <p>Note</em></ins></span> the <span
class="removed"><del><strong>user watches — no exceptions!</p>
+ </li>
+ <li><p>Vizio goes</strong></del></span> <span
class="inserted"><ins><em>totally inadequate proposed
response:</em></ins></span> a <span class="removed"><del><strong>step further
than other TV</strong></del></span> <span class="inserted"><ins><em>labeling
+ standard with which</em></ins></span> manufacturers <span
class="removed"><del><strong>in spying on
+ their users:</strong></del></span> <span class="inserted"><ins><em>would
make statements about</em></ins></span> their <span
class="removed"><del><strong><a
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in
detail</strong></del></span>
+ <span class="inserted"><ins><em>products, rather than free software which
users could have checked</em></ins></span>
+ and
+ <span class="removed"><del><strong>link them your IP address</a>
so</strong></del></span> <span class="inserted"><ins><em>changed.</p>
- <p>Note the totally inadequate proposed response: a labeling
- standard with which manufacturers would make statements about their
- products, rather than free software which users could have
checked</em></ins></span>
- and <span class="inserted"><ins><em>changed.</p>
+ <p>The company</em></ins></span> that <span
class="removed"><del><strong>advertisers can track you
+ across devices.</p>
- <p>The company that made the vibrator <a
+ <p>It is possible to turn this off,</strong></del></span> <span
class="inserted"><ins><em>made the vibrator <a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
was sued for collecting lots of personal information about how people
used it</a>.</p>
<p>The company's statement that it was anonymizing the data may be
- true, but it doesn't really matter. If it had sold the data to a data
- broker, the data broker would have been able to figure out who the
- user was.</p>
+ true,</em></ins></span> but <span
class="removed"><del><strong>having</strong></del></span> it <span
class="removed"><del><strong>enabled by default
+ is an injustice already.</p>
+ </li>
- <p>Following this lawsuit,</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
what people are watching</a>,
- even if it isn't</strong></del></span>
+ <li><p>Tivo's alliance with Viacom adds 2.3 million
households</strong></del></span> <span class="inserted"><ins><em>doesn't really
matter. If it had sold the data</em></ins></span> to <span
class="inserted"><ins><em>a data
+ broker,</em></ins></span> the <span class="removed"><del><strong>600
millions social media profiles</strong></del></span> <span
class="inserted"><ins><em>data broker would have been able to figure out
who</em></ins></span> the <span class="removed"><del><strong>company already
+ monitors. Tivo customers are unaware they're being watched by
+ advertisers. By combining TV viewing information with online
+ social media participation, Tivo can now</strong></del></span>
+ <span class="inserted"><ins><em>user was.</p>
+
+ <p>Following this lawsuit,</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
+ advertisement with online purchases</a>, exposing all users to
+ new combined surveillance by default.</p></li>
+ <li><p>Some web and TV advertisements play inaudible
sounds</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered to pay</em></ins></span> a <span
class="removed"><del><strong>TV channel.</p></strong></del></span> <span
class="inserted"><ins><em>total of C$4m</a> to its
- customers.</p></em></ins></span>
+ the company has been ordered</em></ins></span> to <span
class="removed"><del><strong>be
+ picked up by proprietary malware running on other devices in
+ range so as</strong></del></span> <span class="inserted"><ins><em>pay a
total of C$4m</a></em></ins></span> to <span
class="removed"><del><strong>determine that they are nearby. Once your
+ Internet devices are paired with your TV, advertisers can
+ correlate ads</strong></del></span> <span class="inserted"><ins><em>its
+ customers.</p>
</li>
- <span class="removed"><del><strong><li><p>The Amazon
“Smart” TV</strong></del></span>
- <span class="inserted"><ins><em><li id="M201702280">
- <p>“CloudPets” toys with microphones</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
- watching</strong></del></span>
+ <li id="M201702280">
+ <p>“CloudPets” toys</em></ins></span> with <span
class="removed"><del><strong>Web activity, and
+ other</strong></del></span> <span
class="inserted"><ins><em>microphones</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p>
+ </li>
+ <li><p>Vizio “smart” TVs recognize
and</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
- leak childrens' conversations to the manufacturer</a>. Guess what?
<a
-
href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
- Crackers found a way to access the data</a> collected by the
+ leak childrens' conversations to the manufacturer</a>. Guess
what?</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
what people are watching</a>,
+ even if it isn't</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
+ Crackers found</em></ins></span> a <span class="removed"><del><strong>TV
channel.</p>
+ </li>
+ <li><p>The Amazon “Smart” TV
+ <a
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
+ watching</strong></del></span> <span class="inserted"><ins><em>way to
access the data</a> collected by the
manufacturer's snooping.</p>
<p>That the manufacturer</em></ins></span> and <span
class="removed"><del><strong>listening all</strong></del></span> the <span
class="removed"><del><strong>time</a>.</p></strong></del></span>
<span class="inserted"><ins><em>FBI could listen to these
@@ -2082,11 +2074,9 @@
<li id="M201502180">
<p>Barbie <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
- going</em></ins></span> to <span class="removed"><del><strong>be trusted
unless it is done
- by free software in your own computer.</p></strong></del></span>
<span class="inserted"><ins><em>spy on children and
adults</a>.</p></em></ins></span>
+ going</em></ins></span> to <span class="removed"><del><strong>be trusted
unless it</strong></del></span> <span class="inserted"><ins><em>spy on children
and adults</a>.</p>
</li>
- <span
class="removed"><del><strong><li><p>Spyware</strong></del></span>
-<span class="inserted"><ins><em></ul>
+</ul>
<div class="big-subsection">
@@ -2097,12 +2087,13 @@
<ul class="blurbs">
<li id="M201708040">
<p>While you're using a DJI drone
- to snoop on other people, DJI is</em></ins></span> in <span
class="inserted"><ins><em>many cases</em></ins></span> <a <span
class="removed"><del><strong>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- LG “smart” TVs</a> reports what</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
- on you</a>.</p>
+ to snoop on other people, DJI</em></ins></span> is <span
class="removed"><del><strong>done
+ by free software</strong></del></span> in <span
class="removed"><del><strong>your own computer.</p></strong></del></span>
<span class="inserted"><ins><em>many cases <a
+
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
+ on you</a>.</p></em></ins></span>
</li>
-</ul>
+ <span class="removed"><del><strong><li><p>Spyware
in</strong></del></span>
+<span class="inserted"><ins><em></ul>
<div class="big-subsection">
@@ -2110,12 +2101,26 @@
</div>
<ul class="blurbs">
+ <li id="M201809260">
+ <p>Honeywell's "smart" thermostats communicate
+ only through the company's server. They have
+ all the nasty characteristics of such devices:</em></ins></span> <a
<span
class="removed"><del><strong>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ LG “smart” TVs</a> reports</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9">
+ surveillance, and danger of sabotage</a> (of a specific user, or of
+ all users at once), as well as the risk of an outage (which
is</em></ins></span> what
+ <span class="inserted"><ins><em>just happened).</p>
+
+ <p>In addition, setting</em></ins></span> the <span
class="removed"><del><strong>user watches, and</strong></del></span> <span
class="inserted"><ins><em>desired temperature requires running
+ nonfree software. With an old-fashioned thermostat, you can do it
+ using controls right on</em></ins></span> the <span
class="removed"><del><strong>switch</strong></del></span> <span
class="inserted"><ins><em>thermostat.</p>
+ </li>
+
<li id="M201808120">
- <p>Crackers found a way to break</em></ins></span> the <span
class="removed"><del><strong>user watches,</strong></del></span> <span
class="inserted"><ins><em>security of an Amazon device,</em></ins></span>
- and
- <span class="removed"><del><strong>the switch to</strong></del></span>
<span class="inserted"><ins><em><a
href="https://boingboing.net/2018/08/12/alexa-bob-carol.html"></em></ins></span>
- turn <span class="removed"><del><strong>this off has no effect. (The fact
that the
- transmission reports</strong></del></span> <span
class="inserted"><ins><em>it into</em></ins></span> a <span
class="removed"><del><strong>404 error really means
nothing;</strong></del></span> <span class="inserted"><ins><em>listening
device</a> for them.</p>
+ <p>Crackers found a way</em></ins></span> to <span
class="removed"><del><strong>turn this off has no effect. (The fact
that</strong></del></span> <span
class="inserted"><ins><em>break</em></ins></span> the
+ <span class="removed"><del><strong>transmission
reports</strong></del></span> <span class="inserted"><ins><em>security of an
Amazon device,
+ and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
+ turn it into</em></ins></span> a <span class="removed"><del><strong>404
error really means nothing;</strong></del></span> <span
class="inserted"><ins><em>listening device</a> for them.</p>
<p>It was very difficult for them to do this. The job would be much
easier for Amazon. And if some government such as China
or</em></ins></span> the <span class="removed"><del><strong>server
@@ -2647,7 +2652,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/09/30 18:28:17 $
+$Date: 2018/10/01 07:58:15 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary-surveillance.ja.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.ja.po,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -b -r1.215 -r1.216
--- proprietary-surveillance.ja.po 30 Sep 2018 18:28:17 -0000 1.215
+++ proprietary-surveillance.ja.po 1 Oct 2018 07:58:15 -0000 1.216
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-09-30 18:25+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: 2017-01-24 12:16+0900\n"
"Last-Translator: NIIBE Yutaka <address@hidden>\n"
"Language-Team: Japanese <address@hidden>\n"
@@ -2814,6 +2814,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a href="
+"\"https://www.businessinsider.com/honeywell-iot-thermostats-server-";
+"outage-2018-9\"> surveillance, and danger of sabotage</a> (of a specific "
+"user, or of all users at once), as well as the risk of an outage (which is "
+"what just happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Crackers found a way to break the security of an Amazon device, and <a href="
"\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\";> turn it into a "
"listening device</a> for them."
Index: proprietary-surveillance.pot
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.pot,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -b -r1.164 -r1.165
--- proprietary-surveillance.pot 30 Sep 2018 18:28:17 -0000 1.164
+++ proprietary-surveillance.pot 1 Oct 2018 07:58:15 -0000 1.165
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-09-30 18:25+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <address@hidden>\n"
"Language-Team: LANGUAGE <address@hidden>\n"
@@ -2019,6 +2019,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a "
+"href=\"https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9\";>
"
+"surveillance, and danger of sabotage</a> (of a specific user, or of all "
+"users at once), as well as the risk of an outage (which is what just "
+"happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Crackers found a way to break the security of an Amazon device, and <a "
"href=\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\";> turn it "
"into a listening device</a> for them."
Index: proprietary-surveillance.ru.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.ru.po,v
retrieving revision 1.401
retrieving revision 1.402
diff -u -b -r1.401 -r1.402
--- proprietary-surveillance.ru.po 30 Sep 2018 19:27:49 -0000 1.401
+++ proprietary-surveillance.ru.po 1 Oct 2018 07:58:15 -0000 1.402
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-09-30 18:25+0000\n"
+"POT-Creation-Date: 2018-10-01 07:55+0000\n"
"PO-Revision-Date: 2018-09-30 16:09+0000\n"
"Last-Translator: Ineiev <address@hidden>\n"
"Language-Team: Russian <address@hidden>\n"
@@ -15,6 +15,7 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Outdated-Since: 2018-10-01 07:55+0000\n"
#. type: Content of: <title>
msgid "Proprietary Surveillance - GNU Project - Free Software Foundation"
@@ -2889,6 +2890,23 @@
#. type: Content of: <ul><li><p>
msgid ""
+"Honeywell's \"smart\" thermostats communicate only through the company's "
+"server. They have all the nasty characteristics of such devices: <a href="
+"\"https://www.businessinsider.com/honeywell-iot-thermostats-server-";
+"outage-2018-9\"> surveillance, and danger of sabotage</a> (of a specific "
+"user, or of all users at once), as well as the risk of an outage (which is "
+"what just happened)."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"In addition, setting the desired temperature requires running nonfree "
+"software. With an old-fashioned thermostat, you can do it using controls "
+"right on the thermostat."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Crackers found a way to break the security of an Amazon device, and <a href="
"\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\";> turn it into a "
"listening device</a> for them."
- www/proprietary/po malware-appliances.de-diff.h...,
GNUN <=